360|iDev 2018 Conference Highlights

250 attendees and 41 speakers recently descended upon Denver, Colorado to take part in the annual 360|iDev conference.

360iDev 2018 had much to choose from; running from Sunday to Wednesday, there were six workshops and 34 sessions to choose from. It was easy to find a mix of sessions tailored to your interests — yet hard to narrow down the field of amazing talks and workshops!

In this article, I’ll share my thoughts on the conference and help you sort through all the great presentations to highlight the “can’t-miss” moments from the conference. Let’s dive in!

Keynote – Wired For Connections – Tammy Coron

Tammy Coron felt like an outlier in the early part of her life. Like many of us, she suffers from imposter syndrome. She would often act and speak like those around her, all the while believing that it wasn’t worth another’s time to be friends with her. She identified who she was by mimicking those around her, transforming into style of the group she was with. Driven by self-loathing and the acceptance of others, she couldn’t find her own voice.

However, Tammy tells us that we are psychologically wired to connect with others. Since the early days of man, we have had the need to assemble with others, to hunt and create small groups within an even larger group. To illustrate her point, Tammy shared with us the Parable of the Broken Pot, where even a broken water pot that could not complete its main task of carrying water could still benefit the flowers along the path to the well. The moral is that even a broken pot has value and a beneficial purpose. Finding Tammy’s unique benefits she had to offer the world was a challenge for her.

“Nobody cares about the shoes that you have on, because they are worried about the shoes they have on.” — Elaine Manganello, Tammy’s Mom.

Tammy’s advice is that you need to realize your own worth. Recognize that you are no worse of a person than your friends and colleagues. Make the connections with others, and step out of your comfort zone. Be genuine and celebrate your own value; others aren’t judging you because they are worried about themselves. Collaborate with others; it’s easy to make your own contribution by working with others and not being afraid of what others think of you. Find out what it is that you can bring to your group; extend your hand and introduce yourself. Everyone else in the group is likely just as worried and as afraid as you are.

How I Learned To Stop Worrying and Love Voiceover – Rachel Hyman

In this session, Rachel Hyman set the stage with the basics of accessibility. 1 in 5 people in the United States have special needs, but as a society, we tend to treat persons with special needs as second-class citizens; we react to their needs instead of proactively putting accessibility first. There are affordances around that all people benefit from; sloped corners on sidewalks, closed-captioning on television and eyeglasses to correct vision.

iOS has plenty of built-in features to assist with accessibilty; the most commonly known feature is VoiceOver. This system-wide screenreader is based on the UIAccessibility protocol, which lets you define accessibility traits to indicate the type of object on the screen:, such as strings, links, and even buttons. VoiceOver uses these traits, along with other accessible properties of values and controls on the screen to read out the relevant elements on the screen.

Auditing your accessibility implementation is just as important as the rest of your app testing. The Accessibility Inspector Tool can be used to check your app’s accessibility by running an audit of the elements. Perhaps a hit area is too small, or a label’s value is incorrectly overridden in code. These are the things that are easily missed by developers or testers who aren’t familiar with the challenges of accessibility.

To build empathy with the attendees, Rachel challenged us to take a selfie with VoiceOver. To add to the challenge, we were to triple-click with three fingers and enable Screen Curtain, which turns off the display. Using only VoiceOver assistance to find the camera, flip to the front facing camera and take a selfie, I managed to take the interesting selfie, which you can see above.

Before wrapping up the session, Rachel covered Dynamic Type, which uses type styles rather than fonts to preserve the relative design hierarchy while allowing users to set the font size of their device to something that suits their needs. Starting with a plan for building accessible apps means that everyone ends up with apps that are better-designed overall.

Secrets and Lies – Rob Napier

Rob Napier is a builder of tree houses, hiker, proud father, and sometimes developer. This year’s talk compared security by obscurity against security by design. In 1942, the US Army used Navajo natives to encrypt messages. The Germans, on the other hand, built the Enigma Engine to mechanically encrypt and decrypt messages with shared keys. It’s a well known fact that the Allies cracked the Enigma codes regularity. In comparison, Navajo speakers were able to encrypt messages faster than their mechanical rival, and no Navajo message was ever cracked. The Navajo language was effective because it was not that well-known outside the Navaho community. In this case, the more obscure Navajo language won out over the highly-designed Enigma codeset.

Another interesting example of security through obscurity is the common lock. Invented by Alfred Charles Hobbs in the 1800s, the same lock mechanisms designed then are still in use today. Locks aren’t difficult to pick, and many keys can be simply upgraded to create a master key. It’s this master key that locksmiths use to open your locks when you lose your keys. The lock industry has known about these flaws in locks for hundreds of years. You might think that security by obscurity is not secure at all, but in fact, it’s a very thin layer of security. It’s kind of like the old joke, “I don’t have to be faster than the bear, I just have to be faster than you.”

Rob also covered some tools that he uses to test apps for vulnerabilities, as well as harden the app’s security. Every app on the App Store can be downloaded and scanned for secrets stored as strings inside the app. Simply run the “strings -n 8” command on a file to reveal all the strings in your app. You might be surprised at what you find. Rob also recommends running the Hopper app to see what makes up your app in pseudo Objective-C. 
“Objective-C is a reverse-engineer’s dream”, he tells us.

Obfuscating your code makes it harder to reverse engineer. Rob goes on to suggest some more measures to secure your apps, like making things harder for hackers to find by creating honey tokens for them to find, then watch as they take the bait. Don’t simply use base-64 encoding, which is predictable and obvious; randomize the data instead. Use certificate pinning, and hire a team to help secure your app. You can even try to attack your own systems, since you know the most about them, and if you can get in with your knoweldge, you can be certain that other hackers will find those same holes. Obfuscation is about protecting yourself, not your users. Rob also shared some great resources for beefing up your security, which makes it worth your time to check out this talk.