iOS 64-bit Transition

Apple recently announced that it will not allow new apps that don’t have 64-bit support to the App Store starting February 1, 2015. Also, you get a warning about this when you submit a new app. After February, this warning will be replaced with an error.

Screenshot_14_11_14_10_37

With the release of Apple A7 processor on iPhone 5S, the transition from 32-bit to 64-bit addressing has begun for mobile devices. Apple’s 64-bit processors (A7 on iPhone 5S and A8 on iPhone 6-6+) still support 32-bit instruction set. This means they can run apps that aren’t compiled for 64-bit architecture. However, when there are 32-bit compiled apps on a 64-bit iOS device, operating system loads 32-bit system frameworks along with 64-bit versions. It affects performance and leads to memory consumption. Therefore, Apple hinted that future iOS devices might not have 32-bit support with this latest restriction. You can see iOS 64-bit devices here: http://en.wikipedia.org/wiki/List_of_iOS_devices .

64bit2

64-bit architecture provides larger address space and significant performance gain. You can easily compile your app for iOS 64-bit on XCode. Just change your “Architectures” build setting to “Standard Architectures (armv7, armv64)”. But there are some issues you need to check. For example, pointer and int types are both 32-bit on an 32-bit architecture. But on 64-bit system, an int isn’t sized large enough to hold a pointer. Also on Cocoa Touch, NSInteger is used to describe an integer. Most probably you were casting NSInteger results of Cocoa APIs to int for quick-typing. That needs to change, because NSInteger changes its size on 64-bit.

We have been already compiling and testing Smartface iOS apps on 64-bit for a while. Again with another case of fragmentation, there’s nothing for you to worry if you are using Smartface.

 

10 Most Common App Security Mistakes

Why Mobile App Security?

App security mistakes for Android and iPhone are generally a lesser prioritized area for a mobile developer, mostly because due to the time pressure. It does not usually get what it deserves in project plans. Moreover, in case of absence of a security owner in project teams, no one claims responsibility. That’s why mobile app security is a matter of attention left only to the developer’s initiative.

Security and Usability are two concepts that are inversely related. Highly secure solutions require additional processes and flows. However, most business units, working directly with consumers, don’t consider app security as the first priority.

In practice, nobody brings out a security concern unless something really goes wrong in case of “hacking”. Most application developers are not taking care of specific Android security and iPhone security tests. (Application Security Test).

Always keep in mind the principle that No app is %100 safe!

icloud-security-risk-1024x426

What Should You Do for App Security?

Our purpose is to make your app more secure than others by using quick and simple features, hence discouraging the hackers to mess with your mobile application. Make your app ready for mobile security. Here are the 10 Most Common App Security Mistakes:

1. Data Store Approach: First of all, sensitive data should not be stored on the device during runtime as much as possible. Data can be processed in case of need and should be deleted immediately when not needed. In case of a data storage need on the mobile device, data should be encrypted and stored in the documents folder. Passwords should be stored in KeyChain for iOS and KeyStore for Android security. This is also important for app store security checks.

2. Missing front-end validation: Missing data entry validation causes both security and formatting issues. These may be things like letting alphanumeric values in numeric fields, missing masking on formatted fields, not checking for high risk character values such as <>` ” ()|#. Such missing validations may cause security breaches by allowing remote code execution or unexpected responses.

3. Server Based Controls: Application development is a client side operation. Server side is the place where you should store and manage the data. Server side checks should be applied regardless of channel (mobile, web, etc…) for data security and formatting. We do not mean iCloud keychain or a similar feature, please take care. This is about the app-specific backend security. There are also security concerns for Apple iCloud, however this is Apple’s work to do it more secure!

4. SSL: HTTPS must be used for secure transmission of sensitive information. If possible, a custom certificate should be used instead of the certificates from the built-in device certificate store. The certificate that is unique to the app and the server should be embedded inside the app.

5. Obfuscation: It is very important especially for Android apps to go through obfuscation. If script files are also used in parts of the app, these files should be taken through obfuscation as well.

6. Comment Lines: Explanatory data, included as comment lines may be viewed by others if the application is decompiled. This is very simple but a common mistake both for Android and iOS apps. This does not mean that you shouldn’t use comments during app development, just don’t forget to remove them from the production version of your app.

7. Excessive Permissions: When editing permission preferences for Android apps, only the permissions that are absolutely needed should be enabled. Permissions with access to personal information, such as “access to contacts”, should be avoided as much as possible for Android security. If anything goes wrong, there is less chance of a data breach.

