Software architect and Microsoft MVP, you’ll usually find me writing about security concepts and process improvement in software delivery.
In the beginning, there was the web and you accessed it though the browser and all was good. Stuff didn’t download until you clicked on something; you expected cookies to be tracking you and you always knew if HTTPS was being used. In general, the casual observer had a pretty good idea of what was going on between the client and the server.
Not so in the mobile app world of today. These days, there’s this great big fat abstraction layer on top of everything that keeps you pretty well disconnected from what’s actually going on. Thing is, it’s a trivial task to see what’s going on underneath, you just fire up an HTTP proxy like Fiddler, sit back and watch the show.
Let me introduce you to the seedy underbelly of the iPhone, a world where not all is as it seems and certainly not all is as it should be.
There’s no such thing as too much information – or is there?
Here’s a good place to start: conventional wisdom says that network efficiency is always a good thing. Content downloads faster, content renders more quickly and site owners minimise their bandwidth footprint. But even more importantly in the mobile world, consumers are frequently limited to fairly meagre download limits, at least by today’s broadband standards. Bottom line: bandwidth optimisation in mobile apps is very important, far more so than in your browser-based web apps of today.
Let me give you an example of where this all starts to go wrong with mobile apps. Take the Triple M app, designed to give you a bunch of info about one of Australia’s premier radio stations and play it over 3G for you. Here’s how it looks:
Where it all starts to go wrong is when you look at the requests being made just to load the app, you’re up to 1.3MB alone:
Why? Well, part of the problem is that you’ve got no gzip compression. Actually, that’s not entirely true, some of the small stuff is compressed, just none of the big stuff. Go figure.
But there’s also a lot of redundancy. For example, on the app above you can see the first article titled “Manly Sea Eagles’ 2013 Coach…” and this is returned in request #2 as is the body of the story. So far, so good. But jump down to request #19 – that massive 1.2MB one – and you get the whole thing again. Valuable bandwidth right out the window there.
Now of course this app is designed to stream audio so it’s never going to be light on bandwidth (as my wife discovered when she hit her cap “just by listening to the radio”), and of course some of the upfront load is also to allow the app to respond instantaneously when you drill down to stories. But the patterns above are just unnecessary; why send redundant data in an uncompressed format?
Here’s a dirty Foxtel secret; what do you reckon it costs you in bandwidth to load the app you see below? A few KB? Maybe a hundred KB to pull down a nice gzipped JSON feed of all the channels? Maybe nothing because it will pull data on demand when you actually do something?
Guess again, you’ll be needing a couple of meg just to start the app:
Part of the problem is shown under the Content-Type heading above; it’s nearly all PNG files. Actually, it’s 134 PNG files. Why? I mean what on earth could justify nearly 2 meg of PNGs just to open the app? Take a look at this fella:
This is just one of the actual images at original size. And why is this humungous PNG required? To generate this screen:
Hmmm, not really a use case for a 425x243, 86KB PNG. Why? Probably because as we’ve seen before, developers like to take something that’s already in existence and repurpose it outside its intended context, and just as in that aforementioned link, this can start causing all sorts of problems. Unfortunately it makes for an unpleasant user experience as you sit there waiting for things to load while it does unpleasant things to your (possibly meagre) data allocation.
But we’re only just warming up. Let’s take a look at the very excellent, visually stunning EVO magazine on the iPad. The initial screen is just a list of editions like so:
Let’s talk in real terms for a moment; the iPad resolution is 1024x768 or what we used to think of as “high-res” not that long ago. The image above has been resized down to about 60% of original but on the iPad, each of those little magazine covers was originally 180x135 which even saved as a high quality PNG, can be brought down well under 50KB apiece. However:
Thirteen and a half meg?! Where an earth did all that go?! Here’s a clue:
Go on, click it, I’ll wait.
Yep, 1.6MB.
4,267 pixels wide, 3,200 pixels high.
Why? I have no idea, perhaps the art department just sent over the originals intended for print and it was “easy” to dump that into the app. All you can do in the app without purchasing the magazine (for which you expect a big bandwidth hit), is just look at those thumbnails. So there you go, 13.5MB chewed out of your 3G plan before you even do anything just because images are being loaded with 560 times more pixels than they need.
