Under the Radar

Under the Radar 16: Designing for Misuse


00:00:00   welcome to under the radar a show but

00:00:02   independent iOS app development I'm

00:00:03   Marco Arment and I'm David Smith under

00:00:05   the radar is never longer than 30

00:00:07   minutes so let's get started so today I

00:00:09   wanted to talk about designing for

00:00:11   misuse and and maybe abuse - and maybe

00:00:15   some malicious use but you know just

00:00:16   general categories of misuse of people

00:00:19   trying to use your apps either

00:00:21   maliciously or in ways that you didn't

00:00:23   intend or consider when you design them

00:00:26   and kind of how you can deal with that

00:00:28   and how you can mitigate or minimize the

00:00:30   the negative effects of that I mean so

00:00:34   you you have a number of apps I'm

00:00:36   thinking of things like my recipe book

00:00:37   or audiobooks even where like somebody

00:00:41   could potentially get a ton of data in

00:00:44   there like a ton of Records or like a

00:00:46   ton of audiobooks or stuff like that

00:00:48   like like do you when you design things

00:00:50   do you account for like very very heavy

00:00:53   users who might be using the app to do

00:00:56   or store way more than you designed it

00:00:59   for I it's something i've definitely

00:01:02   didn't do or what initially and had

00:01:05   since have to had to learn a lot of

00:01:07   lessons about doing like in preparation

00:01:09   of this episode i took a look in my

00:01:11   recipe sink system and i found I was

00:01:14   like wonder how many recipes the biggest

00:01:16   users have and the biggest user has 13

00:01:19   thousand recipes like god in their in

00:01:24   their sink account and they use the app

00:01:27   how I also checked how often like are

00:01:28   they actually still using it and it's

00:01:30   like their last their the data their

00:01:32   last one yesterday so they are still

00:01:35   using it with 13 thousand recipes and I

00:01:37   did not in any way design the app to

00:01:39   scale for two thirteen thousand recipes

00:01:41   so it's something that I've had to learn

00:01:43   and I'll get the support requests from

00:01:45   people who are like why won't it just

00:01:46   like you know the sink seems really slow

00:01:49   and I go and check their account and

00:01:51   they have even if not the 13 thousand

00:01:53   but even like two or three thousand

00:01:55   recipes and I'm like yeah that's that's

00:01:58   gonna be tough on an iPad 2 - so just

00:02:01   move that amount of data around and

00:02:03   quickly search it and things that I mean

00:02:05   the numbers aren't massive in and of

00:02:07   themselves but I think like you're

00:02:09   saying it's you have to design your app

00:02:12   and be adaptive to it

00:02:13   in that way or otherwise the things just

00:02:15   fall down horribly because like your apt

00:02:20   if your app doesn't you know sort of

00:02:22   scale well or gracefully it's gonna kind

00:02:25   of fall apart and so now when I'm doing

00:02:27   these kinds of things I always have to

00:02:28   think in the back of my mind like how

00:02:30   this it's not even how many how many

00:02:33   records or how many entries could

00:02:34   someone reasonably have it's like how

00:02:36   many records could someone unreasonably

00:02:39   have what is what like what's the limit

00:02:42   here beyond which it would be completely

00:02:44   impractical for them to even get there

00:02:46   and it's also probably worth saying like

00:02:48   that person who has 13 thousand recipes

00:02:51   like they've been at inter entering into

00:02:53   the system into the system for the think

00:02:55   three years now like they've been using

00:02:57   the app for three years and so even like

00:03:01   you have to keep in mind that you things

00:03:03   will just gradually grow and extend over

00:03:05   time that it's not even just oh

00:03:08   someone's being silly and just like

00:03:10   creating a million entries in my system

00:03:11   it's like no they could just use it a

00:03:13   lot and over the course of several years

00:03:16   because hopefully your app will be

00:03:18   around for several years it'll get to a

00:03:20   point that things are way beyond what

00:03:22   you may have originally thought or

00:03:24   expected oh yeah I mean like you know

00:03:27   and this isn't that unreasonable of a

00:03:30   thing to I could from the user point of

00:03:32   view like you might you might think as a

00:03:34   user oh I'm using everything as design

00:03:36   but like there there's probably like one

00:03:37   or two things in your in your setup

00:03:40   either the apps you use or maybe like a

00:03:42   giant folder on your computer or some

00:03:44   giant database you have like oh I happen

00:03:46   to have I happen to be a Musical actor

00:03:48   and have like a hundred thousand mp3s or

00:03:50   happen to have a lot of photos or

