#35: IcönFactory
00:00:00
◼
►
Hello, and welcome to Developing Perspective, developing perspective as a podcast discussing
00:00:06
◼
►
news of note in iOS, Apple, and Mac development primarily. I'm your host, David Smith. I'm
00:00:11
◼
►
an independent iOS and Mac developer based in Herndon, Virginia. Today is Thursday, February
00:00:16
◼
►
16th, 2012, and this is show number 35.
00:00:19
◼
►
All right, for today's show, I'm going to have a couple of interesting topics. First,
00:00:24
◼
►
to start off with, I'm going to talk about something I released yesterday, which is an
00:00:28
◼
►
open source library for securing contact data in iOS.
00:00:33
◼
►
So if you've been following along with the address book saga, you may be sort of aware
00:00:37
◼
►
that there's been all of this controversy about applications sharing private contact
00:00:42
◼
►
information in their applications in violation of the Apple's terminal service, and it sounds
00:00:47
◼
►
like Apple is going to be starting to treat that data differently as a result of the controversy
00:00:53
◼
►
But the whole thing kind of got me thinking about how difficult it is for developers to
00:00:57
◼
►
to take what you could call industry best practice steps to protect that data in the
00:01:03
◼
►
first place.
00:01:04
◼
►
So for example, a lot of this has to do with both asking and confirming that users would
00:01:10
◼
►
like their contact information used and shared, which is required by the developer terms and
00:01:19
◼
►
agreements as well as also just seems like good common sense.
00:01:23
◼
►
And then, the second thing is using hashing or cryptographic means to ensure the privacy
00:01:30
◼
►
of that data.
00:01:31
◼
►
So if you're trying to do a matching service, you don't actually need to send someone's
00:01:34
◼
►
entire contact book up to your server, you just need to send tokens that represent those
00:01:39
◼
►
addresses, those phone numbers, in a way that you can match later.
00:01:43
◼
►
And so I sat down and it turns out it's very easy to do this.
00:01:47
◼
►
In a couple of hours I was able to write a library that is free and available on GitHub
00:01:51
◼
►
under an MIT license that does this for you.
00:01:54
◼
►
So it takes care of confirmation prompting as well as taking your address book and turning
00:01:59
◼
►
it into tokens for email or phone numbers.
00:02:03
◼
►
So if you're thinking about doing this, have done this, you have no excuse now to not be
00:02:09
◼
►
using these kind of press practices.
00:02:10
◼
►
It was very straightforward.
00:02:11
◼
►
It's like I said, it's out there on GitHub.
00:02:13
◼
►
There'll be a link to it in the show notes.
00:02:16
◼
►
So please, please, if you do anything like this, either look at the code and apply it
00:02:20
◼
►
to your own project or copy it, drop it in, do whatever.
00:02:26
◼
►
But by all means, please take good steps
00:02:28
◼
►
to protect your users' information.
00:02:31
◼
►
All right, our second topic today I'm
00:02:33
◼
►
going to be talking about is just a little trick
00:02:34
◼
►
that I did yesterday that I thought
00:02:36
◼
►
would be worth sharing.
00:02:37
◼
►
And this relates to iTunes Connect,
00:02:39
◼
►
and specifically using services for pulling down your iTunes
00:02:43
◼
►
Connect sales information.
00:02:45
◼
►
So yesterday, I started trying out
00:02:46
◼
►
a service called App Annie, which
00:02:48
◼
►
is a web-based service that pulls your sales reports,
00:02:52
◼
►
pulls them into your account there, does some analytics,
00:02:56
◼
►
graphing, all kinds of fun stuff like that, which is kind of cool and kind of fun.
00:03:00
◼
►
And I was wanting to try it out.
00:03:03
◼
►
But it always makes me nervous when I was giving out my iTunes Connect
00:03:06
◼
►
credentials to a third party, both just from a paranoia perspective,
00:03:11
◼
►
as well as there's things that could go wrong.
00:03:13
◼
►
And the app stores my livelihood.
00:03:15
◼
►
That's what pays my mortgage every month.
00:03:16
◼
►
so it's very important for me that that account and the things going on around that is safe
00:03:25
◼
►
And so what I did is, this is the pro tip part of this, is that you can go into iTunes
00:03:29
◼
►
Connect and you go to the Manage Users area within that you can add a section talking
00:03:36
◼
►
about a new user and you can give that user a role that's just sales.
00:03:41
◼
►
basically that user then can pull your sales reports.
00:03:45
◼
►
I just created a user that's like reports@crossforward.com
00:03:49
◼
►
this user which doesn't really exist, that's an email alias
00:03:53
◼
►
to my account. And basically by doing that, what I allow myself to
00:03:57
◼
►
do is, that's what I tell AppAnnie, that's the credentials.
