Android Pulling Past iOS in Generating Revenue

Re/code has an article on how recodeAndroid is Starting to Pull Past iOS in Generating Revenue for App Developers. I suppose it was inevitable that the large number of Android users would eventually tip the balance in terms of traffic and revenue share.

trafficandmediasharebyos

However, I expect some companies will continue to go iOS first. Why? Well, company strategy is often driven by familiarity rather than logic. Many company owners and their designers use iPhones and this will continue to influence mobile strategy. I am still seeing this in designs I receive in that they all too often include iOS idioms.

iOS Taking Market Share From Android

kantarKantar has some new research for Q1 2015 showing that Android switchers are driving iOS sales growth in Great Britain, Germany, France, Italy, and Spain. iOS share has increased by 1.8% to 20.3% since last year. Meanwhile, in the U.S., iOS reached a market share of 36.5% and Android 58.1%. iOS growth is mainly being driven by phablet sales.

New Mobile Security Wiki

mobilesecuritywikiIf you are interested in mobile security you should take a look at the Mobile Security Wiki. It provides details of forensics, development, static analysis, dynamic analysis, reverse engineering tools as well as obfuscators, testing distributions and example apps. It also references libraries, best practices, books, papers and presentations.

Tablets, Phablets and Whether To Design for Larger Screens

IDC has some new research that shows that the tablet market has continued to contract due to competition from alternative devices…

idctabletshipmentsq12015

 

 

 

 

 

 

 

 

What does this mean for developers? At first sight it might mean that it’s less viable to create tablet-specific apps or tablet-specific screens layouts. However, the IDC research suggests that “Cellular-enabled tablets are outgrowing the rest of the market”. Statistics from Flurry show that these devices, better known as phablets, tripled their share of active users over the last few months…

flurryphabletsmarch15

However, if you compare iOS and Android then the latter has by far the larger proportion of phablet users…

phabletsiosvsandroid

 

 

 

 

 

 

 

 

 

The large proportion (36%) of phablet users on Android suggests that particularly Android developers should still be considering how to make the most of larger screen sizes.

336 million Smartphones Shipped Worldwide in Q1 2015

IDC has new research showing 336.5 million smartphones were shipped worldwide in the first quarter of 2015. Samsung has overtaken Apple as the leading vendor.

idcworldsmartphoneshipmentsq12015

There’s no mention of the mobile OS market share in this press release but, looking at the above graph, it’s likely to be relatively unchanged compared to previously.

Mobile Payments Whitepaper

The Application Developers Alliance have a free whitepaper on Mobile Payments (pdf) with an emphasis on the issues affecting merchants.

appalliancemobilepayments

It offers a simple overview on the payments ecosystem and covers beacons, digital currencies, omnichannel, NFC and mobile wallets. It mentions issues such as security, fraud and market fragmentation.

You will Never Have Complete App Security

When I speak with clients, there always seems to be be the impression, on their part, that things are either secure or not secure. Unfortunately, whether it’s desktops, laptops, servers or smartphones, the principle is the same: You will never have complete application security.

It will always be possible to fool users into installing things or doing things they shouldn’t. There will always be vulnerabilities that allow root and hence allow, for example, memory dumps of decrypted data. There will probably always be NSA backdoors and the possibility to eavesdrop on radio frequency (RF) noise. There will always be some users that root their devices making things considerably easier for attackers.

This doesn’t mean you should give up and not consider security at all. For all apps, simple safeguards, for example, keeping data in the Android sandbox, provide basic protection with negligible extra effort. At the other end of the scale there’s a class of apps, for example banking and payment, that needs to make it algorithmically time consuming (via encryption) or extremely technically difficult (via tamper protection) for attackers to read sensitive data. You will never have complete application security but you can have high security that, for all normal intents and purposes, will keep your sensitive data safe.

Android App Hacking Getting Easier

appsecIn my post on my Thoughts on Google’s Android Security 2014 Year in Review  I mentioned that security isn’t only about potentially harmful applications (PHAs) being installed. It’s also about the ability to easily obtain information from stolen devices and reverse engineer apps.

Today I came across a tool from AppSec Labs, AppUse, that enables easy offline reverse engineering of apps. It brings some well-known command line tools, used to reverse engineer APKs, together with a hooked ROM to allow access to things (e.g. files, communication, database, encryption) you can’t normally see externally. This is all wrapped in an easy to use window UI. This tool will be mainly used for analysis of malware and penetration testing. However, it’s obviously also possible to use it for nefarious purposes.

If you have intellectual property within your app, think your app might be copied or your app needs to be particularly secure, (eg banking, payment, enterprise) you will want to look into obfuscation/packing and tamper detection.