Thursday, June 18, 2009

The REAL reason MMS isn't on the iPhone at launch and wasn't in iPhone OS1.1 or 2.0 ...


I'm not sure if anyone has said this somewhere else online ... I googled for it and couldn't find anything. I do know that the "Let's bash AT&T bandwagon" Is in full gear. Most of the time these "gang ups on AT&T" happen, it seems suspiciously initiated by a Verizon executive troll. What surprises me the most is that WebStar geeks like John Gruber join in the gang bangs without any research.

The reason there hasn't been any "Picture Messaging" (also called Multimedia Messaging or MMS) is because of the lack of security with the current way MMS is approached. AT&T is being very coy and secretive about this so as not to draw attention to it. Many have interpreted the relative silence from AT&T as a "network capacity issue" - it's not. It is solely a security reason.

Why would I say that?

A few months back my teenage step daughter had a new ringtone on her phone (A Samsung BlackJack II). I was immediately upset because I had told her not to buy ringtones. I explained to her that usually there were hidden charges with ringtone service providers. She explained to me that she had not purchased the ringtone at all and proceeded to show me a website where one entered their email address and phone number. The website sent the cellphone an MMS message. When the message was saved, it spoofed the phone into thinking "the picture/video" was actually a ringtone.*

* I won't get into the fact that my step daughter uses a Dell and this same website loaded spyware, adware, and malware onto her install of Windows XP.

For a day or two I researched this website and how the MMS spoofed as a ringtone*.

* Link above includes spoofing SMS & MMS for ringtones

Since the iPhone has the ability to email pictures - which I prefer - I've never really cared about MMS. My wife has an iPhone and she's just about the only person I'd care to receive pictures from on an immediate "gotta see it now" basis.

So ... for all those that seem to be bashing AT&T - for the wrong reasons* - I submit, that you do your research.

* Yes I'm implying that AT&T might need some bashing for valid reasons

The iPhone OS 3.0 has quite a number of new security features. It is my speculation that AT&T's delay is merely based on implementing this new security into a specific iPhone MMS model so that there can't be any "ringtone spoofing" or executable / malicious code" sent to iPhones.

If you have any technical insight you could provide ... please post it to the comments.

[UPDATE] See this on Engadget:

Apple patching nasty SMS security hole

12 comments:

dan said...

Come to think of it, i have never used MMS. I mean what is wrong with email?

Anonymous said...

It's not "spoofing." MMS = Multimedia Messaging Service. You can send any arbitrary content you want to a phone via MMS. This is how OTA Ringtones are delivered, via MMS! This is not a security issue at all, it is THE function of MMS.

From Wikipedia: "Multimedia Messaging Service, or MMS, is a telecommunications standard for sending messages that include multimedia objects (images, audio, video, rich text)."

A little research would go a long way on your part.

fixyourthinking said...

Actually ...

A little knowledge of the iphone would go a long way on YOUR part ...

The iPhone cannot save sounds or video from an unsigned/unverified source (ie iTunes or iTunes Store)

Furthermore, games and therefore executeable code can be sent via MMS ... it IS a security issue.

fixyourthinking said...

I meant to say only from iTunes which is verified / encrypted

Anonymous said...

The thing with MMS is that there is an intermediate WAP server involved. AT&T obviously has this because other handsets receive MMS without issue. If there is a security issue then it's not on the iPhone but on the intermediate server allowing bad data to go through. All MMS really is is a special SMS with a URL to pull down the data. Presumably Safari (or webkit) would pull down the data and save it. Safari already has security in place to prevent code or audio from being saved. I don't see how there can be any security issues with MMS, and if there really are, why are other carriers allowing it?

fixyourthinking said...

The current state of MMS in regards to the iPhone would essentially create a cellular equivalent to Limewire.

Also ... One can send executeable code (ie games) via MMS ... My daughter has gotten a few java games for her blackjack this way.

I would imagine therein lies the problem ... One AT&T will need capacity, two ... security ... three ... A way to limit packet size ... So as not to be able to send full length songs.

With Verizon & AT&T the blackjack saw the ringtone as a type of application enhancer ... Not just an audio file.

This is why I use the term ... spoof.

Each time my daughter would get thus website to send her a ringtone by MMS it would charge her for a small amount if data.

However, she could send and receive picture messages and self recorded audio files without charge.

And just to note ... One of the websites (all were free) even said ... We'll trick your phone into thinking it's a ringtone.

Anonymous said...

MMS has a size limitation of 300k already.

I think "we'll trick your phone" is aimed at teenagers looking to do something illicit. There's no trickery involved, but tell them there is and they're more likely to do it.

And like I said, there's security in place. MMS really is just a SMS with a URL.

I can tell you why MMS wasn't on iPhone 1.0... it's a stupid feature and Apple wanted to focus on core features. It wasn't on iPhone 2.0 because that release had more of a corporate goal and corporations don't care about MMS. Why is it in iPhone 3.0? Well 3.0 is about fun, and for some people MMS is fun.

What the hold-up at AT&T is is beyond me, but neither security nor capacity make any sense. My best guess is AT&T is working out a way to bill for MMS separate from SMS and data.

Anonymous said...

BTW, billing separately seems to be the hold-up on data tethering, so it makes sense that might be the same for MMS.

Anonymous said...

Sorry for three comments in a row, but something you said convinced me it's a billing thing:

"Each time my daughter would get thus website to send her a ringtone by MMS it would charge her for a small amount if data."

Data is unlimited on all of AT&T's iPhone plans, but SMS is highly limited. The "security" issue here is that a carefully constructed message would use data instead of charging for an SMS. AT&T wants to protect that revenue streams so they are looking for a way to bill for those fake messages. That makes the most sense.

I bet all the carriers that launched with MMS are ones that include either unlimited SMS or their data plans are limited. Either way those carriers get paid or everything is already unlimited. There's a loophole in AT&T's billing for these where data is free but SMS is not.

fixyourthinking said...

AT&T has stated MMS will be free.

I do know that you must have data enabled on other phones - even if you don't have a data plan.

Anonymous said...

What AT&T said is that MMS would be the same price as SMS. Since the iPhone plans all only include 200 SMS that's hardly free.

fixyourthinking said...

If it were a billing issue one would think they'd go ahead and enable the feature for unlimited plans.

I have family unlimited + unlimited text (SMS)

There is some technical issue ... because right now AT&T is unable to have MMS with data turned off.

At present ... I believe the iPhone is unable to block any data within mobile safari.

As I said before ... I believe At&t is worried about creating the potential for limewire mobile with iPhones ... partly due to the 60% + that jailbreak iPhones.