iOS 7.1 Mail App Encrypting Certain Replies Inappropriately

Encrypted Reply

‘Reply All’ Via iOS 7.1 Mail App


 
We talked recently about Apple mostly fixing one bug related to S/MIME encrypted email messages with their release of iOS 7.1.  Now it appears that they may have another.

Normally when using S/MIME email signing and encryption, the Mail app will indicate a blue lock icon next to any recipient with whom you’ve previously received a signed message and installed their public certificate.  Any recipients for whom you don’t have a certificate installed, and are therefore unable to exchange encrypted mail, are shown in red with an unlock icon next to their name.  It’s perhaps the most visually intuitive S/MIME implementation out there.

If you’ve previously installed a certificate for every recipient on a given message, Mail will indicate that the message is Encrypted at the very top, again accompanied by a blue lock icon.  If there are any recipients on a message for whom you don’t have a certificate, the message will normally drop back to Not Encrypted at the very top and show the red unlock icon.  You would never want to send out a single encrypted message to a group of people such that only certain recipients had the means to decrypt and read it.

At the Connecticut-based healthcare practice where I work, we collaborate with outside technical people all the time.  In day-to-day e-mail exchanges, I’ll frequently receive e-mail messages from third parties where the sender chooses to include or carbon copy our CIO or one of my IT colleagues.  More to the point, someone who doesn’t use S/MIME signing and encryption will send me a message where they carbon copy someone who does use S/MIME.  Often the topic will merit a response, where I begin by hitting Reply All.

The iOS 7.1 Mail screen captured at the top of this article should not be possible.  You’re looking at a Reply All where I have no S/MIME certificate for the To party, but I do for the Cc’d party.  Yet the overall message status at the very top still indicates Encrypted.  If I began a new e-mail message to the very same recipients, the message status would be Not Encrypted.  This inadvertent Encrypted status on Reply Alls to a mixed group of recipients isn’t just a visual problem.  If sent, the reply message actually goes out encrypted as promised, such that only the name in blue will be able to read it.  Red recipients will get an smime.p7m attachment that they can’t do anything with.

Curiously, I’m only able to replicate this problem situation when doing a Reply All from my Microsoft Exchange e-mail account.  I’m unable to duplicate it when replying from Google-hosted IMAP accounts.  I should mention that while I’ve seen it happen from multiple devices running iOS 7.1, the device from which I recreated this scenario is an iPhone 5s that was completely wiped and reloaded after having been upgraded to iOS 7.1.

The work-around, for now, seems to involve avoiding the Reply All button.  If you instead limit yourself to choosing Reply, and then manually add the other recipients back, the message status seems to behave appropriately.  It’s an unfortunate extra bit of work, with the potential to stand in the way of wider S/MIME use in iOS-centric enterprises.

This information has been submitted to Apple on case number 593916475.

Encrypted E-mail Attachments Fixed in iOS 7.1?

Encrypted e-mail message with attachment on iOS 7.1

Signed and encrypted e-mail message.


 
S/MIME (Secure / Multipurpose Internet Mail Extensions) is one of two main methods of securing the content of e-mail messages between sender and receiver, regardless of the networks and servers that the message traverses along the way.  While S/MIME includes other functions, such as message integrity and non-repudiation, we’re going to focus on encryption today.

Where Can I Find It?
Though a small percentage of the general population are aware of how to implement and use S/MIME signing and encryption, the technology itself has been natively supported in most e-mail clients for some time.  Programs that support S/MIME include Microsoft Outlook, Mozilla Thunderbird, Novell Evolution, Apple’s Mac Mail, the iOS Mail App (in iOS 5 and later), and a small number of Android apps.  While perhaps used infrequently in the real world, S/MIME support is ubiquitous to the point that it would be hard to find a situation where it couldn’t be used if desired.

You Said iOS?
And then iOS 7 came along.  We talked here in late September about a problem that plagued Apple’s then-released iOS 7.0.  Incoming e-mail messages that had been created using S/MIME encryption, and which also carried file attachments, would often render those file attachments as pulsating and inaccessible when viewed on iOS 7 devices.  It wasn’t a universal failure, as encrypted messages created using Mac Mail on Mac OS seemed reliable.  Messages created using Microsoft Outlook and then read on iOS 7 – a scenario common in business – were the most prone to exhibiting the pulsating problem.  While the S/MIME attachment issue was brand new with the introduction of iOS 7, it persisted in nearly the same form for the next 5 months and 18 days, as we ran updates 7.0.2 through 7.0.6.

Who Cares?
To put the scope of the S/MIME attachment failure in perspective, my September blog post on the subject has pulled in 4,855 pageviews, representing 28% of the total traffic to this small blog since.  Readers have come from 1,665 networks, including those of well-known companies, government agencies, universities and medical institutions.  They’ve been a geographically diverse bunch, spanning 88 countries, from Andorra to Yemen.

At The Office
Closer to home, Apple’s S/MIME attachment handling problem was one hurdle standing in the way of potential wider adoption at my employer in Connecticut.  Using S/MIME under normal circumstances, I might automatically encrypt every outbound message to recipients with whom I’ve previously exchanged a signed message.  Since iOS 7’s release, however, I began having to make assumptions about whether the recipient might need to view an included attachment from an iOS device, and then send the messages in the clear to accommodate easy reading.  Such a limitation has glaring security issues, of course, and also places too high a burden on non-technical end users.  The technology needs to just work.

Fixed
As of this past Monday, it almost just works.  Following Apple’s release of iOS 7.1 on March 10th, I quickly upgraded an iPhone 4, an iPhone 5s and an iPad 3.  I should probably mention that I updated them using the ‘sync with iTunes’ method, rather than over-the-air.  From these iOS 7.1 devices, I’m now able to read PDF, XLSX and DOCX attachments on S/MIME encrypted messages sent via Outlook 14 / Office 2010.  Almost always.

New Issue
In cursory testing following the iOS 7.1 upgrades, I quickly saw at least three occasions where an attachment on a new encrypted e-mail message appeared to bear the filename of a previously-received attachment.  It was as if the messages were being decrypted to a common cache that isn’t always cleared properly after use.  In these rare instances where the wrong filename was presented for the attachment, opening the attachment was hit-or-miss.  I’ve only seen it happen three times so far, but anything less than 100% reliability doesn’t denote a complete fix.

Possible Resolution
So I called Apple to establish Case ID: 588543752.  The total call lasted 43 minutes, and I was quickly escalated to a Senior Advisor.  He took down my information to pass on to engineering.  Though I thought it unlikely to help at the time, I promised to wipe an iPhone 5s clean, re-apply my configuration profile, and confirm that I could still re-create the problem afterward.  Since wiping the iPhone 5s and setting it up from scratch, I’ve been unable to reproduce any problems with S/MIME encrypted messages bearing attachments.  This may turn out to be one instance where wiping an iOS device following a major upgrade actually does some good.  Stay tuned for more.  It’s never boring.

Update Your iOS Devices Now

iOS 7.0.6 Update Screen

Navigate to Settings > General > Software Update.


