Use of computer (physical keyboard+big display) to send and read email with iPhone Mail app

[rctlr]

Some kind of remote access to iphone from a desktop computer sound like what you're trying to achieve, I was looking at something similar, but came up wanting.

I would love to have something like the Samsung DeX for iphone. Plug it into a Hug and it fires up a big screen and keyboard.

You can do some of it with AV adapters and bluetooth, it works, to a fashion.

VNC, which is great on IOS - works to remotely access a Desktop Computer, but not the other way around.

 

[Apple Fritter]

@Apple Fritter Thank you anyway for your help and for your interest.
Have a nice week!
Cheers

Anytime @MatteoV, all the best for you as well!

 

[MatteoV]

@rctlr Hi, thank you for your suggestions: I looked at the Samsung DeX and it seems to me an innovative and great idea. But in my opinion it might be enough to have only an internet web page opened in any supported internet browser in the work pc (so without any external hardware or cables) that shows the opened app in iPhone without to interfere with other apps or settings (for security reasons). A tool like Samsung DeX may not be safe when the owner is absent for 15 minutes from the workplace (because the connection is always active) and anyone could change Android settings from the work pc. Maybe it would be safer if the connection between Pc and smartphone stop when user takes his smartphone and he goes over 4 or 5 meters away from the work pc.

Thank you
Cheers

 

[CopyChief]

Here's another option that might get you halfway there, if I'm still understanding correctly. It sounds like you have serious security concerns about syncing too much data between your phone and the destination computer. So a screen share is probably the best approach. Check out the app AirServer, which I think has both Mac and PC versions. It will make the computer an AirPlay destination, to which you can mirror your screen. [for this to work both devices will need to be on the same wifi network.]

From there you'd still need an external keyboard for typing (you wouldn't be able to control your phone with the computer... I don't think that's possible at this time with iPhone. And if it were, your security concerns would be multiplied.)

 

[simonsi]

The only way is to use icloud.com in any pc web browser and enter Apple ID and password in order to use only Apple pre-installed apps like Mail or Remainder with pc, no way to use other apps installed in iPhone.

It isn't using the Apps in your phone in any way whatsoever. The web apps you use via iCloud are running on the Apple server and use your iCloud synced <data>. It doesn't involve any access to your phone. The only exception to this is iMessage using Text Message Forwarding but that is limited to exchanging the information via the existing iMessage protocol, it still doesn't involve remote control in any way.

Do I want <anyone> to create a method to access/control iPhone Apps remotely via a computer <without entering my password> - NO! what on earth would you want such a thing if you remotely claim to be concerned about security...?

 

[hwojtek]

Anyway, my first post was a question about the existence of an app for iPhone (or a feature of the last iOS) that allows user to use pc (any pc, not only Mac) keyboard, big screen and mouse to interact with his iPhone's apps through a pc web browser and without entering of any ID or password

So effectively you want to secure your email communications by using a "remote screen" app running on your iPhone, allowing full, non-secured access to the contents of your iPhone. I wouldn't call it exactly smart.

The whole point of the iPhone being an iPhone is to allow everything you need without the use of the computer. Essentially you bought a car and now are trying to find a way to attach a horse to it, so the horse could pull the car because you are afraid to turn on the engine, as you've heard there are explosions inside.

There is no remote access to the iPhone without jailbreak. If you jailbroke, you could install a VNC server, but jailbreaking itself is a security breach much bigger than your concerns about leaving traces on customers' computers.

Apart from using the phone as intended, if I was you, I'd spent a little time to prepare a basic virtual machine using VirtualBox with some rudimentary Linux, set up your accounts or a browser there, put it as a portable executable on a thumb drive and run it in a window on guest computers you are using. That way you essentially have your own secure PC-as-a-file on a thumb drive.

You can use a Bluetooth keyboard at the very least (https://www.eltima.com/bluetooth-keyboard.html, calls for carrying a BT keyboard all the time) and if you connect your iPhone to any Mac running 10.7+ with a Lightning cable and fire up the QuickTime Player, select "New Movie Recording" and iPhone as a source, you can view the iPhone screen on the computer display. That said, it would be weird AF.