8. Encryption: The key used in encryption should also be encrypted and stored in secure storage. The installation file should also be obfuscated. Another dangerous practice that should avoided is the downloading of the encryption key from server during runtime.

9. Rooted/Jailbroken Devices: It is not possible to store totally secure data in rooted devices as root permissions provide unlimited access to the device filesystem and memory. However, it is possible for developers to check if the device is rooted or not. This risk should be noted and evaluated based on project scope for all flows and processes.

10. Application Tampering Protection: The application binary files (.apk or .ipa) can be altered and published in different markets by hackers. They may inject malicious code in your app or they may crack mobile apps to bypass license and payment restrictions. Nowadays it’s even possible to crack in-app purchases and license checks just by emulating app store responses. Therefore, application integrity and in-app purchases should be checked with a third-party trusted server to prevent such cases. For this purpose, there are some good solutions available in the market. Again, this is very critical for Google Play and iTunes App Store security.

app_security

If you are developing your app with a Platform-Based Approach (Obj-C, Swift, Java) the items above should be managed entirely by yourself or your team. However, if you’re using a cross-platform native framework approach, most of the items above are covered by the mobile development framework for mobile app security.

We especially suggest you to use cross-platform native frameworks for mobile security industry. You may have already faced the well-known risks of cross-platform hybrid frameworks, such as DOM Payload, Scripting Engine Scope, etc. You can assess security capabilities of the Smartface Native Framework with the information from the link below:

 

–    Security in smartface.io

 

 

If you want to develop native iOS and Android apps with one of the most secure native app development environments, just click the link below to get it free:

Download Smartface App Studio and iOS emulator on Windows PC!

 

Happy and secure coding 🙂

@osmancelik
CTO, Smartface Inc.

PARSE with Rest API

 

What is PARSE?

Parse is the cloud app platform for Windows 8, Windows Phone 8, iOS, Android, JavaScript, and Mac OS X. Why don’t you use this well-known platform with Smartface App Studio? We explained you how to use PARSE Rest API with Smartface App Studio via related Developer Center tutorial and of course with a sample project.

parse-banner

 

Parse allows you to create your applications without worrying about creating the backend of the application. Using Parse, you can create a flexible and powerful backend without worrying about server management and investing time in writing code for backend servers. Parse provides a complete framework for push notifications, social media integration, analytics, and data storage, with flexibility to code business logic for the backend with Cloud Code.

What is Rest API with PARSE?

The REST API lets you interact with Parse from anything that can send an HTTP request. There are many things you can do with the REST API and we’re going to use uploading large amounts of data feature that will later be consumed in a Smartface App Studio written app.

 

Using PARSE Rest API with Smartface App Studio

You can use Parse platform over REST and JavaScript APIs. There are also other platforms and tools you can use with that but Rest API is easy to use one solution with Smartface. We’d like to show you Rest API usage with Smartface App Studio. You only need to read the tutorial below to understand how it works easily.

ParseProjectScreenShot

We’ve published developer document about dynamic Web Client objects, sign up/sign in process, upload user photo and associate with Parse objects. Creating user interface of your project also available, like always, with using WYSIWYG design editor (Statically) and using only Script Editor (Dynamically). Also we created a sample project for Parse usage with Smartface App Studio and it’s open sourced.

You can find this tutorial from: Parse with Rest API on Smartface App Studio and Sample Project from GitHub.

Download Smartface now and start developing mobile apps powered by Parse.

Intel x86 on Android with Smartface

x86 on Android, How it Works?

Intel makes x86 on Android ready. There’s starting to be more and more Intel Atom and other x86 based Android devices on the market. Currently most of the apps are only compiled to run native ARM code, which can’t run natively on x86. Intel has solved this problem by adding binary translation technology for its Atom processors. It translates ARM native code on the fly to x86. This sounds very nice, but unfortunately this doesn’t come without sacrificing speed and optimal memory usage. In some cases the app might even crash if it is binary translated.

 

Download Smartface App Studio and iOS emulator on Windows PC!

 

Is it possible to write native x86 apps on Android?

Yes! Alternative to binary translation is of course compiling native code directly for  Intel x86 architecture. This will guarantee fast apps, optimal usage of platform resources and otherwise bug free code will run without crashes.

intelvisionandroid

 

But isn’t Java native Android?

Often when talking about native code people mean programming with Java using native UI libraries of the device. However this isn’t really native programming, but just using native UI libraries while the code is run by virtual machine. Virtual machine translates the code to machine code and is because of this obviously slower.