 
On Friday, February 21st, Apple released security updates affecting the iPhone 3GS through the 5s, the iPad 2 and later, the 4th and 5th generation iPod touch and the 2nd generation Apple TV.  The specific version updates available for various devices are as follows:

  • iOS 7.0.6 – iPhone 4 and later, iPod touch (5th generation), iPad 2 and later
  • iOS 6.1.6 – iPhone 3GS, iPod touch (4th generation)
  • Apple TV 6.0.2 – Apple TV 2nd generation and later

To characterize the patched vulnerability using Apple’s words, “An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.”  ZDNet and others report that iOS was not doing SSL/TLS hostname checking prior to Friday’s update.  This is a very serious flaw.

For those that aren’t aware, SSL/TLS hostname checking is one part of an imperfect system meant to keep our encrypted communications secure.  Whenever you visit a secure web site using the HTTPS prefix, your computer is supposed to compare the site name you entered with the digital certificate that the site uses in order to initiate an encrypted session.  If the two don’t match, you’re presented with a fairly ominous warning.  While it’s still possible for a skilled person or an organization to create a man-in-the-middle attack to eavesdrop on your encrypted traffic, at least they’d need to dupe or coerce a Certificate Authority into giving them a digital certificate containing the name of the site they wished to impersonate.

But without SSL/TLS hostname checking, literally anyone in a “privileged network position” on a network segment between your iOS device and the rest of the Internet can pretend to be Bank of America, Amazon, Google or anyone else.  While it’s not alleged that the Safari web browser contained this vulnerability, everything else that your iPhone does could be susceptible to it.  For instance, your iPhone’s native Mail app wouldn’t distinguish the difference between Google’s legitimate Gmail servers and a server that anyone built using a common Linux distro and the openssl req command.  Such an oversight causes security professionals everywhere to collectively gasp.

Before the rest of us panic, however, it’s important to realize that any widespread exploitation of this vulnerability would likely have already been discovered.  Very few network segments are limited to only iOS and Mac clients.  While unpatched iOS devices might be willing to blindly connect to imposter servers, we hope that the Android, Linux and Windows clients would be throwing up flags indicating the deception.  People would be talking about it.

All of this is to say that while you’re probably fine for now, there’s no time like the present to update your iOS devices.  It’s as easy as navigating to Settings > General > Software Update, and clicking on ‘Download and Install.’  Reports indicate that Mac OS 10.9.1 is vulnerable as well, so you’ll want to keep an eye out for a Mac OS update in the days ahead.

Old Exchange Flaw Persists in iOS 7

Exchange ActiveSync Connections From One iPhone 5 Running iOS 7.

Exchange ActiveSync Connections From One iPhone 5 Running iOS 7.


 
Starting last December, and continuing in March of this year, we talked about a series of symptoms that often arrive hand in hand, sporadically, on Apple devices running various revisions of iOS 4, 5 and 6, up through 6.1.3.  Those symptoms include devices running warm to the touch or even hot, a battery that may drain significantly faster than normal, and spikes in cellular data use of up to ten times the user’s normal pattern.  While this trio of symptoms may well have more than one culprit, the many instances that I’ve personally witnessed have since been reduced to a single common cause.  One with a quick solution.

If you’d like to read the years-long chain of events in order, including documented interactions with Apple along the way, you’re welcome to follow these links to part 1 and part 2 of the story.  Today’s entry is the third – but not the final – installment.  In the interest of time, we’ll try to get right to the point.

For All Of Us
If your iPhone, iPad or iPod touch ever begins running warmer than normal, or the battery drains twice as fast, or you get sticker shock on your next cellular bill, you’ll obviously want to quickly determine the cause.  Fortunately, with iOS 7, this is easier than ever before.  Begin by navigating to Settings > Cellular.  Scroll down, and you’ll see data usage for native and 3rd-party apps directly under each application’s names.  But don’t stop there.  Also navigate into > System Services, and observe your usage here too.  If your device connects to your company’s Microsoft Exchange e-mail environment, don’t be surprised to see a high number next to Exchange Accounts.  And if you do, read on.
 

Cellular use stats are a good way to identify any application working overtime.

Cellular use stats are a good way to identify any application working overtime.


 
For Microsoft Exchange Users
As we alluded to earlier (after giving it away in the title, lead graphic and caption), virtually every instance of heat + battery drain + runaway data use that I’ve personally witnessed has been the result of a sudden-onset problem syncing a Microsoft Exchange calendar.  When an iOS device encounters an error syncing an Exchange calendar, it simply retries.  In fact, it retries every couple of seconds or so, nonstop, 24 hours a day, forever if you let it.  Unfortunately this is nothing new.

This past weekend, an executive’s iPhone 5 (on Verizon) and his iPad 2 (Wi-Fi only), both running iOS 7, began exhibiting runaway connections to my employer’s Microsoft Exchange ActiveSync server.  The user upgraded his iPhone 5 to iOS 7.0.2 over the weekend, but the problem persisted.  In one 24-hour period, his iPhone checked in with our server 45,009 times, while his iPad connected 55,547 times.  Normally we’d expect to see a single device connect a few hundred times per day rather than tens of thousands.  After notifying the executive this morning, and asking him to perform the following fix, his problem went away for the time being.

If you think this may be happening to you, but aren’t sure, you might consider contacting your company’s IT Department or Microsoft Exchange Administrator.  We’ll talk about what he or she can do in the next section.  Having said that, the potential fix is easy, non-destructive, and you can try it out to see if it solves your problem.  As illustrated below, you’ll simply navigate to your Exchange account settings, turn your Calendars off, and then turn them back on.  While one step, “Delete from My iPhone”, sounds ominous, you’ll get your calendar entries back when you re-sync with the server.  Further instructions follow in the next caption box.  Please read and re-read them.  And use them at your own risk.
 

On your device, select Settings > Mail, Contacts, Calendars > (your Exchange account). Turn off ‘Calendars’ and then ‘Delete from My iPhone.’ Wait thirty seconds, and turn Calendars back on.

On your device, select Settings > Mail, Contacts, Calendars > (your Exchange account). Turn off ‘Calendars’ and then ‘Delete from My iPhone.’ Wait thirty seconds, and turn Calendars back on.


 
For Microsoft Exchange Administrators
Keep an eye on the IIS log files on your Exchange ActiveSync server on a regular basis.  By doing so, you may be able to identify a runaway iOS device before the users even know what’s going on.  In larger environments, you’ll likely use automation and alerting tools to bring runaway devices to your attention very quickly.

For Apple
The fact that this runaway connection problem has persisted now across four generations of iOS is a bit ridiculous.  I’ve seen no Android devices exhibiting similar behavior in our environment, leading me to believe that it’s technically possible to engineer something that doesn’t do it.  Common sense suggests setting some sort of timeout; a maximum number of retries before abandoning a particular calendar entry update.  Last Spring I hoped that Apple would fix this situation with the next incremental release.  We now know that they’ve failed to address it in their next major release, iOS 7.  And that leaves all of us to live with the problem, monitor it, and execute this fix whenever necessary.

iOS 7 Mail App Flaw

Pulsating Attachment Problem in iOS 7 Mail App ©Apple Inc.

Pulsating Attachment Problem in iOS 7 Mail App ©Apple Inc.


 
It seems that relatively few people are aware of commonly-available standards and tools for end-to-end e-mail encryption, though more may be interested in this topic in the post-Snowden era in which we now find ourselves.  One of these standards – S/MIME – is natively supported in most e-mail clients, including Microsoft Outlook, Mozilla Thunderbird, Novell Evolution, Apple’s Mac Mail, and the iOS Mail App (in iOS 5 and later).  A small handful of colleagues, business partners and I use S/MIME signing – and encryption where applicable – in our day-to-day e-mail communications.  The fact that iOS has supported S/MIME for awhile makes it fairly seamless to use this technology, whether at our desks or on the go.  That is, until we all upgraded to iOS 7.

