Under the Radar 16: Designing for Misuse
◼
►
welcome to under the radar a show but
◼
►
independent iOS app development I'm
◼
►
Marco Arment and I'm David Smith under
◼
►
the radar is never longer than 30
◼
►
minutes so let's get started so today I
◼
►
wanted to talk about designing for
◼
►
misuse and and maybe abuse - and maybe
◼
►
some malicious use but you know just
◼
►
general categories of misuse of people
◼
►
trying to use your apps either
◼
►
maliciously or in ways that you didn't
◼
►
intend or consider when you design them
◼
►
and kind of how you can deal with that
◼
►
and how you can mitigate or minimize the
◼
►
the negative effects of that I mean so
◼
►
you you have a number of apps I'm
◼
►
thinking of things like my recipe book
◼
►
or audiobooks even where like somebody
◼
►
could potentially get a ton of data in
◼
►
there like a ton of Records or like a
◼
►
ton of audiobooks or stuff like that
◼
►
like like do you when you design things
◼
►
do you account for like very very heavy
◼
►
users who might be using the app to do
◼
►
or store way more than you designed it
◼
►
for I it's something i've definitely
◼
►
didn't do or what initially and had
◼
►
since have to had to learn a lot of
◼
►
lessons about doing like in preparation
◼
►
of this episode i took a look in my
◼
►
recipe sink system and i found I was
◼
►
like wonder how many recipes the biggest
◼
►
users have and the biggest user has 13
◼
►
thousand recipes like god in their in
◼
►
their sink account and they use the app
◼
►
how I also checked how often like are
◼
►
they actually still using it and it's
◼
►
like their last their the data their
◼
►
last one yesterday so they are still
◼
►
using it with 13 thousand recipes and I
◼
►
did not in any way design the app to
◼
►
scale for two thirteen thousand recipes
◼
►
so it's something that I've had to learn
◼
►
and I'll get the support requests from
◼
►
people who are like why won't it just
◼
►
like you know the sink seems really slow
◼
►
and I go and check their account and
◼
►
they have even if not the 13 thousand
◼
►
but even like two or three thousand
◼
►
recipes and I'm like yeah that's that's
◼
►
gonna be tough on an iPad 2 - so just
◼
►
move that amount of data around and
◼
►
quickly search it and things that I mean
◼
►
the numbers aren't massive in and of
◼
►
themselves but I think like you're
◼
►
saying it's you have to design your app
◼
►
and be adaptive to it
◼
►
in that way or otherwise the things just
◼
►
fall down horribly because like your apt
◼
►
if your app doesn't you know sort of
◼
►
scale well or gracefully it's gonna kind
◼
►
of fall apart and so now when I'm doing
◼
►
these kinds of things I always have to
◼
►
think in the back of my mind like how
◼
►
this it's not even how many how many
◼
►
records or how many entries could
◼
►
someone reasonably have it's like how
◼
►
many records could someone unreasonably
◼
►
have what is what like what's the limit
◼
►
here beyond which it would be completely
◼
►
impractical for them to even get there
◼
►
and it's also probably worth saying like
◼
►
that person who has 13 thousand recipes
◼
►
like they've been at inter entering into
◼
►
the system into the system for the think
◼
►
three years now like they've been using
◼
►
the app for three years and so even like
◼
►
you have to keep in mind that you things
◼
►
will just gradually grow and extend over
◼
►
time that it's not even just oh
◼
►
someone's being silly and just like
◼
►
creating a million entries in my system
◼
►
it's like no they could just use it a
◼
►
lot and over the course of several years
◼
►
because hopefully your app will be
◼
►
around for several years it'll get to a
◼
►
point that things are way beyond what
◼
►
you may have originally thought or
◼
►
expected oh yeah I mean like you know
◼
►
and this isn't that unreasonable of a
◼
►
thing to I could from the user point of
◼
►
view like you might you might think as a
◼
►
user oh I'm using everything as design
◼
►
but like there there's probably like one
◼
►
or two things in your in your setup
◼
►
either the apps you use or maybe like a
◼
►
giant folder on your computer or some
◼
►
giant database you have like oh I happen
◼
►
to have I happen to be a Musical actor
◼
►
and have like a hundred thousand mp3s or
◼
►
happen to have a lot of photos or
