Under the Radar 16: Designing for Misuse
00:00:00
◼
►
welcome to under the radar a show but
00:00:02
◼
►
independent iOS app development I'm
00:00:03
◼
►
Marco Arment and I'm David Smith under
00:00:05
◼
►
the radar is never longer than 30
00:00:07
◼
►
minutes so let's get started so today I
00:00:09
◼
►
wanted to talk about designing for
00:00:11
◼
►
misuse and and maybe abuse - and maybe
00:00:15
◼
►
some malicious use but you know just
00:00:16
◼
►
general categories of misuse of people
00:00:19
◼
►
trying to use your apps either
00:00:21
◼
►
maliciously or in ways that you didn't
00:00:23
◼
►
intend or consider when you design them
00:00:26
◼
►
and kind of how you can deal with that
00:00:28
◼
►
and how you can mitigate or minimize the
00:00:30
◼
►
the negative effects of that I mean so
00:00:34
◼
►
you you have a number of apps I'm
00:00:36
◼
►
thinking of things like my recipe book
00:00:37
◼
►
or audiobooks even where like somebody
00:00:41
◼
►
could potentially get a ton of data in
00:00:44
◼
►
there like a ton of Records or like a
00:00:46
◼
►
ton of audiobooks or stuff like that
00:00:48
◼
►
like like do you when you design things
00:00:50
◼
►
do you account for like very very heavy
00:00:53
◼
►
users who might be using the app to do
00:00:56
◼
►
or store way more than you designed it
00:00:59
◼
►
for I it's something i've definitely
00:01:02
◼
►
didn't do or what initially and had
00:01:05
◼
►
since have to had to learn a lot of
00:01:07
◼
►
lessons about doing like in preparation
00:01:09
◼
►
of this episode i took a look in my
00:01:11
◼
►
recipe sink system and i found I was
00:01:14
◼
►
like wonder how many recipes the biggest
00:01:16
◼
►
users have and the biggest user has 13
00:01:19
◼
►
thousand recipes like god in their in
00:01:24
◼
►
their sink account and they use the app
00:01:27
◼
►
how I also checked how often like are
00:01:28
◼
►
they actually still using it and it's
00:01:30
◼
►
like their last their the data their
00:01:32
◼
►
last one yesterday so they are still
00:01:35
◼
►
using it with 13 thousand recipes and I
00:01:37
◼
►
did not in any way design the app to
00:01:39
◼
►
scale for two thirteen thousand recipes
00:01:41
◼
►
so it's something that I've had to learn
00:01:43
◼
►
and I'll get the support requests from
00:01:45
◼
►
people who are like why won't it just
00:01:46
◼
►
like you know the sink seems really slow
00:01:49
◼
►
and I go and check their account and
00:01:51
◼
►
they have even if not the 13 thousand
00:01:53
◼
►
but even like two or three thousand
00:01:55
◼
►
recipes and I'm like yeah that's that's
00:01:58
◼
►
gonna be tough on an iPad 2 - so just
00:02:01
◼
►
move that amount of data around and
00:02:03
◼
►
quickly search it and things that I mean
00:02:05
◼
►
the numbers aren't massive in and of
00:02:07
◼
►
themselves but I think like you're
00:02:09
◼
►
saying it's you have to design your app
00:02:12
◼
►
and be adaptive to it
00:02:13
◼
►
in that way or otherwise the things just
00:02:15
◼
►
fall down horribly because like your apt
00:02:20
◼
►
if your app doesn't you know sort of
00:02:22
◼
►
scale well or gracefully it's gonna kind
00:02:25
◼
►
of fall apart and so now when I'm doing
00:02:27
◼
►
these kinds of things I always have to
00:02:28
◼
►
think in the back of my mind like how
00:02:30
◼
►
this it's not even how many how many
00:02:33
◼
►
records or how many entries could
00:02:34
◼
►
someone reasonably have it's like how
00:02:36
◼
►
many records could someone unreasonably
00:02:39
◼
►
have what is what like what's the limit
00:02:42
◼
►
here beyond which it would be completely
00:02:44
◼
►
impractical for them to even get there
00:02:46
◼
►
and it's also probably worth saying like
00:02:48
◼
►
that person who has 13 thousand recipes
00:02:51
◼
►
like they've been at inter entering into
00:02:53
◼
►
the system into the system for the think
00:02:55
◼
►
three years now like they've been using
00:02:57
◼
►
the app for three years and so even like
00:03:01
◼
►
you have to keep in mind that you things
00:03:03
◼
►
will just gradually grow and extend over
00:03:05
◼
►
time that it's not even just oh
00:03:08
◼
►
someone's being silly and just like
00:03:10
◼
►
creating a million entries in my system
00:03:11
◼
►
it's like no they could just use it a
00:03:13
◼
►
lot and over the course of several years
00:03:16
◼
►
because hopefully your app will be
00:03:18
◼
►
around for several years it'll get to a
00:03:20
◼
►
point that things are way beyond what
00:03:22
◼
►
you may have originally thought or
00:03:24
◼
►
expected oh yeah I mean like you know
00:03:27
◼
►
and this isn't that unreasonable of a
00:03:30
◼
►
thing to I could from the user point of
00:03:32
◼
►
view like you might you might think as a
00:03:34
◼
►
user oh I'm using everything as design
00:03:36
◼
►
but like there there's probably like one
00:03:37
◼
►
or two things in your in your setup
00:03:40
◼
►
either the apps you use or maybe like a
00:03:42
◼
►
giant folder on your computer or some
00:03:44
◼
►
giant database you have like oh I happen
00:03:46
◼
►
to have I happen to be a Musical actor
00:03:48
◼
►
and have like a hundred thousand mp3s or
00:03:50
◼
►
happen to have a lot of photos or
00:03:51