00:04:01
◼
►
So if that's ever compromised, if they do anything, all anybody could do is
00:04:05
◼
►
get into my iTunes account and pull my sales. Which could be embarrassing I suppose, which could be
00:04:09
◼
►
convenient which is certainly not something that I'd like to happen
00:04:13
◼
►
but overall that's nowhere near as bad or as dangerous or whatever as
00:04:17
◼
►
having someone be able to log into my iTunes account, submit apps under my
00:04:21
◼
►
name, pull apps, delete apps, do all kinds of shenanigans that would just be a
00:04:26
◼
►
nightmare to me.
00:04:28
◼
►
So I just highly recommend if anyone uses one of those services, you know, something like
00:04:31
◼
►
AppAnnie, AppFigures, to some degree AppViz, even though that's a local
00:04:36
◼
►
thing so it's not as big of a deal.
00:04:38
◼
►
but it's just definitely a good idea to kind of create this segregation. It's also
00:04:42
◼
►
something that if you ever have to share
00:04:43
◼
►
accounts with different people,
00:04:46
◼
►
make use of that feature. It's there for a reason that you can create users and
00:04:50
◼
►
sort of create separations of privilege and access in your iTunes
00:04:54
◼
►
account, which if it's important to you,
00:04:57
◼
►
if you're looking for the App Store,
00:04:59
◼
►
you've got to take that stuff seriously.
00:05:01
◼
►
Alright, and then moving on to our last subject. So I was all set to do just a
00:05:05
◼
►
a short show this morning with those kind of topics, and then Apple dropped a big gift
00:05:10
◼
►
in our laps this morning. So they announced 10.8, which is Mountain Lion, and it's got
00:05:17
◼
►
all kinds of fun new features and things. I'm downloading the developer preview right
00:05:21
◼
►
now, and because I haven't actually seen it, it's kind of fun because I can talk with a
00:05:24
◼
►
bit more liberality in terms of I'm not as worried about the NDA stuff because all I
00:05:29
◼
►
know is the stuff that's in the public domain. And so basically, this is coming out this
00:05:34
◼
►
it's going to be kind of the next step in the iOSification of Mac OS, so it brings a lot of better iCloud capabilities.
00:05:43
◼
►
Some of the applications from the iPad and iPhone are going to be brought over to the Mac.
00:05:48
◼
►
And just generally it's kind of that next step in sort of unifying those two together.
00:05:53
◼
►
And I'm kind of excited about it. I mean, as a developer, this is just super exciting.
00:05:59
◼
►
I mean the guy, it's like, if this is what you like, if this is what you do, it's a kid
00:06:03
◼
►
in a candy store.
00:06:04
◼
►
Apple is just saying, hey, here's some new fun stuff, here's some new fun stuff, look
00:06:07
◼
►
at this, learn this, be excited, and I am.
00:06:11
◼
►
And there's some interesting features for developers, I think, going on here.
00:06:15
◼
►
Specifically, there's the new feature called Gatekeeper, and I think this is probably going
00:06:19
◼
►
to be a little bit controversial to some people, but overall, I think it's a great idea.
00:06:24
◼
►
What Gigiuber does is creates a new,
00:06:29
◼
►
it's the next step in this gradual security sandboxing approach
00:06:32
◼
►
that they've been doing in macOS.
00:06:36
◼
►
Where at first they introduced just the Mac App Store,
00:06:38
◼
►
which is a way for people to get a hold of applications
00:06:40
◼
►
in a safe, secure, approved, curated fashion.
00:06:43
◼
►
And then they introduced sandboxing in line,
00:06:47
◼
►
which allows you to secure your applications more strongly.
00:06:49
◼
►
strongly so you'll be able to say you know this application can only do this that and the other
00:06:53
◼
►
and it goes through the review process and increases security and safety there.
00:06:58
◼
►
And now what Gatekeeper does in 10.8 Mountain Lion
00:07:03
◼
►
is allows you to create three levels of applications that is a user configurable setting.
00:07:10
◼
►
The first level it's just like it is now where basically any application file that you have can be run on your computer.
00:07:16
◼
►
period. So it's just like it is now, it's kind of like the Wild West, you can do what you want.
00:07:20
◼
►
Then the next level, and this is what's sort of new,
00:07:24
◼
►
or most interesting and new, is that they're introducing a second level that's in between
00:07:28
◼
►
the Mac App Store and between the Wild West, where developers can become
00:07:32
◼
►
registered and have a signing credentials
00:07:36
◼
►
and certificates that let them identify their applications as safe, good,
00:07:40
◼
►
and sort of not necessarily approved by Apple
00:07:44
◼
►
there's no review process for this, but you're saying
00:07:49
◼
►
you create that identity, it creates a persona behind an application that can be verified.
00:07:51
◼
►
So a developer can say, "I am developer X, and here's my certificate, here's my application,
00:07:55
◼
►
I put it out on the web, you download it and you can run it,
00:08:01
◼
►
and then it will be verified by the Mac OS
00:08:04
◼
►
to make sure that is actually a correctly signed, cryptographically secure application,
00:08:09
◼
►
so you know it's actually coming from them.
