Android – Root or wait?

For my Android needs, I currently have an Galaxy Tab 2 (10 inch). It is running Android 4.2.1 and I have been wanting to install the latest version of Android, but Samsung has yet to roll the update out for my device. I have read that they are rolling it out around the world, but those reports tend to be a bit confusing. I could root the device and do the update myself, but due to my day job’s policy at IBM this is prohibited on any device that accesses my corporate resources. I currently use the Tab 2 to get my corporate email and instant messaging (using Lotus Traveler and Lotus Sametime for Android). I had these both on my iPhone and iPad, but since, as a developer, I tend to run pre-released and unsupported operating systems I decided to only run corporate software on my Android device.

I guess I could buy another Tab, perhaps the 7 inch, and another iPad (perhaps the mini) and only do upgrades on one device, keeping one device in compliance with corporate policies. What do you think? Do you invest in multiple devices for all of your development environments? One for personal/development use, and one for production use?

Apple finishes update to Developer Portal

Last night, as I was checking my email before going to bed, I got a note from Apple that their replace/rebuild of the Developer portal had been completed and all services are working again.  Great news, and hopefully Apple has addressed, not only the security flaws identified by the Turkish researcher, but any fundamental design flaws which could expose other security issues going forward.

The biggest lessons I’ve learned from watching this all unfold is – security is hard.  Steve Gibson (from Spinrite fame) has been recording a long running podcast on security called “Security Now“.  He spends 2 hours, each week, going thru all the latest info on security patches, and describing the underlying design and technology of various protocols, etc. which shows how much you need to know to make truly secure applications.

Years ago, when I was working as a consultant, I wrote a Human Resources system for a home health care management company.  I was asked to make sure that we had an appropriate level of security and could segregate data between managed companies via passwords.  The design was simple.  Within the application, you had to enter a unique company identifier and password for each company’s data.  Simple and somewhat effective, given that the entire application and all of its data resided on a midrange computer that could only be accessed within the companies physical boundaries.  Within 1 month of the application going live, every monitor within the HR department had a nicely printed sticker listing the company identifier and the password for each.  So much for security.

The reason I bring this up is to identify how technology is only as secure as its weakest link.  Kevin Mitnick, shows us in his biography – Ghost in the Wires, that the best hacks are really around social engineering and not technology.  Even Mat Honan’s famous twitter / gmail / icloud hack, was much more a social engineering issue than a technology flaw.

If you are storing sensitive data (however you define sensitive), what are you doing to make your application secure, with out distracting from its functionality?

iOS7 Adoption amongst Developers

I recently posted a blog entry about upgrading your app, if you should support past versions of iOS or Android. So imagine my delight when I saw this post – Majority of Developers working on iOS7 Updates. A study shows that 52% of iOS developers plan on making their apps require iOS7 and drop support for prior version of iOS. I think this is great. The many new features that are being talked about in IOS7 show that these features are the ones that developers have been waiting for. Features like better multi-tasking and improved screen layout to address multiple screen sizes have all been a long time coming, and I expect that if iOS7 is adopted quickly by consumers, that number of apps that become iOS7 only will quickly go above 70%.

What do you think?

Security and will Monday see another iOS Beta?

Prior to the security issues on Apple’s site over a week ago, Apple had been on a bi-weekly cadence for iOS and OS X beta releases.  Last Monday, (July 22nd) the developer portal was down while Apple rebuilt the site to address the security issues no iOS beta was reported to be released.  With less than 24 hours to go, will they be in a position to release a beta tomorrow?  What is the impact to the overall release schedule of iOS?  What do you think?

I am hoping that the major progress we’ve seen in the last week on bringing the site back online (while still not complete, many of components are up as of this posting), has allowed Apple to focus back on working on iOS and Mavericks.  Perhaps there are some lessons in all of this for us, as developers, that security can’t be something we think about when we are done developing.  Security is something that needs to be built into our apps from the beginning.