 

[MatteoV]

Hello guys, thank you for your useful and interesting replies!

Sorry but I think my request/problem is not well understood.

Let me to explain you better with an example.

Suppose I'm in a place with some PCs and some smartphones, all of them connected to internet via wifi and/or cellular data.

There are other people in the place where I'm.

The pc I use is named PC1 and it runs Windows XP and I use my iPhone, named for example iPhone1.

Suppose I need to send an email with my account. I could open icloud.com in internet explorer of PC1 (suppose I have a sync account, so icloud.com allows me to read and send email like my iPhone1 Mail app).

Problems that I could have:

-) Nobody can tell me if PC1 is infected and if, during ID and password entering, a malware can record any key pressed with PC1's keyboard when I enter any values in alphanumeric fields in web pages like icloud.com. Have you a proof that it will never happen, that is: no virus/macros exist for the OS I'm working with?
-) If I must go far from PC1 (for any reason: toilette, out for an incoming call, ...), I should logout (I should remember myself to logout) from icloud.com every time if I want to be sure that nobody can read and interact with my icloud account. When I must to re-login (when I return to work at PC1), I must insert again my ID and password in PC1. Repeat these operations for several times and it increase the probability that someone can see/discover my Apple ID and password when I enter them with PC1's keyboard.
-) When I login in my icloud account with PC1, all my sync data can be read by anyone (mail, remainder, messages, sms, documents, ...) if I'm far from PC1 and if someone wants to use PC1 (the connection is active due to the active login). In other words: one login for all data (= little dangerous).
-) The two factors access is good but when I login in PC1, the connection remain active and the problem of the use of PC1 by other person than me, when I'm far from PC1, remains. And for login, inserting every time two codes (password + second factor received with sms) could become tedious and slow, if the place in which I'm is isolated from any carrier companies (only wifi; for example in some workshops where there are production lines and operators without phones and with only emergency devices).




After the list of problems that I would have with a common icloud access (if you want you can comment my points, these problems are based on my personal opinion), an idea of a connection between PC1 and iPhone1 via web-page and qrcode could be as follow, in my opinion:

A) I open in PC1 the web page icloud.com where I'd like to see two options: ID and password common login and a qrcode created for PC1 in the exact time I open the web page.
B) I scan the qrcode with iPhone1 using a signed app created by Apple named, for example, iOSAppWeb (available maybe in a next iOS version? because you all told me that this feature doesn't exist in iOS 11), in the same way I scan a qrcode to open my Whatsapp in PC1 to share any file from iphone to pc and viceversa.
C) After the scan, I've created a unique connection between PC1 and iPhone1; nobody can reproduce the qrcode because it is unique and it exists only between the two devices PC1 and iPhone1 and in that time.
D) With the active connection, I can use in PC1 only the Apple app (Mail, Calendar, Remainder, Notes, ...maybe also not-Apple apps) that I see in the screen of iPhone1 for security reasons. That is: if in iPhone1 I open Mail and Remainder apps but only Mail app is on iPhone1's screen (Remainder is in backgroud and not active), then in a window inside the web page icloud.com that shows me the screen of iPhone in the monitor of PC1, I can interact only with Mail app, and not with Remainder app.
In all cases, from PC1 I can't change setting of iPhone1 iOS. In few words, with PC1 I can use only one iPhone app, the one I see in the screen of iPhone1: no different dangerous interactions between PC1 and iPhone1.
E)in the app iOSAppWeb I can disconnect, anytime I want, the connection between iPhone1 and PC1: it is useful if I'm far from PC1 and I forget to close/stop the connection with PC1: if I disconnect the two devices, in the screen of PC1 the window that showed the iPhone1's little screen will become blank and all history + previous connection residual data will be deleted from PC1.

I repeat that the points from A to E are based on a hypotetical idea of use of qrcode in order to use any installed app (one by one) opened in iPhone1 with a web browser in PC1.

