Lessons from developing anIphone App + Server backend

Sujee Maniyams@sujee.nethttp://sujee.nethttp://DiscountsForMe.netAug 2009

Target Audience

• Iphone app developers• Server backend developers

for mobile apps• Expert level:

Beginner - Intermediate

My Background

• Developer (enterprise, web)• Java / Php / Ruby• First iphone/mobile app

App: DiscountsForMe

• Shows member benefits• Based on location• V1.0 in app store• Memberships:– Public radio (KQED)– Bank of America card– AAA, AARP– More…

Architecture

• Server (DiscountsForMe.net) serves data• Server is Rails app• Iphone app talks to the server• <Insert usual

SERVER ---- INTERNET CLOUD ---- IPHONEpicture here>

Agenda

• Connectivity• Data format• Secure Data trasnfer• UDIDs & Keys• Controlling app from server

Connectivity : Simple Start

• App makes three server calls– ping()– get_memberships()– get_discounts(my_location, my_memberships)

• Simulator • Iphone over Wi-fi• Iphone over 3G • LAG-TIME is a problem

Connectivity : Minimize Lag Time

• Noticeable lag time over 3G/Edge• Reducing lag time– Condense network calls (especially if the user is

waiting for data)– Download in background

• So– Get_memberships()– Get_discounts(my_location, my_memberships) get_memberships_and_discounts(loc, mymems)

Iphone Connectivity

• BIG LESSON 1 : – Test on IPHONE (not just simulator)– Test with WiFi OFF! (3G can be slow to connect,

EDGE even worse)– You may need to reorganize the logic to improve

response time (I had to)

• LESSON 2– Test in AirPlane Mode (all RADIOS off)

(a frequent reason network apps are rejected )

Connectivity Test

• Quick Ping– Which is faster?• httpS://www.DiscountsForMe.net/ping• http://www.google.com

– SSL always takes longer to establish connection– Use faster sites

• Another snippet from Erica Sadun’s book(to be verified)

Talking to Server : Format

• Two choices : XML, JSON

•JSON smaller size than XML (50% less)

• Json : use TouchJSON library http://code.google.com/p/touchcode/wiki/TouchJSON

• XML : NSXML(sdk) / TouchXML / KissXMLhttp://www.71squared.co.uk/2009/05/processing-xml-on-the-iphone/

Agenda

• Connectivity• Data format• Secure Data transfer• UDIDs, Keys, analytics• Controlling app from server

Secure Data Transfer

• Plain HTTP is fine most of the time• If you want to secure data– Symmetric key encryption (shared ‘seckr3t’ key on

Iphone app and server)– Public-private key encryption (e.g. SSH) : private

key on server, public key on iphone– httpS

Secure data transfer : httpS

• SSL is ‘good enough’ for most of us• Get a proper SSL certificate ($30). Self-signed

certs don’t work by default• Beware connection time is a little longer for

httpS• Verify your ssl certificate is installed properly

http://www.digicert.com/help/

Verify SSL Cert…

Talking to Server : POST reqNSMutableURLRequest *request = [NSMutableURLRequest

requestWithURL:url];[request setHTTPMethod:@"POST"];NSMutableString *postString = [NSMutableString string];[postString appendFormat:@"%@=%@&", key, value];NSString *postString2 = [postString

stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];[request setHTTPBody:[postString2

dataUsingEncoding:NSUTF8StringEncoding]];

NSURLResponse *response = nil;NSError *error = nil;NSData *data = [NSURLConnection sendSynchronousRequest:request

returningResponse:&response error:&error];

Talking to Server : Local Server

#ifdef DEBUG// dev#define MEMBER_SERVER @”http://localhost:3000

”#else// production#define MEMBER_SERVER @

”https://discountsforme.net”#endif

- And define ‘DEBUG’ in build configurations

Talking to Server : Dedicated Class- Don’t do URL connections all over the code. Have a class do it- Easy to debug- Use named methods (getDiscounts Vs connectToURL)

@interface ServerConnection : NSObject {}+ (BOOL) testConnectivity;+ (BOOL) isConnected;+ (NSArray *) getMemberships;+ (NSArray *) getDiscounts:(NSDictionary *) params;@end

Agenda

• Connectivity• Data format• Secure Data transfer• UDIDs, Keys, multiple versions, analytics• Controlling app from server

What do I send to the server?