◼
►
whatever else like almost everybody has
00:03:53
◼
►
the extremes of something you know like
00:03:55
◼
►
like we like I our friend Merlin man
00:03:57
◼
►
over it back to work has often talked
00:03:59
◼
►
about his trouble finding Dropbox text
00:04:01
◼
►
file markdown editors because like that
00:04:03
◼
►
whole category of app so there's a
00:04:04
◼
►
million of on the app store to edit
00:04:06
◼
►
Dropbox note text files because he has
00:04:09
◼
►
like thousands of them because he uses
00:04:10
◼
►
them in all sorts of ways that a lot of
00:04:12
◼
►
people don't consider or don't think of
00:04:13
◼
►
and a lot of times like he try out a new
00:04:16
◼
►
app and it'll just crash or it'll be a
00:04:19
◼
►
searching will be impossibly slow or
00:04:21
◼
►
something you know this this happens a
00:04:22
◼
►
lot like almost everybody has like one
00:04:24
◼
►
thing where they are pushing the bounds
00:04:26
◼
►
on like I have
00:04:27
◼
►
with overcast I have users that first
00:04:31
◼
►
started reporting like slow sync issues
00:04:33
◼
►
and I would get I dig in with them and I
00:04:36
◼
►
find out that they would have like 150
00:04:38
◼
►
podcast subscriptions and so most people
00:04:41
◼
►
have trouble keeping up with 3 to 5
00:04:43
◼
►
podcasts every week and this guy has 150
00:04:46
◼
►
but he's using them you know he's using
00:04:49
◼
►
the app like I'm not gonna like that's
00:04:50
◼
►
that's that's the you know that's these
00:04:52
◼
►
people's prerogative if they want to use
00:04:53
◼
►
the app that way if it's not like
00:04:54
◼
►
malicious against you in any way what's
00:04:56
◼
►
the problem so you know you have to
00:04:58
◼
►
design for these kind of extremes and
00:04:59
◼
►
yet to test for them like you'd be
00:05:02
◼
►
surprised like how how how quickly
00:05:04
◼
►
either your app or your server the
00:05:07
◼
►
server side process if you're syncing
00:05:09
◼
►
them to a server or dealing with server
00:05:10
◼
►
anyway how quickly you can hit memory
00:05:12
◼
►
limits because like a lot of these like
00:05:14
◼
►
like you know my back-end is all PHP and
00:05:15
◼
►
yes make fun of it as much as you want
00:05:17
◼
►
but almost every language that has on
00:05:18
◼
►
the server side some kind of memory
00:05:20
◼
►
limit that you can configure often it's
00:05:22
◼
►
set by default to something you know
00:05:24
◼
►
right in like the hundreds of megabytes
00:05:26
◼
►
usually at most so you know you might
00:05:28
◼
►
have like a PHP process might be able to
00:05:30
◼
►
max out it like 32 Meg's or 128 Meg's
00:05:34
◼
►
something in that range well if somebody
00:05:35
◼
►
has like 10,000 items that you're trying
00:05:37
◼
►
to sync and the server is trying to deal
00:05:38
◼
►
with that you actually might hit that
00:05:40
◼
►
like depending on the design of your
00:05:42
◼
►
similarly on I on iOS like if you're
00:05:45
◼
►
trying to read all those records into
00:05:46
◼
►
memory to do some kind of batch
00:05:47
◼
►
operation or some kind of inefficient
00:05:50
◼
►
counting or something like that if
00:05:52
◼
►
you're if you have your own custom data
00:05:54
◼
►
interaction layer here and you are
00:05:57
◼
►
dealing with 10,000 records 100,000
00:05:59
◼
►
records and an app that you designed to
00:06:00
◼
►
have a few hundred records you might
00:06:02
◼
►
blow the memory limit on the iOS device
00:06:04
◼
►
and the app might get killed or crash so
00:06:06
◼
►
this is you know this is pretty pretty
00:06:08
◼
►
important stuff to at least deal with
00:06:10
◼
►
gracefully or as gracefully as you can
00:06:12
◼
►
you know your app should at least not
00:06:14
◼
►
crash you know if a heavy user uses it
00:06:16
◼
►
and so you should be as much as much as
00:06:18
◼
►
it's possible to you should be testing
00:06:20
◼
►
for this like if you have an app with
00:06:22
◼
►
any kind of user login system have a
00:06:24
◼
►
user that has you know way more content
00:06:28
◼
►
or data or records then you think is
00:06:30
◼
►
normal or that you even think anybody
00:06:32
◼
►
would ever have you know like I like
00:06:34
◼
►
during the velopment of breadth of
00:06:35
◼
►
vesper our friend Brent Simmons was was
00:06:39
◼
►
blogging here and there about how like
00:06:41
◼
►
they had a test data that was like
00:06:43
◼
►
thousands of notes and they knew that
00:06:44
◼
►
almost nobody would ever take thousands
00:06:46
◼
►
and thousands of notes but they wanted
00:06:48
◼
►
to make sure the app worked well and
00:06:51
◼
►
didn't crash and hopefully was fast and
00:06:53
◼
►
was still actually good and functional
00:06:54
◼
►
with way more data than they expected so
00:06:58
◼
►
like you know first first priority don't
00:07:01
◼
►
break you know don't crash don't make
00:07:03
◼
►
the UI like break in weird ways like
00:07:06
◼
►
it's like something overflowing it's
00:07:08
◼
►
bound or rendering in the wrong spot
00:07:09
◼
►
because like some assumption was broken
00:07:11
◼
►
but how long something would be and and
00:07:13
◼
►
try to not slow down
00:07:15
◼
►
noticeably so there's many strategies
00:07:17
◼
►
for this that it you know beyond the
00:07:19
◼
►
scope of this episode but you know