Having upgraded our iDevices to iOS 7 on or very shortly after the September 18th launch, we quickly noticed something strange with regard to encrypted e-mail.  We could read the body text of encrypted messages just as before.  Unlike with iOS 6, however, any attachments on these encrypted messages appeared to pulsate rapidly as seen above.  Trying to click on a pulsating attachment either results in nothing, or in the Mail app closing out abruptly.  Though the pulsing is fast enough to make it difficult to discern with the human eye, the attachment icon bearing the file type and name is sometimes interspersed with the word Downloading, the file name and a size that doesn’t seem to increment.  We’ve been unable to open any attachment exhibiting the pulsating behavior.

On Friday, we assumed that this affected all S/MIME attachments received on devices using iOS 7’s native Mail app.  I contacted Apple Support on case number 507281855, and also sent a message to a customer relations e-mail address that I’ve corresponded with in the past.  As we looked into the issue further over the weekend, it appears that e-mail messages created using Microsoft Outlook are most likely to exhibit the pulsating attachment behavior.  For instance, any test encrypted message that I’ve sent from fully-patched installations of Outlook in Office 2003 or 2010 arrive with the pulsating attachment problem on any iPhones and iPads running iOS 7.  When I created similar tests using Mozilla Thunderbird on Linux, two of three recipients received the attachment normally and were able to view it.  Further, any e-mail containing the content attached visibly in-line rather than as a file attachment seems to display fine as well.

So what do we know?  Every S/MIME encrypted message bearing a file attachment and created using Microsoft Outlook from a fully-patched installation of Office 2003 or 2010 exhibits the pulsating attachment problem when viewed on any iOS 7 device.  Encrypted messages with attachments created using Mozilla Thunderbird were readable by some – but not all – recipients using iOS 7 devices.  Encrypted messages sent using Mac Mail on Mac OS typically insert the attachments inline, where the content is viewable without issue.  Long story short, Apple’s Mail App has taken a step backward in iOS 7 where support for encrypted e-mail is concerned.  We can only hope that this is resolved in the next iOS update.

Update:

  • In the first week following this post, it was viewed 374 times from 209 cities in 32 countries.  Readers came from such roles as government (City of Los Angeles, Department of Homeland Security, NASA, and the U.S. Department of Energy), education (Bucknell University, Marquette University, Penn State, UC San Diego and University of California, Irvine) and Apple Inc. offices (Brisbane, Australia; Elk Grove, California; and Zurich).
  • A companion post over at the Apple Support Communities got 615 Views and counting.
  • Apple released iOS 7.0.2 to deal with security issues on the lock screen.  It did not address this problem.

Update 2:

  • Apple released iOS 7.0.3 on October 22nd.  It did not address this problem.

Update 3:

  • Apple released iOS 7.0.4 on November 14th, but did not fix this problem.  Following the upgrade on my iPad, I am not presented PDF attachments at all on S/MIME encrypted messages created via Outlook and sent via Exchange Server or Google-hosted IMAP accounts.  It’s as if they’re not there.  A Microsoft Word .DOC attachment still pulsates rapidly as in the original illustration.  My iPhone, however, shows both file types pulsating.

Update 4:

Problems Persist in iOS 6.1.2

In late December, 2012, I posted the saga of narrowing down a set of iPhone / iPad symptoms that periodically manifest themselves and usually arrive hand in hand.  Those symptoms include noticeably diminished battery life, surging 3G/4G data consumption, and devices that run warmer to the touch than normal.  If you’d like my history with this going all the way back to iOS 4.x, click here and then follow a link back to this post when finished with the first.  Today’s post is chapter two of what I hope is only a trilogy.

Quick Recap
When we left off in December, we’d narrowed our iPhone / iPad problems down to runaway interaction between problematic iDevices and my employer’s corporate e-mail server running Microsoft Exchange 2003 Service Pack 2.  These interactions are documented in the Internet Information Server (IIS) logs on our server running Exchange ActiveSync, and are stored by default in our case at c:\WINDOWS\system32\LogFiles\W3SVC1.  While a properly-functioning iPhone may connect to our Exchange server a few hundred times per day, a runaway device will connect up to tens of thousands of times per day.  This excess traffic will continue unabated on an offending device until manual intervention is taken.  If too many devices in an organization are doing this at once, it creates a sort of denial-of-service attack against the Exchange ActiveSync server.

It’s important to note that this issue may affect more than just the Exchange portion of the iOS e-mail client.  I’ve received and observed feedback regarding the client-side symptoms – battery drain, 3G/4G data surge and warm devices – from people connecting to other push e-mail services including Hotmail and iCloud as well.  Of course end-users and business network administrators like myself aren’t privy to what’s happening at the other end of those cloud services.

Since Then
Subsequent to my December post, this iOS / Exchange issue finally reached mainstream consciousness following the release of iOS 6.1.  Apple went as far as issuing a rare acknowledgement that an issue was known to occur when connected to Microsoft Exchange 2010 SP1 or later, and that it is triggered by responding to an exception to a recurring calendar event sent to a Microsoft Exchange account.  Apple said nothing of Exchange 2003 that I am aware of.

Apple Inc.
I talked about and documented several of my interactions with Apple in the December post. I shared my mild frustration in getting past their basic support to the point that they believed that I had a legitimate iOS issue.  On January 9th, 2013, my issue was escalated yet again to a person that I’ve been in fairly regular contact with since.  I provided raw log files at Apple’s request to be forwarded to their engineering team.  And I’ve had nothing but positive interaction with Apple since.  I know from Google Analytics that Apple is familiar with my original blog post.  As I’m writing this follow-up, my little blog has received 39 visits from a network labeled, ‘apple inc.’, another 8 visits from ‘apple inc. – 10g ashburn ide’, and 1 visit from ‘apple computer’ since the original post went live.

iOS 6.1.2
Apple released iOS 6.1.2 on February 19th, 2013.  The update description read in full, “Fixes an Exchange calendar bug that could result in increased network activity and reduced battery life.”  I received a few e-mails from friends as far away as China pointing out that our issue might now be fixed.  Three days later I sent out a memo to our iOS users asking any who had not already done so to upgrade to iOS 6.1.2.

Not Fixed
On Sunday, February 24th, a single CDMA iPhone 5 running iOS 6.1.2, noted in our IIS logs as ‘Apple-iPhone5C2/1002.146’, contacted our Microsoft Exchange ActiveSync server 69,878 times that day.  Keep in mind that there are only 86,400 seconds in a 24-hour period.  By way of comparison, my iPhone 4 checked in 336 times during the same span of time.  Upon discovery, I notified my contact at Apple and sent him the log at his request.

What To Do With Your Runaway iPhone
Since the December post, we’ve learned that fixing runaway iDevices is much simpler than our original course of action, which consisted of wiping them out and setting them up as if they were new.  Neither that action, nor simply deleting and re-adding an Exchange account, seems to be necessary.  In fact, resolving our latest runaway iPhone proved to be as simple as turning off the iPhone’s calendar sync on the Exchange account momentarily, and then turning it back on.
 