00:03:51   whatever else like almost everybody has

00:03:53   the extremes of something you know like

00:03:55   like we like I our friend Merlin man

00:03:57   over it back to work has often talked

00:03:59   about his trouble finding Dropbox text

00:04:01   file markdown editors because like that

00:04:03   whole category of app so there's a

00:04:04   million of on the app store to edit

00:04:06   Dropbox note text files because he has

00:04:09   like thousands of them because he uses

00:04:10   them in all sorts of ways that a lot of

00:04:12   people don't consider or don't think of

00:04:13   and a lot of times like he try out a new

00:04:16   app and it'll just crash or it'll be a

00:04:19   searching will be impossibly slow or

00:04:21   something you know this this happens a

00:04:22   lot like almost everybody has like one

00:04:24   thing where they are pushing the bounds

00:04:26   on like I have

00:04:27   with overcast I have users that first

00:04:31   started reporting like slow sync issues

00:04:33   and I would get I dig in with them and I

00:04:36   find out that they would have like 150

00:04:38   podcast subscriptions and so most people

00:04:41   have trouble keeping up with 3 to 5

00:04:43   podcasts every week and this guy has 150

00:04:46   but he's using them you know he's using

00:04:49   the app like I'm not gonna like that's

00:04:50   that's that's the you know that's these

00:04:52   people's prerogative if they want to use

00:04:53   the app that way if it's not like

00:04:54   malicious against you in any way what's

00:04:56   the problem so you know you have to

00:04:58   design for these kind of extremes and

00:04:59   yet to test for them like you'd be

00:05:02   surprised like how how how quickly

00:05:04   either your app or your server the

00:05:07   server side process if you're syncing

00:05:09   them to a server or dealing with server

00:05:10   anyway how quickly you can hit memory

00:05:12   limits because like a lot of these like

00:05:14   like you know my back-end is all PHP and

00:05:15   yes make fun of it as much as you want

00:05:17   but almost every language that has on

00:05:18   the server side some kind of memory

00:05:20   limit that you can configure often it's

00:05:22   set by default to something you know

00:05:24   right in like the hundreds of megabytes

00:05:26   usually at most so you know you might

00:05:28   have like a PHP process might be able to

00:05:30   max out it like 32 Meg's or 128 Meg's

00:05:34   something in that range well if somebody

00:05:35   has like 10,000 items that you're trying

00:05:37   to sync and the server is trying to deal

00:05:38   with that you actually might hit that

00:05:40   like depending on the design of your

00:05:41   system

00:05:42   similarly on I on iOS like if you're

00:05:45   trying to read all those records into

00:05:46   memory to do some kind of batch

00:05:47   operation or some kind of inefficient

00:05:50   counting or something like that if

00:05:52   you're if you have your own custom data

00:05:54   interaction layer here and you are

00:05:57   dealing with 10,000 records 100,000

00:05:59   records and an app that you designed to

00:06:00   have a few hundred records you might

00:06:02   blow the memory limit on the iOS device

00:06:04   and the app might get killed or crash so

00:06:06   this is you know this is pretty pretty

00:06:08   important stuff to at least deal with

00:06:10   gracefully or as gracefully as you can

00:06:12   you know your app should at least not

00:06:14   crash you know if a heavy user uses it

00:06:16   and so you should be as much as much as

00:06:18   it's possible to you should be testing

00:06:20   for this like if you have an app with

00:06:22   any kind of user login system have a

00:06:24   user that has you know way more content

00:06:28   or data or records then you think is

00:06:30   normal or that you even think anybody

00:06:32   would ever have you know like I like

00:06:34   during the velopment of breadth of

00:06:35   vesper our friend Brent Simmons was was

00:06:39   blogging here and there about how like

00:06:40   they had

00:06:41   they had a test data that was like

00:06:43   thousands of notes and they knew that

00:06:44   almost nobody would ever take thousands

00:06:46   and thousands of notes but they wanted

00:06:48   to make sure the app worked well and

00:06:51   didn't crash and hopefully was fast and

00:06:53   was still actually good and functional

00:06:54   with way more data than they expected so

00:06:58   like you know first first priority don't

00:07:01   break you know don't crash don't make

00:07:03   the UI like break in weird ways like

00:07:06   it's like something overflowing it's

00:07:08   bound or rendering in the wrong spot

00:07:09   because like some assumption was broken

00:07:11   but how long something would be and and

00:07:13   try to not slow down

00:07:15   noticeably so there's many strategies

00:07:17   for this that it you know beyond the

00:07:19   scope of this episode but you know

