If the rumor mill is to be believed, Apple will announce their new iPhone on Sept. 10th. That is not too far away, and as such means developers are working hard to have launch titles available. Realistically, I doubt that Apple will make the iPhone 5s/c or whatever it will be called, ready on the day of announcement; however, I do believe that they will make iOS7 available almost immediately.
As a developer, I am looking forward to releasing updates of my app that will more closely align to Apple’s new UI vision. I am also looking forward to all the new API’s that Apple has been talking about since June’s WWDC.
Android – Root or wait?
For my Android needs, I currently have an Galaxy Tab 2 (10 inch). It is running Android 4.2.1 and I have been wanting to install the latest version of Android, but Samsung has yet to roll the update out for my device. I have read that they are rolling it out around the world, but those reports tend to be a bit confusing. I could root the device and do the update myself, but due to my day job’s policy at IBM this is prohibited on any device that accesses my corporate resources. I currently use the Tab 2 to get my corporate email and instant messaging (using Lotus Traveler and Lotus Sametime for Android). I had these both on my iPhone and iPad, but since, as a developer, I tend to run pre-released and unsupported operating systems I decided to only run corporate software on my Android device.
I guess I could buy another Tab, perhaps the 7 inch, and another iPad (perhaps the mini) and only do upgrades on one device, keeping one device in compliance with corporate policies. What do you think? Do you invest in multiple devices for all of your development environments? One for personal/development use, and one for production use?
Apple finishes update to Developer Portal
Last night, as I was checking my email before going to bed, I got a note from Apple that their replace/rebuild of the Developer portal had been completed and all services are working again. Great news, and hopefully Apple has addressed, not only the security flaws identified by the Turkish researcher, but any fundamental design flaws which could expose other security issues going forward.
The biggest lessons I’ve learned from watching this all unfold is – security is hard. Steve Gibson (from Spinrite fame) has been recording a long running podcast on security called “Security Now“. He spends 2 hours, each week, going thru all the latest info on security patches, and describing the underlying design and technology of various protocols, etc. which shows how much you need to know to make truly secure applications.
Years ago, when I was working as a consultant, I wrote a Human Resources system for a home health care management company. I was asked to make sure that we had an appropriate level of security and could segregate data between managed companies via passwords. The design was simple. Within the application, you had to enter a unique company identifier and password for each company’s data. Simple and somewhat effective, given that the entire application and all of its data resided on a midrange computer that could only be accessed within the companies physical boundaries. Within 1 month of the application going live, every monitor within the HR department had a nicely printed sticker listing the company identifier and the password for each. So much for security.
The reason I bring this up is to identify how technology is only as secure as its weakest link. Kevin Mitnick, shows us in his biography – Ghost in the Wires, that the best hacks are really around social engineering and not technology. Even Mat Honan’s famous twitter / gmail / icloud hack, was much more a social engineering issue than a technology flaw.
If you are storing sensitive data (however you define sensitive), what are you doing to make your application secure, with out distracting from its functionality?
iOS7 Adoption amongst Developers
I recently posted a blog entry about upgrading your app, if you should support past versions of iOS or Android. So imagine my delight when I saw this post – Majority of Developers working on iOS7 Updates. A study shows that 52% of iOS developers plan on making their apps require iOS7 and drop support for prior version of iOS. I think this is great. The many new features that are being talked about in IOS7 show that these features are the ones that developers have been waiting for. Features like better multi-tasking and improved screen layout to address multiple screen sizes have all been a long time coming, and I expect that if iOS7 is adopted quickly by consumers, that number of apps that become iOS7 only will quickly go above 70%.
What do you think?
Security and will Monday see another iOS Beta?
Prior to the security issues on Apple’s site over a week ago, Apple had been on a bi-weekly cadence for iOS and OS X beta releases. Last Monday, (July 22nd) the developer portal was down while Apple rebuilt the site to address the security issues no iOS beta was reported to be released. With less than 24 hours to go, will they be in a position to release a beta tomorrow? What is the impact to the overall release schedule of iOS? What do you think?
I am hoping that the major progress we’ve seen in the last week on bringing the site back online (while still not complete, many of components are up as of this posting), has allowed Apple to focus back on working on iOS and Mavericks. Perhaps there are some lessons in all of this for us, as developers, that security can’t be something we think about when we are done developing. Security is something that needs to be built into our apps from the beginning.
One of my favorite podcasts is Security Now! with Steve Gibson of Gibson Research Company. A few months back, Steve talked about the effort he went thru to retrofit his entire website to https. I think this is something that is worthwhile to consider for this site. It is a lot of work , and exposed to him the inter-relationship of so much of our connected world. At an app level, if you use any third party code, are you sure it is secure? How do you go about testing for security?
The people who want to expose or exploit security issues in your code, spend much more time testing your application than perhaps you do. They are not worried about shipping the next release. They are methodical in how they test, probe, and attack your application. Perhaps this is the time to start re-thinking your development and test strategy, so that security becomes a first class requirement for all that you do.
More Progress on Apple Site
Great news, last night the 2nd major round of site updates were deployed by Apple. 
As you can see the site now lets you get to the developer sites for iOS, Mac, and Safari, along with certificates, and software downloads. Here’s hoping that we are not far from Apple getting back on track for beta updates!
Latest Update on Apple Site
Last night Apple sent a note to developers with an update on their site status. A new site has been created to let you know the system status of their efforts to recover from the recent site security breach.
Bookmark this page so you know when to start testing iOS7 and xCode 5.
Apple Developer Portal Update
Last Thursday I got a password reset email on my iOS developer account, one that I didn’t request. Given that I didn’t request it, I filed it away for when I had time to call Apple and find out what was going on. Well yesterday I got an email from Apple indicating that someone had hacked the developer portal and that they had shut it down in order to address the problem. The following image is a copy of the Maintenance screen they have on the site this morning. Has your account been compromised?
The Guardian UK posted a great article on the hack this morning.
Keeping your code new – a dilemma
I’ve written a post on this idea from the perspective of your users, should you upgrade your app to the latest level of an operating system. I’ve even talked about how you learn by keeping up with the latest releases of API’s and interfaces. But what about the down side?
Traditionally large IT companies have forced operating systems companies to be backward compatible, so as not to lose the large revenue that they get from companies. Over the last few years, businesses have be even more cautious about upgrading hardware and software. This means that they are slowly losing influence on developer who want to create the next cool thing. Is this a start of the innovators dilemma for software developers? Do you still need to cater to the large support revenue you get from traditional enterprises? Or do you bite the bullet and develop new and radical solutions that move your user base to a new code base?