Restrictions on mobile servers?

Richard Gaskin ambassador at fourthworld.com
Thu Jul 20 14:23:44 EDT 2017 

Ralph DiMola wrote:

 > Richard wrote:
 >> On the desktop, most OSes at least provide some means of requiring
 >> explicit admin permission to allow an app to open a TCP port for
 >> listening.
 >>
 >> What restrictions are imposed by iOS and Android for similar
 >> security?
 >
 > The only restriction I know of is on iOS. iOS does not allow
 > unencrypted http connections unless you tic the "Disable ATS"
 > in the standalone settings. I know this applies to URLS using
 > the browser control and "put/get url" in scripts but don't know
 > if it also applies to sockets.
 >
 > If the mobile app was to be the server side of sockets how would
 > you connect to it? What would be the URL?

Thanks for the input, Ralph.

I've been pondering P2P-vs-client-server for years, and this morning was 
prompted to learn the implications of attempting P2P on mobile from this 
forum thread:
<http://forums.livecode.com/viewtopic.php?f=11&t=27058>

The user there is proposing a dynamic DNS solution, where each mobile 
device posts its current IP address through a domain-based intermediary.

As popular as DynDNS services are for certain applications, they only 
solve part of the problem.

The biggest challenges (on the desktop at least) involve the complexity 
required of the user to configure port-forwarding in their router's NAS, 
and the (hopefully) complete inability to do that in any business 
environment.  Coupled with an ever-greater awareness of security risks 
at the OS level, deploying TCP listeners in consumer apps seems dodgy at 
best.

Indeed, many P2P services, like one of the world's most popular, Skype, 
make use of client-server as a fallback. Last I heard most of Skype's 
traffic was using that fallback.

So while I'm disinclined to recommend P2P for anything outside of 
subnets on the desktop, I have to admit ignorance of the implications of 
attempting it on mobile OSes.

I would imagine security would be even stronger, but perhaps mobile OS 
vendors provide clever ways to mitigate the risks.

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com

More information about the use-livecode mailing list