00:07:21   generally you want to you know you want

00:07:22   to have some kind of database back in

00:07:24   you know not like a P list with 10,000

00:07:26   entries in it like you want to have some

00:07:28   kind of database if you use core data it

00:07:30   will do a lot of this for you especially

00:07:31   if you use like the the fetch results

00:07:33   controller is right because it you use

00:07:34   those here and there right yeah and then

00:07:36   they handle that's how most of this gets

00:07:38   done in my ABS it's like rely on

00:07:40   problems that were solved at a different

00:07:43   level like because core data was

00:07:45   designed to scale from like 10 records

00:07:49   to ten thousand or ten million records

00:07:51   like it's intended to be able to do that

00:07:53   and so if you use it that way you know

00:07:56   it does all the nice batching for you

00:07:58   and only pulling in like pointers to

00:08:01   things rather than to hold their whole

00:08:03   contents initially and all that kind of

00:08:05   stuff like if you do it thoughtfully in

00:08:07   that way then you know a lot of this

00:08:09   work can sort of be done for you or at

00:08:11   least the first pass at this kind of

00:08:13   work can be done for you exactly so you

00:08:16   know generally you know don't break

00:08:18   under heavy usage like this if you can

00:08:20   help it and then try it to slow down and

00:08:22   so you know use this as appropriate make

00:08:24   sure you know watch your memory limits

00:08:25   it helps to like you know if you can run

00:08:27   some testing where you can go into

00:08:29   instruments and watch memory usage of

00:08:30   your app and like see how it changes if

00:08:32   somebody has ten rows versus ten

00:08:36   thousand rows and you know the it should

00:08:38   not be going up linearly with the amount

00:08:40   of data that's being stored in your app

00:08:42   you know your your your in memory set

00:08:44   should not be scaling up your you know

00:08:46   your on disk set obviously could but you

00:08:48   know in memory should not so you know

00:08:51   beyond the technical side of making sure

00:08:53   it works

00:08:54   and you know again that's not a small

00:08:56   thing but if you be on the technical

00:08:58   side of things there are things you can

00:09:00   do in the design of the app to kind of

00:09:03   help make this manageable for people and

00:09:07   help help yourself out too with like the

00:09:08   amount of load that you're placing on

00:09:09   various parts of it and you know how

00:09:12   something might break so well I think

00:09:14   one of the one of the staples of iOS app

00:09:16   usability and design is the table view

00:09:18   you know the table view first of all

00:09:20   it's designed in such a way especially

00:09:22   when paired with core data or an

00:09:24   intelligent other layer it's designed in

00:09:25   such a way that it can scale

00:09:27   ridiculously well we know when you

00:09:28   combine the the way the cells are reused

00:09:31   and only certain amounts of data or page

00:09:33   in at once

00:09:33   combine that with like the the

00:09:35   estimations of cell Heights and the

00:09:38   estimations of sections and numbers of

00:09:40   things in sections and then you have

00:09:42   like the the like first letter on the

00:09:44   right side like and like in the phone

00:09:45   contacts app you have like the letter

00:09:46   jumping on the side where you can sort

00:09:48   and that's also by the way helpful in

00:09:50   different languages that you don't

00:09:51   support use apples please just use

00:09:53   apples thing and you'll be mostly okay

00:09:54   you know stuff like that having like

00:09:57   easy navigation intelligent sorting of

00:09:59   long lists like you know you might have

00:10:01   a list in your app that's sorted

00:10:02   chronologically if there's no way to

00:10:05   sort it alphabetically and somebody

00:10:07   might have 10,000 items that might be

00:10:09   problematic you know if it likes think

00:10:11   about like how you're how you're sorting

00:10:12   in your app works and if there's

00:10:14   anything you can do in the design the UI

00:10:16   design of the app to make it less

00:10:18   cumbersome or impossible to use for

00:10:21   somebody who is in your opinion grossly

00:10:23   over using it or grossly over filling it

00:10:26   because that will happen there will be

00:10:28   good reasons for it and you know if

00:10:30   possible don't break under that right

00:10:32   and so other things also in that and in

00:10:35   that category would involve Search

00:10:37   Search is a big one here you know any

00:10:40   kind of local search you can offer that

00:10:42   doesn't use a server is is easy first of

00:10:45   all almost every database supports

00:10:47   sequel Lite supports it you know you can

00:10:50   just write your own dumb one if you

00:10:51   really want to but please use a search

