This Is Phishing

Password managers can help you identify when you’re on the site you want, or might be somewhere you do not intend. By comparing the url of the site you’re on, to the urls saved in the password manager, the password manager can indirectly alert you to a suspicious situation.

Here’s an example. In the Robinhood app (which registers on iOS as, you are prompted for a Wells Fargo account and password.

This sure looks a lot like Wells Fargo, but the password manager (Dashlane) tells you it detected that you’re actually entering this information on

If you ever find yourself in a situation where your password manager credentials don’t match or don’t autocomplete on a site where you expect they should, it should set off all sorts of alarms in your head.

This is not the login page for the site you think you’re on.

So then why does Robinhood make it seem like you are entering your information on Well Fargo?

In this case, the app is not trying to steal your bank information (or so they say), instead, it’s trying to help you log in quickly, so you can get back to using the app as soon as possible.

Robinhood, like many other financial apps, uses a service called Plaid (owned by Visa) to sign in to your bank accounts. Plaid touts itself as “The easiest way for users to connect their financial accounts to an app”. Incidentally it’s also the easiest way to condition people to fall for phishing schemes.

“Secure and private”, or “encrypted transfers and no access by Robinhood”, boils down to you trusting Plaid with your financial account information.

Is using Plaid any worse than sending your bank account and routing numbers? Well, at least you can change your password easily enough after giving your old one to Plaid. Changing a bank account is a bit more cumbersome.

Just be aware, the same tricks Plaid is using to make you think you’re logging into your bank can be used by more nefarious actors. And if you’re not using a password manager to help you recognize these tricks, you just might fall for one.

Stay safe. Wash your hands. Wear a mask. And use a password manager 🧼

News Feed

Location Data Privacy in Apps

The New York Times released a report (with some fancy graphics) detailing location data use by apps for advertising, outside the main purpose of the app. Only 10 apps were covered in depth, but the findings reveal how some advertising companies aggregate location data from apps.

Articles Books Review Thoughts

Week in Review – October 8, 2017


Fahrenheit 451 by Ray Bradbury

Thich Nhat Hanh via Lion’s Roar

Teach tech with cartoons by Julia Evans

Why We Contradict Ourselves and Confound Each Other with Daniel Kahneman via On Being (listen)

On Overuse of Technology

Follow Cal Newport. He lead me to Jony Ive’s talk at the New Yorker Tech fest. Here’s the transcript

Jony Ive’s thoughts on Focus

I tend to be so completely preoccupied with what we’re working on at the moment. That tends to take the oxygen. Like any tool, you can see there’s wonderful use and then there’s misuse.

This isn’t a new phenomenon that we have to exercise a modicum of self-control to try and find the right balance. I do think sometimes, it’s just nice to have space. I think we fill space because we can and not because we should.

If I get to sit down for two hours with one of the world’s best silicon chip designers, I could not be happier. And what connects us is a curiosity, and also sort of sense of the authentic pursuit of excellence.

The art of focus is even if it is something you care passionately about, focus means ignoring it, putting it to the side. And often, it’s at real cost. And [Steve Jobs] was remarkable at that. And there have been a few occasions, a few periods where I felt have achieved that focus, and it’s a little eerie. You do have a sense — boundaries before impedance, before that seems insurmountable, seems trivial. And it takes so much effort and is exhausting to sustain, but all of the good things we’ve done have required that sort of focus.

If you’re going to do something new that means that the reason it has not been done before is that is there’s 55 reasons why it hasn’t been done before. And so you have to be so focused and so resolute, and in some ways almost blinkered, but you have to be so determined, but then you have to move between these two behaviors that are almost on the polar opposite.

I am confident that the mistakes weren’t born from laziness or some self-satisfied belief that it’s inevitable that they will be successful. I think we’re bunch of very anxious, worrying individuals who generally assume it’s not going to work unless we can prove otherwise.

Smartphone habits and addiction transforming into information dystopia

via The Guardian

This is classic Nir Eyal

One morning in April this year, designers, programmers and tech entrepreneurs from across the world gathered at a conference centre on the shore of the San Francisco Bay. They had each paid up to $1,700 to learn how to manipulate people into habitual use of their products, on a course curated by conference organizer Nir Eyal.

His book Hooked: How to Build Habit-Forming Products is a recipe book to shows how to game human psychology to get people addicted to your product, or as he puts it:

“Just as we shouldn’t blame the baker for making such delicious treats, we can’t blame tech makers for making their products so good we want to use them,” he said. “Of course that’s what tech companies will do. And frankly: do we want it any other way?”

