Feeds

iPhone tethering app uses HTML5 to defeat Apple's censors

Pushing web language to the limit

Top three mobile application threats

A Wi-Fi tethering application for the iPhone has managed to bypass Apple's restrictions on such apps by doing the whole thing in HTML5 - and charging for it too.

Tether did pop up in the Apple store briefly; it was available for about 20 minutes before Cupertino spotted the app was allowing iPhone users to share their mobile data connections over Wi-Fi, a breach of many operator contracts. But now the author has managed to bodge the functionality into HTML5, making Apple's store redundant and its restrictions irrelevant.

Network operators often charge extra for "tethering" - that is, connecting a laptop to the internet through a mobile phone. The increasingly spurious logic is that a laptop can consume more bandwidth than a mobile phone and therefore operators charge more to connect them up. Apple disables the feature on the iPhone at operator request, and third-party apps which make it work aren't allowed in the app store.

In the UK tethering is controlled by accusing anyone who uses lots of data of tethering in breach of the T&Cs. Some sort of packet inspection could be used, but where the iPhone is set up to prevent tethering then Tether can make it happen, at least until the network operator notices.

Tether isn't the first application to use HTML5 to bypass Apple's control. Back in 2010 XPornApp turned to HTML when Apple purged its store of unbranded adult content, but leaving the walled iTunes garden removed the billing mechanism and XPornApp's new business model of handing out free pornography turned out to be unsustainable.

No such problems for Amazon, which has a billing system to rival Apple's and happily took its own Kindle app into the world of HTML5 when Apple started asking for 30 per cent of every sale.

But getting tethering to work is pushing HTML5 to its limits, well beyond what one might expect a website to be able to do. The system seems to work by using the iPhone as a proxy server, so one sets up an ad-hoc Wi-Fi network and runs special desktop software to direct HTTP traffic to the iPhone. The HTML5 page loaded onto the iPhone pushes the traffic on and returns the result, creating tethering without having to get approval from Apple, or the network operator.

There's a video showing websites and video streaming working perfectly, and the problems being reported by users stem from the complexity of setting up an ad-hoc network rather than any failure of the application itself, but to test it yourself you'll have to cough up $15 for a year's use (rising to $30 annually thereafter).

HTML5 does enable all sorts of applications to exist outside a manufacturer's limits; this isn't supposed to matter as HTML5 apps don't have access to local files or hardware components such as the camera or microphone, so security isn't an issue. App stores still provide an easy way to collect revenue in exchange for a slice of that cash and submission to the store's control - both of these conditions are now driving developers out in roughly-equal proportion. ®

Seven Steps to Software Security

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.