Developing Perspective

#35: IcönFactory


00:00:00   Hello, and welcome to Developing Perspective, developing perspective as a podcast discussing

00:00:06   news of note in iOS, Apple, and Mac development primarily. I'm your host, David Smith. I'm

00:00:11   an independent iOS and Mac developer based in Herndon, Virginia. Today is Thursday, February

00:00:16   16th, 2012, and this is show number 35.

00:00:19   All right, for today's show, I'm going to have a couple of interesting topics. First,

00:00:24   to start off with, I'm going to talk about something I released yesterday, which is an

00:00:28   open source library for securing contact data in iOS.

00:00:33   So if you've been following along with the address book saga, you may be sort of aware

00:00:37   that there's been all of this controversy about applications sharing private contact

00:00:42   information in their applications in violation of the Apple's terminal service, and it sounds

00:00:47   like Apple is going to be starting to treat that data differently as a result of the controversy

00:00:52   and so on.

00:00:53   But the whole thing kind of got me thinking about how difficult it is for developers to

00:00:57   to take what you could call industry best practice steps to protect that data in the

00:01:03   first place.

00:01:04   So for example, a lot of this has to do with both asking and confirming that users would

00:01:10   like their contact information used and shared, which is required by the developer terms and

00:01:19   agreements as well as also just seems like good common sense.

00:01:23   And then, the second thing is using hashing or cryptographic means to ensure the privacy

00:01:30   of that data.

00:01:31   So if you're trying to do a matching service, you don't actually need to send someone's

00:01:34   entire contact book up to your server, you just need to send tokens that represent those

00:01:39   addresses, those phone numbers, in a way that you can match later.

00:01:43   And so I sat down and it turns out it's very easy to do this.

00:01:47   In a couple of hours I was able to write a library that is free and available on GitHub

00:01:51   under an MIT license that does this for you.

00:01:54   So it takes care of confirmation prompting as well as taking your address book and turning

00:01:59   it into tokens for email or phone numbers.

00:02:03   So if you're thinking about doing this, have done this, you have no excuse now to not be

00:02:09   using these kind of press practices.

00:02:10   It was very straightforward.

00:02:11   It's like I said, it's out there on GitHub.

00:02:13   There'll be a link to it in the show notes.

00:02:16   So please, please, if you do anything like this, either look at the code and apply it

00:02:20   to your own project or copy it, drop it in, do whatever.

00:02:26   But by all means, please take good steps

00:02:28   to protect your users' information.

00:02:31   All right, our second topic today I'm

00:02:33   going to be talking about is just a little trick

00:02:34   that I did yesterday that I thought

00:02:36   would be worth sharing.

00:02:37   And this relates to iTunes Connect,

00:02:39   and specifically using services for pulling down your iTunes

00:02:43   Connect sales information.

00:02:45   So yesterday, I started trying out

00:02:46   a service called App Annie, which

00:02:48   is a web-based service that pulls your sales reports,

00:02:52   pulls them into your account there, does some analytics,

00:02:56   graphing, all kinds of fun stuff like that, which is kind of cool and kind of fun.

00:03:00   And I was wanting to try it out.

00:03:03   But it always makes me nervous when I was giving out my iTunes Connect

00:03:06   credentials to a third party, both just from a paranoia perspective,

00:03:11   as well as there's things that could go wrong.

00:03:13   And the app stores my livelihood.

00:03:15   That's what pays my mortgage every month.

00:03:16   so it's very important for me that that account and the things going on around that is safe

00:03:24   and secure.

00:03:25   And so what I did is, this is the pro tip part of this, is that you can go into iTunes

00:03:29   Connect and you go to the Manage Users area within that you can add a section talking

00:03:36   about a new user and you can give that user a role that's just sales.

00:03:41   basically that user then can pull your sales reports.

00:03:45   I just created a user that's like reports@crossforward.com

00:03:49   this user which doesn't really exist, that's an email alias

00:03:53   to my account. And basically by doing that, what I allow myself to

00:03:57   do is, that's what I tell AppAnnie, that's the credentials.

