Tag Archives: Apps

Scality Connect ports S3 apps to Azure Blob storage

Object storage vendor Scality is moving to connect Amazon S3 apps to Microsoft Azure Blob storage in multicloud setups.

Scality Connect software, which launched last week, can help customers overcome the hurdle of porting an application based on the Simple Storage Service (S3) API to Azure Blob storage.

Scality plans to announce in December advanced Amazon S3 API support, along with versioning and a bucket website, said Wally MacDermid, vice president of business development for cloud at Scality, based in San Francisco.

John Webster, a senior partner at Evaluator Group in Boulder, Colo., said the multicloud play will be of particular interest to the DevOps groups within organizations. Many developers spend a great deal of time doing API modifications to applications.

“Anytime you can relieve the user of that burden is good. [Lack of interoperability] is a big issue. This is the last thing customers want,” Webster said of the need to modify APIs. “They just hate it. They have to modify APIs to work with other APIs.”

MacDermid said there is no hardware requirement for Scality Connect.  It is included as a stateless container inside an Azure subscription. Connect stores data in the Microsoft Azure Blob storage native format, and the container runs in a virtual machine within the customer’s subscription.

“We don’t hold any data. We just pass it to the Azure cloud,” MacDermid said. “An application that works on S3 can run in Azure without requiring any modification in the code.

“Once the data is up in Azure, you can use the Azure management services on top of it.”

Scality Connect makes it easier for developers to deploy applications within Microsoft Azure and use its advanced services. The software is available through the Azure Marketplace.

The Microsoft Azure and Google clouds do not support the Amazon S3 API, which has become the de facto cloud standard in the industry. That means the Azure Blob storage does not talk to the Amazon S3 API, which limits a customer’s ability to use multiple clouds.

“One side talks S3, and the other side talks the Azure API, and neither talks to each other,” MacDermid said. “This is a problem not only for customers, but for Azure, as well. [Microsoft] would admit that. The Scality Connect runs in the Azure Cloud. It gets your data up to the Azure Cloud and allows you to use the Azure services. We are the translation layer.”

Scality Connect is not the vendor’s first multicloud initiative. Scality in July unveiled its Zenko open source software controller for multicloud management to store data and applications under a single user interface no matter where they reside, including Scality Ring. It helps customers match specific workloads to the best cloud service. Zenko is based on the Scality S3 Server.

Your favorite apps—now available in Outlook on Android

Earlier this year, we launched add-ins for Outlook on iOS—bringing your favorite apps right in Outlook—so you can get more done on the go. We are now rolling out add-ins to Outlook on Android customers with Outlook.com and Office 365 commercial email accounts. Additionally, we’ll be bringing add-ins to Gmail customers on iOS and Android soon.

This launch will bring some of the most loved Outlook add-ins from iOS to Android, including Evernote, Microsoft Dynamics 365, Microsoft Translator, Nimble, OnePlaceMail, Outlook Customer Manager, Smartsheet, and Trello. We will also be launching several new add-ins for Outlook—including Wrike, JIRA, MeisterTask, Gfycat, and MojiLala. These add-ins will be available for Outlook customers across the web, Windows, Mac, iOS, and Android.

Get more done on the go with add-ins for Outlook

Add-ins help you accomplish tasks quickly—right from Outlook. Whether you want to save an email to your customer relationship management app, quickly add email content to your project board, translate emails on the fly, or add a bit of flair and personality to emails—add-ins have you covered. There is no need to switch back and forth between apps or copy/paste email information. With add-ins, your favorite apps are just a tap away in Outlook.

To start using add-ins for Outlook on iOS or Android, go to Settings > Add-ins and then tap the + sign next to the add-ins you want to enable.

Here’s a closer look at the new add-ins:

Wrike—A powerful online project management software for teams. The Wrike add-in for Outlook keeps you on top of work projects by enabling you to quickly capture your team’s communications in one place—giving team members greater visibility into work and making the team more productive. To use the Wrike add-in, tap the Open Wrike add-in icon to create Wrike tasks from emails, view and edit tasks, and collaborate in real-time—without leaving Outlook.

Animated image showing the how to convert an email to a task using the Wrike add-in.

Stay on top of your work projects by quickly associating any email with a Wrike project.

JIRA (by Yasoon)—Designed specifically for software teams, JIRA provides best-in-class agile tooling, deep developer tool integrations, and a single repository for every step in your software project’s lifecycle. The JIRA add-in for Outlook helps you stay on top of software project issues and communication with customers, partners, or vendors by enabling easy tracking of your project’s progress, right from Outlook. Tap the New issue or Add to issue icon to create a new issue or update an issue using content from email and attachments. Tap View issues for an overview of open issues and due dates for the current conversation or sender.

To keep your business data safe, your JIRA administrator must configure a secure connection to JIRA first. See Getting started with JIRA for Outlook for more information.

Animated image showing how to open an issue related to a project using the JIRA add-in.

Use the JIRA add-in to create and update issues using email content.

MeisterTask—A highly intuitive task manager that adapts to your team’s workflow. The MeisterTask add-in lets you quickly save emails as tasks in your project board—without needing to copy/paste or re-enter the content into another app. To use the MeisterTask add-in, tap the Create Task icon to quickly create new tasks from incoming emails, assign them to your coworkers, and easily access task details.

Animated image showing how to convert an email to a task using the MeisterTask add-in.

Stay on top of your work projects using the MeisterTask add-in.

Gfycat—Discover and share awesome GIFs to make your emails more engaging, expressive, and fun. Congratulate your coworkers or thank them for a job well done with the new Gfycat add-in for Outlook. To use the Gfycat add-in, tap React with Gfycat to search for the GIF you are looking for, such as “Congratulations” or “Thank you.” The selected GIF will then be sent as your reply—adding a touch of your personality to the conversation.

