Our BlogTips, Tricks, and Thoughts from Cerebral Gardens

TestFlight Your Apps

You've been working on your new app for ages and it's finally ready for beta testing. Prior to iOS 4.0, it was a considerable pain in the neck to get a build on to your testers devices. You needed to package up your apps and ad hoc profile, send them to each tester, and then they needed to use iTunes to install the profile and app on their device. It seemed like an art more than a science getting an app installed, never mind an updated build later. It was a very clunky system, and it didn't always go smoothly.

With iOS 4.0, Apple made it much easier to install test apps on a device. It's now possible to install profiles and apps without going through iTunes. Using XCode's Build and Archive option, you can create an .ipa file that embeds the ad hoc profile. Just put the .ipa file on a web server, (or your public Dropbox folder), and send the link to your testers. They can install the build by clicking the link in mobile Safari.

You're still required to collect your users UDID's, add their devices to your developer account and create an ad hoc profile that includes their devices.

Last week, TestFlight, a new service for distributing your test builds to your beta testers, went live. TestFlight promises to revolutionize the way developers beta test their apps, and after testing it out for a bit, I'm pretty sure they're going to do just that.

The free service, found at testflightapp.com, allows a developer to invite people to become a beta tester. The tester creates an account through the web site in Mobile Safari on their device, and then they register their device with the system. This process involves installing a configuration profile (different from an ad hoc profile, but listed in the same area on the device's settings). This gathers the device UDID and reports it back to the server. A tester can register more than one device. The tester, and her device(s) then show up in the developer's account. As a developer, you can export the UDID's of all your testers and import them into Apple's iOS Provisioning Portal. One issue I found here though, is that if you attempt to import a file of UDID's that contain a record that you've already added to the Portal, it will reject the entire file, instead of just ignoring that record.

Once you've imported all the new UDID's into the iOS Provisioning Portal, you can update your ad hoc profile to include all of your testers. Then, use it to create a test build of your app. You still need to use XCode's Build and Archive Option, and then use it's sharing wizard to create the .ipa file (all in all, a simple process, more details here: http://iphonedevelopment.blogspot.com/2010/05/xcode-32-build-and-archive.html).

Next, you upload your .ipa file to the TestFlight web site, and select the testers you'd like to notify of the new build. TestFlight emails each of them a link to a page that lets them install the build easily.

TestFlight lets you see how many times the .ipa file was downloaded (though, not by whom for some reason). I had one person delete it from their phone and redownload it, and it counted as another download. So a list of 5 people, with 5 downloads, doesn't really mean they all downloaded it. But it will likely be close.

I tested this entire process with some extremely non-technical people, not one had an issue. They were all able to create their accounts, register their devices, and install my test app with ease.

If you need more beta testers, TestFlight offers a recruitment tool. You can start recruiting random people through Twitter, your web site, or wherever. It's just a link you post. When people sign up to be a beta tester for you, you can accept or reject them based on whatever criteria you like.

Overall, I'm very impressed with the initial service offering TestFlight has. And, remember, it's entirely free (for now) for developers. They are charging for enterprise accounts.

I do have to point out one concern I have with TestFlight however. During my limited testing of the service over the last couple of days, I uploaded a few builds, sent them out to some testers, including myself, and then deleted the builds. When I went back to one of my test devices, I still had the link open in Safari to do the install, for a build that I had deleted in the TestFlight dashboard. So, I tested, and tried to install the build, that should have been deleted. It installed perfectly. This is my concern, because I had deleted the build! Which means, that TestFlight, is not actually deleting the bits of the builds you tell it to delete, it's just removing them from your dashboard. Whether or not you consider this acceptable is up to you (and your personal level of paranoia) . But remember, that when you upload your .ipa to TestFlight, you're letting unknown people view and test your ideas (yes, the TestFlight people can view and run your .ipa files, if they so choose).

If you are concerned, you can use Hockey to manage your beta installs. It's not as easy to manage as TestFlight, but you con trol everything on your servers so it's arguably more secure.

You can even mix and match some of the TestFlight features (UDID collection, recruitment etc), and then deliver the actual builds via Hockey.

Paranoia aside, TestFlight is excellent so far, and will change the way you deliver your test builds to your testers. Down the road, they plan to support additional features, such as adding analytics so you can view what your testers tested and for how long.

Dev Tips & Tricks

Today I'm going to cover some useful tips and tricks. These are presented in no particular order, and are pretty much unrelated to each other. Hopefully you'll find some, or all of them useful.

1. Regarding the upcoming iPad 2

Reports are starting to surface that the next version of the iPad will support a retina type display. Apple will no doubt repeat what they did with the iPhone 4 and double the resolution (4 times the number of pixels). This makes it easy to support old apps on the new device by employing pixel doubling.