◼
►
whatever else like almost everybody has
◼
►
the extremes of something you know like
◼
►
like we like I our friend Merlin man
◼
►
over it back to work has often talked
◼
►
about his trouble finding Dropbox text
◼
►
file markdown editors because like that
◼
►
whole category of app so there's a
◼
►
million of on the app store to edit
◼
►
Dropbox note text files because he has
◼
►
like thousands of them because he uses
◼
►
them in all sorts of ways that a lot of
◼
►
people don't consider or don't think of
◼
►
and a lot of times like he try out a new
◼
►
app and it'll just crash or it'll be a
◼
►
searching will be impossibly slow or
◼
►
something you know this this happens a
◼
►
lot like almost everybody has like one
◼
►
thing where they are pushing the bounds
◼
►
with overcast I have users that first
◼
►
started reporting like slow sync issues
◼
►
and I would get I dig in with them and I
◼
►
find out that they would have like 150
◼
►
podcast subscriptions and so most people
◼
►
have trouble keeping up with 3 to 5
◼
►
podcasts every week and this guy has 150
◼
►
but he's using them you know he's using
◼
►
the app like I'm not gonna like that's
◼
►
that's that's the you know that's these
◼
►
people's prerogative if they want to use
◼
►
the app that way if it's not like
◼
►
malicious against you in any way what's
◼
►
the problem so you know you have to
◼
►
design for these kind of extremes and
◼
►
yet to test for them like you'd be
◼
►
surprised like how how how quickly
◼
►
either your app or your server the
◼
►
server side process if you're syncing
◼
►
them to a server or dealing with server
◼
►
anyway how quickly you can hit memory
◼
►
limits because like a lot of these like
◼
►
like you know my back-end is all PHP and
◼
►
yes make fun of it as much as you want
◼
►
but almost every language that has on
◼
►
the server side some kind of memory
◼
►
limit that you can configure often it's
◼
►
set by default to something you know
◼
►
right in like the hundreds of megabytes
◼
►
usually at most so you know you might
◼
►
have like a PHP process might be able to
◼
►
max out it like 32 Meg's or 128 Meg's
◼
►
something in that range well if somebody
◼
►
has like 10,000 items that you're trying
◼
►
to sync and the server is trying to deal
◼
►
with that you actually might hit that
◼
►
like depending on the design of your
◼
►
similarly on I on iOS like if you're
◼
►
trying to read all those records into
◼
►
memory to do some kind of batch
◼
►
operation or some kind of inefficient
◼
►
counting or something like that if
◼
►
you're if you have your own custom data
◼
►
interaction layer here and you are
◼
►
dealing with 10,000 records 100,000
◼
►
records and an app that you designed to
◼
►
have a few hundred records you might
◼
►
blow the memory limit on the iOS device
◼
►
and the app might get killed or crash so
◼
►
this is you know this is pretty pretty
◼
►
important stuff to at least deal with
◼
►
gracefully or as gracefully as you can
◼
►
you know your app should at least not
◼
►
crash you know if a heavy user uses it
◼
►
and so you should be as much as much as
◼
►
it's possible to you should be testing
◼
►
for this like if you have an app with
◼
►
any kind of user login system have a
◼
►
user that has you know way more content
◼
►
or data or records then you think is
◼
►
normal or that you even think anybody
◼
►
would ever have you know like I like
◼
►
during the velopment of breadth of
◼
►
vesper our friend Brent Simmons was was
◼
►
blogging here and there about how like
◼
►
they had a test data that was like
◼
►
thousands of notes and they knew that
◼
►
almost nobody would ever take thousands
◼
►
and thousands of notes but they wanted
◼
►
to make sure the app worked well and
◼
►
didn't crash and hopefully was fast and
◼
►
was still actually good and functional
◼
►
with way more data than they expected so
◼
►
like you know first first priority don't
◼
►
break you know don't crash don't make
◼
►
the UI like break in weird ways like
◼
►
it's like something overflowing it's
◼
►
bound or rendering in the wrong spot
◼
►
because like some assumption was broken
◼
►
but how long something would be and and
◼
►
noticeably so there's many strategies
◼
►
for this that it you know beyond the
◼
►
scope of this episode but you know
◼
►