Animated image showing how to search for a GIF image to send as a reply to an email using the Gfycat add-in.

Easily discover and share awesome GIFs, right from Outlook using the Gfycat add-in.

MojiLaLa—Designers bring you their best stickers to help you share emotions and communicate with one another around the world. The MojiLaLa add-in adds color, imagination, and humor to your emails. To use the MojiLaLa add-in, tap the Reply with MojiLaLa icon and then search for a sticker, such as “Great work” or “Happy Birthday.” The selected sticker will be sent as your reply.

Animated image showing how to search for a sticker to send as a reply to an email using the MojiLaLa add-in.

Add fun, humor, and a touch of personality to your emails using the MojiLaLa add-in.

In addition to these new add-ins, several existing add-ins available for Outlook on iOS will now be available on Outlook for Android, including:

  • Evernote—Easily save emails from Outlook to a project notebook in Evernote.
  • Microsoft Dynamics 365—Quickly look up customer contacts, associate an email or appointment with an existing opportunity, or create new records with just a few taps.
  • Microsoft Translator—Translate email messages on the fly, with support for 60+ languages powered by Microsoft Translator.
  • Nimble—Get insights on any contact in Outlook, including broad social profiles, shared relationships, mutual interests, industry and company profile, revenue, and more.
  • OnePlaceMail—Seamlessly save emails and attachments to SharePoint without leaving the familiar Outlook environment.
  • Smartsheet—Easily manage your work and collaborate with stakeholders in real-time by quickly creating, assigning, and updating tasks and capturing other project information right from your email.
  • Trello—Quickly associate any incoming email with an existing board, create cards, and edit descriptions. In addition, the Trello add-in has now been updated to save email attachments to your Trello board.
  • Outlook Customer Manager (coming soon)—Track and grow customer relationships right from Outlook.

Try the new Outlook add-ins and send us your feedback

Add-ins bring your favorite apps right into Outlook, so you can accomplish more, faster. We hope you give them a try. If you have feedback or suggestions on adding your favorite apps in Outlook, visit the Outlook for Android UserVoice—we’re eager to hear from you!

Developers—If you are a developer looking to build add-ins for Outlook, check out the Outlook Dev Center for more resources.

—The Outlook team

Frequently asked questions

Q. How do I enable add-ins for Outlook on iOS and Android?

A. To start using add-ins for Outlook on iOS or Android, go to Settings > Add-ins and then tap the + sign next to the add-ins you want to enable. For detailed steps, refer to our support article. Note that add-ins for Outlook on iOS and Android are currently available when reading email.

Q. Why do the animated images in the blog look different from what I currently see on my Outlook on Android device?

A. The animated images in the blog show the new conversation experience that is coming to Outlook on Android customers over the next few weeks. It is already available to customers using Outlook on iOS.

Q. I have Outlook on Android with an Outlook.com or Office 365 commercial email account, but I still don’t see the add-ins.

A. Add-ins for Outlook on iOS and Android are rolling out to all Office 365 commercial customers and Outlook.com customers over the next few weeks. If you have an Office 365 commercial email account (a mailbox in Exchange Online) or Outlook.com email account, you should be able to see the Add-ins section in the settings tab over the next few weeks.

Q. When will add-ins be available to Gmail users?

A. Add-ins for Outlook on iOS and Android will be available to customers with Gmail accounts in the next few months.

Q. As an administrator, how do I manage access to add-ins for my organization?

A. Administrators can manage access to add-ins for users in your organization using the Exchange admin center. For more details, refer to the Add-ins for Outlook TechNet article.

Windows DevOps tools rehab legacy enterprise applications

As Microsoft shops struggle to modernize legacy apps that weren’t designed for distributed cloud environments, they must also rethink the infrastructure where these apps are deployed.

Most enterprises have at least one application that’s so old, no one on the current IT team recalls how it was written, nor understands the finer intricacies of its management. Now, these companies must weigh the risks and costs to refactor these apps for a cloud-first, continuously developed world.

“It’s always an investment to replace something which does exactly what you need, but it’s just old software,” said Thomas Maurer, cloud architect for Switzerland-based itnetX, a consulting firm that works with large enterprise clients in Europe. “Traditional, classic enterprise apps cannot just be migrated into the DevOps world in a nice way — they may have dependencies on legacy code, or they’re not designed to scale out.”

Windows DevOps tools have improved, and IT shops are finding ways to link them together. But many client-server apps in the Windows world, particularly rich-client apps, don’t lend themselves well to continuous development or rapid provisioning, said Chris Riley, DevOps analyst at Fixate IO, a content strategy consulting firm based in Livermore, Calif., and a TechTarget contributor. Riley has developed Windows applications, such as SharePoint.

Some standard client-server applications must be compiled before they are tested. Dependencies and prerequisites also bog down legacy Windows apps; installing older versions of SQL Server or SharePoint takes days. Some legacy Windows environments also function best when apps are installed locally on the developer’s machine, whereas web and mobile applications typically integrate with REST APIs and avoid binary codes on a local machine, Riley said.

Without the ability to spin up development and test environments easily, organizations tend to reuse one test bed.

“This severely limits when you can do your testing, because you don’t want to pollute that environment, or make a mistake and rebuild it,” Riley said. “Whereas in DevOps, it should be easy to make a mistake — you actually want to do that and move forward.”

Windows DevOps tools give legacy apps a makeover

If organizations decide to refactor legacy apps to run in a more cloud-native fashion, they can first use tools and services from Microsoft partners to help make those apps more efficient to test and deploy.