On your device, select Settings > Mail, Contacts, Calendars > (your account).  Turn off Calendars and 'Delete from My iPhone.'  Wait a moment, and turn Calendars back on.

On your device, select Settings > Mail, Contacts, Calendars > (your account). Turn off ‘Calendars’ and then ‘Delete from My iPhone.’ Wait a moment, and turn Calendars back on.


 
For Exchange Administrators
Some organizations are taking technical means to bar iPhones running iOS 6.1 through 6.1.2 from contacting their Exchange servers.  If you have a great many iPhones, this step may be absolutely necessary in order to keep your e-mail environment up for everyone else.  At the very least, you should consider alerting all users to stop accepting calendar invitations and updates via their iPhones and iPads.  For those of us with far fewer devices to manage, simply keeping abreast of the server logs and working with affected users may be enough.  As I write this, our IIS log for Saturday is already several times larger than it should be.  It wouldn’t be that difficult to automatically BULK INSERT each day’s log file into a SQL table and then query for the number of connection attempts by each user’s iPhone or iPad per day.  I work with a great DBA who may be called upon to do that for us if Apple doesn’t come out with a fix real soon.

Final Thoughts
While iPhones are wonderful pieces of technology that can do a great many things, there are exactly two functions that every smartphone must do reliably, bar none.  One is to make phone calls.  The other is to handle mobile e-mail, calendaring and contacts.  The fact that the premier device from one of the most well-regarded companies on earth has problems with one of these basic necessities is fairly disconcerting.  One wonders how hard it could possibly be to program in an upper limit to the number of attempts to update a single calendar invitation!?  I’m not yet at the point that I’m going to steer anyone away from the iPhone and iPad.  But I really hope that Apple can get this right in iOS 6.1.3 or soon thereafter.  Before I start giving BlackBerry a second look.

[While I hoped that this issue would ultimately be resolved by iOS 7, we’ve now seen this behavior in iOS 7 and 7.0.2 as well.  Follow this link to the next post.]

iPhone Data Leak Identified?

It’s no secret that I’m an Apple fan.  It’s not an exclusive relationship; I’ve also got a couple of Lenovo systems running Linux at home.  But over the last decade, I’ve purchased multiple iPods, an iMac, a Mac Mini, a MacBook and my current 13” MacBook Pro, iPhone 4 and new iPad.  I’ve spent more of my personal income on Apple hardware over the years than with any other single computer vendor.  For the most part, Apple solutions work well for me in a wide variety of roles, both personal and professional.  Clearly Apple stands to gain from long-term customer relationships like mine.  Unfortunately, despite many positive experiences with Apple, not everything coming out of Cupertino is perfect.

Today’s long story began in mid-June, 2011, when I finally climbed aboard the iPhone bandwagon with the shiny new, white iPhone 4 on AT&T.  The phone shipped with iOS 4.x; there was no reason to note the exact version number at the time, though it was probably 4.2.1.  I set up my various work and personal e-mail addresses, synced my music, and was off and running into the world of iOS apps.  Admittedly I was relatively late to the party.  But I wasn’t the last.  My employer has since all but abandoned BlackBerrys in favor of iPhones, and the BYOD phenomenon is slowly bringing in more iPhones and iPads here as time goes on.  And with them came some strange problems, affecting me perhaps most of all.

During my first year of iPhone use, I twice ran into the following scenario.  For a while everything would be fine.  My iPhone was set to use Wi-Fi both at home and at the office, meaning that I only used 3G cellular data while in transit back and forth, or while out and about, traveling, and the like.  Typically I’d use about 200 MB of 3G data per month, though my plan allowed for 2 GB.  Suddenly I’d notice that my iPhone battery life – previously good from the start of the day to the end – would instead run down before the noon hour regardless of use or lack thereof.  If I handled the phone, it would be warm to the touch.  Finally, when I’d get the cell phone bill, the 3G data use had surged from 200 MB per month up to 2 GB or more, an increase of at least 900% from my norm.  What the heck!?  I talked AT&T into forgiving an overage charge the first time.  I’ve since become a prolific user of the myAT&T app, keeping a close tab on data consumption patterns.
 

Two iPhones compared

The properly-functioning iPhone on the left has gone 25 hours since the last charge and still has 52% battery life remaining. The very same device, when malfunctioning, is down to 5% battery after only 4 hours and 55 minutes since the previous full charge. The one on the right indicates that it’s been in constant use when it really hasn’t.


 
You could say that a significant part of my day job includes troubleshooting technical problems.  Of course this is balanced with a desire to find a scenario that works and move on, rather than exhaustively analyze something with relatively minor monetary or business value.  On the first occurrence of the battery drain + warm to the touch + 3G data explosion, I began closing apps, rebooting the iPhone, etc.  No change.  I did my Google homework, and while many seemed to be in a similar boat, I couldn’t find a solution.  I may have called Apple, but didn’t keep a record of it.  Finally, I wiped the device, set it up as if it were a new iPhone, and began syncing my apps back on, a few per day.  I hoped to discover that a rogue app was the culprit.  Eventually I had all the same apps back on, and the phone performed great for months.  I hoped it was a one-time thing.

Some time after my initial encounter of battery drain + warm + 3G data surge, an IT colleague across the hall from me at work began experiencing the very same thing on her iPhone 4S on Verizon.  Her phone had a connection configured to our corporate Microsoft Exchange e-mail server, but she’d literally made no other customizations.  No Apple ID.  No apps.  Nothing.  In hindsight, this should have been a major clue.  I helped her wipe and reconfigure the device as if it were new, and she was off and running again.  For months, but not forever.

When the scenario returned a second time on my iPhone, I contacted Apple Support on case number 311217544.  (I’ll mention case and follow-up numbers as I go, on the chance that anyone inside Apple ever reviews this post.)  I believe that this contact was on May 1st, 2012.  I didn’t really get anywhere.  As expected, the Support Agent was sure that it was a user problem, and gave me a list of settings to check and suggestions about how to reduce battery drain by hobbling certain functionality.  Having been on the other side of the support desk, I know how easy it is to assume that the customer is using the technology wrong.  How could there be something inherently wrong with the technology?  Apple is perfect.  By the way, I’d long since upgraded to iOS 5.x by this time.

Feeling more certain that there was an inherent but sporadic flaw somewhere in iOS, I wasn’t yet content to just wipe and reload, and go on with a few more months of normal use before the problem reared it’s head again.  I tried reaching out to a couple of Apple employees who listed an e-mail address publicly on their LinkedIn profile.  No response.  I pasted what may have been a long-winded letter into an Apple.com web form, even offering to FedEx them my malfunctioning iPhone for analysis.  I got an e-mail reply follow-up 205549136 indicating that my concern had been documented in case number 311234175.  Eventually I wiped and reloaded my iPhone again, and went on with life.  It’s not like I didn’t have better things to do.

Following Thanksgiving, 2012, I noted that both my iPhone 4 and a recently-acquired new iPad – both now running iOS 6.0.1 – were doing the battery drain + warm to the touch + 3G data slurp again.  And here I’d been hoping that Apple finally got it right with iOS 6.  I finally contacted Apple Support again on case number 383766567.  This time I spent an hour and six minutes on the phone, and was advanced to a person with the title Senior Advisor iOS Tier 2.  Before being escalated, I was advised to turn off cellular data, cut back on location services, and otherwise hobble the iPhone.  After escalation to Tier 2 and sharing my history with this issue, I was advised to wipe and reload each device, and then put my apps back on slowly.  Just as I had the very first time around.  She couldn’t explain why my iPad was using cellular data even when it hadn’t left my apartment and available Wi-Fi in the several days leading up to our conversation.  Based on the advice to put apps back on slowly, she was probably thinking rogue app.  I wiped my devices, set them up as if they were new, synced back all the same apps, set up all the same e-mail accounts and settings, etc.  And they’re once again fine.