00:10:52   index it's much easier like using stuff

00:10:55   like that can really help people who

00:10:57   have tons and tons of of entries can

00:10:59   really help them find their data and use

00:11:02   your app and with search like you know

00:11:04   the way it works with like basically a

00:11:07   whole bunch of binary tree

00:11:08   and everything like you can you could

00:11:10   make a vast number of Records accessible

00:11:13   via search without a ton of work and

00:11:15   without a ton of CPU time being spent so

00:11:17   you know if there's any possibility of

00:11:20   somebody having a ton of data in your

00:11:22   app offer a search if it makes sense to

00:11:25   because it really does its ski it lets

00:11:28   your apps scale well because all of this

00:11:31   was really talking about app scaling

00:11:33   it's like you know in kind of in the in

00:11:35   the way that you know website scaling is

00:11:36   really talking about like number of

00:11:37   users or amount of traffic AB scaling

00:11:40   for one person in this case is like

00:11:42   talking about the amount of data they

00:11:44   might store in your app and what kind of

00:11:46   technical and organizational challenges

00:11:49   that will present exactly and the nice

00:11:52   thing too is that most of these changes

00:11:54   these improvements these ways of like

00:11:56   looking at your app at high usage

00:11:59   whatever that might need mean for your

00:12:01   app will almost always make it better

00:12:04   for the typical case that like you avoid

00:12:08   the like if your app does get Linney

00:12:11   linearly worse every time the user adds

00:12:14   a record like that's incredibly

00:12:16   problematic when you have 10,000 records

00:12:18   but it means that every single time the

00:12:21   user is using the app they're making it

00:12:23   slightly worse for themselves like

00:12:25   that's your discouraging use yeah like

00:12:27   what you want is to make sure that you

00:12:30   know your app scales gracefully in this

00:12:32   way but mostly because then that means

00:12:34   that it's probably gonna be a lot better

00:12:36   for you know your typical user like and

00:12:39   obviously that's nothing you want to

00:12:40   keep in the back of your mind that you

00:12:41   don't want to be making changes that are

00:12:43   only beneficial if you have 10,000 users

00:12:46   or 10,000 records because very few users

00:12:49   are gonna have that and so if it makes

00:12:50   your app way more complicated then

00:12:52   that's probably not good but looking at

00:12:54   it in these ways you get these benefits

00:12:56   I mean it's like you were saying with

00:12:57   like UI tableview is really efficient

00:12:59   and UI tableview is designed like for

00:13:02   the original iPhone like as far as I

00:13:03   know it's like that was built into you

00:13:05   know iPhone OS 1 when things were

00:13:07   incredibly constrained and tight and it

00:13:11   made the an OS you know where a lot of

00:13:13   things are just scrolling lists really

00:13:15   perform it in powerful and so then as

00:13:17   devices got more capable it got even

00:13:20   better and in the same way it's like if

00:13:22   you

00:13:22   you are designing things so that they

00:13:23   work when things are constrained in this

00:13:25   case when they were constrained by

00:13:26   having large numbers of things when you

00:13:29   aren't constrained in that way suddenly

00:13:31   everything's just better and faster and

00:13:33   in the a--probably instantaneous for

00:13:36   most of your users like if things only

00:13:38   take a few seconds for your extreme

00:13:40   users they're probably gonna be if you

00:13:42   know instantaneous or you know momentary

00:13:46   for your typical user and that's what

00:13:48   you want and like that this exercise is

00:13:51   helpful in that way of looking at your

00:13:53   app and saying well where could I make

00:13:55   this better like an easy obvious case

00:13:57   it's just to say like well let me throw

00:13:59   way more things into it than I need and

00:14:01   see where I can make it better as a

00:14:03   result exactly and you know and you're

00:14:06   like you mentioned like you know trying

00:14:07   to optimize for typical use you know

00:14:09   versus versus the the kind of extremes

00:14:11   and the fact is like when you're when

00:14:13   you're talking about adding any kind of

00:14:14   organizational system something like I'm

00:14:16   thinking like you know like like one

00:14:18   level of folders or tags which are

00:14:20   basically folders like you know one

00:14:21   level of organization to like abstract

00:14:24   something away that can go a long way

00:14:26   like if you have an app where people

00:14:29   might often have more than about you

00:14:31   know 20 to 50 records like they might

00:14:33   want some kind of way to organize that