00:07:21
◼
►
generally you want to you know you want
00:07:22
◼
►
to have some kind of database back in
00:07:24
◼
►
you know not like a P list with 10,000
00:07:26
◼
►
entries in it like you want to have some
00:07:28
◼
►
kind of database if you use core data it
00:07:30
◼
►
will do a lot of this for you especially
00:07:31
◼
►
if you use like the the fetch results
00:07:33
◼
►
controller is right because it you use
00:07:34
◼
►
those here and there right yeah and then
00:07:36
◼
►
they handle that's how most of this gets
00:07:38
◼
►
done in my ABS it's like rely on
00:07:40
◼
►
problems that were solved at a different
00:07:43
◼
►
level like because core data was
00:07:45
◼
►
designed to scale from like 10 records
00:07:49
◼
►
to ten thousand or ten million records
00:07:51
◼
►
like it's intended to be able to do that
00:07:53
◼
►
and so if you use it that way you know
00:07:56
◼
►
it does all the nice batching for you
00:07:58
◼
►
and only pulling in like pointers to
00:08:01
◼
►
things rather than to hold their whole
00:08:03
◼
►
contents initially and all that kind of
00:08:05
◼
►
stuff like if you do it thoughtfully in
00:08:07
◼
►
that way then you know a lot of this
00:08:09
◼
►
work can sort of be done for you or at
00:08:11
◼
►
least the first pass at this kind of
00:08:13
◼
►
work can be done for you exactly so you
00:08:16
◼
►
know generally you know don't break
00:08:18
◼
►
under heavy usage like this if you can
00:08:20
◼
►
help it and then try it to slow down and
00:08:22
◼
►
so you know use this as appropriate make
00:08:24
◼
►
sure you know watch your memory limits
00:08:25
◼
►
it helps to like you know if you can run
00:08:27
◼
►
some testing where you can go into
00:08:29
◼
►
instruments and watch memory usage of
00:08:30
◼
►
your app and like see how it changes if
00:08:32
◼
►
somebody has ten rows versus ten
00:08:36
◼
►
thousand rows and you know the it should
00:08:38
◼
►
not be going up linearly with the amount
00:08:40
◼
►
of data that's being stored in your app
00:08:42
◼
►
you know your your your in memory set
00:08:44
◼
►
should not be scaling up your you know
00:08:46
◼
►
your on disk set obviously could but you
00:08:48
◼
►
know in memory should not so you know
00:08:51
◼
►
beyond the technical side of making sure
00:08:54
◼
►
and you know again that's not a small
00:08:56
◼
►
thing but if you be on the technical
00:08:58
◼
►
side of things there are things you can
00:09:00
◼
►
do in the design of the app to kind of
00:09:03
◼
►
help make this manageable for people and
00:09:07
◼
►
help help yourself out too with like the
00:09:08
◼
►
amount of load that you're placing on
00:09:09
◼
►
various parts of it and you know how
00:09:12
◼
►
something might break so well I think
00:09:14
◼
►
one of the one of the staples of iOS app
00:09:16
◼
►
usability and design is the table view
00:09:18
◼
►
you know the table view first of all
00:09:20
◼
►
it's designed in such a way especially
00:09:22
◼
►
when paired with core data or an
00:09:24
◼
►
intelligent other layer it's designed in
00:09:25
◼
►
such a way that it can scale
00:09:27
◼
►
ridiculously well we know when you
00:09:28
◼
►
combine the the way the cells are reused
00:09:31
◼
►
and only certain amounts of data or page
00:09:33
◼
►
combine that with like the the
00:09:35
◼
►
estimations of cell Heights and the
00:09:38
◼
►
estimations of sections and numbers of
00:09:40
◼
►
things in sections and then you have
00:09:42
◼
►
like the the like first letter on the
00:09:44
◼
►
right side like and like in the phone
00:09:45
◼
►
contacts app you have like the letter
00:09:46
◼
►
jumping on the side where you can sort
00:09:48
◼
►
and that's also by the way helpful in
00:09:50
◼
►
different languages that you don't
00:09:51
◼
►
support use apples please just use
00:09:53
◼
►
apples thing and you'll be mostly okay
00:09:54
◼
►
you know stuff like that having like
00:09:57
◼
►
easy navigation intelligent sorting of
00:09:59
◼
►
long lists like you know you might have
00:10:01
◼
►
a list in your app that's sorted
00:10:02
◼
►
chronologically if there's no way to
00:10:05
◼
►
sort it alphabetically and somebody
00:10:07
◼
►
might have 10,000 items that might be
00:10:09
◼
►
problematic you know if it likes think
00:10:11
◼
►
about like how you're how you're sorting
00:10:12
◼
►
in your app works and if there's
00:10:14
◼
►
anything you can do in the design the UI
00:10:16
◼
►
design of the app to make it less
00:10:18
◼
►
cumbersome or impossible to use for
00:10:21
◼
►
somebody who is in your opinion grossly
00:10:23
◼
►
over using it or grossly over filling it
00:10:26
◼
►
because that will happen there will be
00:10:28
◼
►
good reasons for it and you know if
00:10:30
◼
►
possible don't break under that right
00:10:32
◼
►
and so other things also in that and in
00:10:35
◼
►
that category would involve Search
00:10:37
◼
►
Search is a big one here you know any
00:10:40
◼
►
kind of local search you can offer that
00:10:42
◼
►
doesn't use a server is is easy first of
00:10:45
◼
►
all almost every database supports
00:10:47
◼
►
sequel Lite supports it you know you can
00:10:50
◼
►
just write your own dumb one if you
00:10:51
◼
►
really want to but please use a search
