Get Off My Lawn: a New Way to Control Access to Your App

Security plays an important part in releasing an app on Parse, and Access Control Lists (ACLs) are one of the most powerful ways to secure your app. As Bryan mentioned in part III of his security series, “If you have a production app and you aren’t using ACLs, you’re almost certainly doing it wrong.” In that blog post he examines how to create and save ACLs in code. Another effective way to create and manage ACLs is through the data browser, and today that is much easier with a new and improved ACL editor. The data browser is already one of our most popular and most frequently used tools, and now you can also use the data browser to easily edit and manage your app’s ACLs.

An ACL is essentially a list of users that are allowed to read or write a Parse object. For example, let’s say your social networking app has a Post object, and you want the user who created that post, jack, to be the only person who can see it. You would then create an ACL on that object and give Jack read permissions. By default, ACLs are public read and write, so to add an ACL on Jack, first uncheck public read and write, and then type Jack’s username into the ACL editor. Each step is shown in the new editor, along with the equivalent code in iOS.

Screenshot 2014-10-20 19.48.56

PFUser *jack = [PFUser currentUser]; // username "jack"
PFObject *post = [PFObject objectWithClassName:@"Post"];
PFACL *acl = [PFACL ACL];
[acl setReadAccess:true forUser:jack];

Now Jack’s post is private, and Jack is the only one who can see it. But nobody has write permissions on the object, so its fields can only be changed by using the master key. What if Jack wants to edit his post? To allow this, you need to give Jack write permissions in the object’s ACL.

Screenshot 2014-10-20 19.49.00

[acl setWriteAccess:true forUser:jack];

Now Jack can both see and edit his Post object. But what if Jack wants to share his Post with his friend jill? Right now Jack is the only user with read or write permissions on the object. You want to allow Jill to be able to see the post, but you don’t want her to be able to edit it. Therefore you need to add read permissions for Jill on the ACL.

Screenshot 2014-10-20 19.49.08

PFUser *jill; // username "jill"
[acl setReadAccess:true forUser:jill];

Jack and Jill can see the post now, and Jack is the only person who can edit it. But maybe you want to be able to make sure the content of Jack’s post is appropriate, and so you want a group of administrators to be able to see the post, and to delete it if something is wrong with it. Once you’ve assigned these users to a Role named admin, you could add permissions on that role to the ACL. Given that delete is included in “write” permissions, you would check both read and write in the ACL editor.

Screenshot 2014-10-20 19.49.15

[acl setReadAccess:true forRoleWithName:@"admin"];
[acl setWriteAccess:true forRoleWithName:@"admin"];

What if Jack wants to publish his post publicly? Now you want to give the post public read permissions. Simply check the read checkbox in the public permissions row at the top of the editor, and anyone can now see the post.

Screenshot 2014-10-20 19.49.18

[acl setPublicReadAccess:true];

Notice that all of the users and roles in the ACL now have read permissions checked automatically. That is because you have enabled public read, so anybody can read Jack’s post. But public write is still disabled, so the only users who can edit the post are Jack and all users that belong to the admin role. Click “Save ACL” and now your post object will have all of these permissions set, summarized in its cell by “Public Read, 1 Role, 2 Users”.

Screenshot 2014-10-20 19.53.15

post.ACL = acl;
[post saveInBackground];

An undefined ACL acts the same as an ACL with public read and write permissions enabled, so when you first click on a cell without an ACL defined, the editor will show the public read and write boxes checked. To add private permissions on a role or user, you must first uncheck public read and/or write.

Screenshot 2014-10-20 15.02.30

We are excited to give Parse users a fresh, simple way to add and manage ACLs in the data browser with the new ACL editor. Go try it out, and as always, let us know what you think!

Jamie
October 21, 2014

Health & Parenting’s Apps Top the Global Charts With Parse

Pregnancy+

In just over two years, Health & Parenting has hurtled to the top of the charts with its global hits, Pregnancy+ and Tiny Beats. As a team, Health & Parenting is focused on creating high-quality, innovative apps for new parents. Among its growing suite of products, Pregnancy+ and Tiny Beats are its flagship apps—Pregnancy+ is one of the most popular pregnancy apps in the world with over 2 million downloads per year.  The app and its rich content has been translated into seven languages and is available across countless platforms including the App Store, Google Play Store, Windows Store, Amazon App Store, and more. Tiny Beats, a fetal heart rate monitor app, can be found in fourteen languages and has maintained a consistent spot in the top five rankings of the Medical section of the App Store.