I'm not an expert, but I'd like to know where I'm wrong.
Thanks
Cheers

 

[Puonti]

Get a bluetooth keyboard and a lightning to HDMI adapter to go. Connect your phone to an HDMI-enabled display on location (monitor, TV, projector) and use the bluetooth keyboard to type. No mouse needed, just a long enough HDMI cable so that you can continue to use the phone’s touch screen.

There won’t be privacy or security issues beyond what you’d normally have with a screen in a public place and a bluetooth keyboard.

It’s a matter of choices. Do you want a secure way to use apps on your phone or do you want an uncompromised desktop experience?

 

[MatteoV]

It’s a matter of choices. Do you want a secure way to use apps on your phone or do you want an uncompromised desktop experience?

Hi, I wish a secure way to use one single app installed in my iphone, that is opened in the iphone, with a desktop or notebook pc. I don't want an uncompromised desktop experience, and I don't like to write emails or remainders, or notes with my 10x4 cm iphone (display and touch keyboard too little...).

I wish a web browser service provided by Apple (for Firefox, Chrome, Internet Explorer, Safari if I will use a Mac, etc...) that, inside icloud.com page, allows me to scan a code:

• to create a unique connection between only my iphone and the pc in front of me;

• to use only the app I see in my iphone's screen, using the PC's keyboard, big screen and mouse, of the linked pc, to move easly the cursor when I type text in different positions of my email or notes (like a visual emulator in the screen of PC, or a rectangular window in the screen of PC that reproduces every pixel I see in the iphone screen; but with PC I don't want to change iphone app to use or to modify any iphone settings; with PC I wish only type text, add attachments, send mail, read mail, delete mail,... or, if I'm using Remainder in my iphone I wish to add remainders, delete remainders, modify remainders, ...);

• when I finished to use PC to send mail with my iphone Mail app, with iphone I wish to be able to disconnect, with one single touch, from PC and automatically the rectangular window of my cloned/emulated iphone in the PC's screen disappears.

I do not know how to explain it better...

However, I have already realized that there is no full solution for my problem, which leaves me slightly surprised.

Thanks
Cheers

 

[FatalFallacy]

Reading the discussion, I still do not get it how a scanned QR-code could in any way secure a possibly compromised computer.

If the PC is compromised, infected, outdated operating system, whatever... it does not matter, whether you open a webpage like icloud.com, any application that would clone your phone (if sth like that would be existing) or you scan a qr like whatsapp is doing in their webapp or in the browser (the qr code only represents another form of a second factor authentication, like icloud is doing with their challenge code)

Your main concern is, that the PC you are using is not trustworthy (I agree with you 100% on that)!

This won't change, regardless what kind of interface you are using to access your mail data, as you never could be sure that the PC has no key logger, screen grabber, network sniffer or any other 'evil' software running.

 

[MatteoV]

Reading the discussion, I still do not get it how a scanned QR-code could in any way secure a possibly compromised computer.

If the PC is compromised, infected, outdated opera\ting system, whatever... it does not matter, whether you open a webpage like icloud.com, any application that would clone your phone (if sth like that would be existing) or you scan a qr like whatsapp is doing in their webapp or in the browser (the qr code only represents another form of a second factor authentication, like icloud is doing with their challenge code)

Your main concern is, that the PC you are using is not trustworthy (I agree with you 100% on that)!

This won't change, regardless what kind of interface you are using to access your mail data, as you never could be sure that the PC has no key logger, screen grabber, network sniffer or any other 'evil' software running.

Hi, thanks for reply.

But if the qrcode created by Apple through his web service is unique (that is: the unique qrcode that links a pc to an iphone can't be used by any malware or keylogger or screen grabber, ... only communication between pc I'm using and my iphone is allowed), I don't see security issues.

I'd have security issues if my Apple ID or password are discovered, because someone could try to login with my ID and password with any pc around the world (regardless of the two-factor authentication system);

if the qrcode is discovered (it is, however, more difficult to be discovered, in my opinion, than a sequence of alphanumeric values), anyhow, I don't see any way to interact with my iphone from other pc, because the (hypothetical) safe Apple web service would find a not allowed attempt to access my iphone from another PC around the world and would block such access, as my iphone is already connected to the pc I'm using. Any ID and password can be entered in any PC you want (this allows great flexibility because you are synced with all the PCs with active Apple account login, but also it has big security issues).