But there is a line between solving a problem through satisfying a need and engineering products for more usage. Read Don Normans’ The Design of Everyday Things instead.

And push notifications, turn them off:

Brichter says he is puzzled by the longevity of the feature. In an era of push notification technology, apps can automatically update content without being nudged by the user. “It could easily retire,” he says. Instead it appears to serve a psychological function: after all, slot machines would be far less addictive if gamblers didn’t get to pull the lever themselves. Brichter prefers another comparison: that it is like the redundant “close door” button in some elevators with automatically closing doors. “People just like to push it.”

Sometimes psychology can make boring situations a little more convenient, even elevator rush hours and grocery store queues.

On the Open Office

Open offices are overrated via Vox

The idea is worth executing well because it matters too much to stop trying to fix it. By that we mean the 40 hours a week, the 8700 hours, the nearly 10 full years of your life you spend inside the four walls of one room.

The Office Gets Remade Again via NY Times

Salesforce’s new skyscraper campus in San Francisco, for example, has areas on every floor for meditation, partly inspired by the teachings of Thich Nhat Hanh, a Buddhist monk.

Create things so others can create

Getting to the Future Faster from Exponent

The conversation starts with a discussion on long term thought development via writing on a blog instead of cementing a momentary mindset in a book. In a blog, the audience can learn and grow with the author, while the author can support writing with a subscription business model. They move into universal basic income, single person businesses with an audience of 100s and Etsy as a model for unlocking creative potential of people across the world. Also, Instagram and YouTube stars are entrepreneurial in a job that did not exist five to ten years ago. How can we build technology that enables more people to create?


The Ethics of Ad Blocking

By including content blockers in iOS, Apple now allows developers to build ad blocking apps for mobile Safari. But more importantly, Apple has started a conversation about the ethics of ad blocking on the web. After only a few days Apple has (inadvertently?) pushed the topic into the limelight. With the advent of content blocking apps, people show they are willing to pay a some amount of money to block ads.

iOS 9 Ad Blocking Apps
Marco Arment’s Peace was the top app at $2.99 (now it’s gone)

But when users pay, to whom should the revenue go? Solely to the developer of the ad blocker? Or shared amongst the developer and web content producers? Sharing revenues is easier said than done, but for online publishers who make a living off advertising, cutting ad revenue is a serious detriment to their livelihood.

No Ad Blocking on
But the appeal of this site just feels great…

Ad blocking offers not only an aesthetic improvement, but also a considerable performance boost in both web page load time and data usage. For those on mobile web browsers (such as Apple’s safari), cutting out web tracking and advertisements can extend the life of a constrained mobile data cap.

Regardless of their reasons, people want a fast and focused web experience without any distractions. Maybe its time for a different advertising model, or a brand new way to monetize the web. Let’s see where the conversation progresses.


App Store Submission Tips and Tricks

I recently submitted my first iOS app to the App Store and spent quite a bit of time searching ways to navigate some of the less intuitive parts of Apple’s submission process. Tons of guides walk through step by step, this is meant to help fill in the gaps.
For those looking for a overview, start with this great tutorial and come back to this post for more info.

Development resources

There are a lot of great resources to learn about Objective-C, Xcode, and app design. Here are a few to get you started:

While learning, if you see a piece of code I think I need to incorporate, copy it into an open space your program, but re-type it in the correct location. This saves the hassle of alt-tabbing between windows or looking back and forth, but gives you the opportunity to gain the muscle memory of typing the code. Just make sure you actually type the code!

Sign up for an Apple developer account. The account costs $100 a year but is needed for testing on actual devices and then submitting to the app store.

iTunes Connect vs Apple Developer

Use the same email for both

One email can be connected to multiple Apple Developer accounts, but iTunes Connect is limited to one email per account. However, using two different email addresses can cause issues when submitting app from Xcode to Connect. Xcode checks if the Developer and Connect account email addresses match, rejecting submission if they are different. So save yourself the trouble now, and use the same email for both Apple Developer and iTunes Connect.


If you have a Gmail address, you can add a “+” to the end of your address to create a “new” email that will send to your original account. For example, say your email is [email protected] You can append “+dev” to create [email protected] This address will still show up in your [email protected] inbox, but Apple (and other sites) will see the modified version as a completely different email address.

Switching to a Team

Follow this link to the Apple developer team support page and scroll to “If I am enrolled as an individual, can I change to a company membership?” (Yes!). From there, send a message to Apple explaining you wish to transfer your account.

There is about a seven day process of switching a person account to a company account. If you are on a deadline, make sure you start this soon. Changing will also require the DUNS number to identify your company.