Also x86 on Android and ARM on Android has some differences and ARM has something to say about that: http://www.theregister.co.uk/2014/05/02/arm_test_results_attack_intel/

x86androidarm

What we did with Smartface App Studio for True Native on x86?

Smartface App Studio implementation is true native implementation. By this we mean that majority of the code is compiled to run directly with a processor of the device. At the same time Smartface App Studio supports the native UI of the platform. This is done by thin layer of code compatible with the UI libraries of the platform. Smartface supports natively both ARM and x86 processors providing you a hassle free way to create apps running optimally on all mobile devices.

iPhone 6 with Smartface Fragmentation

iOS Fragmentation: Welcome to iPhone 6 and Plus

or just say “Hello” to fragmentation issues on iOS with iPhone 6 and iPhone 6 Plus!

iphone5s6plus

You have fragmentation problem and Do you know that?

Not much, just 2 years ago during these days; iOS developers just had one screen size to take care of. There is no fragmentation problems, there is no OS differences, nothing to care about like Android developers!

However, everything is changed completely for iOS developers now!

With point system, designing your app for 3:2 aspect ratio and providing normal (iPhone 3GS) and retina (iPhone 4/4S) image resources was enough for a solid application design. In 2012, when iPhone 5 was introduced with it’s 640×1136 pixels screen, things were starting to chance for Apple too.

installed_base_large

When it starts?

Actually, iPhone 5 transition wasn’t a big deal for developers. You just had to fill the extra 176 vertical pixels. Previous images were fitting very well to new device. This continued with iPhone 5s too. Screen size and pixel count stayed same with 5 model, and thus pixel density was same again (326 ppi). Besides, Android developers were trying to handle thousands of distinct device resolutions using layout systems and different image directories (dpi, mdpi, hdpi, xhdpi, xxhdpi, xxxhdpi). [1]

xxdpi

But last week, Apple announced two new iPhones with bigger screens: iPhone 6 and iPhone 6 Plus. This time again, they sticked to the plan and keep the screen pixel ratios at 16:9. Noting that, 91% of users have iOS 7 now; we can opt out the devices that won’t be able to switch to iOS 8 will be obsolete soon.

Download Smartface App Studio and iOS emulator on Windows PC!

So iPhone 4s is an outsider with it’s 3:2 screen. Finally we have iPhone fragmentation here with 4 devices. Just 4 devices might not seem a real one; but considering the usage and adoption of iPhone devices around the world, we need to think again!

iphone6plus

Here we have 3 screen categories with 326 ppi and one iPhone 6 Plus with 401 ppi. All (except 4s) have 16:9 screen ratios. It won’t be much problem for developers to support every one of them at the same time. If iPhone 6 had bigger screen than this, images will start to seem blurry even the ratio stayed same. But 0.7 inches of increase is not a case. On the other hand, the phablet actor of the latest announcement changes it lot. It has 401 ppi and 5.5 inch screen size. Here we have more density and significantly bigger screen than current device adoption.

iPhone 6 Plus has 5.5 inch screen with 401 ppi!

So, Apple will start to encourage using Image Asset Catalogs [2] and size classes introduced with Xcode before. Also auto layout feature won’t be enough itself, because when density and size fragmentation increase, you will need to prepare different images and fit your fonts to screen more attentive. @2x images were the salvation for retina displays, now @3x is on the way for iPhone 6 Plus. Let me remind you another thing: Apple Watch. Do you think it’s screen will fit in categories above?

Apple Watch is completely out of category and you’ve never ready something like that before!

White_AppleWatch

The good part of all these complexity, we have better devices with bigger screens and powerful processors. Why you’re taking care that much and sometimes even not get a right solution with screen fragmentation, instead of bringing your creative native app ideas into action?

Smartface App Studio is a solution for iOS Fragmentation Problem

Smartface App Studio is handling Android fragmentation (please see the picture above again) for you since years. Just check how it’s possible with Smartface App Studio? Fragmentation is the stage of us, you can just perform your “application development” show.

[1] : http://opensignal.com/reports/fragmentation.php
[2] : https://developer.apple.com/library/ios/recipes/xcode_help-image_catalog-1.0/Recipe.html

@urkilic

Using CitySDK API with Smartface App Studio

The CitySDK API is a linked data distribution platform being developed by Waag Society. CitySDK enables the linking of (mobility) data sets and city services. Linking a database with planned roadworks to a route planning service for instance or enabling citizens to report the nuisance due to roadworks or even better. Let them offer alternative routes to their fellow citizens.