00:10:52
◼
►
index it's much easier like using stuff
00:10:55
◼
►
like that can really help people who
00:10:57
◼
►
have tons and tons of of entries can
00:10:59
◼
►
really help them find their data and use
00:11:02
◼
►
your app and with search like you know
00:11:04
◼
►
the way it works with like basically a
00:11:07
◼
►
whole bunch of binary tree
00:11:08
◼
►
and everything like you can you could
00:11:10
◼
►
make a vast number of Records accessible
00:11:13
◼
►
via search without a ton of work and
00:11:15
◼
►
without a ton of CPU time being spent so
00:11:17
◼
►
you know if there's any possibility of
00:11:20
◼
►
somebody having a ton of data in your
00:11:22
◼
►
app offer a search if it makes sense to
00:11:25
◼
►
because it really does its ski it lets
00:11:28
◼
►
your apps scale well because all of this
00:11:31
◼
►
was really talking about app scaling
00:11:33
◼
►
it's like you know in kind of in the in
00:11:35
◼
►
the way that you know website scaling is
00:11:36
◼
►
really talking about like number of
00:11:37
◼
►
users or amount of traffic AB scaling
00:11:40
◼
►
for one person in this case is like
00:11:42
◼
►
talking about the amount of data they
00:11:44
◼
►
might store in your app and what kind of
00:11:46
◼
►
technical and organizational challenges
00:11:49
◼
►
that will present exactly and the nice
00:11:52
◼
►
thing too is that most of these changes
00:11:54
◼
►
these improvements these ways of like
00:11:56
◼
►
looking at your app at high usage
00:11:59
◼
►
whatever that might need mean for your
00:12:01
◼
►
app will almost always make it better
00:12:04
◼
►
for the typical case that like you avoid
00:12:08
◼
►
the like if your app does get Linney
00:12:11
◼
►
linearly worse every time the user adds
00:12:14
◼
►
a record like that's incredibly
00:12:16
◼
►
problematic when you have 10,000 records
00:12:18
◼
►
but it means that every single time the
00:12:21
◼
►
user is using the app they're making it
00:12:23
◼
►
slightly worse for themselves like
00:12:25
◼
►
that's your discouraging use yeah like
00:12:27
◼
►
what you want is to make sure that you
00:12:30
◼
►
know your app scales gracefully in this
00:12:32
◼
►
way but mostly because then that means
00:12:34
◼
►
that it's probably gonna be a lot better
00:12:36
◼
►
for you know your typical user like and
00:12:39
◼
►
obviously that's nothing you want to
00:12:40
◼
►
keep in the back of your mind that you
00:12:41
◼
►
don't want to be making changes that are
00:12:43
◼
►
only beneficial if you have 10,000 users
00:12:46
◼
►
or 10,000 records because very few users
00:12:49
◼
►
are gonna have that and so if it makes
00:12:50
◼
►
your app way more complicated then
00:12:52
◼
►
that's probably not good but looking at
00:12:54
◼
►
it in these ways you get these benefits
00:12:56
◼
►
I mean it's like you were saying with
00:12:57
◼
►
like UI tableview is really efficient
00:12:59
◼
►
and UI tableview is designed like for
00:13:02
◼
►
the original iPhone like as far as I
00:13:03
◼
►
know it's like that was built into you
00:13:05
◼
►
know iPhone OS 1 when things were
00:13:07
◼
►
incredibly constrained and tight and it
00:13:11
◼
►
made the an OS you know where a lot of
00:13:13
◼
►
things are just scrolling lists really
00:13:15
◼
►
perform it in powerful and so then as
00:13:17
◼
►
devices got more capable it got even
00:13:20
◼
►
better and in the same way it's like if
00:13:22
◼
►
you are designing things so that they
00:13:23
◼
►
work when things are constrained in this
00:13:25
◼
►
case when they were constrained by
00:13:26
◼
►
having large numbers of things when you
00:13:29
◼
►
aren't constrained in that way suddenly
00:13:31
◼
►
everything's just better and faster and
00:13:33
◼
►
in the a--probably instantaneous for
00:13:36
◼
►
most of your users like if things only
00:13:38
◼
►
take a few seconds for your extreme
00:13:40
◼
►
users they're probably gonna be if you
00:13:42
◼
►
know instantaneous or you know momentary
00:13:46
◼
►
for your typical user and that's what
00:13:48
◼
►
you want and like that this exercise is
00:13:51
◼
►
helpful in that way of looking at your
00:13:53
◼
►
app and saying well where could I make
00:13:55
◼
►
this better like an easy obvious case
00:13:57
◼
►
it's just to say like well let me throw
00:13:59
◼
►
way more things into it than I need and
00:14:01
◼
►
see where I can make it better as a
00:14:03
◼
►
result exactly and you know and you're
00:14:06
◼
►
like you mentioned like you know trying
00:14:07
◼
►
to optimize for typical use you know
00:14:09
◼
►
versus versus the the kind of extremes
00:14:11
◼
►
and the fact is like when you're when
00:14:13
◼
►
you're talking about adding any kind of
00:14:14
◼
►
organizational system something like I'm
00:14:16
◼
►
thinking like you know like like one
00:14:18
◼
►
level of folders or tags which are
00:14:20
◼
►
basically folders like you know one
00:14:21
◼
►
level of organization to like abstract
00:14:24
◼
►
something away that can go a long way
00:14:26
◼
►
like if you have an app where people
00:14:29
◼
►
might often have more than about you
00:14:31
◼
►
know 20 to 50 records like they might
00:14:33
◼
►
want some kind of way to organize that
00:14:34
◼
►
