Posted on

Don’t write off the iPhone just yet

This may seem and odd premise, given that Apple flogged 4 million of the new iPhone 6 units as soon as it was launched. It doesn’t sound like a failure. But I’m hearing voices…

The theory is that the smartphone market is saturated. In the US, an often quoted statistic is that 75% of Americans already have one. In the UK, research from Deloitte puts the figure at 72% a year ago, rising at about 15% a year. Selling something everyone already has is not a good place to be.

Then there’s the inexorable rise of Android. Google launched the low cost, very capable and very affordable Android One phone in June. Never heard of it? Well it’s not available in the west – they’re going after the huge third world market, starting with India. There are a billion punters there, eager for the western tech. And the same with China, although they can make their own (as well as handsets for the rest of the world).

Generic Chinese Android handsets are good. I have one. It takes two SIMs at once and works under water, at a fraction of the prices of a western branded unit. Manufactures like Huawei, ZTE and Foxconn own this space and will be hard to shift. Google doesn’t make money from Android, and I doubt that the Android One will contribute much to their balance sheet. But Google is a data capture company, and have Google-controlled smartphones out there is strategically very good.

So, Apple must be doomed – a saturated market and cheaper smartphones that do it better. But that’s never been a problem Apple’s business model.

Apple’s products are aspirational – they say, “Look at me – I’m wealthy enough to spend £100s every year for the latest iPhone and therefore I’m a good prospect when it comes to making babies.” The more they cost, the more people want them. Fanbois may protest, saying that they iPhones work better (not so) and look nicer. Sony sells nice looking kit too, but is forecasting a $1.2B loss from its Android smartphones. The same with HT; it’s just breaking even on declining sales. Samsung is making a good profit ($6B), but there’s a suspicion this has been generated on a huge marketing spend.

Apple doesn’t need to spend too much on marketing. It just has to look cool and remain aspirational.

According to Juniper, shipments of smartphones will be close to 1.2B units this year (with 985M shipped in 2013). That’s a high volume, but if it’s the Android One and low cost units going to emerging markets (those not yet saturated), the bulk of that will be making meagre profit.

Apple, on the other hand, makes a very nice margin, thanks. Fanbois will happily hand over $100s simply to have one with a larger flash memory; several thousand percent more than the memory itself costs elsewhere. They’ll accept that the limited-life battery is ;sealed inside and will die, taking the iPhone with it in a couple of years. They’ll accept that there’s no memory card slot as an alternative to buying the ridiculously expensive internally upgraded models. They’ll even put up with the poor telephone performance; after all the screen looks very nice (don’t tell them that Samsung beat them too it).

I used to work with Cuppertino in the late 1970’s and early 1980’s – lots of people did because the Apple II was a major player; a de-facto standard. Then in 1981 the IBM PC was launched, became the new de-facto standard and Apple was marginalised with the Mac, losing market-share big time until it was less than 10%. 25 years ago I was discussing their demise with Guy Kewney, a good and wise pundit and friend. “You’re wrong”, he said. “The PC market is much bigger. Other PC makers would be very happy to have 9% of the current market, and they have much lower margins than Apple.”

Posted on

Google geek lives on site for year. Yawn

Matthew weaver told the BBC he lived on site on Google’s. Mountain view campus. for 54 weeks between 2005 and 2006. Are we supposed to be impressed? Well it’s a long time but the story continues to reveal he was living in a camper van. How soft modern techies have become. Back in the early 1980’s living on site while a project was on was not at all uncommon. I certainly was not the only programmer in small tech startups to spend the night under the workbench in a sleeping bag. It was an alternative soft option to simply working through the night.

These young techies simply don’t know they’re even born. Camper van indeed!

Posted on

Barclays launches biometric finger scanner

In a headline-grabbing move, Barclays bank has launched a finger-scanner for its customers to use when identifying themselves on-line. It’s not an easy-to-fool fingerprint scanner; this one examines the veins in the user’s finger to determine a match.