00:14:34   and like having just one level of folder

00:14:38   hierarchy could also scale to 10,000

00:14:41   items fairly well like you don't have

00:14:43   like a little goes a long way here you

00:14:45   don't really have to go overboard with a

00:14:46   cup with accommodating for these things

00:14:47   in the UI because you know the the high

00:14:51   end users any little bit will help them

00:14:54   tremendously and it won't put too much

00:14:56   of a burden on regular users exactly and

00:14:59   obviously these are all like these are

00:15:00   the kinds of things we're talking about

00:15:01   are in the good case where things are

00:15:04   people are using your app in the way

00:15:06   that you intended it and just using it a

00:15:07   lot but obviously they also they could

00:15:09   talk use there could be problems that

00:15:11   you could run into on the malicious side

00:15:12   and we're about to talk about that

00:15:14   before we do could you tell me about

00:15:15   something that's awesome we are

00:15:17   sponsored this week by dev mate go to

00:15:19   dev mate dot-com slash radar to learn

00:15:22   more dev mate is a single SDK with a set

00:15:24   of advanced back-end features for Mac

00:15:27   developers that allows them to easily

00:15:28   integrate in app purchasing software

00:15:31   licensing auto-updates crash reports

00:15:33   user feedback and more

00:15:35   all four Mac apps without being in the

00:15:38   Mac App Store this is very useful stuff

00:15:40   if you're a Mac developer because you

00:15:41   don't have to handle all these things

00:15:42   for you know all manually for yourself

00:15:44   plus all the analytics for your app with

00:15:46   sales and downloads are all available

00:15:48   real time in dev mate's dashboard that's

00:15:51   real-time sales analytics data Mac paw

00:15:53   are very excited to announce that dev

00:15:55   mates of rich functionality is now free

00:15:57   for all and is instantly accessible

00:15:59   after integration magpie use these tools

00:16:02   themselves to help them build their own

00:16:03   apps include and CleanMyMac and you

00:16:05   can't and you can take a look at on

00:16:06   their site to see examples than many

00:16:08   other developers that also rely on dev

00:16:10   mate there's some big names there these

00:16:12   days more and more developers are eager

00:16:14   to sell outside the Mac App Store having

00:16:16   dev mate as an ultimate solution for

00:16:18   independent OS 10 development is a great

00:16:20   place to start you can find out more

00:16:22   right now by going to dev mate comm

00:16:24   slash radar once again that's dev mate

00:16:27   comm slash radar if you're a Mac

00:16:29   developer you got to check this out

00:16:30   thank you very much to dev mate for

00:16:32   sponsoring

00:16:32   under-the-radar and all of real EFM all

00:16:35   right so obviously if you you know

00:16:39   people are just putting lots of data in

00:16:40   your app like that's not really

00:16:41   problematic it could be problematic if

00:16:43   rep distance and a lit well but there's

00:16:46   also cases where rather than just your

00:16:48   users using the app and a positive like

00:16:51   they just love it you know like this

00:16:52   person just really loves baking and

00:16:54   wants to put 13,000 recipes in their

00:16:56   city and there's in in my sink system

00:16:58   there can also be taking cases

00:17:00   especially as your hep cats

00:17:02   attention or popular or you get

00:17:05   attention or become popular where people

00:17:07   might want to misuse your application

00:17:09   for whatever reason or in whatever way

00:17:11   and so it's kind of important that you

00:17:13   also think about it from those

00:17:15   perspectives of what's the worst that

00:17:18   people could do what could people be

00:17:20   doing with my app with my back-end you

00:17:23   know if someone ran like a Wireshark

00:17:25   application and looked at all the

00:17:27   network traffic between my app and my

00:17:29   server are there things that I wouldn't

00:17:31   want them to know or be able operations

00:17:34   that they could do that would really

00:17:36   hurt me and you kind of have to start

00:17:38   thinking through these basic security

00:17:41   things in order to make sure that your

00:17:42   app is going to be stable and worthwhile

00:17:45   and and also like in the same kind of

00:17:47   way we were saying before

00:17:49   if you do these things it can prevent

00:17:52   misuse but it also will probably make

00:17:54   basic use better because then your app

00:17:56   is more secure your users data is more

00:17:58   secure things are more reliable and so

00:18:01   it does take a bit of work and a bit of

00:18:03   thoughtfulness but these are things that

00:18:04   are kind of basic things that are

00:18:06   probably important if you want to get

00:18:08   into any kind of thing that you stores

00:18:11   or uses users data oh yeah and you know