and like having just one level of folder
00:14:38
◼
►
hierarchy could also scale to 10,000
00:14:41
◼
►
items fairly well like you don't have
00:14:43
◼
►
like a little goes a long way here you
00:14:45
◼
►
don't really have to go overboard with a
00:14:46
◼
►
cup with accommodating for these things
00:14:47
◼
►
in the UI because you know the the high
00:14:51
◼
►
end users any little bit will help them
00:14:54
◼
►
tremendously and it won't put too much
00:14:56
◼
►
of a burden on regular users exactly and
00:14:59
◼
►
obviously these are all like these are
00:15:00
◼
►
the kinds of things we're talking about
00:15:01
◼
►
are in the good case where things are
00:15:04
◼
►
people are using your app in the way
00:15:06
◼
►
that you intended it and just using it a
00:15:07
◼
►
lot but obviously they also they could
00:15:09
◼
►
talk use there could be problems that
00:15:11
◼
►
you could run into on the malicious side
00:15:12
◼
►
and we're about to talk about that
00:15:14
◼
►
before we do could you tell me about
00:15:15
◼
►
something that's awesome we are
00:15:17
◼
►
sponsored this week by dev mate go to
00:15:19
◼
►
dev mate dot-com slash radar to learn
00:15:22
◼
►
more dev mate is a single SDK with a set
00:15:24
◼
►
of advanced back-end features for Mac
00:15:27
◼
►
developers that allows them to easily
00:15:28
◼
►
integrate in app purchasing software
00:15:31
◼
►
licensing auto-updates crash reports
00:15:33
◼
►
user feedback and more
00:15:35
◼
►
all four Mac apps without being in the
00:15:38
◼
►
Mac App Store this is very useful stuff
00:15:40
◼
►
if you're a Mac developer because you
00:15:41
◼
►
don't have to handle all these things
00:15:42
◼
►
for you know all manually for yourself
00:15:44
◼
►
plus all the analytics for your app with
00:15:46
◼
►
sales and downloads are all available
00:15:48
◼
►
real time in dev mate's dashboard that's
00:15:51
◼
►
real-time sales analytics data Mac paw
00:15:53
◼
►
are very excited to announce that dev
00:15:55
◼
►
mates of rich functionality is now free
00:15:57
◼
►
for all and is instantly accessible
00:15:59
◼
►
after integration magpie use these tools
00:16:02
◼
►
themselves to help them build their own
00:16:03
◼
►
apps include and CleanMyMac and you
00:16:05
◼
►
can't and you can take a look at on
00:16:06
◼
►
their site to see examples than many
00:16:08
◼
►
other developers that also rely on dev
00:16:10
◼
►
mate there's some big names there these
00:16:12
◼
►
days more and more developers are eager
00:16:14
◼
►
to sell outside the Mac App Store having
00:16:16
◼
►
dev mate as an ultimate solution for
00:16:18
◼
►
independent OS 10 development is a great
00:16:20
◼
►
place to start you can find out more
00:16:22
◼
►
right now by going to dev mate comm
00:16:24
◼
►
slash radar once again that's dev mate
00:16:27
◼
►
comm slash radar if you're a Mac
00:16:29
◼
►
developer you got to check this out
00:16:30
◼
►
thank you very much to dev mate for
00:16:32
◼
►
under-the-radar and all of real EFM all
00:16:35
◼
►
right so obviously if you you know
00:16:39
◼
►
people are just putting lots of data in
00:16:40
◼
►
your app like that's not really
00:16:41
◼
►
problematic it could be problematic if
00:16:43
◼
►
rep distance and a lit well but there's
00:16:46
◼
►
also cases where rather than just your
00:16:48
◼
►
users using the app and a positive like
00:16:51
◼
►
they just love it you know like this
00:16:52
◼
►
person just really loves baking and
00:16:54
◼
►
wants to put 13,000 recipes in their
00:16:56
◼
►
city and there's in in my sink system
00:16:58
◼
►
there can also be taking cases
00:17:00
◼
►
especially as your hep cats
00:17:02
◼
►
attention or popular or you get
00:17:05
◼
►
attention or become popular where people
00:17:07
◼
►
might want to misuse your application
00:17:09
◼
►
for whatever reason or in whatever way
00:17:11
◼
►
and so it's kind of important that you
00:17:13
◼
►
also think about it from those
00:17:15
◼
►
perspectives of what's the worst that
00:17:18
◼
►
people could do what could people be
00:17:20
◼
►
doing with my app with my back-end you
00:17:23
◼
►
know if someone ran like a Wireshark
00:17:25
◼
►
application and looked at all the
00:17:27
◼
►
network traffic between my app and my
00:17:29
◼
►
server are there things that I wouldn't
00:17:31
◼
►
want them to know or be able operations
00:17:34
◼
►
that they could do that would really
00:17:36
◼
►
hurt me and you kind of have to start
00:17:38
◼
►
thinking through these basic security
00:17:41
◼
►
things in order to make sure that your
00:17:42
◼
►
app is going to be stable and worthwhile
00:17:45
◼
►
and and also like in the same kind of
00:17:47
◼
►
way we were saying before
00:17:49
◼
►
if you do these things it can prevent
00:17:52
◼
►
misuse but it also will probably make
00:17:54
◼
►
basic use better because then your app
00:17:56
◼
►
is more secure your users data is more
00:17:58
◼
►
secure things are more reliable and so
00:18:01
◼
►
it does take a bit of work and a bit of
00:18:03
◼
►
thoughtfulness but these are things that
00:18:04
◼
►
are kind of basic things that are
00:18:06
◼
►
probably important if you want to get
00:18:08
◼
►
into any kind of thing that you stores
00:18:11
◼
►