With the use of Parse, the Health & Parenting team has been able to scale their family of apps to reach countless countries and to operate across a wide variety of device platforms.  Parse is used comprehensively–from the sign up process to cloud storage to push notifications and more.  Parse Core is used to securely store app data, enabling users to seamlessly sync their activity across multiple devices, and to restore their information if a device is lost or accidentally wiped.  Using Parse has provided many benefits for the Health & Parenting team and their user base.  As John Miles, CEO, notes:

Parse has been quick and relatively easy to integrate.  On an ongoing basis, the dashboard gives us clear visibility of our customers’ engagement and retention.

The team’s favorite aspect of using Parse is the Parse Push product.  Given the intertwined nature of their apps, many customers of the Pregnancy+ app would gain much value from the Tiny Beats App.  Knowing this, the Health & Parenting team utilized Parse Push to announce the launch of Tiny Beats to all existing Pregnancy+ customers.  In just a single weekend, Tiny Beats then soared to number seven overall in the paid UK App Store.  By using Parse Push, Miles found he was able to engage with customers more intimately than ever before:

Specifically the segmentation of who you’re about to push to, and being able to preview how they will see the notification on their device have been our favorites parts of using Parse Push.

Pregnancy+ and Tiny Beats are available for download across platforms.  Find both apps and discover the rest of the Health & Parenting suite of apps here.

 

Nancy Xiao
October 17, 2014

Introducing Bolts for Parse SDKs

Bolts Framework

Earlier this year we introduced the Bolts Framework, a set of low-level libraries to make developing mobile apps easier and faster. One of the core components of Bolts is Tasks. Tasks brings the programming model of JavaScript Promises to iOS and Android.

Today, we are proud to open an entirely new set of public APIs with the new versions of our iOS, OS X and Android SDKs. Inside this release you will find that every method that was once intended to be asynchronous now has a Tasks-based counterpart. Organizing complex asynchronous code is now much more manageable in addition to being easier and faster to implement.

For example, here’s how you can find posts, mark them all as published, and update the UI on iOS:

PFQuery *query = [PFQuery queryWithClassName:@"Post"];
[query whereKey:@"published" notEqualTo:@YES];
[[query findObjectsInBackground] continueWithSuccessBlock:^id(BFTask *task) {
  NSArray *results = task.result;

  NSMutableArray *saveTasks = [NSMutableArray arrayWithCapacity:[results count]];
  for (PFObject *post in results) {
    post[@"published"] = @YES;
    [saveTasks addObject:[post saveInBackground]];
  }
  return [BFTask taskForCompletionOfAllTasks:saveTasks];
}] continueWithExecutor:[BFExecutor mainThreadExecutor] withSuccessBlock:^id(BFTask *task) {
  _postStatusLabel.text = @"All Posts Published!";
  return task;
}];

And here’s how it looks on Android:

ParseQuery<ParseObject> query = ParseQuery.getQuery("Post");
query.whereNotEqualTo("published", true);
query.findInBackground().onSuccessTask(new Continuation<List<ParseObject>, Task<Void>>() {
  @Override
  public Task<Void> then(Task<List<ParseObject>> task) throws Exception {
    List<ParseObject> results = task.getResult();
        
    List<Task<Void>> saveTasks = new ArrayList<Task<Void>>();
    for (final ParseObject post : results) {
      post.put("published", true);
      saveTasks.add(post.saveInBackground());
    }
    return Task.whenAll(saveTasks);
  }
}).onSuccess(new Continuation<Void, Void>() {
  @Override
  public Void then(final Task<Void> task) {
    mPostStatusTextView.setText(String.format("All Posts Published!"));
    return null;
  }
}, Task.UI_THREAD_EXECUTOR);

As you can see, there’s a lot of advantages to this approach when it comes to branching, chaining tasks, parallelizing across multiple threads, and handling complex errors.

