Saturday, February 22, 2014

Rolling out

Well it is finally out there, published in the play store. There are some interesting bugs bug I am committed to smoothing it out. If you are a fan I appreciate your support, and if you aren't I hope to earn it. The core mission is not yet achieved, but it shouldn't be long.

Tuesday, January 7, 2014

Why I created Hello Wifi.

It was a subtle moment, and since we are creatures of habit it could have easily been missed. We were having board game night that was probably only interesting to adults. A friend's teenage sister was with us and she preferred to watch a movie on her tablet instead. But she couldn't watch anything without the wifi password, and we were in the middle of a game, so she had to wait for someone to give her the password, and in teenage style, suffer.

I thought "there's got to be a better way." I could immediately see clearly all the awkwardness (sometimes social) as we fumble though trying to get access to someone's home wifi. "How do you spell that?" "Wait, which word was capitalized?" And it gets much worse when a 2nd-level social connection is involved.

So the idea to create an app that can help with this small yet common experience was born. I thought surely that if such an app already existed we would all be using it already, but no one had heard of such a thing.

I started out creating Hello Wifi in concept and in prototype, and in a few weeks I discovered there were some apps out there that tried to solve this problem. Taking a look at the 1-star reviews that were posted about them, I came to the same conclusion as the critics: such an app depending solely on Facebook was, essentially, useless. (Why would an app want to limit itself to only the subset of users that are also on Facebook? And yet they brag about it!)

The really cool feature, NFC bumping (Android Beam), certainly can't work in a Facebook-only world and is a huge win for wifi sharing to user's that most likely offline without wifi.

From the outset, I intended to build a service that, if compromised, would be essentially a dead-end for hackers; I was not comfortable with the idea this service might be holding on to peoples' passwords, or any other potentially identifying information. And with the recent revelations about the NSA, Target and Snapchat, how appropriate that I should want to build a service that takes user privacy seriously.

Here's how to take privacy seriously:
  1. If possible, don't store the information at all.
  2. If it has to be retained, but only serves to identify a user or device to the service, apply a one-way cryptographic hash so that only a derivative of the data is stored. A good example of this is a hotspot BSSID or device MAC address
  3. If it has to be stored, but is intended to be viewed by the end user, then encrypt the data specifically for that end user via asymmetric encryption using the recipient's public key, with device-side encryption. This applies to shared wifi passwords, logged IP addresses
  4. Otherwise, as a last resort, if the service requires some user identifying information, that should be encrypted in the database
  5. Disallow API access but to trusted clients
  6. Use very strong hosting service passwords

Friday, January 3, 2014

Entering alpha testing!

After many iterations of icon design, I finally have Hello Wifi entering alpha testing on Google Play. The server is also up at http://hello-wifi.com :)

Wednesday, December 11, 2013

Shouldn't this be a common notification pattern?

When an activity or background task creates a notification on Android, it specifies the Intent which usually refers to an activity that should be opened when the notification is clicked. However, it is surprising that the association between notification and activity is only in one direction. It seems to me that it would be a common pattern for an activity to need to clear notifications that open the activity because the notification may be moot once the activity is shown to the user. Additionally, while that activity is in the foreground, asynchronous background tasks should be able to be prevented from showing any new notification during the time that the activity has the foreground.

To handle this problem, an application of the mediator pattern is needed where the mediator intercepts the creation of the notifications and tracks the foreground state of the activity (or even activity fragment). The mediator may need to be a long-lived service to maintain state and serve all background tasks of any lifespan.

Tuesday, November 19, 2013

What is the MVP?

A wifi password sharing app has to do the following 3 things at a minimum:

  1. Allow sharing (and unsharing) of passwords with friends
  2. Sync updates from the cloud
  3. Show appropriate notifications (especially with a user must take action)
And there are other apps out there that can do variants of these functions. However, the two main ones that I know of have two major flaws:

First, they only support Facebook and I don't know anyone that has a perfect intersection of Facebook friends and people they share their wifi passwords with. There's no reason to limit sharing to any specific social network. Facebook and friends in general are not central to the solution, only sharing is key.

Second, these apps must be storing the passwords as unencrypted clear text in their databases by design, or the passwords are encrypted in a manner that their servers can decrypt for client devices. This is a risky approach, and a lazy design. Only the client devices need to be able to decrypt shared passwords, not hackable servers that only broker between devices.

You should expect better.

Wednesday, November 13, 2013

Make it work right (now)

There's always tension between "make it work right now" and "make it work right". I haven't regretted so far spending more time on the latter and I greatly appreciate tools like Git that allow me to divert and explore different designs with time being the only consequence. Let's move along!

"MVP! Lean!" "But I want to redesign the UI with a modern drawer and cards!"

Monday, November 11, 2013

Hello Wifi...

Building an app from scratch... This is my first Android app idea that I feel has a real chance to be successful, but that of course depends on how success is defined. I define success rather simply as effectively changing the experience of sharing my wifi password with my friends and family and conveniently having access to their hotspots using the app. If I need a broader definition than that I can always change it later.

This app is not as original as I had assumed it to be, but that tells me something about the existing apps out there if my friends and I had never heard of them before. I can tell you that after having evaluated these apps, I would never recommend them to a friend.

I have a lot of vision for what Hello Wifi can become but at the same time I must focus on strictly delivering real value and that means simplifying it to something releaseable. But I won't sacrifice usability or security.