or uses users data oh yeah and you know
00:18:13
◼
►
like when you have any kind of you know
00:18:15
◼
►
if you just have a local app that has no
00:18:17
◼
►
web component that you at least that you
00:18:19
◼
►
run but you know it if you just have a
00:18:21
◼
►
local app there's only so much user can
00:18:23
◼
►
do to to hurt anyone else or you using
00:18:26
◼
►
the app but as soon as you have a
00:18:28
◼
►
service behind it or especially like a
00:18:30
◼
►
web interface there there are so much
00:18:33
◼
►
that people can do that you know the
00:18:35
◼
►
good thing is that web security is a
00:18:38
◼
►
pretty well-known field at this point I
00:18:40
◼
►
mean it's not solved it's not flawless
00:18:42
◼
►
but you know the the major categories of
00:18:45
◼
►
danger are well-known and many of them
00:18:49
◼
►
can be avoided you know without too much
00:18:51
◼
►
work these days because we you know
00:18:52
◼
►
we've had a long time to work on web
00:18:53
◼
►
security and so like you know like one
00:18:56
◼
►
of the basics is obviously to use SSL
00:18:58
◼
►
you know if you have any kind of API the
00:19:01
◼
►
running over HTTP use SSL this is not
00:19:04
◼
►
difficult these days in fact one tip
00:19:06
◼
►
I've come across recently is so I host
00:19:09
◼
►
all my stuff on Linode and they have
00:19:12
◼
►
these things called node balancers we're
00:19:13
◼
►
just like their own like kind of managed
00:19:15
◼
►
to load balancing things for 20 bucks a
00:19:17
◼
►
month and so I use I use node balance
00:19:20
◼
►
here is not only for load balancing but
00:19:21
◼
►
even when I only have one server behind
00:19:23
◼
►
them I use the node bouncer for SSL
00:19:26
◼
►
decryption and also to be kind of a
00:19:28
◼
►
front-end because then the actual IP of
00:19:30
◼
►
the machine is not you know being
00:19:32
◼
►
directly exposed to the users and also
00:19:35
◼
►
that is handling all the SSL decryption
00:19:37
◼
►
for me so that and and Linode keeps
00:19:39
◼
►
these maintaining keep C's updated so
00:19:41
◼
►
that whenever SSL changes whenever like
00:19:44
◼
►
people discover oh this old ciphers
00:19:45
◼
►
actually actually has a weakness that we
00:19:47
◼
►
did that we just learned about so nobody
00:19:48
◼
►
should use that everyone should upgrade
00:19:50
◼
►
to TLS one point whatever or do you know
00:19:52
◼
►
disabled a certain cipher or anything
00:19:53
◼
►
they do all that for you so you are
00:19:56
◼
►
always kept on top of it you just paste
00:19:58
◼
►
it in your certificate in your key into
00:19:59
◼
►
their admin panel and then your server
00:20:02
◼
►
talks regular
00:20:03
◼
►
HTTP to the load balancer and the load
00:20:05
◼
►
balancer to the node balancer excuse me
00:20:07
◼
►
the node balancer then is handling all
00:20:09
◼
►
security for you so that's I highly
00:20:10
◼
►
recommend if you're on Linode and you
00:20:12
◼
►
can spare another 20 bucks a month
00:20:13
◼
►
outsource your your SSL dealing with to
00:20:16
◼
►
a node balancer it's a lot easier and
00:20:19
◼
►
you know but even if you do it yourself
00:20:21
◼
►
you know just keep on top of it there's
00:20:22
◼
►
a there's a Qualis SSL test that you can
00:20:24
◼
►
you can kind of test your site and see
00:20:26
◼
►
how it does on the security thing just
00:20:28
◼
►
you know go test it every few months or
00:20:29
◼
►
whenever you hear any news about it just
00:20:31
◼
►
make sure you're on top of things but or
00:20:33
◼
►
you can just outsource it like I do
00:20:35
◼
►
or you just outsource it and it's a no
00:20:36
◼
►
big deal also for web pages consider
00:20:41
◼
►
using content security policy this is a
00:20:43
◼
►
relatively young web thing it's it's a
00:20:47
◼
►
header you put on on repot on responses
00:20:50
◼
►
CSP or content security policy it's a
00:20:52
◼
►
thing that it's basically a declaration
00:20:55
◼
►
you make in the headers that tells the
00:20:57
◼
►
browser where from what domains and what
00:21:01
◼
►
types of JavaScript and CSS and assets
00:21:04
◼
►
are permitted to be loaded by this page
00:21:06
◼
►
and what this is mostly useful for is to
00:21:10
◼
►
eliminate a whole category of
00:21:12
◼
►
vulnerabilities like cross-site
00:21:14
◼
►
scripting then there's tons of
00:21:16
◼
►
vulnerabilities that this just
00:21:17
◼
►
completely negates for browsers that
00:21:19
◼
►
support it and almost every modern
00:21:20
◼
►
browser will enforce it as far as I know
00:21:22
◼
►
so you know using content security
00:21:24
◼
►
policy with SSL and with HSTs strict
00:21:28
◼
►
Transport Security which will enforce
00:21:29
◼
►
SSL for basically everything for all
00:21:32
◼
►
modern browsers like using those things
00:21:34
◼
►
you are way more secure than the average
00:21:37
◼
►
service and you know Plus you know basic
00:21:39
◼
►
server security as we talked about last
00:21:41
◼
►
week or two weeks ago rather so that is
00:21:44
◼
►
that will get you a huge huge part of
00:21:46
◼
►
the way there and and I mean heck I even
00:21:50
◼
►
in my podcast app I even have SSL
00:21:52
◼
►
certificate pinning which is complete
00:21:54
◼
►
overkill for a podcast app but what that
00:21:57
◼
►