The secret stalker within
Apps you install directly onto the OS have always been a bit of a black box. I mean it’s not the same “view source” world that we've become so accustomed to with the web over the last decade and a half where it’s pretty easy to see what’s going on under the covers (at least under the browser covers). With the volume and affordability of iOS apps out there, we’re now well and truly back in the world of rich clients which performs all sorts of things out of your immediate view, and some of them are rather interesting.
Let’s take cooking as an example; the ABC Foodi app is a beautiful piece of work. I mean it really is visually delightful and a great example of what can be done on the iPad:
But it’s spying on you and phoning home at every opportunity. For example, you can’t just open the app and start browsing around in the privacy of your own home, oh no, this activity is immediately reported (I’m deliberately obfuscating part of the device ID):
Ok, that’s a mostly innocuous, but it looks like my location – or at least my city – is also in there so obviously my movements are traceable. Sure, far greater location fidelity can usually be derived from the IP address anyway (and they may well be doing this on the back end), but it’s interesting to see this explicitly captured.
Let’s try something else, say, favouriting a dish:
Not the asparagus!!! Looks like you can’t even create a favourite without your every move being tracked. But it’s actually even more than that; I just located a nice chocolate cake and emailed it to myself using the “share” feature. Here’s what happened next:
The app tracks your every move and sends it back to base in small batches. In this case, that base is at flurry.com, and who are these guys? Well it’s quite clear from their website:
Flurry powers acquisition, engagement and monetization for the new mobile app economy, using powerful data and applying game-changing insight.
Funny, I knew I’d seen that somewhere before!
Here’s something I’ve seen before: POST requests to data.flurry.com. It’s perfectly obvious when you use the realestate.com.au iPad app:
Uh, except it isn’t really obvious, it’s another sneaky backdoor to help power acquisitions and monetise the new app economy with game-changing insight. Here’s what it’s doing and clearly it has nothing to do with finding real estate:
Hang on – does that partially obfuscated device ID look a bit familiar?! Yes it does, so Flurry now knows both what I’m cooking and which kitchen I’d like to be cooking it in. And in case you missed it, the first request when the Foxtel app was loaded earlier on was also to data.flurry.com. Oh, and how about those travel plans with TripIt – the cheerful blue sky looks innocuous enough:
But under the covers:
Suddenly monetisation with powerful data starts to make more sense.
But this is no different to a tracking cookie on a website, right? Well, yes and no. Firstly, tracking cookies can be disabled. If you don’t like ‘em, turn ‘em off. Not so the iOS app as everything is hidden under the covers. Actually, it’s in much the same way as a classic app that gets installed on any OS although in the desktop world, we’ve become accustomed to being asked if we’re happy to share our activities “for product improvement purposes”.
These privacy issues simply come down to this: what does the user expect? Do they expect to be tracked when browsing a cook book installed on their local device? And do they expect this activity to be cross-referenceable with the use of other apparently unrelated apps? I highly doubt it, and therein lays the problem.
Security? We don’t need no stinkin’ security!
Many people are touting mobile apps as the new security frontier, and rightly so IMHO. When I wrote about Westfield last month I observed how easy it was for the security of services used by apps to be all but ignored as they don’t have the same direct public exposure as the apps themselves. A browse through my iPhone collection supports the theory that mobile app security is taking a back seat to their browser-based peers.
Let’s take the Facebook app. Now to be honest, this one surprised me a little. Back in Jan of this year, Facebook allowed opt-in SSL or in or in the words of The Register, this is also known as “Turn it on yourself...bitch”. Harsh, but fair – this valuable security feature was going to be overlooked by many, many people. “SS what?”
Unfortunately, the very security that is offered to browser-based Facebook users is not accessible on the iPhone client. You know, the device which is most likely to be carried around to wireless hotspots where insecure communications are most vulnerable. Here’s what we’re left with:
This is especially surprising as that little bit of packet-sniffing magic that is Firesheep was no doubt the impetus for even having the choice of enable SSL. But here we are, one year on and apparently Facebook is none the wiser.