Am I wrong?
Thank you

Cheers

 

[Mlrollin91]

Just throwing this out there. If you use 2FA, it doesn’t matter if someone gets your password. They still can’t access your account without your device and the 6 digit code.

The likelihood that the computer is infected is very small. So, use the computer and 2FA and you are pretty much golden. And if that still worries you, change your password monthly.

 

[FatalFallacy]

But if the qrcode created by Apple through his web service is unique (that is: the unique qrcode that links a pc to an iphone can't be used by any malware or keylogger or screen grabber, ... only communication between pc I'm using and my iphone is allowed), I don't see security issues.

I'd have security issues if my Apple ID or password are discovered, because someone could try to login with my ID and password with any pc around the world (regardless of the two-factor authentication system);

if the qrcode is discovered (it is, however, more difficult to be discovered, in my opinion, than a sequence of alphanumeric values), anyhow, I don't see any way to interact with my iphone from other pc, because the (hypothetical) safe Apple web service would find a not allowed attempt to access my iphone from another PC around the world and would block such access, as my iphone is already connected to the pc I'm using. Any ID and password can be entered in any PC you want (this allows great flexibility because you are synced with all the PCs with active Apple account login, but also it has big security issues).

You are expecting a gain in security using QR, unfortunately this is not as true as you might expect, as it does not solve the initial problem.

It is out of question, that usage of a QR would benefit convenience for a login into any service, as you would not need to enter a username + password + challenge code (from a different factor, like pushing the key to a trusted device - e.g. your phone - like apple is currently doing), but confirming the QR-code from a trusted device - e.g. your phone - by taking the photo as a second factor (actually this would be cool idea, at least as an option).

Still on a technical level, the web socket established between your browser or app on that machine can not be trusted if the machine itself can not be trusted, as the traffic may be intercepted.

Actually most company networks are doing this in order to prevent and detect leakage of intellectual property and to protect business data assets by breaking open and monitoring (even secure) connections (e.g. https / SSL).

On a not trustable machine same may happen if a bad guy implanted similar tools and/or replaced certificates on the machine with his own, rendering data communication encryption useless (allowing to log your data communication, e.g. mail) or using known security bugs in browsers, applications or operating systems (like Win XP in your case which is no longer maintained and supported) to gain access to your information.
Completely cloning your phone's access to the machine (what you initially asked for) would actually even worsen the situation, as there would be even more data leak.

If a bad guy gains your apple-id and password without having you enabled 2fa then, indeed, you are in trouble.

If he does, he still is not able to do any harm if you use 2fa, as for any login into any other apple service you all the time need to enter the challenge code from a trusted device, which he does not have and you'd get informed instantly if somebody tries (needing you to change your password).

Following scenarios are basically using the same principle, implementing a two factor implementation:

• In the QR-case (if it would be available) the challenge code (the QR-code) is presented on your screen on a less trusted device, you confirm your legit identity by photographing from a trusted device.
• In the name/pass/challenge - case the challenge code is presented on a trusted device (your phone) and you enter and confirm your legit identity into the less trusted.

Long story short:

• Apple is not providing QR as a convenience function to simplify the login into their services by using your phone as a second authentication factor.
• Setting up login and the ‚secure‘ communication channel by QR is no improvement from a security perspective, compared to the more inconvenient usage of user/password/challengecode.
• Not enabling two factor authentication for your services is a slippery slope, I can only strongly advise you to enable it, if not yet done.
• Do NOT use machines that you can not trust! Never!

Hope this helps.

 

[hwojtek]

(...)
Let me to explain you better with an example.
(...)
The pc I use is named PC1 and it runs Windows XP and I use my iPhone, named for example iPhone1.

Suppose I need to send an email with my account. I could open icloud.com in internet explorer of PC1 (suppose I have a sync account, so icloud.com allows me to read and send email like my iPhone1 Mail app).

Could you please remind me what do you need your iPhone for?

Hi, I wish a secure way to use one single app installed in my iphone, that is opened in the iphone, with a desktop or notebook pc.