means is it makes it a lot harder for
00:21:59
◼
►
anybody to not only snoop my traffic and
00:22:02
◼
►
break the app that way but also for like
00:22:03
◼
►
for you know creepy middlemen like like
00:22:06
◼
►
when you get on airplane Wi-Fi and it
00:22:07
◼
►
injects ads into everything you see now
00:22:09
◼
►
or you know like it it makes it
00:22:10
◼
►
impossible for those kind of things to
00:22:12
◼
►
interfere with my app and will protect
00:22:13
◼
►
me and it protects my users so it's it
00:22:16
◼
►
things like they seem like overkill if
00:22:18
◼
►
you're just making an app for something
00:22:19
◼
►
basically playing podcasts but in in the
00:22:22
◼
►
modern era this really isn't overkill
00:22:24
◼
►
and it really isn't that hard I think
00:22:26
◼
►
that's the important thing to like a lot
00:22:27
◼
►
of these things like a little goes a
00:22:30
◼
►
long way like just does all these you
00:22:33
◼
►
know best practices and things you're
00:22:34
◼
►
talking about if like the different
00:22:35
◼
►
types of security and the different
00:22:37
◼
►
approaches you can take
00:22:38
◼
►
but doing anything is going to do a lot
00:22:42
◼
►
just to get started with and like if
00:22:43
◼
►
you're gonna do it fair enough do it
00:22:44
◼
►
properly but all of these things like
00:22:47
◼
►
any sigh if you just like you do there's
00:22:49
◼
►
no reason to be sending anything in
00:22:51
◼
►
plain text in like a modern app it's
00:22:54
◼
►
just it just doesn't make sense like
00:22:56
◼
►
maybe media maybe but in general like
00:22:59
◼
►
you missed you just may as well like
00:23:01
◼
►
things are it doesn't make your things
00:23:02
◼
►
slower or a little more expensive or
00:23:04
◼
►
those types of things like it just makes
00:23:06
◼
►
the app better and so if you can do it
00:23:09
◼
►
because you're just trying to minimize
00:23:10
◼
►
the things the directions that people
00:23:12
◼
►
can could you know be mischievous with
00:23:16
◼
►
your application exactly so moving on
00:23:19
◼
►
from now like direct security attacks I
00:23:21
◼
►
want to talk a little bit about spam if
00:23:24
◼
►
your app has any kind of user-generated
00:23:26
◼
►
content that could potentially be
00:23:29
◼
►
exposed to other users of the app or to
00:23:32
◼
►
the public on your website and it's some
00:23:33
◼
►
kind of like top ranked list or most
00:23:35
◼
►
popular content or anything like that
00:23:38
◼
►
that is a potential vector for spam for
00:23:41
◼
►
people to span your site of your service
00:23:42
◼
►
or your app in order to promote their
00:23:44
◼
►
own stuff or deface stuff or make people
00:23:46
◼
►
look at porn or whatever else there's
00:23:48
◼
►
you know so anything where
00:23:50
◼
►
user-generated content could be shown to
00:23:52
◼
►
a larger audience of your apps users you
00:23:55
◼
►
have to be very very careful about these
00:23:58
◼
►
kind of things that become possible it's
00:24:02
◼
►
you know it's one thing to just think oh
00:24:03
◼
►
well I'm gonna make you know suppose
00:24:05
◼
►
suppose you have like in overcast to
00:24:07
◼
►
have a recommendations thing suppose I
00:24:08
◼
►
would I was gonna show on the website
00:24:10
◼
►
top recommended things which I kind of
00:24:12
◼
►
do in the app but I'll get to that you
00:24:15
◼
►
have to think like how could somebody
00:24:16
◼
►
spam this in order to promote their own
00:24:19
◼
►
thing or show inappropriate content or
00:24:22
◼
►
something you know so somehow break it
00:24:24
◼
►
in a way that would be valuable to them
00:24:26
◼
►
or would you know deface the the whole
00:24:28
◼
►
thing and make everyone look bad
00:24:29
◼
►
and you might think oh I can just keep
00:24:31
◼
►
on top I'll just check it every day
00:24:33
◼
►
and I'll delete anything that looks
00:24:34
◼
►
wrong and it'll be fine the fact is you
00:24:37
◼
►
can't and you won't police it yourself
00:24:39
◼
►
like you you that is unless you have a
00:24:42
◼
►
very large dedicated staff doing this
00:24:44
◼
►
around the clock and you know and every
00:24:46
◼
►
different language around the world
00:24:47
◼
►
you're probably not gonna be able to
00:24:49
◼
►
police spam yourself hey you know you
00:24:52
◼
►
can you can look at the big services
00:24:53
◼
►
like like Twitter for instance where
00:24:55
◼
►
spam is a thing and it is not a small
00:24:58
◼
►
deal for a company like Twitter to to
00:25:02
◼
►
try to prevent and eliminate spam as it
00:25:04
◼
►
comes it that takes a huge staff so you
00:25:06
◼
►
probably won't have that luxury
00:25:07
◼
►
so my solution to this is to generally
00:25:11
◼
►
just avoid creating mechanisms that can
00:25:13
◼
►
be spammed so avoid creating global top
00:25:16
◼
►
lists you know any kind of like global
00:25:18
◼
►
rankings most popular lists I don't even
00:25:21
◼
►
have like you can't even review podcasts
00:25:23
◼
►
and overcast you can't like write
00:25:25
◼
►
written user reviews that are shown to
00:25:27
◼
►
anybody else because that's also spam
00:25:29
◼
►
you know promotional problems like
00:25:31
◼
►
defacing and everything legal problems
00:25:33
◼
►
so like just if you can avoid any area
00:25:36
◼
►