“Skytap and CloudShare provide on-demand environments for these tools,” Riley said. “So, you can spin up a new database environment in 15 minutes instead of days, and then delete it, then spin it up again.”

The two companies take different approaches to hosting legacy apps on flexible cloud infrastructure. For example, Skytap Cloud supports more, older versions of Windows than Microsoft does, so customers can modernize apps at their own pace. CloudShare’s on-demand versions of Windows apps, meanwhile, are “somewhere between hard [and] impossible to run on the commodity clouds like Amazon [Web Services],” said Muly Gottlieb, the company’s vice president of R&D.

CloudShare, a 10-year-old privately funded Israeli SaaS company, lets users set policies and spin up and down dev and test environments with complex traditional apps, such as SharePoint and SQL Server. The service can accommodate customers that aren’t a good fit for Azure Cloud services, such as VMware shops that support legacy Microsoft apps.

Legacy apps set up in CloudShare’s environment can circumvent problems around fast and ephemeral provisioning and provide workable dev and test services in Windows DevOps shops.

“In the past, developers would all share five or 10 master labs, which is bad for velocity, and lab scarcity is a productivity-killer,” Gottlieb said. With this approach, code is not always reproducible, and environments spun up from snapshots aren’t always consistent.

Electric Cloud has a similar offering in the Windows DevOps tools arena, called ElectricAccelerator, which automatically parses legacy apps into distributed form and speeds up dev and test. Startups such as IncrediBuild and Thriftly also look to optimize dev and test for legacy Windows apps. Third-party services, such as Zapier, attach REST APIs to legacy applications and bring them a step closer to the Windows DevOps world.

Good ol’ trusty VMs can give Windows apps a leg up

For on-premises IT organizations, advanced automation features within virtual machines also provide a steppingstone to modernize with containers and microservices.

“There are ways to build this agility, and it’s going back to taking another look at how we use virtual machines,” Riley said. “Companies can treat VMs exactly how they were supposed to be treated, which is more like containers.”

Companies can treat VMs exactly how they were supposed to be treated, which is more like containers.
Chris RileyDevOps analyst, Fixate IO

Enterprises can use a VM template with heavy applications to spin up and delete environments for virtualized legacy apps. It’s not as fast as containers, but there’s much more agility than what users may have had previously, Riley said. VM templates can call for Microsoft Visual Studio to be automatically installed at startup and linked to a source repository, so developers could pull down a branch, write code, test it, commit and destroy the environment — and then do it all over again in a new VM.

VM-based automation works well with rich-client apps, where heavy dependencies and prerequisites make it tricky to test functions with Windows DevOps tools, said Anthony Terra III, manager of software architecture and development at a law firm in the Philadelphia area.

“The only difference is that you need to run that rich-client application in a shell or a separate VM,” Terra said. “Normally, we have that VM already built, deploy the code to the VM and run it that way.”

Terra’s company also uses a Microsoft database tool called a Data-tier Application Component Package (DACPAC) to smooth the delivery of updates to SQL Server VMs.

“You have the ability to create, change and delete tables, but it never actually interacts with the database,” Terra said of DACPAC. “It creates a change set file, which can be run against any database that has the same structure.”

When code is deployed to dev, test or quality-assurance infrastructures, the Windows Microsoft DevOps tool Team Foundation Server calls on DACPAC’s change set file and applies the changes to the database environment. Terra’s firm has added some safety guards: If a change could cause data loss, for example, the build fails.

The firm plans a move to containers in the coming year, but for now, VMs can slot in with Windows DevOps pipeline tools for a more consistent process.

“You’re not having people build VMs anymore because a tool is building them,” Terra said. “There is some fear in adopting something like that, but I think it’s misplaced, because it’s not like there’s less work because of it — the work you’re doing is just more focused on what’s around it.”

Beth Pariseau is senior news writer for TechTarget’s Data Center and Virtualization Media Group. Write to her at bpariseau@techtarget.com or follow @PariseauTT on Twitter.

Better team messaging app security could boost enterprise adoption

Team messaging tools have been available for a few years, but use of these apps has been departmental in nature. Typically, small and agile project-based teams have picked one of many vendors and worked more efficiently than with traditional collaboration tools. Other business communication tools went through similar adoption cycles. 

Remember the early days of chat? Business users downloaded AOL Instant Messenger, Yahoo Messenger or a range of other applications. Eventually, many businesses standardized on certain tools, such as Cisco Jabber and Microsoft Office Communications Server, Lync or Skype for Business.

The transition from ad hoc adoption to an enterprise standard happens when businesses need enhanced control, security and analytics to understand the use of the app and protect the organization from unnecessary risk. 

Tighter security for enterprise-wide adoption

As the use of team messaging becomes more widespread, businesses must choose a product with enterprise-grade controls and security. Without these features, a company might find its data scattered over multiple platforms, making it difficult to secure and to meet compliance requirements. 

Also, purchasing apps in an ad hoc manner might be fine with a small amount of users. But, as the population grows, corporate standardization has a number of benefits, such as policy development, application integration and license agreements.

IT and business leaders should get a handle on team messaging now, as the number of users is still relatively manageable.

IT and business leaders should get a handle on team messaging now, as the number of users is still relatively manageable. Decision-makers should ensure their service — whichever one they choose — offers the required level of security and management to scale the product across the company.

Highlighting this need for security, Cisco recently beefed up its Spark collaboration service, hoping to get it ready for the next phase of adoption. The Cisco Spark updates, announced this week, include:

Enhanced security. Security has always been a differentiator for Spark, as it’s the only platform to encrypt data from the cloud to the device. This security feature is critical for groups that want to share sensitive information, such as financial data or patient records.