generally you want to you know you want
◼
►
to have some kind of database back in
◼
►
you know not like a P list with 10,000
◼
►
entries in it like you want to have some
◼
►
kind of database if you use core data it
◼
►
will do a lot of this for you especially
◼
►
if you use like the the fetch results
◼
►
controller is right because it you use
◼
►
those here and there right yeah and then
◼
►
they handle that's how most of this gets
◼
►
done in my ABS it's like rely on
◼
►
problems that were solved at a different
◼
►
level like because core data was
◼
►
designed to scale from like 10 records
◼
►
to ten thousand or ten million records
◼
►
like it's intended to be able to do that
◼
►
and so if you use it that way you know
◼
►
it does all the nice batching for you
◼
►
and only pulling in like pointers to
◼
►
things rather than to hold their whole
◼
►
contents initially and all that kind of
◼
►
stuff like if you do it thoughtfully in
◼
►
that way then you know a lot of this
◼
►
work can sort of be done for you or at
◼
►
least the first pass at this kind of
◼
►
work can be done for you exactly so you
◼
►
know generally you know don't break
◼
►
under heavy usage like this if you can
◼
►
help it and then try it to slow down and
◼
►
so you know use this as appropriate make
◼
►
sure you know watch your memory limits
◼
►
it helps to like you know if you can run
◼
►
some testing where you can go into
◼
►
instruments and watch memory usage of
◼
►
your app and like see how it changes if
◼
►
somebody has ten rows versus ten
◼
►
thousand rows and you know the it should
◼
►
not be going up linearly with the amount
◼
►
of data that's being stored in your app
◼
►
you know your your your in memory set
◼
►
should not be scaling up your you know
◼
►
your on disk set obviously could but you
◼
►
know in memory should not so you know
◼
►
beyond the technical side of making sure
◼
►
and you know again that's not a small
◼
►
thing but if you be on the technical
◼
►
side of things there are things you can
◼
►
do in the design of the app to kind of
◼
►
help make this manageable for people and
◼
►
help help yourself out too with like the
◼
►
amount of load that you're placing on
◼
►
various parts of it and you know how
◼
►
something might break so well I think
◼
►
one of the one of the staples of iOS app
◼
►
usability and design is the table view
◼
►
you know the table view first of all
◼
►
it's designed in such a way especially
◼
►
when paired with core data or an
◼
►
intelligent other layer it's designed in
◼
►
such a way that it can scale
◼
►
ridiculously well we know when you
◼
►
combine the the way the cells are reused
◼
►
and only certain amounts of data or page
◼
►
combine that with like the the
◼
►
estimations of cell Heights and the
◼
►
estimations of sections and numbers of
◼
►
things in sections and then you have
◼
►
like the the like first letter on the
◼
►
right side like and like in the phone
◼
►
contacts app you have like the letter
◼
►
jumping on the side where you can sort
◼
►
and that's also by the way helpful in
◼
►
different languages that you don't
◼
►
support use apples please just use
◼
►
apples thing and you'll be mostly okay
◼
►
you know stuff like that having like
◼
►
easy navigation intelligent sorting of
◼
►
long lists like you know you might have
◼
►
a list in your app that's sorted
◼
►
chronologically if there's no way to
◼
►
sort it alphabetically and somebody
◼
►
might have 10,000 items that might be
◼
►
problematic you know if it likes think
◼
►
about like how you're how you're sorting
◼
►
in your app works and if there's
◼
►
anything you can do in the design the UI
◼
►
design of the app to make it less
◼
►
cumbersome or impossible to use for
◼
►
somebody who is in your opinion grossly
◼
►
over using it or grossly over filling it
◼
►
because that will happen there will be
◼
►
good reasons for it and you know if
◼
►
possible don't break under that right
◼
►
and so other things also in that and in
◼
►
that category would involve Search
◼
►
Search is a big one here you know any
◼
►
kind of local search you can offer that
◼
►
doesn't use a server is is easy first of
◼
►
all almost every database supports
◼
►
sequel Lite supports it you know you can
◼
►
just write your own dumb one if you
◼
►
really want to but please use a search