One of my favorite podcasts is Security Now! with Steve Gibson of Gibson Research Company. A few months back, Steve talked about the effort he went thru to retrofit his entire website to https.  I think this is something that is worthwhile to consider for this site.  It is a lot of work , and exposed to him the inter-relationship of so much of our connected world.  At an app level, if you use any third party code, are you sure it is secure?  How do you go about testing for security?

The people who want to expose or exploit security issues in your code, spend much more time testing your application than perhaps you do.  They are not worried about shipping the next release.  They are methodical in how they test, probe, and attack your application.  Perhaps this is the time to start re-thinking your development and test strategy, so that security becomes a first class requirement for all that you do.

More Progress on Apple Site

Great news, last night the 2nd major round of site updates were deployed by Apple. Screen Shot 2013-07-27 at 7.30.57 AM

As you can see the site now lets you get to the developer sites for iOS, Mac, and Safari, along with certificates, and software downloads.  Here’s hoping that we are not far from Apple getting back on track for beta updates!

Apple Developer Portal Update

Last Thursday I got a password reset email on my iOS developer account, one that I didn’t request. Given that I didn’t request it, I filed it away for when I had time to call Apple and find out what was going on. Well yesterday I got an email from Apple indicating that someone had hacked the developer portal and that they had shut it down in order to address the problem. The following image is a copy of the Maintenance screen they have on the site this morning. Has your account been compromised?

Screen Shot 2013-07-22 at 9.06.26 AM

The Guardian UK posted a great article on the hack this morning.

Keeping your code new – a dilemma

I’ve written a post on this idea from the perspective of your users, should you upgrade your app to the latest level of an operating system. I’ve even talked about how you learn by keeping up with the latest releases of API’s and interfaces. But what about the down side?

Traditionally large IT companies have forced operating systems companies to be backward compatible, so as not to lose the large revenue that they get from companies. Over the last few years, businesses have be even more cautious about upgrading hardware and software. This means that they are slowly losing influence on developer who want to create the next cool thing. Is this a start of the innovators dilemma for software developers? Do you still need to cater to the large support revenue you get from traditional enterprises? Or do you bite the bullet and develop new and radical solutions that move your user base to a new code base?

Evolving your Interface – A good thing?

While catching up on my reading the other day, I found this article over at Infoworld called – Mobile Apps Death Wish. You may call the title a little melodramatic, but it got me to think about my habit of like change and it’s impact on my users.

The author of the piece goes on a bit of rant on how newer UI techniques are actually making it harder to find information and the over abundance of graphics with text on top, is causing issues for people who have eyesight issues. I agree with the point of the light grey text on a dark grey background, especially since I tend to keep the brightness pretty low on my devices (I love extending my battery life). However, I believe that the appropriate use of graphics can really help an application get broader/nearly universal appeal without requiring much localization of text strings.

The other point the article makes is that both Android’s current auto update, and iOS7’s upcoming auto update feature are going to cause even more problems for people who do not want to change their apps. I hadn’t thought about this, since I like to learn new things and therefore (as mentioned above) actually embrace change. Yes, sometimes it is difficult or uncomfortable, but change will happen, so we may want to get use to it.

My wife, on the other hand, doesn’t like change to the programs she uses. And this is the point that the author should have made more strongly…if you are making a change, make it for a reason, not just for looks. Many applications add cosmetic changes without any regard for the impact to the function of an app. If you are going from a mostly test based interface to a completely graphical interface, make sure those who need to use screen readers can still use your app. Or give the user a choice. It is easy to just assume that everyone will like the new version, but if you work on giving both options, you – as the developer – will get to learn more! Yes, it is change for you, and that will help you expand your skills. Try and figure out how to add that new, cool graphical feature in such a way that a text only user can benefit too.

What do you think? Should we all just keep tweaking our apps, or should we figure out how to incorporate new features in such a way that it is useful for both old and new users? When should your new features necessitate a new version of the app, so users can choose between version 2 and version 3 (given the challenges of auto update?).