Cisco has now added an e-discovery tool to search through Spark messages by email address, date range or keywords. This feature has been standard with email for many years and is important for legal reasons.

Compliance improvements. Spark now has configurable retention policies, so data can be purged from Spark spaces as determined by company policy.  Activities, shared whiteboards, files and messages can be deleted.

Also, through APIs, Spark can integrate with third-party data loss prevention vendors and cloud access security brokers. Third-party vendors that integrate with Spark for compliance or data loss prevention include Actiance, Symantec, Skyhigh Networks, Global Relay and Cisco Cloudlock.

Administrator portal and analytics. The Cisco Spark Control Hub provides administrators with information that could improve the end-user experience. For example, administrators can use the portal to see who had poor call quality, where the person was calling from and whether it was isolated to that individual or more widespread.

Also, the portal shows usage information for Cisco Spark, WebEx and Spark Hybrid, which can be helpful for different business-related tasks. For example, if Spark was provisioned across a company, the business unit leader can find out who is not using the service and determine if training is required or the license should be revoked.

Another use case might be to compare the use of WebEx and Spark to worker productivity. The business leader may find a direct correlation and mandate the usage of the collaboration tools. Through the portal, enterprises can access a range of data that can deliver insights to business unit leaders, security officers and other responsible parties.

Cisco Spark updates
Cisco Spark updates include extensive analytics and usage reports.

BYOD enablement. The use of personal devices by business users is rampant today. Almost every professional carries some combination of a laptop, tablet and mobile phone, often owned by the individual. With personal devices, it’s often difficult to enforce such things as password-protected screens. Since IT can’t control the endpoint, Cisco moved some of the security to the app. 

Cisco Spark now includes PIN lock and Web Smart Timeouts; the latter lets the Spark web app automatically lock after a certain time when running off the company network. The updates also include Enterprise Certificate Pinning, which protects users from breached public hotspots without requiring the use of a virtual private network.

On-premises key server. All Spark data is stored in the cloud, and that seems to be fine with most customers. However, many organizations, such as regulated verticals or ones that are ultra-security-conscious, may want better control over that content. For those customers, Cisco offers an on-premises key management server where the data may still be stored in Spark Cloud, but the key management is done on premises.

Now, if the Cisco Spark service is attacked, the data will appear encrypted and unreadable. This essentially creates the security equivalent to maintaining the storage on premises.

Cisco Spark is not for everyone, as there is a wide range of controls. However, the features Cisco has built into Spark do prepare it for enterprise-wide usage.

Editor’s note: Cisco is a client of ZK Research.

Cross-platform app support settles on web development

SAN DIEGO — Cross-platform apps are the future of enterprise software, but it’s not that easy for many organizations to adopt them.

To create an application that works across different operating systems and form factors, developers must focus on making its internal architecture compatible with multiple platforms, not necessarily focus on its front-end interface. But the options for deploying these types of apps can be expensive, so a compelling alternative for many organizations is to develop web apps.

“Web technologies are more than capable of delivering really high-end user experiences,” said Kirk Knoernschild, research vice president at Gartner. “Web has maximum portability to different form factors.”

Knoernschild and IT professionals discussed the challenges of cross-platform app development and deployment here at this week’s Gartner Catalyst Conference.

Cross-platform apps a hard sell

Whether an organization builds a cross-platform app in-house, hires third-party developers or purchases the app from a software provider, it can be a costly proposition. And it’s difficult to convince the business to spend money on technology that does not directly provide a financial return on investment.

“The savings are hard to quantify,” said Chris Haaker, director of end user computing innovation at Relx Group, a business information and analytics provider in Miamisburg, Ohio. “If this made you 20% more productive, can you show that?”

The last thing you want to do is deliver a compromised user experience.
Kirk Knoernschildresearch vice president, Gartner

Haaker’s branch of the global company has no in-house or third-party developers and instead buys any software it needs directly from vendors. Eighty percent of employees there use smartphones for work, mostly for corporate email access, but the office can’t afford to hire mobile developers, Haaker said. So a few tech-savvy interns are building web apps that can work across different operating systems instead.

“If we could have an app for all endpoints, that’s a place I would love to get to,” Haaker said. “That’s wonderful.”

But for now, unified app development is too new of a concept for the company to invest in, he said.

“There’s got to be somebody at the top that’s going to buy into that,” he added.

Low-code cross-platform app dev

One way organizations can develop cross-platform apps with less cost and effort is through low-code development tools. Rollins Inc., a global pest control services company based in Atlanta, used OutSystems to create a web app that helps employees track service information and communicate with customers.

The responsive web app adjusts the interface to suit the endpoint, whether it’s a desktop in Rollins’ offices or on salespeople’s iPads out in the field. OutSystems, which allows companies to build web, mobile or cloud apps, lets Rollins build dashboards that show customer site maps, the pests prevalent at those sites and other information.

“You can see, does this customer’s contract cover bees?” said David Christian, manager and senior architect at Rollins. “If it does, we can send out a technician to deal with that.”

The web approach is common today because it means developers can use a single code base to write an app that works across multiple endpoints. When organizations don’t have to write multiple versions of the same app, it often results in cost savings.

“It’s something we’re seeing more and more of in development teams, but it has to be for the right use case,” Knoernschild said. “The last thing you want to do is deliver a compromised user experience.”

Native mobile apps often provide more device-specific capabilities, however, so responsive web apps aren’t always the best choice.

“You’ve got more things available when you code for native mobile,” Christian said. “[A web app] won’t be quite as responsive. The phone format is not the best format for some of the larger dashboard views.”

Cross-platform app support

To make it easier to deploy cross-platform apps and ensure their security, IT must limit users’ device and operating system choices, said Andrew Garver, research director at Gartner, in a Catalyst session.