◼
►
index it's much easier like using stuff
◼
►
like that can really help people who
◼
►
have tons and tons of of entries can
◼
►
really help them find their data and use
◼
►
your app and with search like you know
◼
►
the way it works with like basically a
◼
►
whole bunch of binary tree
◼
►
and everything like you can you could
◼
►
make a vast number of Records accessible
◼
►
via search without a ton of work and
◼
►
without a ton of CPU time being spent so
◼
►
you know if there's any possibility of
◼
►
somebody having a ton of data in your
◼
►
app offer a search if it makes sense to
◼
►
because it really does its ski it lets
◼
►
your apps scale well because all of this
◼
►
was really talking about app scaling
◼
►
it's like you know in kind of in the in
◼
►
the way that you know website scaling is
◼
►
really talking about like number of
◼
►
users or amount of traffic AB scaling
◼
►
for one person in this case is like
◼
►
talking about the amount of data they
◼
►
might store in your app and what kind of
◼
►
technical and organizational challenges
◼
►
that will present exactly and the nice
◼
►
thing too is that most of these changes
◼
►
these improvements these ways of like
◼
►
looking at your app at high usage
◼
►
whatever that might need mean for your
◼
►
app will almost always make it better
◼
►
for the typical case that like you avoid
◼
►
the like if your app does get Linney
◼
►
linearly worse every time the user adds
◼
►
a record like that's incredibly
◼
►
problematic when you have 10,000 records
◼
►
but it means that every single time the
◼
►
user is using the app they're making it
◼
►
slightly worse for themselves like
◼
►
that's your discouraging use yeah like
◼
►
what you want is to make sure that you
◼
►
know your app scales gracefully in this
◼
►
way but mostly because then that means
◼
►
that it's probably gonna be a lot better
◼
►
for you know your typical user like and
◼
►
obviously that's nothing you want to
◼
►
keep in the back of your mind that you
◼
►
don't want to be making changes that are
◼
►
only beneficial if you have 10,000 users
◼
►
or 10,000 records because very few users
◼
►
are gonna have that and so if it makes
◼
►
your app way more complicated then
◼
►
that's probably not good but looking at
◼
►
it in these ways you get these benefits
◼
►
I mean it's like you were saying with
◼
►
like UI tableview is really efficient
◼
►
and UI tableview is designed like for
◼
►
the original iPhone like as far as I
◼
►
know it's like that was built into you
◼
►
know iPhone OS 1 when things were
◼
►
incredibly constrained and tight and it
◼
►
made the an OS you know where a lot of
◼
►
things are just scrolling lists really
◼
►
perform it in powerful and so then as
◼
►
devices got more capable it got even
◼
►
better and in the same way it's like if
◼
►
you are designing things so that they
◼
►
work when things are constrained in this
◼
►
case when they were constrained by
◼
►
having large numbers of things when you
◼
►
aren't constrained in that way suddenly
◼
►
everything's just better and faster and
◼
►
in the a--probably instantaneous for
◼
►
most of your users like if things only
◼
►
take a few seconds for your extreme
◼
►
users they're probably gonna be if you
◼
►
know instantaneous or you know momentary
◼
►
for your typical user and that's what
◼
►
you want and like that this exercise is
◼
►
helpful in that way of looking at your
◼
►
app and saying well where could I make
◼
►
this better like an easy obvious case
◼
►
it's just to say like well let me throw
◼
►
way more things into it than I need and
◼
►
see where I can make it better as a
◼
►
result exactly and you know and you're
◼
►
like you mentioned like you know trying
◼
►
to optimize for typical use you know
◼
►
versus versus the the kind of extremes
◼
►
and the fact is like when you're when
◼
►
you're talking about adding any kind of
◼
►
organizational system something like I'm
◼
►
thinking like you know like like one
◼
►
level of folders or tags which are
◼
►
basically folders like you know one
◼
►
level of organization to like abstract
◼
►
something away that can go a long way
◼
►
like if you have an app where people
◼
►
might often have more than about you
◼
►
know 20 to 50 records like they might
◼
►
want some kind of way to organize that
◼
►