CitySDK Platform Features

  • Open API, Open Source
  • Ruby API gem
  • No access keys for reading
  • Write access for data owners and app developers
  • CMS for data owners for easy integration of new datasets
  • Mapping service (in CMS)
  • Map Viewer, Geocoding
  • Standardized interface in 8 cities

ss1

What Smartface App Studio can do more with CitySDK?

Now you can create a cross platform mobile app that will fetch data from CitySDK API and show it on a map view as pins. We will be develop our iOS and Android app on Windows PC with single code based environment. It supports from iOS 6, iOS7, iOS 8 and all Android versions from Android 2.3.3 to Android 4.4.x. You can check the detailed information and developer guide from our Developer Center.

Using iBeacon with Smartface App Studio

What is iBeacon?

iBeacon is a new technology that extends Location Services in iOS. Your iOS device can alert apps when you approach or leave a location with an iBeacon. In addition to monitoring location, an app can estimate your proximity to an iBeacon (for example, a display or checkout counter in a retail store). Instead of using latitude and longitude to define the location, iBeacon uses a Bluetooth low energy signal, which can be detected by iOS devices.

To use iBeacon, you need iOS 7, iOS 8 or later, Bluetooth turned on, and a compatible iOS device:

  • iPhone 4S or later (iPhone 5/5S, iPhone 6/6 Plus)
  • iPad (3rd generation) or later (Air/Air 2)
  • iPad mini or later
  • iPod touch (5th generation) or later

With iBeacon technology you can detect beacon devices or make your iOS device act as a transmitting beacon.

 

ibeacon-estimote

iBeacon with Smartface App Studio

Smartface App Studio supports iBeacon since version 4.2.2. It’s available for download and ready for you to develop apps. 🙂

Download Smartface App Studio and start developing iBeacon projects instantly with iOS emulator on Windows PC!

 

Also we’ve already developed two examples for you. First one is for detecting a beacon, the other one is a broadcasting app. You can find the details and sample codes in our developer guide from the links below:

  • Detecting a Beacon: The iBeacon framework can understand when you enter the region of a beacon. When you are in the region you can query it to find out information about it.
  • Broadcasting: We will set a UUID to the app then it will start broadcasting this UUID and the receiver app will be able to detect.

 

Start Developing Now

You can find the detailed article about “Using iBeacon with Smartface App Studio” from our Developer Center and a sample iBeacon project on GitHub.

More Bluetooth Low Energy features will be implemented in next releases. Please see our roadmap for details.

Do you really need to learn a new language for iOS8?

Hi again,

Tim Cook’s presentation in WWDC 2014 on Monday was the main headline in almost all technology blogs and news. Apple has announced a series of updates for all channels. The one that we were all curious about was about iOS8 and updates together with it for 2014. Some of them were expected, like availability of Touch ID for authentication for other apps, but the main surprise was about introduction of SWIFT as development language, replacing Objective-C.

ios8_2It was a big surprise for all enterprises having quite some investment on Apple technoloigies, for Apple to continue with a such radical change. There is a long road ahead to build the same experience with a coding language not so widely used, while the market still suffers from lack of experienced Objective-C developers. Lack of specialized trainers, absence of valid case-based documentation and experience to be built (which can be translated as mistakes to be made to learn from) are just some of the challenges that iOS developers are about to face.

At the same time, our partners developing mobile solutions with Smartface App Studio, are able to continue their development efforts and plan with zero impact, totally free of the additional complexity brought by Apple. We continue to utilize our flexible infrastructure with JavaScript as the development language also for iOS solutions. We will also continue to isolate mobile solution development from radical changes in the sector, establishing fast adaptation for technology updates, enabling project teams to focus on business requirements rather than technology switch.

I would like to emphasize the fact that we closely follow iOS8 updates and will make t hem available for usage together with iOS8 GM version in Smartface App Studio. Following Smartface App Studio Roadmap is advised to keep a close eye on what is about to come.

Thanks to all partners developing solutions with Smartface App Studio.

@osmancelik

iOS and Android Emulator on Windows

Developing a mobile application with a platform-based approach (Java and Objective-C/Swift) is not as easy as it looks. There are so many details one needs to consider like platforms, screen technologies, OS versions etc. To avoid these problems, many companies and developers are now using Cross-Platform Mobile Application Development Platforms. Nowadays, Cross-Platform solutions are chosen by 5 of the Top 10 Fortune 500 companies. Gartner estimates that more than 75% of the enterprises will use at least one mobile application development platform by 2020.

