dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
87

godlikesme
@unisys.com

godlikesme to Matt3

Anon

to Matt3

Re: [iPhone] 3.1 breaks Exchange Sync

Not to jump the gun here or anything but I think this may be grounds for a class-action lawsuit for 3G owners. I purchased the 3G back in December of 2008 only because I was told it supported MS Exchange. There was no literature about it not having hardware encryption that if implemented by my IT department would not allow me to access corporate email. Had I known that I would never have purchased the iPhone -or I at least would have waited until a newer model that did support hardware encrption was released. For apple to just have the iPhone 3G ignore the policy and make users think everything was fine is wrong. In hindsight it appears as if they released a half-baked product that barely met the minimum requirements to support MS Exchange in order to get it into corporate customers hands and turn up the heat on RIM before it was too late. In the last year Apple probably started getting called out on the issue of hardware encryption which was a huge (but understated) feature of the 3GS. My guess is that they probably didn't want to make a big fuss about the importance of hardware encryption at the 3GS launch because it would have prompted 3G owners to question what their fate would be once the policy was enforced. Apple on their end didn't want to spoil the launch party with angry 3G customers so they decided to wait on actually updating the software on the iPhone OS until sometime later when more people would start using the 3GS.

Either way, this is bad news for all the 3G corporate users out there and something must be done. Anyone for starting a petition?

ptrowski
Got Helix?
Premium Member
join:2005-03-14
Woodstock, CT

ptrowski

Premium Member

Hardly a class-action lawsuit case here.
Daemon
Premium Member
join:2003-06-29
Washington, DC

Daemon to godlikesme

Premium Member

to godlikesme
said by godlikesme :

Not to jump the gun here or anything but I think this may be grounds for a class-action lawsuit for 3G owners. [snip] There was no literature about it not having hardware encryption that if implemented by my IT department would not allow me to access corporate email. [snip] Either way, this is bad news for all the 3G corporate users out there and something must be done. Anyone for starting a petition?
Sorry, but not documenting that a feature is absent is not grounds for a class action lawsuit. The iPhone also didn't support MMS for a long time, still requires multiple inboxes instead of a unified inbox, is not linux compatible, etc etc. Should we start several class action lawsuits?

godlikesme
@unisys.com

godlikesme to ptrowski

Anon

to ptrowski
With all due respect, why not?

If an official workaround cannot be provided that meets the security standards of all IT departments then how are iPhone 3G owners going to access MS Exchange email?

I am not saying that Apple's decision to enforce the encryption policy is wrong. On the contrary, it's a very positive step in the right direction and will only increase the iPhone's prominence in the corporate world for both current and potential customers.

The issue I have with Apple was their approach.

The whole transition to digital TV provides the perfect example. People really had no excuse for not knowing about it and if they went out and purchased a TV set without a digital tuner it was their own damn fault. If however, consumers would have been misled or if the government never told anyone that analog TV would be turned off and continued to let consumers blindly purchase soon-to-be obsolete televisions, that would be flat out wrong.

At least with digital TV if the consumer was totally out of touch with society or in a coma for the last few years they could always purchase a converter box or get cable if they had to.

But with the iPhone 3G -no such luck. Asking the IT department of a major corporation or government agency to relax it's security settings for individual users would be like forcing TV stations to continue broadcasting in analog.

You are entitled to your opinion but I feel pretty cheated.

darcilicious
Cyber Librarian
Premium Member
join:2001-01-02
Forest Grove, OR

darcilicious

Premium Member

said by godlikesme :

You are entitled to your opinion but I feel pretty cheated.
And that's all it takes to win file a class action suit.

godlikesme
@unisys.com

godlikesme to Daemon

Anon

to Daemon
True, but for starters people have already started filing lawsuits against AT&T for the whole MMS thing and as for whether or not I'm justified in suing a company for not documenting or supporting a feature is not my argument. All of the things you mentioned can be supported with software updates. My argument is that Apple sold me a product that will never support hardware encryption just like it will never have a digital compass. The only difference is that I knew the 3G didn't have a digital compass and that it's absence won't prevent me from using Google Maps after future updates are applied. Although after this experience I'm not so sure.