00:04:01   So if that's ever compromised, if they do anything, all anybody could do is

00:04:05   get into my iTunes account and pull my sales. Which could be embarrassing I suppose, which could be

00:04:09   convenient which is certainly not something that I'd like to happen

00:04:13   but overall that's nowhere near as bad or as dangerous or whatever as

00:04:17   having someone be able to log into my iTunes account, submit apps under my

00:04:21   name, pull apps, delete apps, do all kinds of shenanigans that would just be a

00:04:26   horrible

00:04:26   nightmare to me.

00:04:28   So I just highly recommend if anyone uses one of those services, you know, something like

00:04:31   AppAnnie, AppFigures, to some degree AppViz, even though that's a local

00:04:36   thing so it's not as big of a deal.

00:04:38   but it's just definitely a good idea to kind of create this segregation. It's also

00:04:42   something that if you ever have to share

00:04:43   accounts with different people,

00:04:46   make use of that feature. It's there for a reason that you can create users and

00:04:50   sort of create separations of privilege and access in your iTunes

00:04:54   account, which if it's important to you,

00:04:57   if you're looking for the App Store,

00:04:59   you've got to take that stuff seriously.

00:05:01   Alright, and then moving on to our last subject. So I was all set to do just a

00:05:05   a short show this morning with those kind of topics, and then Apple dropped a big gift

00:05:10   in our laps this morning. So they announced 10.8, which is Mountain Lion, and it's got

00:05:17   all kinds of fun new features and things. I'm downloading the developer preview right

00:05:21   now, and because I haven't actually seen it, it's kind of fun because I can talk with a

00:05:24   bit more liberality in terms of I'm not as worried about the NDA stuff because all I

00:05:29   know is the stuff that's in the public domain. And so basically, this is coming out this

00:05:34   it's going to be kind of the next step in the iOSification of Mac OS, so it brings a lot of better iCloud capabilities.

00:05:43   Some of the applications from the iPad and iPhone are going to be brought over to the Mac.

00:05:48   And just generally it's kind of that next step in sort of unifying those two together.

00:05:53   And I'm kind of excited about it. I mean, as a developer, this is just super exciting.

00:05:59   I mean the guy, it's like, if this is what you like, if this is what you do, it's a kid

00:06:03   in a candy store.

00:06:04   Apple is just saying, hey, here's some new fun stuff, here's some new fun stuff, look

00:06:07   at this, learn this, be excited, and I am.

00:06:11   And there's some interesting features for developers, I think, going on here.

00:06:15   Specifically, there's the new feature called Gatekeeper, and I think this is probably going

00:06:19   to be a little bit controversial to some people, but overall, I think it's a great idea.

00:06:24   What Gigiuber does is creates a new,

00:06:29   it's the next step in this gradual security sandboxing approach

00:06:32   that they've been doing in macOS.

00:06:36   Where at first they introduced just the Mac App Store,

00:06:38   which is a way for people to get a hold of applications

00:06:40   in a safe, secure, approved, curated fashion.

00:06:43   And then they introduced sandboxing in line,

00:06:47   which allows you to secure your applications more strongly.

00:06:49   strongly so you'll be able to say you know this application can only do this that and the other

00:06:53   and it goes through the review process and increases security and safety there.

00:06:58   And now what Gatekeeper does in 10.8 Mountain Lion

00:07:03   is allows you to create three levels of applications that is a user configurable setting.

00:07:10   The first level it's just like it is now where basically any application file that you have can be run on your computer.

00:07:16   period. So it's just like it is now, it's kind of like the Wild West, you can do what you want.

00:07:20   Then the next level, and this is what's sort of new,

00:07:24   or most interesting and new, is that they're introducing a second level that's in between

00:07:28   the Mac App Store and between the Wild West, where developers can become

00:07:32   registered and have a signing credentials

00:07:36   and certificates that let them identify their applications as safe, good,

00:07:40   and sort of not necessarily approved by Apple

00:07:44   there's no review process for this, but you're saying

00:07:49   you create that identity, it creates a persona behind an application that can be verified.

00:07:51   So a developer can say, "I am developer X, and here's my certificate, here's my application,

00:07:55   I put it out on the web, you download it and you can run it,

00:08:01   and then it will be verified by the Mac OS

00:08:04   to make sure that is actually a correctly signed, cryptographically secure application,

00:08:09   so you know it's actually coming from them.