Let’s change pace a little and take a look inside the Australian Frequent Flyer app. This is “Australia's leading Frequent Flyer Community” and clearly a community of such standing would take security very, very seriously. Let’s login:
As with the Qantas example above, you have absolutely no idea how these credentials are being transported across the wire. Well, unless you have Fiddler then it’s perfectly clear they’re just being posted to this HTTP address: http://www.australianfrequentflyer.com.au/mobiquo-withsponsor/mobiquo.php
And of course it’s all very simple to see the post body which in this case, is little chunk of XML:
Bugger, clearly this is going to tack some sort of hacker mastermind to figure out what these credentials are! Except it doesn’t, it just takes a bit of Googling. There are two parameters and they’re both Base64 encoded. How do we know this? Well, firstly it tells us in one of the XML nodes and secondly, it’s a pretty common practice to encode data in this fashion before shipping it around the place (refer the link in this paragraph for the ins and outs of why this is useful).
So we have a value of “YWJjMTIz” and because Base64 is designed to allow for simple encoding and decoding (unlike a hash which is a one way process), you can simply convert this back to plain text using any old Base64 decoder. Here’s an online one right here and it tells us this value is “abc123”. Well how about that!
The next value is “NzA1ZWIyOThiNjQ4YWM1MGZiNmUxN2YzNjY0Yjc4ZTI=” which is obviously going to be the password. Once we Base64 decode this, we have something a little different: “705eb298b648ac50fb6e17f3664b78e2?”. Wow, that’s an impressive password! Except that as we well know, people choosing impressive passwords is a very rare occurrence indeed so in all likelihood this is a hash. Now there are all sorts of nifty brute forcing tools out there but when it comes to finding the plain text of a hash, nothing beats Google. And what does the first result Google gives us? Take a look:
I told you that was a useless password dammit! You see the thing is, there’s a smorgasbord of hashes and their plain text equivalents just sitting out there waiting to be searched which is why it’s always important to apply a cryptographically random salt to the plain text before hashing. A straight hash of most user-created passwords – which we know are generally crap – can very frequently be resolved to plain text in about 5 seconds via Google.
The bottom line is that this is almost no better than plain text credentials and it’s definitely no alternative to transport layer security. I’ve had numerous conversations with developers before trying to explain the difference between encoding, hashing and encryption and if I were to take a guess, someone behind this thinks they’re “encrypted” the password. Not quite.
But is this really any different to logging onto the Australian Frequent Flyer website which also (sadly) has no HTTPS? Yes, what’s different is that firstly, on the website it’s clear to see that no HTTPS has been employed, or at least not properly employed (the login form isn’t loaded over HTTPS). I can then make a judgement call on the trust and credibility of the site; I can’t do that with the app. But secondly, this is a mobile app – a mobile travel app – you know, the kind of thing that’s going to be used while roaming around wireless hotspots vulnerable to eavesdropping. It’s more important than ever to protect sensitive communications and the app totally misses the mark on that one.
While we’re talking travel apps, let’s take another look at Qantas. I’ve written about these guys before, in fact they made my Who’s who of bad password practices list earlier in the year. Although they made a small attempt at implementing security by posting to SSL, as I’ve said before, SSL is not about encryption and loading login forms over HTTP is a big no-no. But at least they made some attempt.
So why does the iPhone app just abandon all hope and do everything without any transport layer encryption at all? Even worse, it just whacks all the credentials in a query string. So it’s a GET request. Over HTTP. Here’s how it goes down:
This is a fairly typical login screen. So far, so good, although of course there’s no way to know how the credentials are handled. At least, that is, until you take a look at the underlying request that’s made. Here’s those query string parameters:
Or put simply, it’s just a request to this URL: http://wsl.qantas.com.au/qffservices/?channel=iphone:1.0&club=fwclub&action=authenticateMember&ff_number=1234567&pin=1234&last_name=Foo
Go ahead, give it a run. What I find most odd about this situation is that clearly a conscious decision was made to apply some degree of transport encryption to the browser app, why not the mobile app? Why must the mobile client remain the poor cousin when it comes to basic security measures? It’s not it’s going to be used inside any highly vulnerable public wifi hotspots like, oh I don’t know, an airport lounge, right?