Apple stated that the iPhone 3G supports MS Exchange. It may do a poor job of doing it and there may be many features that it does not currently implement but none of them actually prevent me from accessing my corporate email. This 3.1.1 update completely screws iPhone 3G owners. Period.

Matt3
All noise, no signal.
Premium Member
join:2003-07-20
Jamestown, NC

1 edit

1 recommendation

Matt3 to godlikesme

Premium Member

to godlikesme
said by godlikesme :

I purchased the 3G back in December of 2008 only because I was told it supported MS Exchange. There was no literature about it not having hardware encryption that if implemented by my IT department would not allow me to access corporate email.
I know this may sound Troll'ish, so I apologize, but just because your IT Department can't use Google doesn't mean you can start a class action lawsuit. A simple Google search shows that the iPhone 3G doesn't support data encryption with Exchange: »www.google.com/#hl=en&so ··· 7f87ed47

The iPhone supports Exchange just fine, what it doesn't support is a single feature added in SP1 as Daemon See Profile noted. No one is forcing Exchange-based organizations to use pre-3GS iPhones. You can't sue or start a class-action lawsuit because you didn't perform due diligence before deploying iPhones in your organization.

What you can do is fire the member of your IT staff who didn't perform the necessary research, or lied and said the device supported encryption when in fact it never has, if encryption is that important to you.


godlikesme
@unisys.com

godlikesme to darcilicious

Anon

to darcilicious
Maybe I am over-reacting a bit. It's barely been 24 hours since the update was released and I should at least give Apple a chance to respond to the issue.

If a reasonable solution can be implemented then great. I would be totally amicable to some form of settlement that would either allow me to get out of my contract without penalty or upgrade to a 3GS for free or at a reduced price. I am a reasonable person. I have been using my current iPhone for almost 10 months and it wouldn't be fair for me to demand a "free iPhone 3GS". Perhaps Apple could have some sort of "Exchange for Exchange (i.e. MS Exchange)" program.

ptrowski
Got Helix?
Premium Member
join:2005-03-14
Woodstock, CT

1 recommendation

ptrowski to Matt3

Premium Member

to Matt3
Great post, Matt.
ptrowski

ptrowski to godlikesme

Premium Member

to godlikesme
said by godlikesme :

Maybe I am over-reacting a bit. It's barely been 24 hours since the update was released and I should at least give Apple a chance to respond to the issue.

If a reasonable solution can be implemented then great. I would be totally amicable to some form of settlement that would either allow me to get out of my contract without penalty or upgrade to a 3GS for free or at a reduced price. I am a reasonable person. I have been using my current iPhone for almost 10 months and it wouldn't be fair for me to demand a "free iPhone 3GS". Perhaps Apple could have some sort of "Exchange for Exchange (i.e. MS Exchange)" program.
Give it some time. But I would expect that your forms of settlement would come around once hell freezes over.

Matt3
All noise, no signal.
Premium Member
join:2003-07-20
Jamestown, NC

Matt3 to godlikesme

Premium Member

to godlikesme
Exchange 2007 SP1 was released in May of 2008, you bought your iPhone 3G in November of 2008. It is not Apple's fault you didn't research this issue before buying one. You can disable forced encryption and your phone will work fine, so this is a non-issue. I know for Windows Mobile phones, you can still enable encryption on the device itself. It's likely you could even create two different Activesync Policies on your Exchange Server, one specifically for your iPhone devices that doesn't force encryption and another for other mobile devices that does force it.

I'd like to see Apple release 3.1.1 that reverted to ignoring the setting, but that is the most I would expect to see them offer.

godlikesme
@unisys.com

godlikesme to Matt3

Anon

to Matt3
All good points Matt. But I can't believe all the people out there who are screaming bloody murder about something like MMS which the lack thereof does not exactly qualify as "missing a critical component" nor does it stop anything from working. It is such an over-hyped feature in the first place!!! Again, I think the absence of new email notifications for messages in subfolders is a much, much, much bigger issue than anything people are complaining about right now. As much as I want Flash, I can "somewhat" understand the issues that might be causing the delay but with the whole subfolder thing there's just no excuse.