00:18:13   like when you have any kind of you know

00:18:15   if you just have a local app that has no

00:18:17   web component that you at least that you

00:18:19   run but you know it if you just have a

00:18:21   local app there's only so much user can

00:18:23   do to to hurt anyone else or you using

00:18:26   the app but as soon as you have a

00:18:28   service behind it or especially like a

00:18:30   web interface there there are so much

00:18:33   that people can do that you know the

00:18:35   good thing is that web security is a

00:18:38   pretty well-known field at this point I

00:18:40   mean it's not solved it's not flawless

00:18:42   but you know the the major categories of

00:18:45   danger are well-known and many of them

00:18:49   can be avoided you know without too much

00:18:51   work these days because we you know

00:18:52   we've had a long time to work on web

00:18:53   security and so like you know like one

00:18:56   of the basics is obviously to use SSL

00:18:58   you know if you have any kind of API the

00:19:01   running over HTTP use SSL this is not

00:19:04   difficult these days in fact one tip

00:19:06   I've come across recently is so I host

00:19:09   all my stuff on Linode and they have

00:19:12   these things called node balancers we're

00:19:13   just like their own like kind of managed

00:19:15   to load balancing things for 20 bucks a

00:19:17   month and so I use I use node balance

00:19:20   here is not only for load balancing but

00:19:21   even when I only have one server behind

00:19:23   them I use the node bouncer for SSL

00:19:26   decryption and also to be kind of a

00:19:28   front-end because then the actual IP of

00:19:30   the machine is not you know being

00:19:32   directly exposed to the users and also

00:19:35   that is handling all the SSL decryption

00:19:37   for me so that and and Linode keeps

00:19:39   these maintaining keep C's updated so

00:19:41   that whenever SSL changes whenever like

00:19:44   people discover oh this old ciphers

00:19:45   actually actually has a weakness that we

00:19:47   did that we just learned about so nobody

00:19:48   should use that everyone should upgrade

00:19:50   to TLS one point whatever or do you know

00:19:52   disabled a certain cipher or anything

00:19:53   they do all that for you so you are

00:19:56   always kept on top of it you just paste

00:19:58   it in your certificate in your key into

00:19:59   their admin panel and then your server

00:20:02   talks regular

00:20:03   HTTP to the load balancer and the load

00:20:05   balancer to the node balancer excuse me

00:20:07   the node balancer then is handling all

00:20:09   security for you so that's I highly

00:20:10   recommend if you're on Linode and you

00:20:12   can spare another 20 bucks a month

00:20:13   outsource your your SSL dealing with to

00:20:16   a node balancer it's a lot easier and

00:20:19   you know but even if you do it yourself

00:20:21   you know just keep on top of it there's

00:20:22   a there's a Qualis SSL test that you can

00:20:24   you can kind of test your site and see

00:20:26   how it does on the security thing just

00:20:28   you know go test it every few months or

00:20:29   whenever you hear any news about it just

00:20:31   make sure you're on top of things but or

00:20:33   you can just outsource it like I do

00:20:34   excuse me

00:20:35   or you just outsource it and it's a no

00:20:36   big deal also for web pages consider

00:20:41   using content security policy this is a

00:20:43   relatively young web thing it's it's a

00:20:47   header you put on on repot on responses

00:20:50   CSP or content security policy it's a

00:20:52   thing that it's basically a declaration

00:20:55   you make in the headers that tells the

00:20:57   browser where from what domains and what

00:21:01   types of JavaScript and CSS and assets

00:21:04   are permitted to be loaded by this page

00:21:06   and what this is mostly useful for is to

00:21:10   eliminate a whole category of

00:21:12   vulnerabilities like cross-site

00:21:14   scripting then there's tons of

00:21:16   vulnerabilities that this just

00:21:17   completely negates for browsers that

00:21:19   support it and almost every modern

00:21:20   browser will enforce it as far as I know

00:21:22   so you know using content security

00:21:24   policy with SSL and with HSTs strict

00:21:28   Transport Security which will enforce

00:21:29   SSL for basically everything for all

00:21:32   modern browsers like using those things

00:21:34   you are way more secure than the average

00:21:37   service and you know Plus you know basic

00:21:39   server security as we talked about last

00:21:41   week or two weeks ago rather so that is

00:21:44   that will get you a huge huge part of

00:21:46   the way there and and I mean heck I even

00:21:50   in my podcast app I even have SSL

00:21:52   certificate pinning which is complete

00:21:54   overkill for a podcast app but what that

00:21:57   means is it makes it a lot harder for