But, you can start preparing for this now! For every iPad image you use, include a higher resolution (double sized) image with the @2x suffix. And for icons, include a 144x144 (double 72x72) icon. I've included a 144x144 icon in all my iPad apps since the iPhone 4 was announced, betting on Apple doubling the iPad resolution. It's cheap to do, and if the predictions are wrong, there's no harm in having an unused icon.

As a sub tip, you should include the following sizes for your icons: 144x144, 114x114, 72x72, 58x58, 57x57, 50x50, 29x29

2. self.var vs var

In your classes, when use the following syntax:

DWClass.h

@interface DWClass : NSObject {
    NSObject *myObject;
}

@property (nonatomic, retain) NSObject *myObject;

DWClass.m

@synthesize myObject;

You're telling the compiler that your new class DWClass will have a property called myObject, and that it should create setMyObject (setter) and myObject (getter) methods to access that property. And that those methods should handle your retain/release cycles for you. Any other objects that need to interact with your myObject property, will do so by like this:

dwClass.myObject // (assuming dwClass is an instance of DWClass)

And this will actually call the appropriate setter/getter for the myObject property, which in turn interacts with the myObject instance variable of the dwClass.

Inside the DWClass however, you can access the property like this:

self.myObject

And the same setter/getter methods are used.

Inside the DWClass, you can also access the myObject instance variable directly just by referencing it. DO NOT do this. If you do that, you're not using the setter/getter methods, which means you're not automatically handling the retain/release calls. This is a surefire way to create hard to find bugs in your code. Plus, there are other problems with doing this. If down the road, you need to do something special whenever that property is accessed or updated, so you ditch the @synthesize and create your own setter/getter methods, you're now going to miss even more than the retain/release calls, you're going to miss whatever else you've added.

This entire tip also applies to non-object properties. Even if you're using a standard int as a property, always use the self.variable syntax to access it. It's just good practice and will save you headaches down the road.

3. Keeping your secrets, secret

Often when you're accessing other services, Twitter, Dropbox, your own servers etc, you may need to store passwords, API keys, etc in your code. It's dead easy to just have a constant like this: @"MySuperSecretKey" and be done with it. If you do that though, you may as well post the secret on your web site for all to see. Since, it's trivial for a bad guy to extract your secret from the compiled code they download from the App Store after your release. This is a bad thing. In the case of Twitter for example, some spammer could put your secret key into a rogue app that spam blasts users. Every one of those tweets will say it was sent by your app, and your legit app will be blocked pretty quickly. Your users will be locked out until you submit a fix and have it approved by Apple, say goodbye to two weeks of sales, not to mention, all the bad reviews you'll receive for selling a non-functioning app.

So, keep your secrets secret, use some encryption inside of your app to encrypt your keys etc. It doesn't have to be complex as the bad guy usually just looks for low hanging fruit (unless they are specifically targeting you). You can use one of the many encryption libraries available, or even roll your own if you're so inclined.

4. Ensure the App Store knows you support multiple languages when you do so

This tip comes from a mistake I made in version 1.0 of the Cruze app. The app supported English and French from the get go, but it was done by detecting the language of the user via code and loading the correct set of files for the primary language. This worked great and was way less work than using Apple's recommended method of localization for every nib etc.

One problem though, once the app was released to the store, the only supported language listed in iTunes was English. Because I used my own language detection iTunes Connect didn't detect French. I fixed this in 1.5 by using Apple's localization on a small dummy text file. One that I don't actually use for anything in the app, but that is enough to trigger the language detection tools Apple uses.

Update: see Ovogame's comment below for an even better way to fix this issue.

5. AppName_Prefix.pch

There's a file in your XCode project named AppName_Prefix.pch (where AppName, is your app's name). This file is included at the top of every source file in your project. It's a great place for you to store any constants you need across your app.

6. A Better NSLog()

A common method of debugging is to add NSLog() calls throughout your code. The messages are echoed to the screen as the code runs and you can see what's happening, giving you hints as to what's causing bugs. When you're finished however, and you want to do your final build, all of those NSLog() calls remain in your final build and all of those strings are available for anyone looking through your binaries to see. Who knows what secrets you might disclose.

Instead of using NSLog(), I use DebugLog(). This is a tweak of a function I’ve seen others use, based on the answer here: http://stackoverflow.com/questions/300673/is-it-true-that-one-should-not-use-nslog-on-production-code.

Add this to your AppName_Prefix.pch file:

#ifndef DebugLog
#ifdef DEBUG
#define DebugLog( s, ... ) NSLog( @"<%p %@:(%d)> %@", self, \
	[[NSString stringWithUTF8String:__FUNCTION__] lastPathComponent], __LINE__, \
	[NSString stringWithFormat:(s), ##__VA_ARGS__] )
#else
#define DebugLog( s, ... )
#endif // DEBUG
#endif // DebugLog

Now, replace all of your NSLog() debugging statements with DebugLog(), and define DEBUG in your debug configuration (sub tip 2: go to your Project Info, Debug configuration, search for Preprocessor Macros, add DEBUG).

