Tweet Shoutouts
@dh_thomas @iOhYesPodcast @shelly Enjoyed the show with @Sommer. Good job, guys.
— Steven Aquino (@steven_aquino) August 22, 2014
@dh_thomas @iOhYesPodcast Perfect timing, thx! #ios #appdev
— Brent Engels (@ebrent) August 22, 2014
Send us your shoutouts: @iohyespodcast
The Discussion
“On the feasibility of Large Scale Infections of iOS Devices”
2 Security Issues
the iTunes syncing process is vulnerable to Man-in-the-Middle (MitM) attacks
an iOS device can be stealthily provisioned for development through USB connections. This weakness allows a compromised computer to arbitrarily remove installed third-party apps from connected iOS devices and install any app signed by attackers in possession of enterprise or individual developer licenses issued by Apple.
CloudKit
Cost model - https://developer.apple.com/icloud/documentation/cloudkit-storage/
Any hard numbers yet?
vs. Parse
Parse supports JS, Android, Java, etc.
Cloudkit - iOS 8+ / OS X 10.10+ devices
CKRecord == PFObject, CKQuery == PFQuery, CKAsset == PFFile?
What’s the difference in pricing?
CK doesn’t have any server-side capabilities (just data storage + pub/sub on changes)
This seems like potential tech-debt
CKDiscoverAllContactsOperation
https://developer.apple.com/library/prerelease/ios/documentation/CloudKit/Reference/CKDiscoverAllContactsOperation_class/index.html#//apple_ref/occ/cl/CKDiscoverAllContactsOperation
“The search of the user’s address book does not return any personal data about the user’s contacts. The search returns only the IDs of the corresponding user records, which contain only data that your app puts there.”
Requires user permission
Implications: if this is successful, Apple will have a giant graph of users’s contacts.
Open-Source project of the week
Signal from Whisper Systems (source: https://github.com/WhisperSystems/Signal-iOS)
Background
Moxie’s former(?) company/organization
is compatible w/ RedPhone, their secure call Android app
“Signal provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.”
Available on the App Store: https://itunes.apple.com/app/id874139669
Secure text messaging to come
Picks
Chad (@jazzychad)
Weird iOS -- Really weird iOS apps
sfxr -- Random sound effect generating app
Jason (@jak)
YouTab - “The Wiki of Chords and Lyrics,” synchronized to recordings / Youtube videos. Play along with and learn your favorite songs, right in your web browser. Built-in editor for adding new songs.
1Password app extension
John (@johnsextro)
Do you use Core Data? Checkout Core Data Editor
Alternative show title suggestions
Sniffing your SMS
Let’s see what happens
A big bad way
A fart in the wind
If it doesn’t happen now
Zombie botnet apocalypse
I was being the studio audience
We don’t need a studio audience
The ultimate lock-in
I don’t know when to quit