• get_memberships()• No parameters?...• Think about including– UDID (device id)– And a Key (compiled within the app)

• http://discountsforme.net/iphone/get_memberships

• http://discountsforme.net/iphone/get_memberships?udid=xxxx&key=yyyy

Server Side : Unique Device ID

• Each mobile device has a uniq ID, etched in hardware (just like MAC address)

• Your app can send UDID with each request• Of course : encrypt it or via SSL• Very useful for metrics on app usage– How many unique devices have the app– Access patterns (repeat uses)

• Easy account creation (no signup)

Server side : access keys

• Start using ‘access keys’ from day-1• Sample key = “iphone_v1.0_xklajdfoi2”

(human readable + hard to guess)• Each request to server must have a valid key• Easy to control client access– Prevent scraping, DOS ..etc

• Monitoring (what versions are being used)• Support multiple versions, easy upgrade

Supporting multiple versions

• May be supporting 2-3 client versions at a time (users don’t always run the latest)

• Keep old ‘API’ around, build-out new APIif (is_v2_or_later(key)){ do something }else {do some thing else}

• This can get convoluted (see next page…)

Supporting multiple clients…

Supporting Multiple Clients…

• Have different controllers handle different client versions#define SERVER @”https://foo.com/iphone1”#define SERVER @”https://foo.com/iphone2”

• Make sure to avoid code duplication• Plan-B : End-of-life

If ( ! is_supported_version(key)){ send_msg(“please upgrade”);}

Server side : keeping it secure• Make sure ‘secret stuff’ doesn’t get logged in log-files• In Rails :

class Mobile::MobileController < ApplicationControllerfilter_parameter_logging [:key, :uid]

end

• Output:Processing IphoneController#get_memberships_and_discounts (for

166.137.132.167 at 2009-07-02 16:07:41) [POST] Session ID: 126e5a73742f92f85c1158ea63fd960a Parameters: {"loc"=>"39.282440,-76.765693",

"action"=>"get_memberships_and_discounts", "uid"=>”[FILTERED]", "controller"=>"mobile/iphone", "dist"=>"25", "mems"=>"", "key"=>"[FILTERED]"}

Server side : Metrics : Logs

• Log every thing to database, don’t rely on logfiles

• This gives you pretty good metrics on your app usage

• On Rails, use around_filteraround_filter :log_access, :only => [:get_discounts, :get_memberships]

• Thirdparty metrics : FLURRY, PinchMedia…

Server side : logging in Rails

def log_access start_time = Time.now yield end_time = Time.now elapsed = ((end_time - start_time)*1000.0).to_int begin # b/c we don’t want to error during logging alog = MemberAccessLog.new alog.client_type_id = client_type_id alog.session = session.session_id …. alog.save! rescue endEnd

Logging & Scalability

• If all your requests are READ-ONLY (from db) it is very easy to scale– Load balancer can route requests to any server– Database can be replicated easily

• Write-bound apps are little tricky to scale

Agenda

• Connectivity• Data format• Secure Data transfer• UDIDs, Keys, analytics• Controlling app from server

Controlling app behavior from Server

Control …

• Apps changes are not easy to ‘get out’– Approval process takes time– Users may not upgrade to latest version

• Server changes are under your control and easy to deploy

• So build in control-switches in the app, that can be directed from server

Control…

• One example: Choosing if you are going to show ads?– show_ads : {none | admob | tapjoy}

Hosting

• Shared hosting is fine, but others might swamp your DB, CPU ..etc

• If you can, get a VPS (Virtual Private Server)– Plans start from $20 / month (SliceHost, Hosting-

Rails ..etc)– You have full ROOT access to the server (install

packages, run CRON jobs ..etc)• EC2 is great (for testing, scaling)

Thanks!

• Sujee Maniyam– s@sujee.net– http://sujee.net

• http://DiscountsForMe.net

• Questions?