After this, use DebugLog() all you like, and the strings are skipped over in your Release and Distribution builds. You also have the added bonus of having the function name and line number included with all debug statements now, making it clear what's generating the messages.

7. *.dSYM files

Whenever you build your app, XCode will output the *.app files, as well as a *.dSYM file. For Debug and Release builds, you can just toss/ignore the *.dSYM file. But for your distribution build, that you're going to submit to the App Store, make sure you keep the .dSYM file. You'll need this later, to analyze crash reports. I'll go into more detail on this in a later post, just know you need to keep the files. For the impatient, you can read more on this here: http://www.anoshkin.net/blog/2008/09/09/iphone-crash-logs/

8. Push Notification Certificates

If you have an app that uses push notifications, you need to generate a certificate with Apple, one of the first steps, is to create a Certificate Request file (CertificateSigningRequest.certSigningRequest), that you send to Apple. Keep this file. When your certificate expires, you'll need to request a new one. You can reuse the same Certificate Request file and skip the first few steps.

9. [object release]; object = nil;

With NSObjects, when you're done with them, you call release to reduce the retain count and let the system know you no longer need it. When that retain count hits 0, the system free's the object and releases the memory allocated back for use later.

It is common practice, to set the object to nil after you call release. This prevents a possible crash later, if you attempt to call a method on an object that has been freed. That's because if you try to call a method on a nil object, the system just ignores it, no error, all is good (or is it). If you don't set the object to nil, then it will still point to the memory address that was allocated for that object. There's a chance that object is still there (if something else was using it and increased the retain count for example). In that case, calling a method on that released object, will still work. But if that memory had actually been released calling the method would cause a crash.

This is why developers often set the object to nil, to prevent that crash in the case of a bug. But, this doesn't fix the bug, it just hides it from you. So, I subscribe to the second school of thought you shouldn't set the object to nil. If you have a bug, let the app crash while you're developing and you'll be able to find and fix that bug. When you no longer have any crashes, you'll know you're (closer to being) bug free, and that you haven't just masked your bugs.

Open Source, the GPL, and the App Store

I am a believer in the idea that a large subset of humanity enjoys helping one another to be successful, and that they become better themselves in the process. One way this occurs is with the Open Source movement. People that write software not for the profit that can be made with the software, but to give it away so that others can use it, as an end product to accomplish a task, or even to use as part of another project. This enables the next person to get a jump start on what they're working on in order to become successful faster than they would have been if they'd had to start from scratch.

Ideally the next person becomes a link in a chain so that others can benefit from their work and become successful themselves. Everyone does their part and everyone benefits.

Not all Open Source products are equal however. Just because someone releases their code as open source, doesn't mean you can do whatever you want with it. There is always a license of some sort attached to the code that governs what you're allowed to do. The Open Source Initiative site lists 67 different licenses that they've approved as meeting the existing community norms and expectations of what an open source license should be. Before we go any further, let me clarify that I am not a lawyer, I don't even play one on TV. So you should always consult your own legal council when dealing with legal matters.

Of all of the open source licenses, there are a few that are used more than others. The GNU General Public License (GPL), the Apache License, BSD License and the MIT License are the most popular. The latter 3 are very similar and impose the least restrictions on users of the code they license. The GPL imposes some very specific implications on users of the code it licenses and is the reason I'm writing this article today.

In simplified terms, the Apache, BSD and MIT licenses allow you to use the code they cover in other products and allow you apply a license of your choice to the new product. It doesn't have to be an open source license and so you're not required to provide the source of your product to others. You do have to include the appropriate copyrights for the source you've used that was created by others, and you do have to accept the fact that the source is provided to you AS IS, that there's no warranty of any kind given by the original creators of the code you're using.

The GPL however forces you to use it as the license for your new product. In this way, it has been described as a virus license since it effectively reproduces itself onto your product, and limits what you're allowed to do with your product. That is, you're forced to release the source code of your new product, and you must allow others to redistribute your product for free, in both source and object code. The philosophy behind this is that if you're benefiting from the work of others, you should be forced to share your work in the same way so that others can benefit. These restrictions make the GPL incompatible with the App Store, which means, as an iOS developer, you should avoid using any code that is covered by the GPL.

The reason that GPL code is incompatible with the App Store is the requirement that someone receiving the product be able to redistribute that product to someone else. Since all apps in the App Store have Digital Rights Management (DRM) applied to them, users are unable to directly share the apps with others. Because a developer is unable to give that right to the user, they are effectively barred from distributing their app through the App Store.