Once the team developer account is set up, you need to add members to both the Connect and Developer accounts for the company.

Uploading to iTunes Connect

Hooray! So all the accounts are set up and you are ready to upload version 1.0 of your app! You log onto Connect, hit the “+” and are greeted with this screen:

New iOS App Information ScreenshotName

Unless you app name is in Esperanto, there is a good chance someone already tried to register the app under the same name. Take a look a the App Store, many apps have a small tagline at the end of the actual name. If your app name is already taken, you can try this naming convention for the App Store page:

Gmail iOS App Store Screenshot

Don’t worry, the name shown under the app icon will stay the same, this name is for the store purposes only.


Should match the version number of your app in Xcode.

Primary Language

Main spoken language used within the app. Used in tandem with the localization settings of your app (or Swahili).


The SKU number can be just about anything. Using the date format YYYYMMDD is common.

Bundle ID

The Bundle ID can be found in Xcode by navigating to Project > General, but to enter the ID here, you must register your app within the Apple Developer site. Here are some links to help with the process:

  1. Distributing iOS app with iTunes Connect (Part 2 – App ID)
  2. Configuring Your Xcode Project for Distribution (About Bundle IDs)


Generating buzz is of utmost importance when releasing a new app. There are many sites designed with the sole purpose of boosting awareness for upcoming apps. For those with grand business ambitions, BetaList focuses on discovering the next big startup. Apps featured on BetaList are often multifaceted with online and mobile components. For fun and entertaining apps, PreApps is the place to go. Mr Jump is a great success story from PreApps, generating over 5 million downloads in the first 4 days, but the site works just as well for any app looking to gain some traction.

App Store Prep

App Todos

Ensure your app adheres to all of the App Store Review Guidelines. The list is quite long, but read it carefully. Violating even one guideline will cause your current app build to be rejected. The most common reasons for rejection are summarized here.

Store Page Todos

To take a screen shots of your app, hit Command-S while running the device simulator in Xcode. With screenshots in hand, check out sites like Davinci Apps and to easily add a caption and display the app screenshots on an iOS device.

Connect Todos

1. US Export Compliance (iTunes Connect Question “Does your product contain encryption?”)

To ensure your app is compliant not only with Apple, but also the US government, it is crucial to understand the encryption technologies used in your app. Here is a link from the Bureau of Industry and Security regarding encryption. There seems to be a bit of confusion surrounding the correct process:

  1. Does my application contain encryption (StackOverflow)
  2. What constitutes encryption for the purpose of export compliance (StackOverflow)
  3. Using SSL in an iPhone app export compliance (StackOverflow)

However, a commonality is if you think your app includes encryption, whether you wrote it or not (including https and SSL), you should select “Yes” for the export compliance question and provide your ERN (Encryption Registration Number) when you submit your app.

This post from a few years ago explains the situation well, and walks through the process of obtaining an ERN for your app (the link from step one does not work).

2. Advertising Identifier (IDFA)

Some 3rd party SDKs (such as Facebook) use the IDFA, so check with any 3rd party code before you answer this question. Otherwise your app may be using the IDFA without you knowing, resulting in Apple rejecting your app submission. As an example, if you are using the Facebook SDK to track app installations, select the second checkbox attributing use of the IDFA for app installs.

App Store Submission

Review takes about a week (7-8 full days). You can check the average app store review times, but once your app is taken from the “Waiting for Review” queue, Apple reviews the app extremely quickly.

In special circumstances, if you need your app to be reviewed faster, you can ask for expedited review. Apple is not guaranteed to grant expedited review, and they only make a one-time exception.


Carefully read over Apple’s reason for rejecting your app. This can be an infuriating process, but try to stay calm. Make sure you adhere to the app store guidelines (you read through this earlier, right?), and fix the issues  outlined.

Ready For Sale!

Green light! Time to release! Not quite yet.

Make sure you have some buzz around your app. This part is tough, but the right marketing strategy can make or break the success of your release! Hopefully PreApps and BetaList worked to generate some interest, but now is the time to recruit as many people as possible to help spur initial launch popularity. Make a Facebook page, Twitter account, try to contact some websites catering to your target market, and let your friends and family know! Product Hunt is a great site, but good luck grabbing an invite and being featured. And hey, don’t forget to let me know! Comment with any apps you released after reading this post!


If you made it this far and enjoyed the post, please consider checking out the app my team has been working on. Cele (“celly”, say it correctly…) is an for app iOS and Android that lets you know of daily quirky national holidays and suggests the most fun ways to celebrate.

Get it here! For iOS and Android.