We are really excited about this release and would love to hear your feedback. Let us know what you think!

Nikita Lutsenko
October 15, 2014

Cubefree by Citrix Labs Unleashes New Possibilities for Mobile Workers With Parse

CubefreeWith the release of each new mobile device into the global market, there is an ever-increasing need to be able to work collaboratively at any time through these tools.  Citrix Systems creates solutions that enable people to communicate at any time, from anywhere, on any device.  Now, with their new Cubefree app, this collaborative work experience can become even more intimate and effective than ever before.

Cubefree is a Citrix Experiment that helps mobile and remote workers find great places to work together beyond the cubicle.  It is the first community targeting mobile and remote workers so that they can easily connect with and assist each other.  Available on iOS in addition to a lightweight HTML 5 version, Cubefree uses Facebook and Parse to power many key parts of their app, from inviting new users to engaging existing users and more.

Originally an idea submitted to the Citrix Connect 2014 Innovators Challenge, Cubefree won “Best Overall Idea,” then turning to the Citrix Startup Accelerator Program to get started.  Given the fast-paced nature of the accelerator program, the Cubefree team prioritized efficiency in the development process.  Parse proved exceptionally useful, and provided a comprehensive solution for Cubefree.  According to Cubefree’s Product Manager, Marta Guerra:

We saved tons of development time using Parse.  It allowed us to have our MVP (minimum viable product) in two weeks to present our experiment to the Citrix executive council.

By saving so much in development time and resources, Cubefree was able to focus on the user experience.  Cubefree uses Parse Push to notify its mobile workers about invitations to “share a table,” “offer a coffee,” to chat, plus other activities.  Parse is also utilized for hosting data.

Given the inherently social nature of the product, Cubefree turned to Facebook’s platform to grow its user base.  Facebook is utilized to invite mobile workers to use the app, and Cubefree’s Facebook ad campaign generated 50% more clicks than Google Adwords with a 22% conversion rate.  For others in the development community, Guerra offers this tip:

Parse is excellent in enabling you to start projects fast.  It’s easy to setup and implement, and includes many essential features such as push notifications, data storage, and background jobs.

Cubefree by Citrix Labs is free to use and ready for mobile workers looking to explore new work settings and mutually minded professionals.  Download from the App Store now or visit the Citrix Labs website for more.

Nancy Xiao
October 9, 2014

Wantedly Uses Parse to Power Its Recruiting Service

Wantedly

Founded in September 2010, Wantedly is Japan’s largest social recruiting service. In solving the ultimately universal problem of helping people find careers they truly love, Wantedly has employed Parse features to power this process–notably Parse Push and Cloud Code.

Wantedly provides tools and apps that make “work” more exciting for people, and is best known for its social recruiting platform that connects employers to potential employees through the power of the social graph. Originating as a website, Wantedly experienced a huge rush in traffic early on, much of which could be traced back to iOS devices. In the year after its web launch, Wantedly welcomed over 1,000 clients and 40,000 members. From there, the company wanted to make it easier for users to access Wantedly, and began development for a cross-platform suite of applications with the help of Parse.

For Rei Kubonaga, the software engineer responsible for the growth of all of Wantedly’s iOS apps, the use of Parse was key from the start of the development process:

We didn’t have to worry about the infrastructure by using Parse, so we were able to focus on the improvement of the service.

Wantedly uses Cloud Code for a streamlined data-saving process. Simultaneously, Wantedly relies on Parse Push to constantly communicate with users. Given the cross-platform nature of Wantedly’s many applications, Parse Push has proved to be the most efficient and accessible solution towards driving push notifications on different types of operating systems.

As Wantedly continues to scale its user base, the team has turned to Parse’s extensive resource center for even more benefits:

 ‘Docs’ and ‘Help’ are especially helpful. They are rich in content and clear in description, so we haven’t faced any problems. Parse helped us create a stress-free and complication-free development environment.

Today, Wantedly’s family of applications include: Contact, Syukatsu Mail Template, Wantedly, Wantedly Admin, and Wantedly Share. The Wantedly app is now available on the Google Play Store. The rest of the family of applications can be found on the App Store.