“This is not giving users what they want all the time,” he said. “It’s an art to maximize productivity through the benefits of end user choice while balancing your risk requirements.”

To prepare for a future where apps are independent of operating systems and devices, organizations must also ensure that they don’t rely on a single OS or OS version, plug-in, browser or browser version, Garver said. They should also plan for emerging device types, such as wearables, he said.

For successful cross-platform app support, IT departments should follow these steps, Garver said:

  • Identify gaps in IT skills and start to fill them.
  • Make it clear to business leaders that cross-platform computing is not a single project, but rather a long-term approach that will evolve.
  • Merge disparate IT teams that need to work together, such as desktop and mobile groups.

“It’s just a matter of getting all of us moving in the same direction,” Haaker said.

Get ready for fall with Back-to-School Discounted Apps Collection in the Windows Store – The Fire Hose

If you’re getting ready for fall classes and activities, the Back-to-School Discounted Apps Collection in the Windows Store has some great deals.

They include 20 percent off Complete Anatomy in-app purchases, 30 percent off Stagelight in-app purchases and 50 percent off Movie Edit Plus Pro Windows Store Edition.

Find the Back-to-School Discounted Apps Collection in the Windows Store. Also, keep up with what’s hot, new and trending in the Windows Store on Twitter and Facebook.

Vanessa Ho
Microsoft News Center Staff

Tags: Windows Store

Mobile data theft a risk from shared app libraries

Researchers said shared third-party libraries used by many mobile apps could increase the risk of mobile data theft through “intra-library collusion.”

The issue was detailed by Alastair Beresford, teaching fellow at Robinson College in Cambridge, England, and Vincent Taylor and Ivan Martinovic, a doctoral student and associate professor, respectively at Oxford University, in the paper, “Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones.”

According to the researchers, the issue has often been overlooked because mobile security “has typically examined apps and third-party libraries in isolation.” However, they claim these shared libraries could cause more damage if used together for mobile data theft.

“This attack, which we call intra-library collusion, occurs when a single library embedded in more than one app on a device leverages the combined set of permissions available to it to pilfer sensitive user data,” the researchers wrote. “The possibility for intra-library collusion exists because libraries obtain the same privileges as their host app and popular libraries will likely be used by more than one app on a device.”

The team studied 30,000 smartphones and found that, because different apps are allowed different permissions, a malicious actor could combine the access granted to each app in order to build a user profile or perform mobile data theft.

Matthew Rose, ‎global director of application security strategy at Checkmarx, an application security software vendor headquartered in Israel, said there were a number of ways a shared library might be infected by a malicious actor.

“Typically third-party libraries are maintained by a group of people who maintain the code base. Since these libraries have many contributors it is sometimes difficult to have one person responsible for the entire library code base which can potentially allow malicious code to be inserted,” Rose told SearchSecurity. “There is also the question of these libraries inheriting functionality from other code bases so there are definite tradeoffs in terms of risk versus the utilization of existing third party libraries.”

The researchers said advertising libraries could be granted additional permissions to make this kind of attack more dangerous. The researchers wrote that libraries can track users without their consent.

The research focused on Android due to “the availability of data on lists of apps installed on Android devices,” but the team noted that they believe their insights would also hold true on iOS “due to similarities in access control and app deployment.”

Neither Google nor Apple responded to requests for comment at the time of this post.

Mobile data theft and permission creep

Unfortunately, the researchers had no easy answers for mitigating the threat of mobile data theft from intra-library collusion. The researchers noted that one approach would be to limit the permissions granted to these libraries, but doing so might hamper the ability of developers to monetize their apps, which “could serve as a deterrent to new app developers entering the market and thus the end users may ultimately suffer from reduced content.”

If the permission request is not in line with what you intend to use the app for then do not install it or grant the permissions.
Matthew Roseglobal director of application security strategy, Checkmarx

Additionally, the team suggested that the companies running the app stores or even nation states could enact policies or laws to detect and remove malicious third-party libraries, but each approach would be problematic. Detection would be difficult because apps can have legitimate reasons for sending data off-device, and enforcement may not scale beyond an app-by-app basis.

John Bambenek, threat intelligence manager at Fidelis Cybersecurity, said “it is very likely that a malicious library would remain undetected,” but noted there are easier paths to mobile data theft.

“In order to perform this attack, a malicious individual would need to create a library that then is used by multiple applications. They would then need to convince users to download an app [or multiple apps] with many permissions,” Bambenek told SearchSecurity. “In the real world, a malicious individual would just get a victim to install an application with a lot of permissions in the first place because it is more direct and easier. I wouldn’t expect this to be weaponized in the short-term by criminals.”

Rose said the more important issue was that “people need to be cognizant of what permissions a mobile app is asking for when they install it.” 

“Does the app really need to have access to your file system, geo location, or camera? Think about what the intended usage is for the mobile app and ask yourself if it is asking for more permissions than it actually needs,” Rose said. “If the permission request is not in line with what you intend to use the app for then do not install it or grant the permissions.”

Bambenek said developers also need to be careful to make sure it doesn’t appear their apps are attempting mobile data theft through permissions overreach.

“Mobile developers, and developers in general for that matter, need to always focus on secure coding and, in particular, least privilege,” Bambenek said. “Adopting a development model that writes code doing only what is necessary for it to do and little else would help greatly.”

Oracle Cloud apps updated as Oracle extends EBS support

Oracle continues to push its cloud business with updates to Oracle Cloud apps. But the company is appeasing customers who prefer on premises by enhancing EBS support.

Oracle has updated its Oracle Cloud Applications with Release 13 to enhance its capabilities in customer experience, finance, HR and supply chain.