Apps continue to get security wrong. Not just iOS apps mind you, there are plenty of problems on Android and once anyone buys a Windows Mobile 7 device we’ll see plenty of problems on those too. It’s just too easy to get wrong and when you do get it wrong, it’s further out of sight than your traditional web app. Fortunately the good folks at OWASP are doing some great work around a set of Top 10 mobile security risks so there’s certainly acknowledge of the issues and work being done to help developers get mobile security right.
Summary
What I discovered about is the result of casually observing some of only a few dozen apps I have installed on my iOS devices. There are about half a million more out there and if I were a betting man, my money would be the issues above only being the tip of the iceberg.
You can kind of get how these issues happen; every man and his dog appears to be building mobile apps these days and a low bar to entry is always going to introduce some quality issues. But Facebook? And Qantas? What are their excuses for making security take a back seat?
Developers can get away with more sloppy or sneaky practices in mobile apps as the execution is usually further out of view.
You can smack the user with a massive asynchronous download as their attention is on other content; but it kills their data plan.
You can track their moves across entirely autonomous apps; but it erodes their privacy.
And most importantly to me, you can jeopardise their security without their noticing; but the potential ramifications are severe.
We live in interesting times.
66 comments:
OH NO DEVELOPERS DO DUMB STUFF
That is one fascinating article you have written there Troy. Excellent work. I am going to try the same thing with my android phone now....no doubt the same shortcuts and data scraping tools are being used. Fascinated to know for sure though.
Flurry, of course, is used by tens (if not hundreds) of thousands of apps on iOS, Android, WP7, etc. Great article, but the implication (which you finally sort-of-dismiss at the end) that this is an iOS issue is just linkbait, IMHO.
Can you please explain how you got fiddler to see the http traffic?
What on earth does this have to do with iOS?
You're stupid.
No doubt as intended, the iOS tag hooked me here - but I'm glad it did. On the basis of this article some clever chap should create a blog/web-service exposing this sort of information in a league table. Incredible and totally inconsiderate that successful app design houses are not optimizing their apps for mobile network access. Thanks for a great article, I'm off to find out more about Fiddler..
His tests were on iOS. Nothing deceitful about the headline at all. If he had an Android phone, and looked into Android apps, I would expect the title to reflect that as well. Move along.
well, it tells us that you didn't read the article, first and foremost.
Great post, Troy. I'm about to get my first iPhone (4s) and was wondering what you recommend for the consumer. For example, how about the following:
1) Get the 1Password or some other password management app.
2) Any time a Web app is available, use it instead of the iOS app. To keep logins manageable, login using 1Password
3) If you want to use an app that has no web app counterpart, don't use it over open WiFi.
4) Prefer Apple and Google apps over competing alternatives, as they tend to take security more seriously (is that true?)
Feel free to shoot this full of holes or improve upon it - just trying to think through what I should do based on the information in this post.
yes, how were you able to run Fiddler on your iOS device??
Set the machine which runs fiddler as a proxy server in the iPhone's Wi-Fi connection settings.
Have you seen this video? It is scary how Facebook retains all your information without your consent: http://www.youtube.com/user/europevfacebook#p/c/8ED10AB2E76CD62E
Wow...now I want to throw all my devices away and live in a Faraday Cage...
The cross-app tracking stuff is pretty shady, and it's why Apple has deprecated that API in iOS5.
As a developer, I don't mind intra-app click-tracking stuff, as long as it's used properly (largely used, in my experience, to prove to designers/product managers that no one is clicking that button that doesn't look like a button and by the way we told you so).
Especially if it's only being done through Flurry, despite having the data, they really don't have the technology as far as I can tell to do anything really spooky with it. (Yet.)
As ASD says, you need to run Fiddler on a PC and allow it to act as an HTTP proxy then configure the iPhone's wifi connection to use this proxy. Very simple and all outlined here: http://conceptdev.blogspot.com/2009/01/monitoring-iphone-web-traffic-with.html
Troy, great attention to detail! It's a shame that the audience for this type of piece comprises people who are already aware of the problem. Have they considered what caused the problem ? One of us has....