Nancy Xiao
October 2, 2014

Android Push Gets Major Refresh

We’re excited to announce today that the Android Push API is getting its biggest facelift since inception. We’ve rethought the API to bring Parse Push better in line with both other Parse APIs and traditional Android development. The new API simplifies developer setup, provides better reliability, and is much more easily extended or customized to override default push behavior.

With the new API, we’ve decoupled the concepts of registration and reaction; the icon and activity which you want push to use are no longer statically bound to a channel. You can replace all calls to

PushService.subscribe(myApplicationContext, "channel", MyActivity.class, intIconID);

with

ParsePush.subscribeInBackground("channel");

Notice the InBackground suffix in the new APIs on ParsePush? The Android API now exposes when the Parse servers have accepted a subscription change in addition to any reason why the request may have failed. When the new API receives a push, it fires the com.parse.push.intent.RECEIVE Intent. We’ve provided a BroadcastReceiver implementation that automatically handles the vast majority of our developer’s needs. You can register it with the following additions to your manifest:

<receiver android:name="com.parse.ParsePushBroadcastReceiver"
  android:exported="false">
  <intent-filter>
    <action android:name="com.parse.push.intent.RECEIVE" />
    <action android:name="com.parse.push.intent.DELETE" />
    <action android:name="com.parse.push.intent.OPEN" />
  </intent-filter>
</receiver>

This BroadcastReceiver will suit most developers needs without any additional configuration. Your pushes will show your application’s default icon and launch your application’s main activity when touched. To provide a different icon, specify it with the com.parse.push.notification_icon meta-data in your AndroidManifest.xml. You no longer need to add push open tracking calls throughout your activities; we do it automatically in the BroadcastReceiver. If the contents of your push are too long for the normal UI, we’ll automatically create the expanded layout available in Android 4.1 JellyBean (API 16) and up.

We’re also introducing a new special field for Android pushes too! If you specify the uri push option, the Notification created will navigate to that URI rather than launching the default Activity. For example, the sending the following push from Cloud Code would create a notification that sends users to the Parse blog.

Parse.Push.send({
  where: new Parse.Query(Parse.Installation), // Everyone
  data: {
    alert: "Android Push Gets Major Refresh",
    uri: "http://blog.parse.com",
  }
})

When the user clicks ‘back’, they will be sent to your launcher Activity (overridden with getActivity). As a security precaution, the uri option may not be used when a push is sent from a client.

If your app has more sophisticated needs, you can easily subclass ParsePushBroadcastReceiver to tweak the behavior of your application without foregoing all of the built-in features. Subclass our BroadcastReceiver and put your new class in the manifest instead of ours. You can react to push notification events by overriding any of onPushReceived, onPushOpen, or onPushDismiss. If you need to customize the Notification that we create, you can override getNotification.

We’re very excited for this new API. If you’re not ready to adopt the new API quite yet, the old push APIs are deprecated but still work exactly as they did before. We hope you are excited for the new approach. It’s now easier than ever to get started and to transition from turn-key implementations to much more sophisticated ones.

Thomas Bouldin
September 30, 2014

Fable Age Uncovers a Reliable Solution to Server Needs With Parse

Fable AgeBlue Tea Games takes the category of puzzle games to the next level with their release of Fable Age, a puzzle-meets-RPG packed with adventure. Initially focused on hidden object games, Blue Tea Games has now cracked a code in pinpointing the intersection to where a player can find a captivating story plot while solving intricate challenges. In Fable Age, players can build teams of familiar fairytale heroes, such as Robin Hood or Lancelot, and battle enemies using gem-linking mechanics. As players progress in skill and in the development of their quests, they can customize their characters with unique enchantments to acquire epic loots.

Prior to launching, Blue Tea Games realized the need for a simple solution to building a reliable server. With Parse Cloud Code, the team was able to achieve their server needs and focus instead on top-notch graphics and gameplay design. For Fable Age, Blue Tea Games has employed Parse Cloud Code for storage of their data and all interactions relating to it. As Blue Tea Games’ lead designer and producer for Fable Age puts it:

Parse provides a reliable and secure platform to deliver what we need, not to mention their data tables make it easy to build complex fields as well as retrieve useful data.