Oracle Supply Chain Management (SCM) Cloud received perhaps the biggest face-lift with the latest release, as Oracle introduced 200 features and six new products covering sales and operation planning, demand management, supply planning, collaboration, quality management and maintenance.

The update, analysts said, reiterated how much of a priority the cloud has become for Oracle, not just with these updated cloud applications, but also with other services, such as MySQL Cloud or the Oracle Mobile development platform.

“One of the key improvements across the suite of [Oracle] cloud applications is better insight, along with productivity and collaboration,” said Robert Sheldon, a technical consultant and TechTarget contributor.

“More and more, customers expect cloud-based services to provide ways of confirming how services are being used, what patterns are emerging and where bottlenecks might exist, along with other insights into the applications and users,” Sheldon said.

A major challenge that customers face is the lack of visibility across its business space, so the latest Oracle Cloud apps update aims to help prevent business planning from being exposed, an Oracle spokesperson said. Supply chain collaboration aims to streamline a business initiative through demand, sales and operations planning, and supply planning.

Oracle EBS support remains

As Oracle makes an even bigger push into the cloud, the company also revealed plans to expand its support for its E-Business Suite (EBS) product line until 2030. Oracle said another major release of E-Business Suite is expected at an undisclosed time.

“While we are not announcing a date for the future ’12.X’ release, we are committing to support it through 2030 at least,” the statement, released as a PDF on Oracle’s website said. It went on to say that “this update to the Oracle E-Business Suite roadmap should reassure customers who run critical operations on EBS that their system will continue to be supported and enhanced for years to come.”

For many EBS customers who haven’t yet dipped into the cloud, this comes as a much-welcomed relief.

“Oracle’s messaging and marketing is around cloud, so this is a question we get quite often: whether Oracle would discontinue its EBS support,” said Alyssa Johnson, president of the Oracle Applications Users Group (OAUG) in Dallas. “We’ve been able to reassure customers that are still using EBS products that Oracle is going to continue to support its on-premises products.”

Johnson pointed out that while Oracle’s tone of late has been focused on cloud, the company has also emphasized the hybrid model for its customers as far back as its annual OpenWorld conference last October, so it shouldn’t come as a total shock that Oracle has elected to extend its EBS support.

“We [at the OAUG] have always had a close relationship with [Oracle’s] product app teams, so we knew they were going to continue to support EBS even with their push into cloud products,” Johnson said. “They have a team specifically focused on on-premises licensing, and it helped to clarify with our members that Oracle will have support moving forward.”

Oracle’s central app design

Earlier this year, Oracle came under some heat after it doubled its cloud licensing requirements for Amazon Web Services and Azure customers.

The emphasis for Oracle cloud apps on understanding work flows is central to its design, and that shows in Release 13, Sheldon said.

“Rising expectations demand that customers — and, by extension, users — become a more central consideration when building applications,” he said.

In addition to updates to Oracle SCM, the company also updated its Customer Experience (CX) Cloud Suite, ERP Cloud and Human Capital Management (HCM) Cloud. As of Release 13, Oracle CX Cloud added features to its Oracle Sales Cloud with enhanced mobile and data visualization capabilities, while Oracle ERP Cloud now includes more functionalities, including Dynamic Discounting and Multi-Funding. Oracle HCM Cloud introduced expanded user personalization and branding, as well as tier 1 localization support.

Powered by WPeMatico

Configure your app to start at log-in

For a long time, desktop PC users have been able to configure Win32 apps to start at startup or user log-in. This has also been possible for Desktop Bridge apps since the Windows 10 Anniversary Update (v10.0.14393.0). We’ve now extended this feature to allow regular Universal Windows Apps to take part in this also. This is available in Insider builds from Build 16226 onwards, along with the corresponding SDK. In this post, we’ll look at the code changes you need to make in your manifest and in your App class to handle the startup scenario, and how your app can work with the user to respect their choices.

Here’s a sample app, called TestStartup – the app offers a button to request enabling the startup behavior, and reports current status. Typically, you’d put this kind of option into a settings page of some kind in your app.

The first thing to note is that you must use the windows.startupTask Extension in your app manifest under the Extensions node, which is a child of the Application node. This is documented here. The same Extension declaration is used for both Desktop Bridge and regular UWP apps – but there are some differences.

  • Desktop Bridge is only available on Desktop, so it uses a Desktop-specific XML namespace. The new UWP implementation is designed for use generally on UWP, so it uses a general UAP namespace (contract version 5) – although to be clear, it is currently still only actually available on Desktop.
  • The Desktop Bridge EntryPoint must be “Windows.FullTrustApplication,” whereas for regular UWP it is the fully-qualified namespace name of your App class.
  • Desktop Bridge apps can set the Enabled attribute to true, which means that the app will start at startup without the user having to manually enable it. Conversely, for regular UWP apps this attribute is ignored, and the feature is implicitly set to “disabled.” Instead, the user must first launch the app, and the app must request to be enabled for startup activation.
  • For Desktop Bridge apps, multiple startupTask Extensions are permitted, each one can use a different Executable. Conversely, for regular UWP apps, you would have only one Executable and one startupTask Extension.
Desktop Bridge App UWP App

xmlns:desktop="http://schemas.microsoft.com/
appx/manifest/desktop/windows10"


xmlns:uap5="http://schemas.microsoft.com/
appx/manifest/uap/windows10/5"


<desktop:Extension
  Category="windows.startupTask"
  Executable="MyDesktopBridgeApp.exe"
  EntryPoint="Windows.FullTrustApplication">
  <desktop:StartupTask
    TaskId="MyStartupId"
    Enabled="false"
    DisplayName="Lorem Ipsum" />
</desktop:Extension>