I like this type of coverage, thanks Troy. I've uninstalled a number of apps, usually ones that correspond to a Web 2.0 site like TripIt or a radio station, because they eat up too much time, and obviously bandwidth too, just to get started.
I think it's worth noting that the just announced update to Android, Ice Cream Sandwich, includes per app data usage monitoring: http://j.mp/qBC0mU.
Not the iOS device is the proxy. You need to install the proxy on another computer.
Thanks for the great comment Barak. To be clear, the tracking doesn't bother me too much personally, it's more about most people probably not expecting this to be happening (at least the feedback seems to indicate this). Actually, the only thing that probably bothers me a bit is the ability to cross-reference the one user's activity across multiple apps, that starts to get a little more creepy.
Wow, the Ice Cream Sandwich data usage monitor is really impressive, thanks for pointing that out.
1) Yep, you know I agree :)
2) The problem is that native apps are usually built as a richer alternative to the web so you sacrifice on features if you do this. I'm happy to use native apps and the same security mitigations apply as they do anywhere else: use a strong, unique password and refer to point 1 above.
3) Definitely be cautious on public wifi. Most of the time you've also got 3G so there's usually an alternative.
4) The problem is that there's not usually much in the way of native apps beyond a few core staples so you end up going to 3rd parties. You'd think the likes of Facebook and Fox could build secure, efficient apps but here we are!
iOS simulator.
For jailbroken iOS users, I am the author of "iNetUsage", which gives you a per-application usage breakdown: http://moreinfo.thebigboss.org/moreinfo/depiction.php?file=inetusageData
Admittedly not as pretty as the Android one :)
I'm thinking about adding functionality such that you can block certain apps from using data, or from using cellular data, though you can probably already achieve this using e.g. Firewall iP (another cydia package).
FYI, regarding the cooking app tracking your location ... "Australia/Sydney" would be a pretty standard way to store timezone information. When you install your OS you typically pick your timezone off a world map. So although the app sends home that information, it probably wouldn't update if you moved unless you brought your computer, changed the timezone and synced the iPad.
Typically all the timezones are stored in a directory call "tzdata"
BTW, in the RealEstate.com.au app you can turn off usage/flurry tracking in the iPhone Settings app. Other apps also do this.
Ah, good point, although it looks like it's the only one I referenced where it's actually configurable. And of course it's on by default.
Using a VPN connection would diminish the public wi-fi snooping issue, right? If you can find a completely trusthworthy VPN subscription service, that is.
I recently did a dynamic analysis of 10,000 android apps from android market (for Black Hat Vegas 2011). The most resource-hungry app downloaded 12 MB in the first 30 seconds. http://www.neildaswani.com/wp-content/uploads/2011/08/Mobile-Malware-Madness_July%202011-FINAL.pdf
Great write up Troy, very interesting reading. You might expect that since Apple have the application approval process in place they would be looking at security of the apps that are published on the App store. The Android market place is the wild west so I would not expect much could be done unless Google start vetting apps. Apple could end up with a seriously damaged relationship unless they consider how apps treat security.
Users appear to just give up their privacy concerns when using and installing apps, it's amazing what certain applications on Android require from your phone to work, I suspect the majority of users running the apps never even look to see what rights are being requested and just happily click through.
I think the work you are doing here will help to highlight these concerns and applaud you for it.
It's not widely known that Flurry has an opt-out page: http://www.flurry.com/resources/privacy.html Although opt-out is not a perfect solution, I suggest making use of it.
This has nothing to do with iOS except that you used it. It sounds like server-side developers are the problem.
I think he meant that the title implies iOS does something behind your back out of its own will.
You're welcome. Thanks for the detailed coverage on the wasted bandwidth. GZIP and JSON are musts.
Considering that applications are required to pass an extensive check of their functionality etc. by the Apple team that some of these issues would be caught and the author would be forced to fix them. It seems to me that the application approval process is turning out to be more about fit and finish and much less about properly designed and functioning applications.