You need to understand that this creates ANOTHER security risk instead of reducing it.

 

[MatteoV]

Sorry all for the delay of my answer.

@Mlrollin91 Thank you for you advice, I will do what you suggest about 2FA. It's definitely a bit boring to write so many alphanumeric characters with the PC and to wait for an sms every time (also 7-8 times in one day), but it's the only solution.


@FatalFallacy Thank you so much for you explanation: you explained very well what my questions were. I like when someone explain me something technical about my questions. In this way I learn something more on technology without reading tons of text in tons of web pages.

About QR code, I still can't understand why (technically speaking) it offers no more security than a visible password consisting of letters and numbers. A QR code (based on what I've read on the web) is an image with hundreds of pixels that can be ordered with a large number of combinations (pixel on and pixel off) more than 100! (about 1 /10^150 of probability to be discovered); an alphanumeric password with other characters like '/', ';', and so on and with, for example, 10 characters, could have about 1 / 10^20 of probability to be discovered.

Even if a bad person could scan the QR code, decode it to obtain the unique web link for the connection between my iPhone and the PC I use and try to access into the existing connection I've created between my iPhone and the online service provided by Apple and that I use through the PC, Apple service could block/stop the access by the other person (the bad person) in order to allowing only the access between one iPhone (the mine) and the PC I use.

If the bad person uses a different PC than mine to enter inside my connection, the Apple service would discover it because, in Internet, an online PC or device has a unique address (am I wrong? remember: I'm not an expert, I want only to learn more about security, just for curiosity. I don't want to impose my idea, I just want to discuss the problem).


@hwojtek

Could you please remind me what do you need your iPhone for?

Indeed also (also) to make phone calls...

You need to understand that this creates ANOTHER security risk instead of reducing it.

Why, if the only person that could use the iPhone app on a desktop is the owner of the iPhone and the same person in front of the PC he is using?
In my question for you I suppose that the Apple service I hypothesize here is the one described above (see my answer to @FatalFallacy): only one connection between two devices is allowed, not like the current way based on several devices that can be linked to iCloud at the same time (with the current way, that is still very usefull undoubtedly, I could have more than 1 device linked to iCloud, and this thing is a security issue under certain circumstances, for example when I want to be sure that only my iPhone is linked to iCloud. When I receive, by Apple, a notification email about a login performed by an other device, it may be too late and some data may already have been read or copied by unauthorized persons).

 

[FatalFallacy]

About QR code, I still can't understand why (technically speaking) it offers no more security than a visible password consisting of letters and numbers. A QR code (based on what I've read on the web) is an image with hundreds of pixels that can be ordered with a large number of combinations (pixel on and pixel off) more than 100! (about 1 /10^150 of probability to be discovered); an alphanumeric password with other characters like '/', ';', and so on and with, for example, 10 characters, could have about 1 / 10^20 of probability to be discovered.

Let me explain with the whatsapp example:

(1) You have a misconception in the numbers of combinations:

A pixel on/off unfortunately does not represent an equivalent to an character, but just one bit, a character is more than just a pixel on off.

If you want to represent a character in bits you need a encoding scheme which fits your alphabet, an encoding example would be e.g. ASCII as the most known (I know QR use a more complex encoding, but ascii is more simple):

Extended ASCII says that to represent all printable characters of an alphabet plus numbers, plus special char are done in
a variation of combinations of 256bits. That means you would need a row of 256pixels to represent 1(!) character in a picture.

Additionally there are control information encoded in combinations of the pixels, plus mechanisms to do error corrections and much more.