and like having just one level of folder
◼
►
hierarchy could also scale to 10,000
◼
►
items fairly well like you don't have
◼
►
like a little goes a long way here you
◼
►
don't really have to go overboard with a
◼
►
cup with accommodating for these things
◼
►
in the UI because you know the the high
◼
►
end users any little bit will help them
◼
►
tremendously and it won't put too much
◼
►
of a burden on regular users exactly and
◼
►
obviously these are all like these are
◼
►
the kinds of things we're talking about
◼
►
are in the good case where things are
◼
►
people are using your app in the way
◼
►
that you intended it and just using it a
◼
►
lot but obviously they also they could
◼
►
talk use there could be problems that
◼
►
you could run into on the malicious side
◼
►
and we're about to talk about that
◼
►
before we do could you tell me about
◼
►
something that's awesome we are
◼
►
sponsored this week by dev mate go to
◼
►
dev mate dot-com slash radar to learn
◼
►
more dev mate is a single SDK with a set
◼
►
of advanced back-end features for Mac
◼
►
developers that allows them to easily
◼
►
integrate in app purchasing software
◼
►
licensing auto-updates crash reports
◼
►
user feedback and more
◼
►
all four Mac apps without being in the
◼
►
Mac App Store this is very useful stuff
◼
►
if you're a Mac developer because you
◼
►
don't have to handle all these things
◼
►
for you know all manually for yourself
◼
►
plus all the analytics for your app with
◼
►
sales and downloads are all available
◼
►
real time in dev mate's dashboard that's
◼
►
real-time sales analytics data Mac paw
◼
►
are very excited to announce that dev
◼
►
mates of rich functionality is now free
◼
►
for all and is instantly accessible
◼
►
after integration magpie use these tools
◼
►
themselves to help them build their own
◼
►
apps include and CleanMyMac and you
◼
►
can't and you can take a look at on
◼
►
their site to see examples than many
◼
►
other developers that also rely on dev
◼
►
mate there's some big names there these
◼
►
days more and more developers are eager
◼
►
to sell outside the Mac App Store having
◼
►
dev mate as an ultimate solution for
◼
►
independent OS 10 development is a great
◼
►
place to start you can find out more
◼
►
right now by going to dev mate comm
◼
►
slash radar once again that's dev mate
◼
►
comm slash radar if you're a Mac
◼
►
developer you got to check this out
◼
►
thank you very much to dev mate for
◼
►
under-the-radar and all of real EFM all
◼
►
right so obviously if you you know
◼
►
people are just putting lots of data in
◼
►
your app like that's not really
◼
►
problematic it could be problematic if
◼
►
rep distance and a lit well but there's
◼
►
also cases where rather than just your
◼
►
users using the app and a positive like
◼
►
they just love it you know like this
◼
►
person just really loves baking and
◼
►
wants to put 13,000 recipes in their
◼
►
city and there's in in my sink system
◼
►
there can also be taking cases
◼
►
especially as your hep cats
◼
►
attention or popular or you get
◼
►
attention or become popular where people
◼
►
might want to misuse your application
◼
►
for whatever reason or in whatever way
◼
►
and so it's kind of important that you
◼
►
also think about it from those
◼
►
perspectives of what's the worst that
◼
►
people could do what could people be
◼
►
doing with my app with my back-end you
◼
►
know if someone ran like a Wireshark
◼
►
application and looked at all the
◼
►
network traffic between my app and my
◼
►
server are there things that I wouldn't
◼
►
want them to know or be able operations
◼
►
that they could do that would really
◼
►
hurt me and you kind of have to start
◼
►
thinking through these basic security
◼
►
things in order to make sure that your
◼
►
app is going to be stable and worthwhile
◼
►
and and also like in the same kind of
◼
►
way we were saying before
◼
►
if you do these things it can prevent
◼
►
misuse but it also will probably make
◼
►
basic use better because then your app
◼
►
is more secure your users data is more
◼
►
secure things are more reliable and so
◼
►
it does take a bit of work and a bit of
◼
►
thoughtfulness but these are things that
◼
►
are kind of basic things that are
◼
►
probably important if you want to get
◼
►
into any kind of thing that you stores
◼
►