00:08:14
◼
►
It's not some malware or something that someone's injected
00:08:16
◼
►
or made it look like, "Hey, here's the new thing from the icon factory,"
00:08:18
◼
►
and it's actually from the iKoon factory.
00:08:21
◼
►
And the iKoon factory is actually stealing all your data, or something like that.
00:08:24
◼
►
So it's a great way to bridge the gap between
00:08:29
◼
►
forcing everybody to be in the Mac App Store
00:08:32
◼
►
and adding that extra level of security,
00:08:34
◼
►
because it also means that if something ever goes wrong
00:08:37
◼
►
and say the icon factory's certificate somehow comes out,
00:08:39
◼
►
compromised or weird things happen.
00:08:42
◼
►
Apple can on there, and there's a revoke the certificate,
00:08:45
◼
►
and then that application won't run for anybody user who
00:08:49
◼
►
has this feature enabled.
00:08:51
◼
►
And by default, I believe that's the setting that it'll have.
00:08:53
◼
►
And then they've also introduced a feature one level farther,
00:08:56
◼
►
where rather than allowing the non-Mac App Store third
00:09:00
◼
►
parties, you can only install applications from the Mac App
00:09:03
◼
►
And this sort of we can call this kind of, I don't know,
00:09:06
◼
►
grandfather mode.
00:09:08
◼
►
where you can set up someone's computer.
00:09:13
◼
►
You buy your parents a new Mac,
00:09:15
◼
►
you hook it,
00:09:18
◼
►
set it up, you enable that,
00:09:19
◼
►
and basically they're safe.
00:09:21
◼
►
There's very few things they could do to mess up
00:09:23
◼
►
their computer, to install things funnily,
00:09:25
◼
►
to get not necessarily viruses,
00:09:28
◼
►
but just mess things up,
00:09:30
◼
►
because the application installation process is managed.
00:09:32
◼
►
Starting next month, all applications are going to be sandboxed
00:09:34
◼
►
in the Mac App Store, so the security's there.
00:09:37
◼
►
And it just kind of creates this great little,
00:09:40
◼
►
you know, kind of ensconces them in security
00:09:42
◼
►
that I think will, A, do good things for people
00:09:45
◼
►
feeling comfortable installing applications more.
00:09:47
◼
►
It's kind of what definitely happened in iOS,
00:09:49
◼
►
where because it's safe to install an application,
00:09:52
◼
►
you know, if anything goes wrong, you just hold on to it.
00:09:54
◼
►
You just sort of hold on to it.
00:09:55
◼
►
It's so it's wiggle, you hit the X, it's gone.
00:09:58
◼
►
And your system is exactly the same.
00:09:59
◼
►
You don't have these weird problems that, you know,
00:10:00
◼
►
it's like on Windows where if you install an application,
00:10:03
◼
►
you never know if you quite cleaned it up or what's going to happen with it.
00:10:08
◼
►
So I think it's a great feature there and I'm looking excited about it.
00:10:11
◼
►
There's a bunch of other stuff that I've been hearing hints and indications
00:10:15
◼
►
in the developer community of fun things under the covers that I look forward to diving into.
00:10:20
◼
►
But once I get into too much of that, I can't talk about it too much because it's usually under an NDA.
00:10:24
◼
►
But bottom line, super exciting time to be a Mac and iOS developer.
00:10:29
◼
►
It's definitely kind of you see they're in the right industry.
00:10:30
◼
►
I mean, you look at, I think about, oh, if I did Windows 8 or all these other platforms
00:10:37
◼
►
that are coming out, you can't imagine Microsoft developing and releasing a new version of
00:10:43
◼
►
the OS every year.
00:10:44
◼
►
And fair enough, it depends on what you call a version.
00:10:47
◼
►
Mountain Lion isn't a major departure from Lion, but still, they're focusing their resources,
00:10:55
◼
►
energy and attention on making this platform amazing and awesome.
00:11:00
◼
►
That is only going to do good things for developers.
00:11:03
◼
►
So that's it for today's show.
00:11:05
◼
►
Like I said, exciting fun things.
00:11:07
◼
►
It's an exciting fun time to be a developer.
00:11:10
◼
►
I'll have some links in the show notes to all these kind of things.
00:11:12
◼
►
As always, if you like the show, please tell a friend, let someone know about it.
00:11:16
◼
►
It's the best thing you can do to support me and keep me motivated to do the show.
00:11:21
◼
►
If you have any questions, comments, feedbacks, thoughts, concerns, please hit me up on Twitter.
00:11:25
◼
►
I'm @_davidsmith, underscore D-A-V-I-D-S-M-I-T-H.
00:11:30
◼
►
I blog at david-smith.org.
00:11:33
◼
►
And otherwise, yeah, have a good day, happy coding, enjoy reading the Mountain Lion release
00:11:37
◼
►
notes, and have a good Thursday.