As I alluded to several paragraphs ago, my employer uses Microsoft Exchange 2003 for e-mail, calendaring and the like.  While Exchange 2003 may be a little long in the tooth at this point, it does the job, and we’ve been investing our efforts in many line-of-business application enhancements instead.  When we have a new iOS device, we use the Exchange e-mail client native to iOS to connect to our corporate Exchange ActiveSync server.  We then let the end-user manage everything else.  For most of us, a connection to our Exchange environment may be the one thing that we have in common between our iOS devices.

This week our front-end Exchange ActiveSync server became unresponsive.  First it had filled the disk space clear full with large IIS log files in C:\WINDOWS\system32\LogFiles\W3SVC1\, and I quickly cleared all but December’s logs to regain room.  (Normally one should redirect their log files to a drive other than C:\.)  Even after re-gaining quite a few GBs of disk space and rebooting, the server was still intermittently sluggish.  I found myself restarting it two more times, and finally adding additional virtual processors and RAM.  At the same time, I began examining these log files, which were between 40 MB and 100 MB per day.  The logs cover every connection to Exchange Outlook Web Access and ActiveSync.  It’s an understatement to say that there were a lot of connections.  And that’s where I finally caught a break.

Out of thirty-five iOS devices that connected to our corporate Exchange environment that day, five of them (three iPhones and two iPads), were connecting to Exchange every two to three seconds, continuously, twenty-four hours a day, as long as they were powered on.  That’s well past 10,000 individual connections per day for each of those five devices.  To put it another way, this over-connection to Exchange was affecting 14% of our Apple inventory.  If you factor in all the devices that have ever had this problem, it represents over 22% of our Apple iOS inventory.  It bears mentioning that this behavior is not normal, even with Push e-mail enabled, as evidenced by the remaining 77% of our Apple devices that have apparently never done it.

But it gets more interesting.  I found a log from just prior to wiping my iPhone, and it had been connecting to Exchange every two to three seconds on both Wi-Fi and cellular, all day and all night.  No wonder the battery had been running down while the 3G data use had been climbing.  When we surveyed the owners of our five over-communicative iDevices, they all confirmed that their battery life had been awful lately.  One of them was using an iPhone 5 running just-released iOS 6.0.2.  Wiping and reloading the devices has resolved their functional problems too.  And our Exchange server logs confirm it.

So, we’ve narrowed the iPhone battery drain and data leak to a sporadic problem with iOS’s Exchange client as implemented in iOS 4.x, 5.x, 6.0.1 and 6.0.2, on both iPhone and iPad, while connecting to Exchange 2003.  To be fair, we also have one very chatty Android 4.0.4 device in our environment, but nothing quite like the two to three second interval of the handful of runaway iOS devices.  It’s completely possible that Apple’s Exchange client only has problems with certain versions of Exchange, and that some customers may not experience it at all.  Going the other way, it could perhaps affect push e-mail more broadly, and not just Exchange.  The hit-and-miss nature of it is troubling.  At 22% percent of our devices affected at one time or another, this feels akin to a beta-quality experience; not what Apple is trying to sell.

Naturally I provided a summary of my most recent observations to Apple via e-mail, referencing case number 383766567.  I received a call back the next day from our Senior Advisor iOS Tier 2.  At first she asked me to wipe and reload a device, and put back Exchange accounts one at a time, as if to identify a problematic account.  Of course several of our affected users only have a single Exchange account, and wiping the device has historically always resolved the problem for months at a time.  This presents as a problem that, while sporadic, seems inherent to iOS, and manifests itself under an as-yet-unidentified set of potentially common circumstances.  The support agent acknowledged that other companies may be similarly affected, and that they “haven’t put two and two together yet.”  I offered to provide the log files so that Apple wouldn’t have to take my word for it regarding the connection intervals.

I expect to hear from Apple again next week.  While I feel like I’m nearing the end of a 1.5 year odyssey – only to finally be taken seriously – my purpose in publishing this now is not to make anyone wrong.  Rather, I want to share a summary of our iOS Exchange client problem – and the battery drain and 3G data consumption that accompany it – with a wider audience of IT peers, in order to better understand the true scope of the problem.  As I mentioned to our Senior Advisor iOS Tier 2, I’d be thrilled if Apple simply fixed this problem in the next major iOS upgrade, and I never saw it again.  Here’s hoping.  I’ll share any newly-revealed information in a follow-up post.  If you have anything to add to this conversation, please do so below.

[While I added a series of updates and a much easier fix here, and garnered some repeat visitors, I’ve since consolidated these into a second post.]

The iFusion SmartStation

iFusion SmartStation

(Photo provided by Jeremiah Fleming of AltiGen Communications, Inc.)


 
When I first arrived in Southwest Connecticut just under two years ago, I quickly had four phone lines: a VoIP-based ‘land line’ at home that was bundled in with my cable TV and Internet service, a personal cell phone, a direct line at my office, and a work-issued BlackBerry phone.  It’s probably no surprise to those who know me that I could never remember my own phone number(s).  Over time I’ve pared back of course, as four phone numbers for one person is wasteful if not a bit crazy.  Recently one device – the iFusion SmartStation – has let me shrink my phone footprint down to a single iPhone 4 for all of my calls.

At Home
Now when I’m at home having a casual phone conversation, I’m as content as the next guy to hold my iPhone up to the side of my head.  It feels ergonomic enough with Apple’s Bumper wrapped around it, and I have decent reception indoors thanks to an AT&T 3G MicroCell, reviewed here last year.  My personal calls are infrequent enough that I don’t worry about the electromagnetic radiation being absorbed by my head.

On the Road
And when I’m driving, my vehicle’s Bluetooth integration works well and automatically, such that I never have to touch the phone to answer calls in transit.  I can also place calls using only a single button on the steering wheel followed by voice commands, provided that I’ve previously added the person to my truck’s address book.

At Work
But the office was another story.  It’s the last bastion where the land line reigns supreme.  For starters, if I’m going to use a cell phone exclusively at work, it has to last the entire work day, regardless of that day’s activities.  In my current role as a Senior Systems Administrator, there are days when most of my conversations are conducted face-to-face with my IT colleagues and others in the office.  And then there are days where I participate in a series of conference calls or remote troubleshooting sessions, either of which can rack up significant call time that would drain any cell phone’s battery.  There are ergonomic issues to consider, as I personally don’t enjoy cradling a cell phone to the side of my head with my shoulder for an extended period of time while trying to type with both hands on a keyboard.  Obviously one’s cell phone reception would have to be consistent enough at their desk so as to avoid dropped calls.  And who’s to say whether several hours a day of holding a cell phone directly against one’s head might result in a higher level of electromagnetic radiation absorption than might be healthy for some.  Well, the iFusion SmartStation makes significant strides in all of these areas.