Your app looks good, I like that it's integrated with Settings and not a standalone app. Adding integrated blocking or alerts would be cool.
I don't understand why you've specifically targeted iOS in this piece. Well, perhaps I do. A generous explanation would be that you've written this out of concern from the large number of people who've chosen to use iOS devices. A less generous explanation would be that it makes for an alarmist headline that begs to be retweeted. I hope it's the former.
Your focus on iOS here (no other platform is mentioned until the final paragraph) seems to suggest that iOS in particular is guilty of pulling the wool over users' eyes. It seems to be your contention that regular internet users comprehend the nature and type of resources that are downloaded when they view a webpage.
So to what percentage of the internet using population does "you expected cookies to be tracking you and you always knew if HTTPS was being used" apply? How many people know what http actually means? It's "a trivial matter" to "fire up an HTTP proxy like Fiddler", apparently. Yes, my grandmother does this all the time! She refuses to get an iPhone because Apple have hidden the secret workings that are so transparently obvious and easily interpretable on every other platform she's used. Man, she won't stop going on about .gzip compression! Of course bandwidth is an issue for mobile devices. That's why iOS lets you view statistics on how cellular data you're downloaded. So how exactly is this 'secret iOS business'? Of course security is an issue. But the idea that security issues are "further out of sight" on mobile (by which, with reference to your headline, you mean iOS) is obviously not true: you've just demonstrated yourself that it's possible to view the workings of these apps. Is this really further out of sight than web apps to the typical user? Are not the workings of a web app as opaque to a regular user as the workings of a mobile app, and are not the workings of a mobile app as transparent to a technically-minded user as are the workings of a web app?
You're right to call out developers for making unnecessary requests and for being lax with security on mobile devices. I think you make some excellent points about quality control. But the bizarre emphasis on iOS and the linkbait headline make me question your motives.
My own testing using an analyser tool showed all Facebook traffic being sent of https, see http://pastebin.com/KHi3r25f for the log. What conditions did you do your testing under?
I tested with Fiddler using what I'm pretty sure is still the current version of the Facebook app on iPhone. You can see the HTTP post and response in the first image in the security section above. There were actually some HTTPS requests, but also plenty in the clear.
Thanks for doing this research. Quite an eye-opener.
Strange. I had my account set to use https when I installed the app and did testing with that option on and off, I wonder if that had anything to do with it.
Either way thanks for taking the time to write this post, very few people realise what their phones are actually doing.
Try witopia.net - it's easy to set up and use.
Just blogwalking....
I disagree. There is no reason why iOS would expose a unique "phone ID" to all applications, allowing Flurry to correlate your behavior across multiple apps. This creates a "supercookie" that you can never get rid of.
This could have been solved easily. Every app could have been seeded with a random "install ID" at installation, and it could be regenerated when reinstalling an app or when the user presses a "reset app" button in settings.
Interesting article. Your Australian Frequent Flyer example is probably even worse, as it seems to be an example of "plaintext-equivalence" logic: Since it is the client doing the hashing, you can gain access to the resource just by replaying the captured hash, without knowing the original cleartext password.
Thanks.
For those wondering what iOS has to do with this, you've clearly forgotten how many hoops developers have to jump through to get something accepted on that platform. What good is a walled garden when you let people plant landmines under the flagstones?
WP7 is secure by design! No, I argree, these are issues the apps developers are responsible for, and as we know, generally mobile developers suck. So just ignore your security and better go have a nice long walk at the beach.. =)
Why are you fear mongering anonymous location data? They are not "tracing
Your every movement" - they're gaining valuable insight to how differing Geo's use their app-- doing something (hopefully) smarter with that data than you could ever do.
Shame on you. blaming retarded one off citations on ios..
Nice work. LOL on the evo images.
Oh I've no doubt the Flurry data really does provide "game-changing insight", but again, the privacy issue simply comes back to "what would your users deem acceptable?" In this case, tracking their location as they read their cookbook is probably going to come as a surprise to most people. But as I said in the post, greater location fidelity can usually be gained from the IP anyway so the issue is not so much the location string passed in the Flurry request rather the fact that any logging is happening at all.