00:21:59   anybody to not only snoop my traffic and

00:22:02   break the app that way but also for like

00:22:03   for you know creepy middlemen like like

00:22:06   when you get on airplane Wi-Fi and it

00:22:07   injects ads into everything you see now

00:22:09   or you know like it it makes it

00:22:10   impossible for those kind of things to

00:22:12   interfere with my app and will protect

00:22:13   me and it protects my users so it's it

00:22:16   these kind

00:22:16   things like they seem like overkill if

00:22:18   you're just making an app for something

00:22:19   basically playing podcasts but in in the

00:22:22   modern era this really isn't overkill

00:22:24   and it really isn't that hard I think

00:22:26   that's the important thing to like a lot

00:22:27   of these things like a little goes a

00:22:30   long way like just does all these you

00:22:33   know best practices and things you're

00:22:34   talking about if like the different

00:22:35   types of security and the different

00:22:37   approaches you can take

00:22:38   but doing anything is going to do a lot

00:22:42   just to get started with and like if

00:22:43   you're gonna do it fair enough do it

00:22:44   properly but all of these things like

00:22:47   any sigh if you just like you do there's

00:22:49   no reason to be sending anything in

00:22:51   plain text in like a modern app it's

00:22:54   just it just doesn't make sense like

00:22:56   maybe media maybe but in general like

00:22:59   you missed you just may as well like

00:23:01   things are it doesn't make your things

00:23:02   slower or a little more expensive or

00:23:04   those types of things like it just makes

00:23:06   the app better and so if you can do it

00:23:09   because you're just trying to minimize

00:23:10   the things the directions that people

00:23:12   can could you know be mischievous with

00:23:16   your application exactly so moving on

00:23:19   from now like direct security attacks I

00:23:21   want to talk a little bit about spam if

00:23:24   your app has any kind of user-generated

00:23:26   content that could potentially be

00:23:29   exposed to other users of the app or to

00:23:32   the public on your website and it's some

00:23:33   kind of like top ranked list or most

00:23:35   popular content or anything like that

00:23:38   that is a potential vector for spam for

00:23:41   people to span your site of your service

00:23:42   or your app in order to promote their

00:23:44   own stuff or deface stuff or make people

00:23:46   look at porn or whatever else there's

00:23:48   you know so anything where

00:23:50   user-generated content could be shown to

00:23:52   a larger audience of your apps users you

00:23:55   have to be very very careful about these

00:23:58   kind of things that become possible it's

00:24:02   you know it's one thing to just think oh

00:24:03   well I'm gonna make you know suppose

00:24:05   suppose you have like in overcast to

00:24:07   have a recommendations thing suppose I

00:24:08   would I was gonna show on the website

00:24:10   top recommended things which I kind of

00:24:12   do in the app but I'll get to that you

00:24:15   have to think like how could somebody

00:24:16   spam this in order to promote their own

00:24:19   thing or show inappropriate content or

00:24:22   something you know so somehow break it

00:24:24   in a way that would be valuable to them

00:24:26   or would you know deface the the whole

00:24:28   thing and make everyone look bad

00:24:29   and you might think oh I can just keep

00:24:31   on top I'll just check it every day

00:24:33   and I'll delete anything that looks

00:24:34   wrong and it'll be fine the fact is you

00:24:37   can't and you won't police it yourself

00:24:39   like you you that is unless you have a

00:24:42   very large dedicated staff doing this

00:24:44   around the clock and you know and every

00:24:46   different language around the world

00:24:47   you're probably not gonna be able to

00:24:49   police spam yourself hey you know you

00:24:52   can you can look at the big services

00:24:53   like like Twitter for instance where

00:24:55   spam is a thing and it is not a small

00:24:58   deal for a company like Twitter to to

00:25:02   try to prevent and eliminate spam as it

00:25:04   comes it that takes a huge staff so you

00:25:06   probably won't have that luxury

00:25:07   so my solution to this is to generally

00:25:11   just avoid creating mechanisms that can

00:25:13   be spammed so avoid creating global top

00:25:16   lists you know any kind of like global

00:25:18   rankings most popular lists I don't even

00:25:21   have like you can't even review podcasts

00:25:23   and overcast you can't like write

00:25:25   written user reviews that are shown to

00:25:27   anybody else because that's also spam

00:25:29   you know promotional problems like

00:25:31   defacing and everything legal problems

00:25:33   so like just if you can avoid any area

00:25:36   that can be spammed if you can't avoid