Just yesterday, this became an issue on the App Store as the popular app VLC was pulled by Apple due to complaints that it's presence on the App Store was a violation of the GPL. Even though the app was available for free, and the source code to the app was made available at http://git.videolan.org/ for anyone that wanted it, the DRM issue overrules and thus, no VLC for you.

As a user this is disappointing since the app allows you to play media files that no other app on the App Store, or built into iOS devices can play. But as developer, this is extremely alarming and should cause you to audit all the libraries you've used to ensure none are covered by the GPL, else your apps could suffer the same fate as VLC.

What's most disturbing about all of this, is that it seems as though, this is really just a silly technicality. The fact that a user is unable to share the exact binary they downloaded from Apple doesn't mean they can't share the app with a friend. The user can share the app just by sharing the iTunes link to the download (which is free), or alternately, provide the full source code. So the spirit of the GPL is still possible with the App Store, just not the letter of the GPL.

It would be possible for the Free Software Foundation (creators of the GPL) to release an updated version of the license to make it compatible with the App Store, but since they feel that all DRM is inherently evil, it's unlikely that will ever happen. Arguably, it might be possible for Apple to make DRM optional for certain apps, but that would require fundamental changes to the iOS architecture and might introduce security holes that make it easier to pirate apps. I don't see either side making any compromises here so your best bet, is to just avoid all GPL code and find (or create) alternatives that are licensed under the Apache, BSD, or MIT licenses.

Discussion - Reducing App Store Piracy

This week, I'd like to throw something out for discussion. These are ideas that have come up in the course of real life discussions with other app developers. I need to preface this by saying that I have not implemented any of these ideas, and that I'm only putting the ideas out there to encourage you to think about and discuss alternatives.

It surprises me that in an ecosystem of 99 cent apps, piracy rates are still incredibly high. For this article the assumption is that as an iOS developer, you are able to detect at runtime, if your app has been pirated. There are multiple ways to do this, but the technical details of which are not required for this article so I'm going to skip them.

One of the requirements to install a pirated version of an iOS app on a device, is that the device needs to be jailbroken. If the device has been jailbroken, then certain security features will have been disabled. This makes it possible for apps to do things on the device, that Apple doesn't allow under normal circumstances.

This means, that a normally well behaved app, could be made to 'go rogue' when it detects that it has been stolen by the user. For instance, a stolen version of your app, could make a phone call to a charge per call phone number that charges the cost of the app to the users phone bill, therefore recovering the cost of the app for the developer. Similarly, the app could send a premium text message out, also charging the cost to the user's phone bill.

Now, I'm not proposing that you actually build this into your apps, as it's almost definitely the wrong way to go about building up your business1. As iOS developers, is it not part of our job to educate users on the dangers of using pirated apps? The above ideas can be used in the same way we've warned against pirating desktop apps due to the dangers of viruses and other malware. Common users should be encouraged to live in Apple's walled garden as is indeed a great place for users and developers to be.

1 A user that has pirated your app is still a potential customer and needs to be treated as such.

Discussion - Apple's App Store Policy Against Name Squatting

Today I'd like to discuss Apple's recent policy change with regard to app name squatting. If you're unaware of the policy, Apple says you must now submit your binary for an app within 120 days of reserving the name. If you don't submit a binary, you'll receive warning emails with 30 and 7 days remaining in your 120 day grace period. At the end of 120 days, if you still haven't submitted a binary, the app is automatically deleted by iTunes Connect and you're forbidden from using that app name again in the future.

The idea behind this policy is likely to prevent the ridiculous name squatting environment the exists with domain names. Personally, I don't believe that Apple has come up with a great solution to the problem though. 120 days isn't long enough for an independent developer working in his/her spare time to create a good quality app. And there's a known work around anyway1, that just forces you to do an extra 5-10 minutes work per name to reset the 120 day count. So what has been accomplished? It makes it awkward for someone to register a tonne of app names and just sit on them, since the 5-10 minutes add up fast.

I propose that there is a better solution. Instead of an arbitrary time period to submit an app, why doesn't Apple limit each developer account (that is, per $99 fee), to an arbitrary number of incomplete apps. Lets say 10 for example. In my hypothetical world, you can squat on up to 10 names for each $99/year. Making app names cost about $10/year, similar to domains. But the domain ecosystem is a disaster you say. Well the difference is that with domains, there's a whois database. Everyone can find out who has registered a domain, and contact them in order to generate a sale. There is no current way to find out who has reserved an app name, and thus no way to buy the rights to a name. Which means, there is no market for buying and selling app names; crazy domain name ecosystem averted. The only people reserving app names will be those who plan to use them.

I'm sure there are problems with my proposal also, or that you have an even better solution. Please add to this discussion here.

1 Rename the app that's about to expire to some gibberish, and recreate a new app with a new SKU and the original name you're reserving. Credit: Daniel Jalkut