And when the same UDID is passed in the requests to Flurry from multiple apps and there remains the potential to match that ID to individual's identities (the AT&T iPad hack of last year is a good example), suddenly the whole thing is no longer quite so anonymous...
My understanding is that it CAN be turned off ... or at least it is supposed to be per Flurry's Privacy First Initiative: http://www.flurry.com/about-us/press/Flurry_PrivacyFirstInitiative_051310.pdf ... note the "set of developer requirements" midway through. If someone's using Flurry and isn't giving end user's full disclosure and a way out, that's not good.
Very interesting, the only app I tested which provides an opt-out is the realestate.com.au one. Perhaps there is full disclosure in the rambling terms and conditions of some, but it's no more than a legal exercise nobody reads anyway.
Indeed. Reminds me of a certain South Park episode. The consequences can be dire!
Seriously, though, this leads me to wonder: If Flurry has mobile dev requirements through PFI, I have to wonder just how many apps using Flurry are meeting those requirements head-on? "Simple, readable TOS language", "An opt-out switch" in the app settings, "A data deletion button", "Geographic data obfuscation" (metro area granularity) ...
Looks like it's for good reason that Apple have deprecated the use of Device IDs in iOS 5. I'd they'll be gone from the public API in the next version.
Rented Office Space in chandigarh Are you searching for state-of -the-art office facility ? Logon @ Netsmartzhouse.com and find well furnished commercial ,premium, shared OFFICE spaces for RENT in Chandigarh, IT Park.
We did not reinvent the panoramic photograph
but we created a possibility for you to extend your presentation of real estate objects by a virtual 360° panorama walk.
It is the aim of our work to make you able to create your own panoramic photographs. Using our tool especially designed for this purpose together with technical instructions offered by our service staff it is possible even for beginners to create panoramic photographs and to embed these photographs in your internet presentation – interactive ground plans included.
So you can save expensive service providers, have your own time management and can bring your presentation up-to-date as far as internet techniques are concerned. Try our tools and get in touch with us –and let us show you that creating and embedding panoramic photographs to your internet presentation is as easy as the handling of conventional images.
We define ourselves as service providers for innovative estate agents and their internet presentations.
We employ our know-how aiming at designing and concentrating in a highly professional way all your activities concerning your internet presentations. Our know-how, our service staff and its experience and competence together with continuous innovations are the basis for our success and will ensure you an important competitive advantage.
Our system is based on a one shot technique, which means that you only need ONE !!! photograph to create your panoramas.
Your advantage: You will obtain the best price-performance ratio
Your disadvantage: You will have a vertical angle of vision of “only” 115°
You will find all necessary information on our websites
http://www.grundrissmaker.de
http://www.sachsmarketing.de/gutschein/software_grundrisse.htm
http://sachsmarketing.de/gutschein/software_grundrisse.htm
Grundrisse helfen uns bei der Orientierung in einer unbekannten Umgebung.
In der Zusammenarbeit mit unseren Kunden haben wir festgestellt, das
häufig keine oder ungeeignete Grundrisse für eine Präsentation im
Internet vorhanden sind.
Meist müssen Grundrisse aufwendig erstellt werden, oft mit Software, die viel mehr kann, als das was eigentlich gebraucht wird.
Genau diese Lücke schließt unser GrundrissMaker.
Erstellen Sie in wenigen Minuten einen Grundriss für Ihre
Internetpräsentation, um Ihrer Zielgruppe einen schnellen Überblick über
die Räumlichkeiten zu ermöglichen
We did not reinvent the panoramic photograph
but we created a possibility for you to extend your presentation of real estate objects by a virtual 360° panorama walk.
It is the aim of our work to make you able to create your own panoramic photographs. Using our tool especially designed for this purpose together with technical instructions offered by our service staff it is possible even for beginners to create panoramic photographs and to embed these photographs in your internet presentation – interactive ground plans included.
So you can save expensive service providers, have your own time management and can bring your presentation up-to-date as far as internet techniques are concerned. Try our tools and get in touch with us –and let us show you that creating and embedding panoramic photographs to your internet presentation is as easy as the handling of conventional images.