I don't want to get too off topic and I do see your point about putting some of the onus on my IT department but don't you think that it's just a tad bit misleading for Apple to announce to the world that the iPhone supports MS Exchange and for a 14 months there are no major hiccups until all of a sudden they push an update that actually enforces hardware encryption without even so much as a warning? If the iPhone is capable of preventing me from accessing my corporate email now because my device doesn't support hardware encryption couldn't a similar test have been performed prior to applying the update in order to warn me in advance?

Getting back to the whole "blame the IT department" I still feel that the information regarding hardware encryption should have been much, much, much more prominent -I'm talking "cigarette label prominent". If this was something that Apple knew they would ultimately have to succumb to then they should have kept customers informed at the time of purchase. There was no reason for anyone to expect that one day their email would work and the next day it wouldn't.
godlikesme

godlikesme to Matt3

Anon

to Matt3
I have no control over my Exchange server. I work for a company with like 30,000 employees.

Let's go with the argument that I didn't do my research. However, enforcing hardware encryption was the approach Apple should have taken all along. It would have removed any doubt as to whether or not a customer's MS Exchange servers required it. I would have tried to access my email and received the message I am getting now and known right there and then that the device was not compatible. That would have given me a fair chance to decide whether or not I still wanted to make the purchase. That would have been the right thing to do. Could my IT department have done more research? Perhaps. Could Apple have been more transparent regarding the lack of hardware encryption and it's long-term ramifications? Definitely.

Just to be clear, I could live with a 3.1.2 update that didn't require hardware encryption.

By the way, it's nice to be able to have an intelligent discussion with people and have different opinions without getting flamed like I often see people react on other message boards.

ytilanigiroo to godlikesme

Anon

to godlikesme
said by godlikesme :

Again, I think the absence of new email notifications for messages in subfolders is a much, much, much bigger issue than anything people are complaining about right now. As much as I want Flash, I can "somewhat" understand the issues that might be causing the delay but with the whole subfolder thing there's just no excuse.
Wrong. You CAN be notified when mail is pushed to a subfolder on the iPhone. To enable this:

tap Settings > Mail, Contacts, Calendars > Fetch New Data > Advanced > [select the account that is Push enabled]

In that window you should see an option to select the folders to push new email to, the default is for the Inbox ONLY.

"Matt" said something about blaming the IT guys for not knowing that pre-3Gs the iPhone didn't support Exchange encryption, fine. But why didn't Apple make it known or mention this themselves beforehand? As an "IT guy" I'm forced to deal with a fleet of 3G users in the field that can't access their e-mail in real time because that's the phone the CEO demanded despite my assertion that it's not the best choice.

Business as usual for Apple just may cost me my job.

godlikesme
@unisys.com

godlikesme

Anon

I have all those settings configured. I know all about how the push stuff works. Trust me I have researched this subject to death. What I have noticed is that Apple has been incorporating fixes to address this issue in recent releases but hasn't come full circle. When the iPhone 2.2 OS was all the rage the only time you were notified about new messages with the red new message indicator was when they were in your inbox. In addition, no new messages in any of the subfolders were retrieved unless you navigated into each subfolder and clicked refresh. In the next OS release you were no longer required to navigate to each subfolder to refresh their contents. In the release that followed that the phone would vibrate when new messages in both the inbox and/or subfolders came through.

To date however, the only time you actually see any form of "visual" indicator on the mail application icon is when new messages are in the inbox -not subfolders.

Matt3
All noise, no signal.
Premium Member
join:2003-07-20
Jamestown, NC

Matt3 to godlikesme

Premium Member

to godlikesme
I agree it was irresponsible of Apple to ignore the setting until now and as I stated earlier, I was under the assumption it WAS honoring the setting. However, I didn't seek a definitive answer when I bought my iPhone, so I hold myself, not Apple, responsible.