How it Works
As is evident in the picture above, the iFusion SmartStation is essentially a charging dock and corded handset for the iPhone 3G, 3GS, 4, and 4S that is styled like a business desk phone.  Instead of having a business phone’s keypad and display, the iFusion leverages your iPhone for both.  Power is provided to the iPhone via the dock connector, while the voice integration between the base and the iPhone are done through Bluetooth pairing.  The iFusion base provides full-duplex speakerphone functionality and volume controls.  You can play music from your iPhone through the iFusion’s speaker, with the iPhone muting the music when a call comes in and then resuming upon completion.  As the speaker isn’t exactly high fidelity, there’s also a stereo output on the iFusion base to connect a larger set of desktop speakers if music is your thing.  It’s really nice to leave the office at the end of the day with a full charge, despite having used the phone a significant amount throughout the day.

The Fit
The iFusion SmartStation has enough extra room in the recessed tray to accommodate most after-market iPhone cases, whether they add to the phone’s width, height or thickness.  The only cases that appear problematic are those that have a rubber cover over the dock connector that hinges at the back.  Given rumors that the next model of iPhone may be larger in size and / or change to a new, smaller dock connector, we can’t assume that the current iFusion will work with iPhones beyond the currently supported 3G, 3GS, 4, and 4S.  There’s a possibility that an iFusion purchased today may have to be refreshed more often, as is typical of a cell phone, than the long cycle used for traditional business telephone assets.

Reception
I work in an interior office, with a window that looks out into the hallway rather than outside.  My cell phone reception has never been great at my desk.  When holding my iPhone in my hand, the reception would indicate between one and three bars.  As I adjusted the phone relative to my head, the reception would come and go, even dropping calls on occasion.  Upon first getting the iFusion SmartStation, I observed that I had much more consistent cellular reception with my iPhone sitting in the base while I held the corded handset to my head.  Using an iFusion may help pull in fringe reception.  After a couple of weeks, I added an AT&T 3G MicroCell at the office, raising my iPhone’s signal strength to a full five bars from that point on.

The Feel
This is where the iFusion SmartStation really shines.  After a one-time setup, where we pair our iPhone with the iFusion base via Bluetooth, using the iFusion couldn’t be easier.  Simply drop the phone in the cradle when you sit down at your desk and take it with you when you leave.  Your phone charges in place while it sits there.  Incoming calls ring the iFusion’s speaker.  You simply pick up the handset to answer, as you would on a normal phone, and hang it up to end the call.  There’s nothing about using the iFusion day-to-day that isn’t intuitive, especially to someone who already owns an iPhone.  The fit and finish are superb, giving the feel of a professional device that’s as nice as anything on your desk.  Nicer in my case.  And the iFusion is available in either black or white to match your iPhone.

The Bill
During the first full month with the iFusion SmartStation, my iPhone calling ballooned to 1583 minutes, or over 26 hours on the phone!  As I’m on AT&T and had previously accumulated a large cache of rollover minutes, I wasn’t concerned about right-sizing my calling plan prior to beginning the experiment.  As I continue at this rate, however, I’ll need to add AT&T’s Nation Unlimited plan for an additional $30 per month over my current basic Nation 450 plan.  But would that be a good deal?

I work for a medium-sized business that has negotiated fairly attractive rates for our in-state, domestic and international long distance calls.  It’s not free, but it’s close.  Upon analyzing my own mix of calls – inbound and outbound, personal and business, local, toll-free and various tiers of long distance  – it turns out that my company would have paid only $13.43 last month had I made all of my outbound business long-distance calls on the existing land line instead of my iPhone.  Were my particular calling patterns to grow uniformly, I’d have to use around 59 hours of cellular calling each month before AT&T’s $30 Nation Unlimited add-on made financial sense strictly as a business phone replacement.  That’s a lot of time on the phone for a guy who’s not known to say very much.  Any less than that, and I’ll be paying for a convenience factor.  Granted, it’s so convenient – both for myself and anyone trying to reach me – that I’m willing to pay the difference out of my own pocket and plan to do so going forward.  Hey, I can finally remember my own phone number!

Conclusion
Historically a phone was just a phone.  We made and received calls on it when we were in.  Now it goes everywhere we go.  And of course we send and receive e-mail and run all manner of apps, from depositing checks via photograph to remotely starting one’s car.  Maybe having just one phone and phone number for all aspects of our lives is enough.  All of this is possible, of course, on both the iPhone and the numerous phone options running Google’s Android.  As a tech guy, I’m sure that I could get along just fine with an Android phone and get everything done that I wish to get done.  But there’s a catch.  The iFusion SmartStation reminds me that the Apple ecosystem is now rich with accessories and solutions that dramatically enhance the overall Apple experience.  The iFusion SmartStation is among the best of the devices that I’ve encountered.  It’s so good that it creates something of a barrier to exit: I’d now hate to give up my iFusion in order to consider the phone competition.  It’s hard to imagine a similar system that works with the last four generations of all Android phones, given the relatively huge number of models.  Steve Jobs chose to keep it simple at Apple rather than trying to create a product for every niche.  And in doing so, he enhanced the value proposition of the entire Apple ecosystem.

The iFusion SmartStation carries a manufacturer’s suggested retail price of $199.99.  It is available at the time of this writing for $179.99 from thefusionphone.com or $149.99 using a Twitter Promo.

 

[Update: I stated earlier that, “The iFusion SmartStation has enough extra room in the recessed tray to accommodate most after-market iPhone cases.”  I recently swapped out a Case-Mate Barely There case for the popular Speck CandyShell, only to discover that the CandyShell’s thicker surrounding interferes with use of the iFusion SmartStation.  Specifically, with an iPhone in a CandyShell, the phone doesn’t make adequate contact to recharge while sitting in the iFusion base.  That’s unfortunate, so I went looking for another Case-Mate.]

Get Paid With Square

By now, many are at least casually familiar with Square, the startup company whose credit card reader and user-friendly software enable any small business or individual in the United States to accept credit card payments anytime and anywhere on their iPhone, iPad and Android phones.  While Square is currently making great strides, processing a reported $4 Million in credit card payments per day in June, founder Jack Dorsey is no stranger to innovation.  He also created Twitter.  And he gets around, having recently sat down with President Obama for the first Twitter Town Hall.  Square Inc. recently secured $100 million in Series C financing led by Kleiner Perkins Caufield & Byers, based on a valuation of more than $1 billion.  It’s high time that we take a closer look at Square from a technical standpoint here.

What is Square?
Square’s most visible product is their square-shaped credit card reader attachment that plugs into the headphone jack of an iPhone, iPad or Android phone.  The Square readers are free via the web, and can be purchased for $9.95 at an Apple Store.  Naturally, Square provides accompanying software for those mobile platforms as well.  Finally, in collaboration with Chase, Square provides the credit card transaction processing and payment.  Square’s simplicity extends through their card reader and software all the way to their service fees.  Square charges merchants 2.75% of every swiped Visa, MasterCard, American Express or Discover transaction.  (Manual entry is allowed for situations where a card can’t be swiped, however service fees for those entries will cost 3.5% + 15¢ per transaction.)  At 2.75% of every swiped transaction, many established merchants discover that they’re money ahead with Square versus a competitor who may have a monthly fee and a flat fee per transaction on top of their own percentage fee.

[Image courtesy of Square.]