We define ourselves as service providers for innovative estate agents and their internet presentations.
We employ our know-how aiming at designing and concentrating in a highly professional way all your activities concerning your internet presentations. Our know-how, our service staff and its experience and competence together with continuous innovations are the basis for our success and will ensure you an important competitive advantage.
Our system is based on a one shot technique, which means that you only need ONE !!! photograph to create your panoramas.
Your advantage: You will obtain the best price-performance ratio
Your disadvantage: You will have a vertical angle of vision of “only” 115°
You will find all necessary information on our websites: http://www.sachsmarketing.de
http://www.grundrissmaker.de
http://www.weliked.de
http://www.sachsmarketing.de
http://www.grundrissmaker.de
einfach Grundrisse erstellen ? mit unserer Freeware kein Problen
Grundrisse helfen uns bei der Orientierung in einer unbekannten Umgebung.
In der Zusammenarbeit mit unseren Kunden haben wir festgestellt, das häufig keine oder ungeeignete Grundrisse für eine Präsentation im Internet vorhanden sind.
Meist müssen Grundrisse aufwendig erstellt werden, oft mit Software, die viel mehr kann, als das was eigentlich gebraucht wird.
Genau diese Lücke schließt unser GrundrissMaker.
Erstellen Sie in wenigen Minuten einen Grundriss für Ihre Internetpräsentation, um Ihrer Zielgruppe einen schnellen Überblick über die Räumlichkeiten zu ermöglichen
Free Facebook Fans and Twitter Followers To Grow Your Social
Network
facebook fans, facebook share,
twitter followers, youtube views, website hits, free fans, viral
fanpage, fanpage promotions, twitter re tweetshttp://www.weliked.dehttp://www.grundrissmaker.dehttp://www.sachsmarketing.de
schau hier http://www.weliked.de
http://www.grundrissmaker.de
Per il tuo bambino scegli Moncler. Una scelta di capi, estivi ed invernali, eccezionali. Tuo figlio sarà sempre alla moda e potrà muoversi in totale comodità.
http://www.grundrissmaker.de
http://www.verlosen24.de
http://www.bundesligawette.de
Oddly enough apple have deprecated the use of the unique UDID in favour of an app specific unique identifier.
Hopefully this will prevent cross app tracking which it seems these flurry people are doing.
Werte Leserin, werter Leser,
als Immobilienmakler kennen Sie das Problem: Sie haben in Ihrem Portfolio ein wirklich wunderbares Objekt. Doch jedes noch so raffinierte Foto, jede noch so einfallsreiche Formulierung kann es nicht annaehernd so plastisch und ganzheitlich vermitteln, wie Sie es bei der Besichtigung erlebt haben. Fuer das Problem ” Wie kann ich meinen Kunden dieses Prunkstueck im Vorfeld am besten praesentieren” gibt es, wie Sie sicher wissen, inzwischen eine gute Loesung: die Panoramafotografie. Doch sind Panoramafotografen bzw. die entsprechenden Produktions- und Praesentations-Geraete nicht viel zu teuer? Und waere das Produktionsverfahren, wollte man die Sache selbst in die Hand nehmen, nicht viel zu kompliziert? Die Antwort auf diese Fragen lautet: Nein, nicht mehr.
Onlinekurs: “Einfach und sicher zu Panoramafotos”
In meinem Online-Kurs vermittle ich Ihnen, wie Sie virtuelle Rundgaenge und Panoramafotos ( http://www.grundrissmaker.de/ )einfach und sicher selbst erstellen.
Hier erfahren Sie, wie Sie in nur zehn Minuten einen virtuellen Panoramarundgang kreieren – und damit Ihre Immobilienpraesentation zum Nulltarif deutlich aufwerten.
Teure Panoramafotografen gehoeren damit endgueltig der Vergangenheit an.
http://www.verlosen24.de
http://www.bundesligawette.de
http://www.sachsmarketing.de
http://www.panoramamaker.de
http://www.weliked.de
http://www.facebook.com/weliked.de
Post a Comment