Archive for February 10, 2017

Friday, February 10, 2017

Protecting Your Data at a Border Crossing

Jonathan Zdziarski:

Obviously, you want all of your devices encrypted and powered off at the border. There are plenty of ways to access content on devices (even locked ones) if the encryption is already unlocked in memory.

[…]

To lock down 2FA at a border crossing, you’ll need to disable your own capabilities to access the resources you’ll be compelled to surrender. For example, if your 2FA sends you an SMS message when you log in, either discard or mail yourself the SIM for that number, and bring a prepaid SIM with you through the border crossing; one with a different number. If you are forced to provide your password, you can do so, however you can’t produce the 2FA token required in order to log in.

[…]

I’ve written about Pair Locking extensively in the past. It’s an MDM feature that Apple provides allowing you to provision a device in such a way that it cannot be synced with iTunes. It’s intended for large business enterprises, but because forensics software uses the same interfaces that iTunes does, this also effectively breaks every mainstream forensics acquisition tool on the market as well. While a border agent may gain access to your handset’s GUI, this will prevent them from dumping all of the data – including deleted content – from it. It’s easy to justify it too as a corporate policy you have to have installed.

Piezo’s Life Outside the Mac App Store

Paul Kafasis (tweet, Hacker News):

The Mac App Store previously made up about half of Piezo’s unit sales, so we might have expected to sell half as many copies after exiting the store. Instead, it seems that nearly all of those App Store sales shifted to direct sales. It appears that nearly everyone who would have purchased Piezo via the Mac App Store opted to purchase directly once that was the only option. Far from the Mac App Store helping drive sales to us, it appears we had instead been driving sales away from our own site, and into the Mac App Store.

[…]

In each of the four most recent quarters, Piezo brought in more revenue than it had in the corresponding quarter a year earlier. We earned more revenue when Piezo was available exclusively through our store than when we provided the App Store as another purchasing option.

This result might seem counterintuitive. Piezo’s price remained the same, and unit sales went down, so how could we have earned more revenue? The key to understanding this is remembering the cost of being in Apple’s App Stores — 30% off the top of every sale.

Previously: 100 Days Without the App Store, Piezo Exits the Mac App Store.

Update (2017-02-14): John Biggs (via Hacker News):

App Stores are storehouses. They are great if you’re giving something away – you can grab lots of eyeballs quickly with the right strategy – but they definitely take a cut of revenue and could encroach on overall sales. The problem is that we’re stuck. We’re stuck selling through the iOS and Android app stores and, if you sell books, Amazon is the only way to go. When get locked into one way of sales we’d don’t see or accept alternatives and that hurts us.

In the end these three examples should not define a sales strategy. What they do show, however, is that for certain popular products there is little value in trusting any app store – be in Google’s, Apple’s, or Microsoft’s – to work in your favor. Direct sales are always and option and it’s quite important to figure out a strategy based on direct sales sooner than later.

Nick Heer:

The Mac App Store could have been a golden opportunity for developers. In a hypothetical world, having Apple handle credit card processing, automatic updates, quality assurance, and curation, plus putting their marketing muscle behind the store — all of these factors could have made developers happy to give up 30% of their potential revenue. But the large number and aggressive types of limitations required for apps in the store combined with Apple’s rather lax quality controls has made the Mac App Store a combined flea market and glorified Software Update utility.