 

 

Main part of the development process requires adaptation of the application to different screen sizes and resolutions on different devices, just like the different screen sizes of iPhone 4/4S (3.5″), iPhone 5/5S (4″), iPhone 6S/7 (4.7″) and iPhone 6S/7 Plus (5.5″). It’s a well-known fact that virtual device emulators and simulators are very slow on many platforms (like Android). Hence, the real product may appear different on real devices than it appears on virtual emulators in many cases. Moreover, network operations may present different cases on real devices. For instance, Xcode uses an iOS simuator for performance, but as the name indicates, it’s just a simulator, not a real device emulator like Smartface iOS emulator. Thus, most of the developers choose real devices for testing. It might look OK at first glance, but what about iOS development on a Cross-Platform solution?

Due to Apple’s restrictions and the limitation of some Cross-Platform technologies, there are no solutions other than Smartface that support iOS development on a Windows or Linux machine. Other frameworks either don’t support iOS development on Windows at all or they can’t publish or emulate apps on an iOS device without a Mac. This is a big handicap for Cross-Platform development.

Smartface makes it easy to develop for iOS and Android on Windows with a new perspective for developing applications on Cross-Platform technologies. Smartface allows you to emulate your iOS and Android application on a Windows PC with a single click.

Smartface Android and iOS device emulator button

Smartface Device Emulator button: You can emulate your application and preview it with a single click

To emulate your application on any iOS device, like an iPad emulator or an iPhone emulator, download Smartface app from the iOS App Store and connect your iOS device to your Windows machine. Make sure you have iTunes installed for your PC to recognize your Apple device and then start developing a native application with Smartface. For the Android case, just set Android SDK path in your project settings in Smartface and click OK. It quickly generates the files in less than a minute and deploy it to the device. You can use a virtual Android device as well.

Android and iOS emulator on Windows with Smartface

Smartface WYSIWYG design editor on Windows and same output running on Android and iOS emulators.

 

Android emulation is already known but you might wonder how emulation works on iOS. The main idea stems from the approach “if iTunes does it, why can’t we?” and we got to work on the solution. Now, we proudly introduce a brand new perspective about it. Moreover, it’s not just an emulator, it also functions as an Android and iOS debugger on Windows. Therefore, you can debug your apps with full debugging features such as breakpoints, watches and real-time code changes.

We are doing everything we can do to make sure the emulation is the same as real deployment process. You can be confident about everything being exactly the same as you developed and it only takes a few seconds to see your application in action. That’s why we named our helper app as “Smartface in Action”.

We will be introducing other cool ideas about mobile app development in the near future and keep yourself ready to hear new cool stuff from us. Stay tuned!

Please note that these “on-device emulators” are for development purposes and they only work with apps developed with Smartface. They require a real device as the name implies.

Therefore, apps downloaded from the App Store (such as iMessage, Garage Band, Snapchat, Clash of Clans, etc.) will not work with Smartface on-device emulators. Since you need a real device, you can always download those apps directly to your device.

What is an Application.OnError and How We Handle It?

 

What is Application.OnError?

Negative paths in app development can be easily missed by the app developer and in most of the cases developer feels it is a burden to carry on. With using the generic error handling in Smartface App Studio enables the developer to handle those negative paths only at once, define a generic approach for it. It is possible to customize it according to the network object (which means which case it is), what is the response code, user friendly messages received from server, etc…

This generic onError event captures only other unhandled error cases, such as server responds an http error code and this is not handled with the server error of the network object or Javascript executes an invalid statement which is not in a try catch statement, all could be handled and managed.

This is same for Javascript cases; this interpreted programming language is easy to make mistakes. On design-time the most effective way is making a syntax check, but programmers know that it is not enough. Run-time errors can occur any time, and it is not easily realized by the developer and after the error developer tries to figure out why the code is not working.

And What We Did?

Smartface App Studio now provides a new feature which will speed up the mobile app development. From now on it is easier to handle errors in the application: Run-time Javascript Errors, Network Errors, and SQL Errors. They all could be managed from a single location.

This onError event is flexible, it adapts to case about what is the error; developer does not need to change his or her development habits. If it is a network error, the parameter is network error object, if it is a Javascript error (exception) the parameter is the native Javascript Error object which caught on try-catch statements.

BTW: Here is our Tips & Tricks document and some code examples about Application.OnError statement.

Thanks,
@alper_ozisik