00:08:14   It's not some malware or something that someone's injected

00:08:16   or made it look like, "Hey, here's the new thing from the icon factory,"

00:08:18   and it's actually from the iKoon factory.

00:08:21   And the iKoon factory is actually stealing all your data, or something like that.

00:08:24   So it's a great way to bridge the gap between

00:08:29   forcing everybody to be in the Mac App Store

00:08:32   and adding that extra level of security,

00:08:34   because it also means that if something ever goes wrong

00:08:37   and say the icon factory's certificate somehow comes out,

00:08:39   compromised or weird things happen.

00:08:42   Apple can on there, and there's a revoke the certificate,

00:08:45   and then that application won't run for anybody user who

00:08:49   has this feature enabled.

00:08:51   And by default, I believe that's the setting that it'll have.

00:08:53   And then they've also introduced a feature one level farther,

00:08:56   where rather than allowing the non-Mac App Store third

00:09:00   parties, you can only install applications from the Mac App

00:09:03   Store.

00:09:03   And this sort of we can call this kind of, I don't know,

00:09:06   grandfather mode.

00:09:08   where you can set up someone's computer.

00:09:13   You buy your parents a new Mac,

00:09:15   you hook it,

00:09:18   set it up, you enable that,

00:09:19   and basically they're safe.

00:09:21   There's very few things they could do to mess up

00:09:23   their computer, to install things funnily,

00:09:25   to get not necessarily viruses,

00:09:28   but just mess things up,

00:09:30   because the application installation process is managed.

00:09:32   Starting next month, all applications are going to be sandboxed

00:09:34   in the Mac App Store, so the security's there.

00:09:37   And it just kind of creates this great little,

00:09:40   you know, kind of ensconces them in security

00:09:42   that I think will, A, do good things for people

00:09:45   feeling comfortable installing applications more.

00:09:47   It's kind of what definitely happened in iOS,

00:09:49   where because it's safe to install an application,

00:09:52   you know, if anything goes wrong, you just hold on to it.

00:09:54   You just sort of hold on to it.

00:09:55   It's so it's wiggle, you hit the X, it's gone.

00:09:58   And your system is exactly the same.

00:09:59   You don't have these weird problems that, you know,

00:10:00   it's like on Windows where if you install an application,

00:10:03   you never know if you quite cleaned it up or what's going to happen with it.

00:10:08   So I think it's a great feature there and I'm looking excited about it.

00:10:11   There's a bunch of other stuff that I've been hearing hints and indications

00:10:15   in the developer community of fun things under the covers that I look forward to diving into.

00:10:20   But once I get into too much of that, I can't talk about it too much because it's usually under an NDA.

00:10:24   But bottom line, super exciting time to be a Mac and iOS developer.

00:10:29   It's definitely kind of you see they're in the right industry.

00:10:30   I mean, you look at, I think about, oh, if I did Windows 8 or all these other platforms

00:10:37   that are coming out, you can't imagine Microsoft developing and releasing a new version of

00:10:43   the OS every year.

00:10:44   And fair enough, it depends on what you call a version.

00:10:47   Mountain Lion isn't a major departure from Lion, but still, they're focusing their resources,

00:10:55   energy and attention on making this platform amazing and awesome.

00:11:00   That is only going to do good things for developers.

00:11:03   So that's it for today's show.

00:11:05   Like I said, exciting fun things.

00:11:07   It's an exciting fun time to be a developer.

00:11:10   I'll have some links in the show notes to all these kind of things.

00:11:12   As always, if you like the show, please tell a friend, let someone know about it.

00:11:16   It's the best thing you can do to support me and keep me motivated to do the show.

00:11:21   If you have any questions, comments, feedbacks, thoughts, concerns, please hit me up on Twitter.

00:11:25   I'm @_davidsmith, underscore D-A-V-I-D-S-M-I-T-H.

00:11:30   I blog at david-smith.org.

00:11:33   And otherwise, yeah, have a good day, happy coding, enjoy reading the Mountain Lion release

00:11:37   notes, and have a good Thursday.

00:11:39   Bye.

00:11:39   Bye.