00:25:39   it try to outsource the control that

00:25:42   spam or the decision on whether

00:25:43   something is spam try to outsource that

00:25:45   to some other larger authority so and

00:25:48   I'm not I'm not talking about other spam

00:25:50   filters I'm not talking about like you

00:25:51   know a kismet or anything like that I'm

00:25:52   talking about outsourcing it to some

00:25:54   other authority that themselves would

00:25:56   need to have spam get through in a

00:25:59   significant way for it to be a problem

00:26:00   for you so an overcast case I use iTunes

00:26:04   IDs because iTunes reviews every podcast

00:26:06   that goes in and I have never seen spam

00:26:09   in the iTunes podcast directory I've

00:26:11   seen bad podcast but I've never actually

00:26:13   seen like you know what most people

00:26:14   consider blatant spam in there and it

00:26:18   also helps control like adult content

00:26:19   and you know stuff like that because

00:26:20   they also look for that so in overcast I

00:26:22   won't show a podcast in search results

00:26:25   unless I can match it to something in

00:26:26   the iTunes directory and if I can't

00:26:29   it stays private like you can still

00:26:30   enter it by URL but it's not going to be

00:26:32   shown to people who weren't looking for

00:26:33   it so that basically eliminates any of

00:26:35   any problems with spam or poor content

00:26:37   and then also for the recommendations

00:26:40   side of it I use your Twitter following

00:26:42   graph

00:26:43   so the only recommendations you will

00:26:45   ever see an overcast are either from

00:26:47   people you follow on Twitter so if

00:26:49   they're spamming you can unfollow them

00:26:50   and it's you know that's that's that's

00:26:52   your choice

00:26:52   you know so it's either from people you

00:26:54   have chosen to follow on Twitter or it's

00:26:56   from people if you don't have enough

00:26:58   people who you follow on Twitter it's

00:26:59   from people who are very popular on

00:27:01   Twitter who have tons and tons of

00:27:02   followers so the point where it would it

00:27:05   would be very very unlikely for any spam

00:27:08   to get in that way but for the most part

00:27:10   it's based on people you follow only and

00:27:12   so that way you know the combination of

00:27:14   that plus the iTunes ID filtering means

00:27:17   that it's basically impossible for this

00:27:19   mechanism to to show spam in a

00:27:22   meaningful way and so really the best

00:27:24   thing you can do if you have something

00:27:25   like this is like design it so that it

00:27:27   can't be spammed and if it can be

00:27:29   spammed outsource the authority over

00:27:31   what a spam to somebody big exactly and

00:27:34   I think it's probably a good way to like

00:27:36   I personally just avoid situations that

00:27:39   user-generated data would ever be shown

00:27:41   to someone else like I can't think of an

00:27:44   example in any of my my products where I

00:27:46   do that like I look at that problem and

00:27:48   I'm like that is big scary yes not

00:27:50   something I want to touch I just don't

00:27:52   and maybe there that means that there

00:27:54   are some features in my apps that I

00:27:55   could have that would be really cool but

00:27:57   I don't but I just decided that you know

00:27:59   what it's I'm one person I'm never going

00:28:02   to be able to or it's gonna be really

00:28:04   hard to stay on top of it so I just

00:28:06   don't and that's okay and I think the

00:28:08   important thing with like this whole

00:28:10   episodes discussion is when you're

00:28:13   thinking of that feature like when I've

00:28:14   December I'm deciding not to add

00:28:15   features that show user-generated

00:28:17   content to someone else like the

00:28:19   fundamental underlying thing that you

00:28:22   have to be thoughtful of is when you're

00:28:23   building it you have to be building it

00:28:25   with like what's the worst-case scenario

00:28:27   in mind yep that it's so easy when

00:28:30   you're building something to think of it

00:28:31   only from like the cool obvious like the

00:28:34   way you would use it perspective but in

00:28:37   order for you to have an app that is

00:28:38   going to be go with like good for

00:28:40   performance for your extreme users or

00:28:42   have good security and avoid kind of

00:28:44   user you know user-generated content

00:28:46   problems you have to always be building

00:28:48   it sort of with the worst case in mind

00:28:50   and that can be the worst case person

00:28:52   the worst case user the worst case

00:28:54   device the worst case Network whatever

00:28:56   it is

00:28:57   if you build something with the worst

00:28:58   case in mind its overall going to be

00:29:01   better as a result exactly that's all

00:29:04   the time we have this week thank you

00:29:06   very much for listening and we will see

00:29:07   you next week bye