Category: iOS

Jun 19

Video of Apple WWDC Session About IPv6 and iOS 9 Now Available (And Some Screenshots…)

Want more info about Apple’s new requirement for IPv6 support in iOS 9 applications?  At last week’s WWDC on Friday, June 12, 2015, the session “Your App and Next Generation Networks” covered the topic of IPv6 as well as latency and how to improve the speed of your apps.  The video is now available for viewing (note that on a Mac I was only able to view the video in the Safari browser):

WWDC video about IPv6The IPv6 section was presented by Prabhakar Lakhera, a “Core OS Networking Engineer” at Apple, and runs for about the first 14 minutes of the video.

To give you a view of some of the main points, here are some key screenshots.  First, Prabhakar talked about the need for IPv6 support and pointed out the growth in IPv6 traffic on North American mobile networks (and we’re seeing similar stats at the World IPv6 Launch measurements).

North American mobile networks and IPv6

He then talked about how Apple will use DNS64 and NAT64 to provide connectivity to the IPv4 Internet:

IPv6 using DNS64 and NAT64

He explained that to help in testing, Internet Sharing will now have a “Create NAT64 Network” option:

creating a NAT64 network

and provided a picture of how it all works:

IPv6 testing

He then indicated that 70% of the top 100 free apps had no problem with working over IPv6 and provided these pointers for “What Breaks?”:

What breaks?

It’s interesting to note what he said those points of breakage are:

  • Using IPv4-only storage objects (i.e. storing IPv4 addresses in some form)
  • Using IPv4-only APIs – or using an API in a way that is IPv4-only
  • “Pre-flight checks” (as the app is launching) before connecting and:
    • Checking if the device has an IPv4 address
    • Checking for reachability to 0.0.0.0

These “pre-flight checks” were an interesting item to me as I’d not thought about that mechanism before.  It makes sense for an app developer to check to see if the app can connect out to the Internet before starting to interact with the user.  I’ve had any number of iOS apps do that and warn me when I am not connected to the Internet.  However, only checking for IPv4 would render the app unable to work on an IPv6 network, even if the rest of the code works fine.

Prabhakar then went on to talk about what does work and offered several suggestions:

Apple IPv6 - what works?

Much of this was straightforward:

  • Don’t do a pre-flight check… just try to connect.
  • Use higher-level APIs so you aren’t working with IP addresses

He also encouraged people to read RFC 4038, “Application Aspects of IPv6 Transition”, which is definitely a good read for application developers.

He finished with an interesting addition to iOS 9 and also OS X 10.11.  It has always been possible to use an IP address directly in a URL.  For instance, “http://192.168.10.100/index.html” (which, of course, won’t go anywhere).  But how does an IPv4 “address literal” (as it is called) work in an IPv6-only network?

It turns out that Apple is going to “fix” this by synthesizing an IPv6 address so that the IPv4 literal will still work in an IPv6-only network:

Apple What Works for IPv6

He didn’t provide details of precisely what they are doing for that, but it’s interesting to know about.

There were certainly other parts I didn’t mention… if you are an iOS app developer I’d highly recommend you watch the video.  In fact, I’d also suggest staying on after the IPv6 part is done to watch what Stuart Cheshire has to say about latency and ways to make your app and services work better over congested networks.  Also extremely important!

It’s great to see Apple providing this support and encouraging the movement to IPv6.  We look forward to seeing many more applications work well in IPv6 situations.

If you want to get started learning more about IPv6, please head on over to our Start Here page to find resources to begin!

 

Jun 10

Apple Will Require IPv6 Support For All iOS 9 Apps

Because IPv6 support is so critical to ensuring your applications work across the world for every customer, we are making it an AppStore submission requirement, starting with iOS 9.”  With those words, Sebastien Marineau, Apple’s VP of Core OS, gave a huge boost to IPv6 developer support in Apple’s WWDC Platform State Of The Union (SOTU) address yesterday.

You can watch the Platform SOTU presentation yourself (although you may need the Safari browser to do so). The IPv6 segment begins at 34:16 and Marineau’s statement about the AppStore requirement can be heard at 37:16.

Here, though, is the quick summary.

Why IPv6?

Sebastien Marineau began by talking about IPv6 and why it is important:

Apple IPv6 support

more on IPv6 support

In particular he noted that carriers in several regions of the world are now deploying IPv6-only networks and emphasized the importance of making your application work well for everyone, everywhere.  He reinforced how critical it is to support IPv6:

“If your application doesn’t work properly with IPv6, it will simply not function on those networks, those carriers and for those customers.”

He also explained how Apple has supported IPv6 for over ten years now since early versions of Mac OS X and from iOS 4 onward.

3 Steps For Developers

He went on to explain three steps all developers can take to make sure their applications work over IPv6 networks:

3 steps to make an app work with IPv6

Those steps are:

  • Use the networking frameworks (for example, “NSURLSession”)
  • Avoid use of IPv4-specific APIs
  • Avoid hard-coded IP addresses

Essentially, if app developers are using the higher level APIs and frameworks and aren’t hacking around at the IP layer, their apps should probably “just work” on top of either IPv4 or IPv6.