or uses users data oh yeah and you know
◼
►
like when you have any kind of you know
◼
►
if you just have a local app that has no
◼
►
web component that you at least that you
◼
►
run but you know it if you just have a
◼
►
local app there's only so much user can
◼
►
do to to hurt anyone else or you using
◼
►
the app but as soon as you have a
◼
►
service behind it or especially like a
◼
►
web interface there there are so much
◼
►
that people can do that you know the
◼
►
good thing is that web security is a
◼
►
pretty well-known field at this point I
◼
►
mean it's not solved it's not flawless
◼
►
but you know the the major categories of
◼
►
danger are well-known and many of them
◼
►
can be avoided you know without too much
◼
►
work these days because we you know
◼
►
we've had a long time to work on web
◼
►
security and so like you know like one
◼
►
of the basics is obviously to use SSL
◼
►
you know if you have any kind of API the
◼
►
running over HTTP use SSL this is not
◼
►
difficult these days in fact one tip
◼
►
I've come across recently is so I host
◼
►
all my stuff on Linode and they have
◼
►
these things called node balancers we're
◼
►
just like their own like kind of managed
◼
►
to load balancing things for 20 bucks a
◼
►
month and so I use I use node balance
◼
►
here is not only for load balancing but
◼
►
even when I only have one server behind
◼
►
them I use the node bouncer for SSL
◼
►
decryption and also to be kind of a
◼
►
front-end because then the actual IP of
◼
►
the machine is not you know being
◼
►
directly exposed to the users and also
◼
►
that is handling all the SSL decryption
◼
►
for me so that and and Linode keeps
◼
►
these maintaining keep C's updated so
◼
►
that whenever SSL changes whenever like
◼
►
people discover oh this old ciphers
◼
►
actually actually has a weakness that we
◼
►
did that we just learned about so nobody
◼
►
should use that everyone should upgrade
◼
►
to TLS one point whatever or do you know
◼
►
disabled a certain cipher or anything
◼
►
they do all that for you so you are
◼
►
always kept on top of it you just paste
◼
►
it in your certificate in your key into
◼
►
their admin panel and then your server
◼
►
HTTP to the load balancer and the load
◼
►
balancer to the node balancer excuse me
◼
►
the node balancer then is handling all
◼
►
security for you so that's I highly
◼
►
recommend if you're on Linode and you
◼
►
can spare another 20 bucks a month
◼
►
outsource your your SSL dealing with to
◼
►
a node balancer it's a lot easier and
◼
►
you know but even if you do it yourself
◼
►
you know just keep on top of it there's
◼
►
a there's a Qualis SSL test that you can
◼
►
you can kind of test your site and see
◼
►
how it does on the security thing just
◼
►
you know go test it every few months or
◼
►
whenever you hear any news about it just
◼
►
make sure you're on top of things but or
◼
►
you can just outsource it like I do
◼
►
or you just outsource it and it's a no
◼
►
big deal also for web pages consider
◼
►
using content security policy this is a
◼
►
relatively young web thing it's it's a
◼
►
header you put on on repot on responses
◼
►
CSP or content security policy it's a
◼
►
thing that it's basically a declaration
◼
►
you make in the headers that tells the
◼
►
browser where from what domains and what
◼
►
types of JavaScript and CSS and assets
◼
►
are permitted to be loaded by this page
◼
►
and what this is mostly useful for is to
◼
►
eliminate a whole category of
◼
►
vulnerabilities like cross-site
◼
►
scripting then there's tons of
◼
►
vulnerabilities that this just
◼
►
completely negates for browsers that
◼
►
support it and almost every modern
◼
►
browser will enforce it as far as I know
◼
►
so you know using content security
◼
►
policy with SSL and with HSTs strict
◼
►
Transport Security which will enforce
◼
►
SSL for basically everything for all
◼
►
modern browsers like using those things
◼
►
you are way more secure than the average
◼
►
service and you know Plus you know basic
◼
►
server security as we talked about last
◼
►
week or two weeks ago rather so that is
◼
►
that will get you a huge huge part of
◼
►
the way there and and I mean heck I even
◼
►
in my podcast app I even have SSL
◼
►
certificate pinning which is complete
◼
►
overkill for a podcast app but what that
◼
►