Could Apple have been clearer that it didn't support encryption? Absolutely. Do I fault them or think in the grand scheme of things they are ultimately responsible for it? I don't. The information was out there, I just chose not to look for it, so shame on me.

ExchAdmin
@inlink.com

ExchAdmin to godlikesme

Anon

to godlikesme
As an Exchange admin, with lots of iPhone users, I was concerned that we would have this issue. It turns out that these encryption settings are _not_ the default on Exchange 2007 SP1, just an optional feature, so our iPhone 3G users have had no difficulties. I hate to say it... but the real problem is not Apple or Microsoft, but your Exchange Adminstrator.
dda
Premium Member
join:2003-12-29
Bolton, MA

dda to godlikesme

Premium Member

to godlikesme
said by godlikesme :

Asking the IT department of a major corporation or government agency to relax it's security settings for individual users would be like forcing TV stations to continue broadcasting in analog. (emphasis mine)
Since when is "asking" like "forcing"?

Apple says it works. It does work. It might not work the way an anonymous poster on DSLReports wants it to work but that's hardly the same as "not working."

ChiefTom
@hp.com

ChiefTom to Matt3

Anon

to Matt3
said by Matt3:

Exchange 2007 SP1 was released in May of 2008, you bought your iPhone 3G in November of 2008. It is not Apple's fault you didn't research this issue before buying one.
What you seem to be failing to realize here is that prior to the 3.1 patch your iPhone was reporting to Exchange that id had Hardware Encryption when it did not. In other words, it was lying! It was tricking Exchange so it would allow data the data owner had decided needed to be encrypted at rest to be downloaded and stored without hardware encryption.

That my friend IS cause for a Lawsuit.

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

AVD

Premium Member

said by ChiefTom :
said by Matt3:

Exchange 2007 SP1 was released in May of 2008, you bought your iPhone 3G in November of 2008. It is not Apple's fault you didn't research this issue before buying one.
What you seem to be failing to realize here is that prior to the 3.1 patch your iPhone was reporting to Exchange that id had Hardware Encryption when it did not. In other words, it was lying! It was tricking Exchange so it would allow data the data owner had decided needed to be encrypted at rest to be downloaded and stored without hardware encryption.

That my friend IS cause for a Lawsuit.
How you figure?

Matt3
All noise, no signal.
Premium Member
join:2003-07-20
Jamestown, NC

Matt3 to ChiefTom

Premium Member

to ChiefTom
said by ChiefTom :

said by Matt3:

Exchange 2007 SP1 was released in May of 2008, you bought your iPhone 3G in November of 2008. It is not Apple's fault you didn't research this issue before buying one.
What you seem to be failing to realize here is that prior to the 3.1 patch your iPhone was reporting to Exchange that id had Hardware Encryption when it did not. In other words, it was lying! It was tricking Exchange so it would allow data the data owner had decided needed to be encrypted at rest to be downloaded and stored without hardware encryption.

That my friend IS cause for a Lawsuit.
No, it wasn't reporting anything to the Exchange server. It simply ignored the policy setting sent to it by Exchange.

ChiefTom
@cox.net

ChiefTom

Anon

said by Matt3 See ProfileNo, it wasn't reporting anything to the Exchange server. It simply ignored the policy setting sent to it by Exchange.[/bquote :

That is not what was happening but, even if it was, that makes it ok????

The Data Owner says don't connect unless you have Hardware encryption and Apple ignored the data owners requirement.

That is still a LawSuit.

Hea, how about you send me your credit card number... Its ok, I promise to encrypt it so no one can get it if my computer is stolen.

The data exchange between the Exchange Server and the iPhone went like this...

iPhone: I have a user that wants to log in.
Exchange says: Do you have hardware encryption?
iPhone says: Yes (I really don't but I am say yes anyway)
Exchange says: ok, give me the user's credentials...