<uap5:Extension
  Category="windows.startupTask"
  Executable="TestStartup.exe"
  EntryPoint="TestStartup.App">
  <uap5:StartupTask
    TaskId="MyStartupId"
    Enabled="false"
    DisplayName="Lorem Ipsum" />
</uap5:Extension>

For both Desktop Bridge apps and regular UWP apps, the user is always in control, and can change the Enabled state of your startup app at any time via the Startup tab in Task Manager:

Also for both app types, the app must be launched at least once before the user can change the Disabled/Enabled state. This is potentially slightly confusing: if the user doesn’t launch the app and then tries to change the state to Enabled in Task Manager, this will seem to be set. However, if they then close Task Manager and re-open it, they will see that the state is still Disabled. What’s happening here is that Task Manager is correctly persisting the user’s choice of the Enabled state – but this won’t actually allow the app to be activated at startup unless and until the app is launched at least once first – hence the reason it is reported as Disabled.

In your UWP code, you can request to be enabled for startup. To do this, use the StartupTask.GetAsync method to initialize a StartupTask object (documented here) – passing in the TaskId you specified in the manifest – and then call the RequestEnableAsync method. In the test app, we’re doing this in the Click handler for the button. The return value from the request is the new (possibly unchanged) StartupTaskState.


async private void requestButton_Click(object sender, RoutedEventArgs e)
{
    StartupTask startupTask = await StartupTask.GetAsync("MyStartupId");
    switch (startupTask.State)
    {
        case StartupTaskState.Disabled:
            // Task is disabled but can be enabled.
            StartupTaskState newState = await startupTask.RequestEnableAsync();
            Debug.WriteLine("Request to enable startup, result = {0}", newState);
            break;
        case StartupTaskState.DisabledByUser:
            // Task is disabled and user must enable it manually.
            MessageDialog dialog = new MessageDialog(
                "I know you don't want this app to run " +
                "as soon as you sign in, but if you change your mind, " +
                "you can enable this in the Startup tab in Task Manager.",
                "TestStartup");
            await dialog.ShowAsync();
            break;
        case StartupTaskState.DisabledByPolicy:
            Debug.WriteLine(
                "Startup disabled by group policy, or not supported on this device");
            break;
        case StartupTaskState.Enabled:
            Debug.WriteLine("Startup is enabled.");
            break;
    }
}

Because Desktop Bridge apps have a Win32 component, they run with a lot more power than regular UWP apps generally. They can set their StartupTask(s) to be Enabled in the manifest and do not need to call the API. For regular UWP apps, the behavior is more constrained, specifically:

  • The default is Disabled, so in the normal case, the user must run the app at least once explicitly – this gives the app the opportunity to request to be enabled.
  • When the app calls RequestEnableAsync, this will show a user-prompt dialog for UWP apps (or if called from a UWP component in a Desktop Bridge app from the Windows 10 Fall Creators Update onwards).
  • StartupTask includes a Disable method. If the state is Enabled, the app can use the API to set it to Disabled. If the app then subsequently requests to enable again, this will also trigger the user prompt.
  • If the user disables (either via the user prompt, or via the Task Manager Startup tab), then the prompt is not shown again, regardless of any requests from the app. The app can of course devise its own user prompts, asking the user to make manual changes in Task Manager – but if the user has explicitly disabled your startup, you should probably respect their decision and stop pestering them. In the sample code above, the app is responding to DisabledByUser by popping its own message dialog – you can obviously do this if you want, but it should be emphasized that there’s a risk you’ll just annoy the user.
  • If the feature is disabled by local admin or group policy, then the user prompt is not shown, and startup cannot be enabled. The existing StartupTaskState enum has been extended with a new value, DisabledByPolicy. When the app sees DisabledByPolicy, it should avoid re-requesting that their task be enabled, because the request will never be approved until the policy changes.
  • Platforms other than Desktop that don’t support startup tasks also report DisabledByPolicy.

Where a request triggers a user-consent prompt (UWP apps only), the message includes the DisplayName you specified in your manifest. This prompt is not shown if the state is DisabledByUser or DisabledByPolicy.

If your app is enabled for startup activation, you should handle this case in your App class by overriding the OnActivated method. Check the IActivatedEventArgs.Kind to see if it is ActivationKind.StartupTask, and if so, case the IActivatedEventArgs to a StartupTaskActivatedEventArgs. From this, you can retrieve the TaskId, should you need it. In this test app, we’re simply passing on the ActivationKind as a string to MainPage.


protected override void OnActivated(IActivatedEventArgs args)
{
    Frame rootFrame = Window.Current.Content as Frame;
    if (rootFrame == null)
    {
        rootFrame = new Frame();
        Window.Current.Content = rootFrame;
    }

    string payload = string.Empty;
    if (args.Kind == ActivationKind.StartupTask)
    { 
        var startupArgs = args as StartupTaskActivatedEventArgs;
        payload = ActivationKind.StartupTask.ToString();
    }

    rootFrame.Navigate(typeof(MainPage), payload);
    Window.Current.Activate();
}

Then, the MainPage OnNavigatedTo override tests this incoming string and uses it to report status in the UI.


protected override void OnNavigatedTo(NavigationEventArgs e)
{
    string payload = e.Parameter as string;
    if (!string.IsNullOrEmpty(payload))
    {
        activationText.Text = payload;

        if (payload == "StartupTask")
        {
            requestButton.IsEnabled = false;
            requestResult.Text = "Enabled";
            SolidColorBrush brush = new SolidColorBrush(Colors.Gray);
            requestResult.Foreground = brush;
            requestPrompt.Foreground = brush;
        }
    }
}

Note that when your app starts at startup, it will start minimized in the taskbar. In this test app, when brought to normal window mode, the app reports the ActivationKind and StartupTaskState:

Using the windows.startupTask manifest Extension and the StartupTask.RequestEnableAsync API, your app can be configured to start at user log-in. This can be useful for apps which the user expects to use heavily, and the user has control over this – but it is still a feature that you should use carefully. You should not use the feature if you don’t reasonably expect the user to want it for your app – and you should avoid repeatedly prompting them once they’ve made their choice. The inclusion of a user-prompt puts the user firmly in control, which is an improvement over the older Win32 model.