that can be spammed if you can't avoid
00:25:39
◼
►
it try to outsource the control that
00:25:42
◼
►
spam or the decision on whether
00:25:43
◼
►
something is spam try to outsource that
00:25:45
◼
►
to some other larger authority so and
00:25:48
◼
►
I'm not I'm not talking about other spam
00:25:50
◼
►
filters I'm not talking about like you
00:25:51
◼
►
know a kismet or anything like that I'm
00:25:52
◼
►
talking about outsourcing it to some
00:25:54
◼
►
other authority that themselves would
00:25:56
◼
►
need to have spam get through in a
00:25:59
◼
►
significant way for it to be a problem
00:26:00
◼
►
for you so an overcast case I use iTunes
00:26:04
◼
►
IDs because iTunes reviews every podcast
00:26:06
◼
►
that goes in and I have never seen spam
00:26:09
◼
►
in the iTunes podcast directory I've
00:26:11
◼
►
seen bad podcast but I've never actually
00:26:13
◼
►
seen like you know what most people
00:26:14
◼
►
consider blatant spam in there and it
00:26:18
◼
►
also helps control like adult content
00:26:19
◼
►
and you know stuff like that because
00:26:20
◼
►
they also look for that so in overcast I
00:26:22
◼
►
won't show a podcast in search results
00:26:25
◼
►
unless I can match it to something in
00:26:26
◼
►
the iTunes directory and if I can't
00:26:29
◼
►
it stays private like you can still
00:26:30
◼
►
enter it by URL but it's not going to be
00:26:32
◼
►
shown to people who weren't looking for
00:26:33
◼
►
it so that basically eliminates any of
00:26:35
◼
►
any problems with spam or poor content
00:26:37
◼
►
and then also for the recommendations
00:26:40
◼
►
side of it I use your Twitter following
00:26:43
◼
►
so the only recommendations you will
00:26:45
◼
►
ever see an overcast are either from
00:26:47
◼
►
people you follow on Twitter so if
00:26:49
◼
►
they're spamming you can unfollow them
00:26:50
◼
►
and it's you know that's that's that's
00:26:52
◼
►
you know so it's either from people you
00:26:54
◼
►
have chosen to follow on Twitter or it's
00:26:56
◼
►
from people if you don't have enough
00:26:58
◼
►
people who you follow on Twitter it's
00:26:59
◼
►
from people who are very popular on
00:27:01
◼
►
Twitter who have tons and tons of
00:27:02
◼
►
followers so the point where it would it
00:27:05
◼
►
would be very very unlikely for any spam
00:27:08
◼
►
to get in that way but for the most part
00:27:10
◼
►
it's based on people you follow only and
00:27:12
◼
►
so that way you know the combination of
00:27:14
◼
►
that plus the iTunes ID filtering means
00:27:17
◼
►
that it's basically impossible for this
00:27:19
◼
►
mechanism to to show spam in a
00:27:22
◼
►
meaningful way and so really the best
00:27:24
◼
►
thing you can do if you have something
00:27:25
◼
►
like this is like design it so that it
00:27:27
◼
►
can't be spammed and if it can be
00:27:29
◼
►
spammed outsource the authority over
00:27:31
◼
►
what a spam to somebody big exactly and
00:27:34
◼
►
I think it's probably a good way to like
00:27:36
◼
►
I personally just avoid situations that
00:27:39
◼
►
user-generated data would ever be shown
00:27:41
◼
►
to someone else like I can't think of an
00:27:44
◼
►
example in any of my my products where I
00:27:46
◼
►
do that like I look at that problem and
00:27:48
◼
►
I'm like that is big scary yes not
00:27:50
◼
►
something I want to touch I just don't
00:27:52
◼
►
and maybe there that means that there
00:27:54
◼
►
are some features in my apps that I
00:27:55
◼
►
could have that would be really cool but
00:27:57
◼
►
I don't but I just decided that you know
00:27:59
◼
►
what it's I'm one person I'm never going
00:28:02
◼
►
to be able to or it's gonna be really
00:28:04
◼
►
hard to stay on top of it so I just
00:28:06
◼
►
don't and that's okay and I think the
00:28:08
◼
►
important thing with like this whole
00:28:10
◼
►
episodes discussion is when you're
00:28:13
◼
►
thinking of that feature like when I've
00:28:14
◼
►
December I'm deciding not to add
00:28:15
◼
►
features that show user-generated
00:28:17
◼
►
content to someone else like the
00:28:19
◼
►
fundamental underlying thing that you
00:28:22
◼
►
have to be thoughtful of is when you're
00:28:23
◼
►
building it you have to be building it
00:28:25
◼
►
with like what's the worst-case scenario
00:28:27
◼
►
in mind yep that it's so easy when
00:28:30
◼
►
you're building something to think of it
00:28:31
◼
►
only from like the cool obvious like the
00:28:34
◼
►
way you would use it perspective but in
00:28:37
◼
►
order for you to have an app that is
00:28:38
◼
►
going to be go with like good for
00:28:40
◼
►
performance for your extreme users or
00:28:42
◼
►
have good security and avoid kind of
00:28:44
◼
►
user you know user-generated content
00:28:46
◼
►
problems you have to always be building
00:28:48
◼
►
it sort of with the worst case in mind
00:28:50
◼
►
and that can be the worst case person
00:28:52
◼
►
the worst case user the worst case
00:28:54
◼
►
device the worst case Network whatever
00:28:57
◼
►
if you build something with the worst
00:28:58
◼
►
case in mind its overall going to be
00:29:01
◼
►
better as a result exactly that's all
00:29:04
◼
►
the time we have this week thank you
00:29:06
◼
►
very much for listening and we will see
00:29:07
◼
►
you next week bye