What Square is Not
Having shown the Square device to several people in the past week, the most frequent initial misconception is that the reader is for individuals to swipe their own credit card when making online purchases from a retailer such as Amazon.com.  While it would be nice to not have to key in your credit card number on a web site, saving a few seconds by swiping wouldn’t necessarily be groundbreaking.  Again, the reader, software and service are for individuals and small businesses to accept credit card payments from their customers.

Initial Setup
As I’m the type who prefers to set up an account first via a real computer rather than on my iPhone, I began with a visit to https://squareup.com.  You can also download the Square app to your mobile device and sign up from there.  At the time of this writing, visitors to squareup.com are prompted with the opportunity to set up a new account for free from the home page.

  1. I began by providing my e-mail address and a desired password, before moving on to provide my name, current address, social security number and other personal details to verify my identity.  Square provides the same level of scrutiny as a typical online credit application, asking multiple-choice trivia questions from your credit history to validate your identity.  It’s unlikely that you could establish an account using a fabricated identity or steal that of a real person.
  2. Next, Square alerted me that they would be sending a free credit card reader.
  3. I was then presented with an option to send a text link to my iPhone to download the Square app.
  4. Though optional, I linked my personal checking account to my Square account to receive payments.
  5. I provided a PO box address as my ‘receipt address’ that any customers would see.  If you are a freelancer selling items or services while on the go, you may wish to specify a PO box as your receipt address so as to avoid providing strangers the location of your personal residence.
  6. Before signing out of the web site, I added the snnyc blog icon as my logo.
  7. Finally, I used the text link on my iPhone to install the software.  I promptly signed in to my account to confirm that it was working.  Afterward, I was left to wait patiently until my free reader device arrived.

Using The Reader (AKA, The Fun Part)
My Square reader arrived in my mailbox four business days later, having been shipped from California to the East Coast.  There was no mistaking from the outside what I’d find folded neatly within the 5 by 8 inch envelope.  Opening Square’s package delivers a decent presentation experience – especially considering the free pricetag – with the device encapsulated in the center of a foam block wrapped by paper wings providing additional information.  Square even throws in a window sticker with the Visa, MasterCard, American Express and Discover logos, similar to what you’ve seen in every merchant’s window that accepts credit cards.

After pulling my Square reader out of the package, I plugged it into the headphone jack of my color-coordinated white iPhone 4 and and fired up the software.  The following is my first sample transaction.

  1. I specified the amount of my sample transaction at $25.  I typed in a description for the product as ‘Square Evaluation.’  And then I swiped an American Express Gift Card to continue.
  2. The prior screen faded to gray and ‘Authorizing’ appeared for less than 30 seconds.
  3. Next, I was prompted to sign for my transaction using my finger.  While I anticipated that this might be impractical, my signature came came out about as well as it does on many in-store credit card terminals.
  4. After signing, I was prompted with the opportunity to receive a receipt via SMS or e-mail.  (The e-mailed receipts look better.)
  5. Finally, I was presented with a ‘thank you’ screen.

After a transaction has been completed, the Square merchant receives an e-mail indicating the transaction amount and the total balance in the merchant’s Square account.  On the earlier sample transaction, I received $24.31 based on a transaction of $25.00.  Merchants can later review their recent transactions from the Square app or the web site at any time.


Transfer to Bank
Because I’d earlier linked my Square account to my Citibank checking account, my first two trial transactions were transferred to my account around two business days following my scans.  Going forward, Square transactions are deposited to my checking account on the following day.  It takes my bank another day or two to credit the deposits to my account.

Not The Only Game in Town
VeriFone, a well-known provider of electronic payment solutions, announced PAYware Mobile for iPhone in February, 2010, around the same time as Square.  For a cost breakdown between Square and VeriFone, see the FeeFighters interactive calculator.  As you’ll see from that tool, VeriFone offers a more complex series of fees that may be cheaper or more expensive than Square depending on the size and volume of your transactions.  Generally speaking, small transactions cost less with Square while very large transactions cost less with VeriFone.  Intuit has since jumped into the game as well with GoPayment, undercutting Square’s pricing model by 0.05% percent at the time of this writing.

Fraud Concerns?
As there’s more than one method of fraud, different audiences will likely have different concerns about it.  One part-time merchant to whom I demonstrated Square immediately asked about the potential for chargebacks.  She feared the idea of selling her merchandise to a stranger and accepting credit card payment, only to later have the payment reversed after the person was long gone with the merchandise.  This is a legitimate concern, as merchants may be charged back for any fraudulent Square transactions, just as they would from other credit card payment systems.  Some businesses factor in this risk as part of the cost of doing business, while others try to reduce the risk by other means such as asking for a photo ID.

Fraud concerns go both ways, with potential customers worrying that a merchant could rip them off as well.  Somehow we put this fear aside every time we hand our credit card to a waiter at a restaurant, but we’re far more conscious of it in other circumstances.  VeriFone has been on something of a kick trying to call attention to a perceived security problem with Square, namely that data is not encrypted between the Square reader itself and the phone that it is plugged into.  (Data is encrypted between the Square application and the Internet-based processing servers.)  From VeriFone’s perspective, the unencrypted link between Square’s reader and a phone could allow a malicious merchant to write a counterfeit Square application that surreptitiously steals the data of customers whose cards are swiped.  VeriFone fails to mention that many credit card swipes built into PC keyboards and point-of-sale terminals similarly don’t encrypt data between the card swipe and the computer itself, and are subject to the same hypothetical scenario and others.  As a security-minded consumer and professional, it would be easier for me to give VeriFone’s view more credence if their focus on and rebuttal of Square didn’t strike me as particularly self-serving.

Spur New Business?
One recurring theme that I heard when showing off the Square to my salaried peers was, “Now we need to think of a sideline business where we can make use of this.”  There’s something about Square’s dramatic simplification of credit card payment processing that really strikes a chord when witnessed firsthand.  When it’s this easy, we all want to be merchants.

The Bottom Line
The ease and low cost of deploying Square are second to none.  You can get started today with no financial investment and only a few minutes of your time.  You’ll pay a consistent 2.75% of every swiped transaction going forward.  The terms are fair.  The ease of use, combined with the ultimate mobility, may spur you on to business ideas that you haven’t considered yet.  Taken as a whole, Square offers a compelling proposition.  Whether you ultimately go with Square or a similar competitor, this type of service may well be the future of payment processing for as long as we still use plastic cards.

logo

The AT&T 3G MicroCell

Are you struggling with poor cellular phone reception inside your home or small office?  At the same time, do you have reliable broadband Internet service?  Then the answer to your cell phone problems may be as simple as installing a femtocell such as the AT&T 3G MicroCell, the Verizon Wireless Network Extender or the Sprint AIRAVE.  Think of a femtocell as your own personal cellular site based in your living room, that leverages your broadband Internet connection to route your phone calls back to the carrier’s network.  Instead of relying on a cell tower that may be blocks or miles away, you have one literally within arm’s reach.  Having had some extra time over Memorial Day weekend, I purchased and installed an AT&T 3G MicroCell for use in the living room in southwest Connecticut.

[Before we get started, we should note that that the term ‘microcell’ in telecommunications generally refers to a cell with a coverage area of between 200 meters and 2 kilometers.  AT&T’s “3G MicroCell,” on the other hand, has a range of around 40 feet from the device, or about 5000 square feet, typical of a femtocell.  AT&T’s use of the microcell nomenclature has been a source of contention in some on-line discussions.]