Sample Code here.

How to Restart your App Programmatically

For some apps (especially games) it is not uncommon for the app to get into a state where it needs to restart – perhaps after a license update, after installing downloadable content, its caches have become corrupt or unwieldy, or for any other reason where the app needs to refresh state from scratch. In earlier releases, your only option would have been to prompt the user to close and relaunch, or to call CoreApplication.Exit – and both options provide sub-optimal user experience.

We have therefore introduced a new API that enables an app to request immediate termination and restart, and to pass arbitrary arguments into the fresh instance. In this post, we’ll look at how this works and how you can build it into your app. This is available now in Insider builds from Build 16226 onwards, along with the corresponding SDK.

Here’s a sample app, called TestRestart. 

The app provides a ListView of cities on the left, the currently-selected city on the right and a TextBox for providing arguments to the app when it is restarted. When the user taps the Request Restart button, the app will terminate and restart itself, passing in the supplied arguments. The new API, RequestRestartAsync, is exposed as a static method on the CoreApplication object. It takes a string parameter, which can be any string value you like – including input from the user or another external entity. If you do choose to accept input in this way, it is your responsibility to validate it correctly to make sure it conforms to whatever constraints you choose to impose. You should do this validation on input, before passing it to RequestRestartAsync. In this sample app, we’re expecting the user to type in the name of a city.


async private void DoRestartRequest()
{
    bool isValidPayload = false;
    string payload = restartArgs.Text;
    if (!string.IsNullOrEmpty(payload))
    {
        foreach (ImageViewModel imageItem in imageListView.Items)
        {
            if (imageItem.Name == payload)
            {
                isValidPayload = true;
                break;
            }
        }
    }

    if (isValidPayload)
    {
        AppRestartFailureReason result =
            await CoreApplication.RequestRestartAsync(payload);
        if (result == AppRestartFailureReason.NotInForeground ||
            result == AppRestartFailureReason.RestartPending ||
            result == AppRestartFailureReason.Other)
        {
            Debug.WriteLine("RequestRestartAsync failed: {0}", result);
        }
    }
}

To mitigate privacy concerns, an app is only permitted to restart itself if it is in the foreground at the time it makes the request. When the app restarts, it restarts with normal UI – that is, as a normal foreground window. If we were to permit a background task or minimized app to restart, the result would be unexpected to the user. This is why the API is framed as a request. If the request is denied, the app would need to handle the failure – perhaps by waiting until it is in the foreground and trying again. If you were to request a restart and then through some twist of logic managed to request it again before the system started the operation, then you’d get the RestartPending result, although this is an edge case. You’re unlikely to ever get the other result – unless something goes wrong in the platform.

Note that this is the only significant constraint, but you should use this API carefully. For example, you probably should not use it if your app was not originally launched by the user – for example, if it was launched as the result of a share or picker operation. Restarting in the middle of one of those contract operations would certainly confuse the user.

If the request is granted, the app is terminated and then restarted. There are many different ways to activate an app: in addition to a regular launch activation, apps can choose to support file activation, protocol activation, share or picker activation and so on. The list is documented here. For the restart case, the app will be activated as a regular launch – just as if the user had closed the app manually and tapped its tile to launch it again – but including the arbitrary arguments supplied earlier (if any).

In your App class, you should handle this by overriding the OnActivated method. Test the ActivationKind, and if it’s ActivationKind.Launch, then the incoming IActivatedEventArgs will be a LaunchActivatedEventArgs. From this, you can get hold of the incoming activation arguments. For a regular user-initiated launch, the Arguments will be empty, so if it’s not empty you could simply infer that this is a restart activation. You can also check the PreviousExecutionState, which for a restart operation will be set to Terminated.

Although the arguments might have originated from an untrusted source (eg, the user), you should have done the validation before requesting restart. If so, you can consider them trustworthy when you receive them in OnActivated.


protected override void OnActivated(IActivatedEventArgs args)
{
    switch (args.Kind)
    {
        case ActivationKind.Launch:
            LaunchActivatedEventArgs launchArgs = args as LaunchActivatedEventArgs;
            string argString = launchArgs.Arguments;

            Frame rootFrame = Window.Current.Content as Frame;
            if (rootFrame == null)
            {
                rootFrame = new Frame();
                Window.Current.Content = rootFrame;
            }
            rootFrame.Navigate(typeof(MainPage), argString);
            Window.Current.Activate();
            break;
    }
}

What you do with the incoming arguments is entirely up to you. In this app, we’re simply passing them on to the MainPage. In the MainPage in turn, we have an override of OnNavigatedTo which uses the string to select an item in the ListView:


protected override void OnNavigatedTo(NavigationEventArgs e)

{
    string payload = e.Parameter as string;
    if (!string.IsNullOrEmpty(payload))
    {
        foreach (ImageViewModel imageItem in imageListView.Items)
        {
            if (imageItem.Name == payload)
            {
                imageListView.SelectedItem = imageItem;
                break;
            }
        }
    }
}

As you can see, the CoreApplication.RequestRestartAsync method is a simple API. You can use it to terminate your app immediately, and have it restart as if by user action, with the additional option of passing in arbitrary arguments on activation.

Sample Code here.