means is it makes it a lot harder for
◼
►
anybody to not only snoop my traffic and
◼
►
break the app that way but also for like
◼
►
for you know creepy middlemen like like
◼
►
when you get on airplane Wi-Fi and it
◼
►
injects ads into everything you see now
◼
►
or you know like it it makes it
◼
►
impossible for those kind of things to
◼
►
interfere with my app and will protect
◼
►
me and it protects my users so it's it
◼
►
things like they seem like overkill if
◼
►
you're just making an app for something
◼
►
basically playing podcasts but in in the
◼
►
modern era this really isn't overkill
◼
►
and it really isn't that hard I think
◼
►
that's the important thing to like a lot
◼
►
of these things like a little goes a
◼
►
long way like just does all these you
◼
►
know best practices and things you're
◼
►
talking about if like the different
◼
►
types of security and the different
◼
►
approaches you can take
◼
►
but doing anything is going to do a lot
◼
►
just to get started with and like if
◼
►
you're gonna do it fair enough do it
◼
►
properly but all of these things like
◼
►
any sigh if you just like you do there's
◼
►
no reason to be sending anything in
◼
►
plain text in like a modern app it's
◼
►
just it just doesn't make sense like
◼
►
maybe media maybe but in general like
◼
►
you missed you just may as well like
◼
►
things are it doesn't make your things
◼
►
slower or a little more expensive or
◼
►
those types of things like it just makes
◼
►
the app better and so if you can do it
◼
►
because you're just trying to minimize
◼
►
the things the directions that people
◼
►
can could you know be mischievous with
◼
►
your application exactly so moving on
◼
►
from now like direct security attacks I
◼
►
want to talk a little bit about spam if
◼
►
your app has any kind of user-generated
◼
►
content that could potentially be
◼
►
exposed to other users of the app or to
◼
►
the public on your website and it's some
◼
►
kind of like top ranked list or most
◼
►
popular content or anything like that
◼
►
that is a potential vector for spam for
◼
►
people to span your site of your service
◼
►
or your app in order to promote their
◼
►
own stuff or deface stuff or make people
◼
►
look at porn or whatever else there's
◼
►
you know so anything where
◼
►
user-generated content could be shown to
◼
►
a larger audience of your apps users you
◼
►
have to be very very careful about these
◼
►
kind of things that become possible it's
◼
►
you know it's one thing to just think oh
◼
►
well I'm gonna make you know suppose
◼
►
suppose you have like in overcast to
◼
►
have a recommendations thing suppose I
◼
►
would I was gonna show on the website
◼
►
top recommended things which I kind of
◼
►
do in the app but I'll get to that you
◼
►
have to think like how could somebody
◼
►
spam this in order to promote their own
◼
►
thing or show inappropriate content or
◼
►
something you know so somehow break it
◼
►
in a way that would be valuable to them
◼
►
or would you know deface the the whole
◼
►
thing and make everyone look bad
◼
►
and you might think oh I can just keep
◼
►
on top I'll just check it every day
◼
►
and I'll delete anything that looks
◼
►
wrong and it'll be fine the fact is you
◼
►
can't and you won't police it yourself
◼
►
like you you that is unless you have a
◼
►
very large dedicated staff doing this
◼
►
around the clock and you know and every
◼
►
different language around the world
◼
►
you're probably not gonna be able to
◼
►
police spam yourself hey you know you
◼
►
can you can look at the big services
◼
►
like like Twitter for instance where
◼
►
spam is a thing and it is not a small
◼
►
deal for a company like Twitter to to
◼
►
try to prevent and eliminate spam as it
◼
►
comes it that takes a huge staff so you
◼
►
probably won't have that luxury
◼
►
so my solution to this is to generally
◼
►
just avoid creating mechanisms that can
◼
►
be spammed so avoid creating global top
◼
►
lists you know any kind of like global
◼
►
rankings most popular lists I don't even
◼
►
have like you can't even review podcasts
◼
►
and overcast you can't like write
◼
►
written user reviews that are shown to
◼
►
anybody else because that's also spam
◼
►
you know promotional problems like
◼
►
defacing and everything legal problems
◼
►
so like just if you can avoid any area
◼
►