Acquiring the Device
AT&T 3G MicroCellAT&T doesn’t sell their 3G MicroCell via the web, so my adventure began by stopping in at a local AT&T Store to pick up the device.  I shelled out a one-time fee of $199.99 for the hardware, and was in and out of the store in about five minutes.  At least that’s how it should have gone.

Hiccup
In my particular case, this first 3G MicroCell turned out to have a defective Ethernet port, so I went through a round of troubleshooting at home that would be familiar to any technical professional but potentially frustrating for everyone else.  I then began this project anew back at the AT&T Store two hours later.  The second trip to the store took a little longer, as a sales professional exhibited what I interpreted as mild skepticism that the first device was truly defective.  It didn’t help that the pentaband 3G phone attached to my AT&T account at that time wasn’t one that AT&T has ever sold, so their computer warned them that it may not be a compatible 3G device.  Even so, this second visit didn’t last more than fifteen minutes.

At Home (The Second Time)
Once at home with a functional MicroCell in hand, setup was uncomplicated to anyone who has ever configured even the basic settings on a home router or wireless access point.

  1. We start by configuring the 3G MicroCell via the web before we ever physically connect or power on the device.  Begin by navigating to http://att.com/3GMicroCell and choose the Activate button.
  2. You’ll have to identify whether you’re adding the 3G MicroCell to a personal or business account, at which point you’ll be prompted for your credentials to authenticate to that account.
  3. Next, you’ll have to provide the physical address where the device will reside, so that emergency personnel can locate you in the event that you ever call 911.  There’s no conceivable reason lie about your address, as the 3G MicroCell uses GPS to confirm its location.  (More on that in the next section.)  It is perfectly acceptable to register and install a 3G MicroCell at an address other than your current AT&T billing address.  For example, the billing address on my AT&T account is a PO box in Manhattan while I live in southwest Connecticut.
  4. Finally, you’ll want to specify any additional phone numbers beyond your own that you want to allow to use this device, up to ten in total.  After adding all the members of your household, you may wish to add your most frequent iPhone-toting guests to the list.  As the name implies with ‘AT&T’ and ‘3G’ in the description, only 3G phones on the AT&T network can work with the MicroCell.

Connecting the 3G MicroCell to Your Home Network

  1. As mentioned in the prior section, the 3G MicroCell uses GPS to validate it’s location for E911 compliance.  AT&T recommends that you place the MicroCell within 3 feet of a window in order to receive a GPS signal.  I set mine next to the cable modem and WiFi router, which happened to be around 8 feet from a southern wall that is predominantly windows.  It works just fine.  For those who wish to place the 3G MicroCell further away from a window or out of site, you may be able to use a 3rd-party GPS antenna to move the device further into your home while maintaining a GPS signal.
  2. In a perfect world, connecting your 3G MicroCell to your home network may be no more complicated than plugging it in to an available Ethernet port on your home router or wireless access point.  While I haven’t identified where AT&T explicitly states it, their instructions lead one to believe that the MicroCell uses UPnP to automatically open the necessary TCP/IP ports through many consumer-class routers.  For those who prefer to configure their firewall manually, you must open the following TCP/IP ports to this device as listed in the manual: 23/UDP, 443/TCP, 500/UDP and 4500/UDP.  Or there’s a third option…
  3. …If you wish to prioritize your call traffic over any of your other Internet traffic, as I do, AT&T supports connecting the 3G MicroCell between your cable/DSL modem and your home router/firewall/wireless access point.  The MicroCell has an in and an out Ethernet jack specifically for this scenario.  When connected in this manner, your phone call traffic can’t be stepped on by any large downloads or Netflix streaming that you do from time to time.
  4. Once you’ve got your device physically placed and connected to your network, it’s time to plug in the power.  The 3G MicroCell is ready for use only after all 5 lights have lit up green.  AT&T asks you to allow up to 90 minutes the first time around.  It took about 60 for me.  When all five lights are green, you’re ready to make or receive calls.

Using the 3G MicroCell
iPhone 4 connected to AT&T 3G MicroCellAs stated earlier, you can add up to a total of ten AT&T cell phone numbers to your 3G MicroCell during activation, or later on as needed.  Any phone on this list should automatically switch over to your 3G MicroCell shortly after coming within range.  You’ll know that your phone is connected when its screen indicates “AT&T MicroCell” or “AT&T M-Cell.”

Calls that you initiate while connected to the 3G MicroCell are supposed to be handed off to AT&T’s regular network if you leave home mid-call, however the reverse is not the case.  If you come within range of the MicroCell while talking through AT&T’s network, your phone won’t connect to the MicroCell until you terminate the current call.  And I’m not so sure that the call hand-off as you leave the MicroCell’s range actually works either, as I’ll touch on a couple of sections from now.  You may find it necessary to conduct each call in its entirety via the MicroCell if that’s where it was initiated.

Initial Impression
Where calling from the living room was hardly worth it before, calls there have been completely reliable since installing the 3G MicroCell.  That alone may validate the one-time cost of purchase for those who find themselves in a similar scenario.  When in the living room, I no longer have any concern as to my phone working clearly and reliably.

[Update 07/13: In using the MicroCell for over a month, I’ve noticed that it takes longer than usual to connect my first outbound call each time I come within range of the device.  Other than that and the ‘AT&T M-Cell’ denoted on my phone, I wouldn’t know the difference between this and good reception from AT&T’s traditional network.]

Signal Too Strong!?
Now I’m not actually the ideal candidate for the 3G MicroCell, and this is an important matter to consider before buying one.  AT&T recommends not using the MicroCell if you already have “3 bars” or more cellular coverage from their network.  The living room on the south end of my apartment had completely unreliable AT&T coverage, making it perfect for the MicroCell.  My bedroom on the north side of the building has a large window facing the street and a commuter rail line.  Not surprisingly, AT&T’s signal strength was nearly adequate on this edge of the apartment before the MicroCell.  Now I find that my phone is jumping back and forth between AT&T’s regular network and the MicroCell when in my bedroom, resulting in some dropped calls that aren’t really supposed to happen but do.  I’d be better off if AT&T’s terrestrial network coverage was abysmal throughout the apartment, letting the MicroCell’s performance really shine.

Is This for You?

  • You’re a current AT&T postpaid customer?
  • Your home or small office has lousy AT&T coverage inside such that your phone is not really usable?
  • You have reliable broadband Internet connectivity?
  • You can place your MicroCell within a few feet of a window or are willing to buy a 3rd-party GPS antenna?
  • Your family or team has less than 10 AT&T 3G cell phones that you need to cover, and plan to carry on no more than 4 simultaneous conversations?
  • You’re willing to make a 1-time investment of $199.99 to help enhance the AT&T cellular service that many consumers feel they’re already paying for?
  • (For those families who plan to use the MicroCell for heavy call volume, you may consider adding an optional $19.99 / monthly service fee for ‘AT&T Unlimited MicroCell Calling’ to your individual or family plan.)

Signing Off
A one-time investment of $199.99 for the AT&T 3G MicroCell has delivered reliable AT&T cellular coverage throughout the areas of my apartment where AT&T phones previously worked very poorly.  As experiments go, this one is a success.  If you’re struggling with poor indoor performance with your cell phone, perhaps this device or similar offerings from Verizon Wireless and Sprint are worth a look.