Testing Your App Over IPv6

However, Martineau addressed the question of “how do you test your app over IPv6?“, particularly when many app developers may not have access to a native IPv6 Internet connection.  He indicated that in an upcoming release of Mac OS X there will be a new feature to help with this:

IPv6-only personal hotspot

What I understood Martineau to say was that you will be able to set up a “personal WiFi hotspot” on your Mac and check an “IPv6-only” box.  Your iPhone/iPad with your app could then connect to that specific WiFi network to work in an IPv6-only mode.  The Mac would then provide the gateway to the legacy IPv4 Internet so that the app on the IPv6-only network could connect out to services on IPv4 servers.

THIS IS HUGE! One of the struggles many application developers have had is to easily create an “IPv6-only” network in which to test systems.  Even those of us who are IPv6 advocates/enthusiasts have struggled with making this work well.  It typically involves bringing up a second access point (which you are effectively doing with this new configuration) and then turning off all IPv4 services on that access point, which some access points make difficult to do.

Whenever this feature rolls out in Mac OS X, it will greatly help all of us who are working on apps and systems and want to test them in an IPv6-only environment.

An Important Step

Now, to be clear, most iOS app developers probably won’t have to do all that much to support IPv6.  If they are already using the higher level APIs and networking frameworks they should be all set.  The exact mechanisms of IP address handling are not a concern of theirs.  However, some app developers will have to make some changes, particularly if they are directly using IPv4 addresses as any kind of identifier or in logging.

More importantly, the requirement for AppStore submission will require app developers to test their applications with IPv6 networks, and that alone will suddenly cause the millions of iOS app developers out there to have to learn at least something about IPv6 (if nothing else, the fact that it exists).

Most significantly, though, this step by Apple means that all the iOS apps that run on iOS 9 will work well over the IPv6-only networks that are starting to be deployed.  Even in dual-stack (IPv6/IPv4) networks, this should mean that iOS 9 apps will work better in those environments when, for instance, IPv6 may be faster. (More needs to be understood here about the specifics of the IPv6 support.)

And… this also will help take away the argument used by some network operators who are still not moving ahead with IPv6 that “why should we deploy IPv6 when apps don’t support it?”

Apple’s answer is that, as of iOS 9, all iPhone/iPad apps will support IPv6!

Kudos to Apple for taking these steps, creating this new AppStore submission requirement, and also providing what sounds like a new and easy way to create IPv6-only networks!

We’re looking forward to iOS users being able to use ALL their favorite applications on an IPv6-only network!

P.S. If you want to get started with IPv6, please visit our Start Here page to find resources tailored for your role or type of organization.  The time to make the move to IPv6 is TODAY!

Also, hat tip to Adam Iredale on Twitter, who first brought this new requirement to my attention, and to Borja Reinares who provided some more information.

Dec 13

Verizon Launches Voice Cypher Secure VoIP Mobile App… With A Government Backdoor

Verizon Wireless this week did something that initially seemed quite impressive – they launched “Voice Cypher”, an app available for iOS, Android and Blackberry that promises secure end-to-end encryption. It uses VoIP and is an “over-the-top” (OTT) app that works on any carrier.  If you read the marketing material on their web site, it all sounds great!  Indeed their “Learn More” page has all the right buzzwords and security lingo – and says quite clearly: Voice Cypher provides end-to-end encryption between callers, even if the call crosses over multiple networks.” They include the requisite network diagram that shows how it protects against all threats:

Verizon Wireless Voice Cypher

It turns out there’s just one small little detail … as reported by BloombergBusinessweek, the app comes complete with a backdoor so that Verizon could decrypt the phone calls if requested to do so by law enforcement!

As the Businessweek article states:

Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they’re able to prove that there’s a legitimate law enforcement reason for doing so.

Unfortunately, in this post-Snowden era I don’t know that many of us put a great amount of trust in our governments to only access communications with a “legitimate law enforcement reason”.  Or perhaps the concern is that what gets classified as “legitimate” can be widely construed to mean almost anything.

The article does point out that Verizon is bound by CALEA to provide lawful intercept  to the phone networks, but points out an interesting caveat that Verizon could have used:

Phone carriers like Verizon are required by U.S. law to build networks that can be wiretapped. But the legislation known as the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. If Verizon and Cellcrypt had structured their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law.

A Verizon Wireless representative indicated that they believe government agencies looking for ways to protect sensitive information may be  customers of this service, as may be corporate customers concerned about leaking private information.

But… as we continue to hear more and more information about the massive amount of pervasive monitoring and surveillance by government agencies from many different governments around the world, you do have to wonder how safe those agencies and companies will feel with a “secure” solution that already comes with a backdoor.  The problem with a known backdoor is that even if you may trust Verizon Wireless to only allow legitimate law enforcement access… how do you know that some attacker may not be able to penetrate that backdoor?   The “secure end-to-end encryption” isn’t entirely secure.

Given that the service has a higher price tag of $45 per month per device, I do wonder how many businesses or agencies will actually embrace the service.

On reading about this Voice Cypher service, it certainly sounds quite interesting.  We need more secure voice solutions out there – and it’s very cool that Verizon Wireless is delivering this as an OTT mobile app that will work across different carriers.

It’s just too bad that it’s not truly “secure end-to-end”.  :-(

P.S. I also recorded an audio commentary on this same topic.