Matt3
All noise, no signal.
Premium Member
join:2003-07-20
Jamestown, NC

Matt3

Premium Member

Chief, I don't think you understand how Activesync policies work. The policy is sent to the device, but it's completely up to the device whether to honor and apply those settings or not. If anything is communicated back, it's simply that the policy was received successfully. The iPhone hasn't been "lying" to the Exchange server in any way, which is why people are in an uproar.

»technet.microsoft.com/en ··· 84.aspx#
»msexchangeteam.com/archi ··· 551.aspx

Note the requirement that for all those policies to be applied, the device must support Activesync 12.1. If the device doesn't support a 12.1 requirement that it doesn't know about (as is the case with the iPhone) it continues to function but it just ignores that policy setting. My guess is that Windows Mobile 5 devices also continue to function normally yet don't support encryption or any of the new Activesync 12.1 policies either.

ChiefTom
@hp.com

ChiefTom

Anon

Matt,

Thanks forthe referance links.

In the first referance in the middle of the page is the following

Require Device Encryption
This setting specifies whether device encryption is required. If set to $true, the device must be able to support and implement encryption to synchronize with the server.


This means to me that unless the device has can support encryption, it can not synchronize.

It has been this way since mid 2008.

If Encryption was required, why was the device able to sync when this policy say no.

bbarrera
MVM
join:2000-10-23
Sacramento, CA

bbarrera

MVM

said by ChiefTom :

This means to me that unless the device has can support encryption, it can not synchronize.
It doesn't matter what it means to you, it matters how Microsoft designed the Exchange ActiveSync protocol. One of the protocol's weak links is that mobile devices can ignore policies set on the server, full stop.

That means older Windows Mobile devices may connect to Exchange 2007 SP1 servers and ignore the policy settings.
»technet.microsoft.com/en ··· 129.aspx

It means Nokia, Palm, Apple and anyone else that has licensed Exchange ActiveSync can pick and choose which policies are enforced on the device. It means that if you want to limit access and control the security policies, the Exchange ActiveSync protocol will force you down another path to gain control over the mobile device.
Gmud
join:2009-09-16
Beverly Hills, CA

Gmud

Member

As a user, not an admin, is there an easy way I can check whether or not my Exchange server requires encryption before I choose to upgrade to 3.1? Of course this won't help me if there is a policy change in the future...

Matt3
All noise, no signal.
Premium Member
join:2003-07-20
Jamestown, NC

Matt3 to ChiefTom

Premium Member

to ChiefTom
said by ChiefTom :

Matt,

Thanks forthe referance links.

In the first referance in the middle of the page is the following

Require Device Encryption
This setting specifies whether device encryption is required. If set to $true, the device must be able to support and implement encryption to synchronize with the server.


This means to me that unless the device has can support encryption, it can not synchronize.

It has been this way since mid 2008.

If Encryption was required, why was the device able to sync when this policy say no.
Because the iPhone's version of Activesync had no idea about that requirement. The requirement wasn't introduced until Exchange 2007 SP1, so the iPhone (or any other device) would have to run a version of Activesync updated or released after the release of SP1 to honor it.

godlikesme
@unisys.com

godlikesme

Anon

Just thought you guys might be interested in knowning that MS Exchange Server 2007 SP1 was not released in May 2008 but in November 2007 which was a full 8 months prior to the release of the original iPhone 3G. That gave Apple MORE than enough time to test compatibility with MS Exchange 2007 SP1. This is TOTALLY Apple's fault and I have already contacted an attorney to start preliminary discussions about a possible class action lawsuit. If anyone else is interested in filing please let me know and I will start a listserv.
godlikesme

1 recommendation

godlikesme to Matt3

Anon

to Matt3
Here is the link to the original Exchange Server 2007 SP1 download page.

»www.microsoft.com/downlo ··· ylang=en

Matt3
All noise, no signal.
Premium Member
join:2003-07-20
Jamestown, NC

Matt3

Premium Member

Good luck with your lawsuit.