that can be spammed if you can't avoid
◼
►
it try to outsource the control that
◼
►
spam or the decision on whether
◼
►
something is spam try to outsource that
◼
►
to some other larger authority so and
◼
►
I'm not I'm not talking about other spam
◼
►
filters I'm not talking about like you
◼
►
know a kismet or anything like that I'm
◼
►
talking about outsourcing it to some
◼
►
other authority that themselves would
◼
►
need to have spam get through in a
◼
►
significant way for it to be a problem
◼
►
for you so an overcast case I use iTunes
◼
►
IDs because iTunes reviews every podcast
◼
►
that goes in and I have never seen spam
◼
►
in the iTunes podcast directory I've
◼
►
seen bad podcast but I've never actually
◼
►
seen like you know what most people
◼
►
consider blatant spam in there and it
◼
►
also helps control like adult content
◼
►
and you know stuff like that because
◼
►
they also look for that so in overcast I
◼
►
won't show a podcast in search results
◼
►
unless I can match it to something in
◼
►
the iTunes directory and if I can't
◼
►
it stays private like you can still
◼
►
enter it by URL but it's not going to be
◼
►
shown to people who weren't looking for
◼
►
it so that basically eliminates any of
◼
►
any problems with spam or poor content
◼
►
and then also for the recommendations
◼
►
side of it I use your Twitter following
◼
►
so the only recommendations you will
◼
►
ever see an overcast are either from
◼
►
people you follow on Twitter so if
◼
►
they're spamming you can unfollow them
◼
►
and it's you know that's that's that's
◼
►
you know so it's either from people you
◼
►
have chosen to follow on Twitter or it's
◼
►
from people if you don't have enough
◼
►
people who you follow on Twitter it's
◼
►
from people who are very popular on
◼
►
Twitter who have tons and tons of
◼
►
followers so the point where it would it
◼
►
would be very very unlikely for any spam
◼
►
to get in that way but for the most part
◼
►
it's based on people you follow only and
◼
►
so that way you know the combination of
◼
►
that plus the iTunes ID filtering means
◼
►
that it's basically impossible for this
◼
►
mechanism to to show spam in a
◼
►
meaningful way and so really the best
◼
►
thing you can do if you have something
◼
►
like this is like design it so that it
◼
►
can't be spammed and if it can be
◼
►
spammed outsource the authority over
◼
►
what a spam to somebody big exactly and
◼
►
I think it's probably a good way to like
◼
►
I personally just avoid situations that
◼
►
user-generated data would ever be shown
◼
►
to someone else like I can't think of an
◼
►
example in any of my my products where I
◼
►
do that like I look at that problem and
◼
►
I'm like that is big scary yes not
◼
►
something I want to touch I just don't
◼
►
and maybe there that means that there
◼
►
are some features in my apps that I
◼
►
could have that would be really cool but
◼
►
I don't but I just decided that you know
◼
►
what it's I'm one person I'm never going
◼
►
to be able to or it's gonna be really
◼
►
hard to stay on top of it so I just
◼
►
don't and that's okay and I think the
◼
►
important thing with like this whole
◼
►
episodes discussion is when you're
◼
►
thinking of that feature like when I've
◼
►
December I'm deciding not to add
◼
►
features that show user-generated
◼
►
content to someone else like the
◼
►
fundamental underlying thing that you
◼
►
have to be thoughtful of is when you're
◼
►
building it you have to be building it
◼
►
with like what's the worst-case scenario
◼
►
in mind yep that it's so easy when
◼
►
you're building something to think of it
◼
►
only from like the cool obvious like the
◼
►
way you would use it perspective but in
◼
►
order for you to have an app that is
◼
►
going to be go with like good for
◼
►
performance for your extreme users or
◼
►
have good security and avoid kind of
◼
►
user you know user-generated content
◼
►
problems you have to always be building
◼
►
it sort of with the worst case in mind
◼
►
and that can be the worst case person
◼
►
the worst case user the worst case
◼
►
device the worst case Network whatever
◼
►
if you build something with the worst
◼
►
case in mind its overall going to be
◼
►
better as a result exactly that's all
◼
►
the time we have this week thank you
◼
►
very much for listening and we will see