October 25, 2011 archive

Oct 25

All Mobile Apps Developers (iOS, Android, Windows, Blackberry, etc.) Need To Read Troy Hunt’s Post

As I mentioned on my Disruptive Telephony blog today, this post by Troy Hunt really should be mandatory reading for anyone developing applications for mobile platforms:

Secret iOS business; what you don’t know about your apps

Yes, his post is about Apple’s iOS, but I’m unfortunately rather confident that the results would be similar if someone were to do a similar analysis with a proxy server on apps on Android, Blackberry, Windows Phone 7, WebOS and any other mobile platform.

These are application design problems.

As programmers, we all take “short cuts” from time to time… I’m as guilty of that as anyone… but sometimes those shortcuts have grave consequences.

Mobile developers need to read Troy’s piece… and then look at their own apps and see how they can change. Actions like:

  1. Securing the transport of login credentials! (DUH!!!)
  2. Not stuffing giant images down onto mobile devices when those images are going to be restyled in HTML to be tiny.
  3. Being wary about what info is gathered by apps – and also disclosing that to customers (and perhaps offering a way to opt out).

The list can go on… Troy’s article has other ideas in it, too… but the point is that in the rush to get a mobile app out there, some of these security and privacy issues (and bandwidth costs!) really do need some attention!

Oct 25

The Creepy – And Insecure – Side of iOS and Android Apps

Want to see the dark side of mobile apps? Just read this great bit of research from Troy Hunt:
Secret iOS business; what you don’t know about your apps

As people have noted in the comments, "iOS" (Apple's operating system for iPhones and iPads) is purely the platform Troy Hunt did his research on... but he's really talking about issues with mobile applications.

I'm my unfortunately sure that these type of issues will also be there on apps on Android and probably on other mobile operating systems from Microsoft, RIM, WebOS, etc.

These are application design issues.

The article starts off with the incredibly inefficient case of stuffing large images from "regular" websites down the mobile pipe to the phone... and then simply "resizing" them with "width" and "height" attributes. This is just laziness"efficiency" on the app developers part in that they are simply "repurposing their existing content" for a mobile audience, i.e. it's too much work/effort for them to create and track a separate smaller image for a mobile environment so they will just send you the larger one and eat up your data plan bandwidth.

But Troy Hunt goes on to talk about far worse issues... he calls out the analytics sent back to Flurry.com in particular (and there are other similar players out there) that report what the user is doing. I agree with Troy Hunt's comment that where this gets "creepy" for me is not so much reporting data back for one application, but rather that all this data is being aggregated across applications inside of Flurry's databases.

And then the truly scary issue of how little security some applications use to protect login credentials (i.e. NONE!) or to protect confidentiality of the information people are seeing.

As Troy Hunt points out with regard to the Facebook app for iOS:

Unfortunately, the very security that is offered to browser-based Facebook users is not accessible on the iPhone client. You know, the device which is most likely to be carried around to wireless hotspots where insecure communications are most vulnerable.

Mobile devices are being brought to the worst possible WiFi environments... and per this article seem to have some awfully insecure apps running on them.

Every mobile developer needs to read this article - and start looking at how to secure their apps!

P.S. Thanks, Troy Hunt, for writing this piece!

If you found this post interesting or useful, please consider either:

Oct 25

Sorry, Klout, But I Don’t Care At All About Your "Game"!

In one image, this is perhaps what annoys me most about Klout's Klout Score metric:

Klout

Yes, even more than the fact that Beyonce can have a Klout Score of 50 without ever having tweeted (or even knowing if that Twitter account is, in fact, actually Beyonce's). Even more than that, this bothers me:

Your Klout Score fell -1 points in the past day. Share more content and engage with your network to increase your score!

Not that my score fell. As you might have guessed, I really don't care about what my score is.

What bothers me is the implication by the second sentence that you should care about your score and that you should take actions to increase your score.

Now... DUH!... I do understand why Klout does this. They of course want you to care about your score so that you can nurture it and further buy into all their programs so that they can someday attain their motto of being "the standard of influence".

I get that.

But it doesn't mean I have to like the attempts at psychological manipulation.

What annoys me is that this attitude feeds right into those people who want to "game the system"... to figure out ways to influence the influence measurement so that they can rise higher.

It's a game to some people.

And that's fine.

Farmville is a game, too... and some people enjoy playing that.

The issue is that those of us out here in the PR/marketing space would like influence measurement metrics that we could use ... and that we can grow to trust as having some value. (In the sense of being part of the equation of assessing someone's influence online.)

But it's annoying when the company behind the metric tries to get people to play that game... to try to get them to take actions to increase their score. If history has shown us anything, it is that some people out there will ALWAYS try to game the system... it's just part of human nature.

But does the company behind the metric need to encourage that behavior?

Why not just truly rate people based on the content they produce and the interaction they have with other people online?

This is what annoys me most about Klout. Influence measurement shouldn't be treated as a game.

If you found this post interesting or useful, please consider either: