"iWard" iPhone App

[michael.d.benton]

I emailed back and forth with Avikey and the latest as of October 30th is that they are working on the app for BlackBerry and expect to have it out in a couple weeks.

Michael

[sfazen-p40]

Has anyone heard anything about (or created one) an iStake-type application for the Blackberry? This would be very useful. Many thanks!

[dicecreaman-p40]

I sent in a request to Avikey the app's maker and they said it would probably be a couple of weeks before it was ready for the blackberry. That was reported to me in an email at the end of November.

David

[RossEvans]

My impression from reading this thread and related threads here about the iWard and iStake apps has always been that these apps merely connected the user's device directly to LUWS as a browser-client and downloaded the directory data to the handheld.

Now I am not at all sure that is the case. I have seen a reportthat iWard connects to the vendor's own servers, which in turn connect to LUWS using the user's logon credentials. I have just sent the vendor, Avikey, an email inquiring about this. Does anyone have detailed knowledge about this one way or another?

[RossEvans]

I have just sent the vendor, Avikey, an email inquiring about this. Does anyone have detailed knowledge about this one way or another?

It turns out that the vendor's server is in the processing loop. The reply from Avikey to me said:

Yes.. the parsing rules for the device are delivered using our server.
That way, if the church substantially changes the layout of LDS.org,
we can adjust the parsing rules remotely that are used by your device.
So in this sense, yes, the app doe require the use of a third party
server to work. If that server is missing, the app will fall back on a
default set of parsing rules.

[LakeyTW]

My impression from reading this thread and related threads here about the iWard and iStake apps has always been that these apps merely connected the user's device directly to LUWS as a browser-client and downloaded the directory data to the handheld.

Now I am not at all sure that is the case. I have seen a reportthat iWard connects to the vendor's own servers, which in turn connect to LUWS using the user's logon credentials. I have just sent the vendor, Avikey, an email inquiring about this. Does anyone have detailed knowledge about this one way or another?

That is my understanding as well. You actually send your user credentials to Avikey and they use them to access your unit website.

[Flandry-p40]

Reading the linked discussion on google groups and this thread gives me the heeby-jeebies. When i consider all the special instructions i was given as a membership clerk to sanitize our ward directory of various sisters' names and contact information due to stalking problems, that these apps are used by leaders and not strictly forbidden by policy is shocking.

One would hope that the membership information in the ward web page would be clear of such information already (thing which i have not tried to verify), but regardless of that, it just seems irresponsible to carry around such a comprehensive set of information about members on a computer without any security arrangements. The only way i could see such an app being acceptable is if it

1. used an official church-provided tool to download the data securely, using the user's login via interactive prompt
2. said tool encrypts this local data archive according to a user-provided password
3. each invocation of an app that accesses the data requires a password that should not be saved in the app (this is IMO the only appropriate place to allow trust that an app developer will follow policy)

Is this member data security nightmare just a temporary artifact of the time it takes to get policy decisions through a large organization, or does the church IT dept. really not care about this?

[RossEvans]

That is my understanding as well. You actually send your user credentials to Avikey and they use them to access your unit website.

I have recently heard about a new and different iPhone app called MyWard, which has functionality similar to iWard/iStake but apparently without the issues raised about the latter.

(Note: This may be confusing, because there already is a very different product also called "MyWard,"which uses MLS data and has nothing to do with this matter.)

In any case, I have been assured by the developers of the new MyWard app that it does make its secure connection directly to lds.org from the user's device. And I have been told of independent testing that confirms this empirically: Traces of the SSL connection go from the phone to lds.org.

As for Avikey, the iWard developer, I sent them a followup message last night asking specifically if their server connects to lds.org, rather than the iPhone client. I have received no reply, and the empirical tests results I have seen seem to show that the iPhone connects only to Avikey's domain.

Frankly, at this point, I feel like I have been misled about Avikey's products, and I feel bad that I have recommended them to users. I now see that a strict reading of Avikey's website can be parsed to encompass what the real architecture is. But that is certainly not the impression that I had before from reading that site or reviews in the LDS community.

So I would recommend against iWard/iStake, and suggest that users investigate MyWard from truestarapps.com instead. (Just to clarify, the app is called MyWard but it apparently also includes the stake functionality.)

[lajackson]

Reading the linked discussion on google groups and this thread gives me the heeby-jeebies. When i consider all the special instructions i was given as a membership clerk . . .

Is this member data security nightmare just a temporary artifact of the time it takes to get policy decisions through a large organization, or does the church IT dept. really not care about this?

The Church IT department cares very deeply about this. Yes, these are very changing times. And it does take some time to get policy decisions through a large organization.

However, the policy is actually in place, and this particular very large organization is not in the business of providing detailed day to day instructions on living our lives. The Church teaches principles, and then we do as Joseph said.

There are policies in place relating to the use third party servers, and leaders have very specific instructions about securing any information that comes out of MLS and goes onto their personal devices, including passwording, protecting, using only for callings, and removing it when they are released. You have outlined some of them in your post.

The challenge I see is that there are many who seek convenience over the care that should be given to protect membership information. The current policy, as I understand it, points to protection before convenience.

And that inconveniences some who do not wish to be inconvenienced in that manner.

The Israelites had the same problem when Moses led them out of Egypt. We just have different toys today. [grin]

[RossEvans]

There are policies in place relating to the use third party servers, and leaders have very specific instructions about securing any information that comes out of MLS and goes onto their personal devices, including passwording, protecting, using only for callings, and removing it when they are released. You have outlined some of them in your post.

The particular case of iWard/iStake is not necessarily a matter of knowingly choosing to disregard policy. And it does not affect only leaders, but also rank-and-file members. The immediate information in question is not MLS content, but LUWS content -- plus two very significant pieces of data: the LDS Account username and password of the user. That notwithstanding the fact that the LDS Account Conditions of Use say (emphasis in original):

You may not share your LDS Account password with anyone.

I rather suspect that most users of this product are not even aware of how it really functions. I was not until about 24 hours ago, and I am probably better informed than most non-technical members. The very cleverly worded PR of the site obscures these facts, IMHO, if only by omission and ambiguity. A user might be forgiven for thinking that he is connecting to secure.lds.org via a single, end-to-end SSL connection to his own device, just like he might do with an online banking client or browser. The website says:

All of the data exchanged between your device and LDS.org is done over encrypted SSL connections and we don't store or view any of your information our servers (or anyone else's servers, for that matter).

Note the "s" in "connections."

(I actually have never used the product because I don't happen to be an iHead. But if I owned an iPhone I probably would have done so in ignorance of the technical facts. While misunderstanding these facts, I have referred other users to the app. Actually, it was while doing so in another forum last night that I learned what I wish I had known earlier.)

Of course, compromising LDS Account credentials is more serious for leaders, because their credentials can potentially connect them to other things that rank-and-file members cannot. And I know from anecdotal comments in this forum and elsewhere that many stake leaders use iStake.

I am not accusing the operators of iWard/iStake of doing anything malicious with anyone's credentials. But I think I would be violating policy to use the product. Knowing what I know now, I certainly would be violating common sense. The architecture is inherently insecure.