Like most biometric identity verification methods, I think this is anything more than a gimmick – at least as it’s being reported (encouraged by Barclays) as some kind of future for consumer banking. They’re actually launching it for corporate users, where it probably does have a niche.

The problem with biometric identification is that it’s just as susceptible attack as a password, but a lot more expensive. In fact, if someone uses a secure password, fooling biometrics is often quite easy in comparison.

Imagine how it works: The scanner examines the finger and passes metrics to the bank – just like a password. Because fingers are squishy and organic, the metrics will vary each time so the bank’s computer is only looking for a “close enough” match. Passwords have to be spot on.

So how can a vein scanner be fooled? Well, I’m sure they’re encrypting the data end-to-end to make a replay attack difficult (sending the same scan data twice). At least I hope they are! But at some point the data is unencrypted – it’s coming from analogue sensors looking at the finger. Hack the sensor and you’re away.

Barclays may have done something very cleaver, and I will watch to see if this is true with interest, but however it works, I can’t see it being any more secure.

So why bother? Simple – it’s more convenient. If you’ve got a load computers in a corporation with different employees wandering around making bank transfers, you really want to know who’s doing what. Passwords in the public are one thing, but within an organisation, they get passed around. Usually the employees do this willingly, but someone with crooked intent can find they by other methods.

You can use smart-cards to identify employees, but these can be “borrowed” too. Using a finger makes sense. Vein scanners don’t work on dead fingers, so you an be fairly confident that the user is who you think it is. Weighed against the cost and reduction in total security, it’s probably a good thing.

As an ID form for the public, I think not! A corporate environment is controlled; it’s not the Internet. I would hope that companies can avoid having thousands of criminals trying to defraud them 24/7 working on the inside, but that’s exactly what you have on the wider Net.

(more to come)

Posted on

Leaky iCloud

As I picked up my copy of Private Eye at the station Newsagent just now I noticed the headlines on certain of the dailies going on about hackers stealing naked photos of celebrities from their Apple on-line storage areas. The fact that they were (apparently) celebrities and that the weren’t wearing clothes was the main point for the tabloids, but the big story is really the security of cloud storage.

Personally, I’d be very surprised if attackers had actually compromised Apple’s servers. More likely explanations would be an inside job, or the lusers endpoints. But my money would be a phishing attack.

It does highlight, however, the danger of outsourcing your sensitive data to anyone.

In the 1980’s the fad for outsourcing really took off. Professional engineers all said it was a bad idea then. If your company data is important, the last thing any business should do is trust it to someone else.

The term ‘cloud’ has become a trendy marketing concept in recent years. What it really means is “I have no idea and don’t care.”. It was used in context as follows:

“Where is that service your using actually running?”

“Don’t know, somewhere up in the clouds!”

It’s was ironic. In the real would, admitting you’ve lost control of your data is hardly something anyone would be proud of. But suits heard the new buzzword and wanted some of it. And the punters quickly accepted the benefits (free stuff) without a thought to the risks.

So has Apple’s on line storage been compromised? I doubt it’s been hacked. The technology is fairly robust. If you want to access iCloud data, Apple’s servers themselves are not the soft attack vector. The obvious method is to trick users into handing out their passwords. After all, any coy celebrity foolish enough to (a) take pictures of themselves in the buff; and (b) store them on someone else’s computer, are hardly going to be the brightest stars in the sky.

The fact that fanbois seem to have been the victims in this case is irrelevant. They may have been easier targets if, indeed, it was a phishing attack. However, the general principle remains the same whoever is providing the service – Amazon, Google, Dropbox, Microsoft or one of the many startups trying to get a bit of the action. And the same goes for Facebook and the like – anyone uploading anything remotely sensitive to their servers needs to consider the implications. If you wouldn’t publish something directly on your web page for all to see, don’t send it to “the cloud” either.

The American gun-selling industry has long used the argument that firearms in themselves aren’t dangerous. It’s the users that are the problem. They’re right, in so far as the argument goes. Unfortunately, adding the human factor to cloud services makes the encryption, data centre security and other precautions taken by the providers irrelevant in the same way. People will be hurt. And “celebrities” will caught with their pants down.