For the QR used by Whatsapp for example is a QR Version 4 code, this means:
A maximum(!) of characters that could be encoded in the picture is 50 characters, probably it is way less in current WhatsApp implementation.​

(2) You claim a password is visible / readable therefore QR is more secure:

There is no magic at all in a QR, it is well documented and described.
In fact it is as visible and readable as a displayed text, there are even browser extensions that on the fly decode the QR code into the text information the QR is representing.
​

(3) You may think that the WhatsApp-QR-code includes some magic or credential related information

In fact the QR-code just includes an ID that represents the current browser session.
This ID could also be displayed in text form and put into the whatsapp app into a text entry field on the phone.
​

(4) Let me share the information flow happening with web.whatsapp.com:

Your phone reads the QR code, translates the code into text, the app contacts its WhatsApp servers and tells WhatsApp serves as a response:
- My number is xxxxxxxxx
- My authorization credentials are yyyyyyyyy (these are stored in the app when you at first launch confirmed the short message code in the app on installation,
- The webbrowser displayed a QR code representing following ID: zzzzzzzzzzzzzzzzzzzzzzzz
- Please allow me to use the browsersession with that ID to use with my whatsapp.

-> Whatsapp checks whether this three information pieces match
If they match Whatsapp triggers a refresh of the website that showed the QR and launches your conversation-screens, as it can be sure that the person who has the ID of the QR and sent the phonenumber and credentials saved in the phoneapp are one person.​

Hope this sheds some more light.

 

[MatteoV]

Your phone reads the QR code, translates the code into text, the app contacts its WhatsApp servers and tells WhatsApp serves as a response:...

@FatalFallacy Hi, thank you so much for your help! I did not know that the QR code was read and converted in plain text by the phone (or by some apps). I thought it was a kind of password, with many 0 and 1, created one time (for the unique connection between two devices) and very difficult to reproduce due to the huge amount of combinations.

Thank you
Best regards!
Cheers

 

[tromboneaholic]

Sorry all for the delay of my answer.

@Mlrollin91 Thank you for you advice, I will do what you suggest about 2FA. It's definitely a bit boring to write so many alphanumeric characters with the PC and to wait for an sms every time (also 7-8 times in one day), but it's the only solution.


@FatalFallacy Thank you so much for you explanation: you explained very well what my questions were. I like when someone explain me something technical about my questions. In this way I learn something more on technology without reading tons of text in tons of web pages.

About QR code, I still can't understand why (technically speaking) it offers no more security than a visible password consisting of letters and numbers. A QR code (based on what I've read on the web) is an image with hundreds of pixels that can be ordered with a large number of combinations (pixel on and pixel off) more than 100! (about 1 /10^150 of probability to be discovered); an alphanumeric password with other characters like '/', ';', and so on and with, for example, 10 characters, could have about 1 / 10^20 of probability to be discovered.

Even if a bad person could scan the QR code, decode it to obtain the unique web link for the connection between my iPhone and the PC I use and try to access into the existing connection I've created between my iPhone and the online service provided by Apple and that I use through the PC, Apple service could block/stop the access by the other person (the bad person) in order to allowing only the access between one iPhone (the mine) and the PC I use.

If the bad person uses a different PC than mine to enter inside my connection, the Apple service would discover it because, in Internet, an online PC or device has a unique address (am I wrong? remember: I'm not an expert, I want only to learn more about security, just for curiosity. I don't want to impose my idea, I just want to discuss the problem).


@hwojtek

Indeed also (also) to make phone calls...


Why, if the only person that could use the iPhone app on a desktop is the owner of the iPhone and the same person in front of the PC he is using?
In my question for you I suppose that the Apple service I hypothesize here is the one described above (see my answer to @FatalFallacy): only one connection between two devices is allowed, not like the current way based on several devices that can be linked to iCloud at the same time (with the current way, that is still very usefull undoubtedly, I could have more than 1 device linked to iCloud, and this thing is a security issue under certain circumstances, for example when I want to be sure that only my iPhone is linked to iCloud. When I receive, by Apple, a notification email about a login performed by an other device, it may be too late and some data may already have been read or copied by unauthorized persons).

I may have missed something, but why not just check your email from your computer?

 

[MatteoV]

I may have missed something, but why not just check your email from your computer?

Yes, sorry but you missed something .
However, if you read all the posts you will understand. No problem, I solved by enabling two-factor login for iCloud on PC. The only annoying problem is that I must login and logout several times in a day with the PC I use (not mine), so I must perform several actions with keyboard (insert several password and characters) instead of make some photos to the PC screen with my iPhone for QR code scanning. I was looking for something faster but safe like the iCloud login. That's all.
Cheers