Given the smaller size of Blue Tea Games’ mobile team, the costs and manpower saved through the use of Parse enabled them to allocate their resources elsewhere. Instead of worrying about constant maintenance, the Fable Age team is now able to spend their time and resources on development to make the game even better:

We’re fortunate to not only grow our game with a reliable server like Parse, but to also receive great customer service from Parse engineers.

Additionally, a secret fable hero can be unlocked when a player uses Facebook Connect. Blue Tea Games has found that Fable Age benefits when players can battle tough quests with their friends’ heroes. With Facebook, players are now able to connect to their friends and assist each other in complex challenges.

Without the stress of server development, the team behind Fable Age has been able to zero in on the game’s experience, bringing to life our favorite fairy tale heroes. Fable Age is available on the App Store, and is coming soon to Android.

Nancy Xiao
September 25, 2014

Mixi and Nohana Bring Photos to Life With Parse

Nohana

As Japan’s go-to destination for all things people and social, Mixi has its hands in a variety of creative outlets for bringing people together. With its roots as a social networking site, Mixi’s recent foray into gaming with Monster Strike has proven to be highly successful. Now, Mixi has developed a subsidiary named Nohana, a photobook creation app powered by Parse.

The Nohana app allows you to upload photos from your smartphone, assembling them into 20-page photo-booklets or albums that are then printed and sent straight to your door. The first book ordered in a month is free plus shipping, and users can invite family members to a secured group to share photos and make collaborative photobooks.

To date, over 100,000 photobooks have been published by over 200,000 people, uploading more than 4 million photos. For a time, Nohana was not only the number one free iOS app in Japan with over 1 million downloads, but it was also featured on national television.

With so many photos and memories flowing through the service each day, Nohana turned to Parse products for a stable and scalable way to develop a strong backend for its app. Photo data, purchase history, and user information are all stored in Parse. Cloud Code is utilized for validation of a user’s value input and for connecting with Twilio for SMS authentication.

For Kazuki Tanaka and Kenta Tsuji, developers on the Nohana team, the Parse experience has been key for the app’s development and the startup’s growth:

The biggest merit of using Parse was shortening development of server-side infrastructure. To be a successful startup, we need to maximize output by minimizing cost and time, so it was perfect to use Parse.

Additionally, Nohana uses Parse Push to engage with its users, guiding them to photobook purchases and updates within the app. In the future, Nohana plans to use Parse Push to notify users of their shipment status. Of the features used, Parse has been especially useful for three elements of Nohana’s development:

1. Administration of users are really useful—including being able to set access control for each set of data, authentication via email, password reset function;

2. Implementation of server-side is easy;

3. 3rd party integration is easy, too! (e.g. Twilio, Underscore.js)

The Nohana app is available on the App Store and the Google Play Store. Bring your memories to life in a flash!

Nancy Xiao
September 18, 2014

Parse SDK for iOS 8, Performance, and Security

Parse SDK for iOS 8

We’re excited that the big day is finally here — iOS 8 is finally available to everyone! We spent the last few weeks waiting patiently and getting ready. Today we’re rolling out a new version of the Parse SDK for iOS with support for iOS 8 as well as a bunch of other performance and security improvements.

Parse and iOS 8

We updated our SDK to make sure it runs smoothly on iOS 8 and benefits from all the new APIs available. Just to name a couple, we’ve updated how [PFGeoPoint geoPointForCurrentLocationInBackground:] works to be smarter about requesting the appropriate permissions depending on the state of the app, and we’ve updated our push notification integration everywhere to use the new permissions style and support the category key.

Performance Improvements for Parse Files

Parse Files let you easily store application files in the cloud that would otherwise be too large or cumbersome to fit into a regular database-style Parse Object. This release of the iOS (and OS X) SDK brings greatly improved performance for Parse Files. Uploading is now up to 3 times faster and downloading is up to 35% faster. We’re also using fewer system resources which leads to better battery usage for file-heavy apps.

Improved Security for Account Data

The Parse SDK now uses the System Keychain on both iOS and OS X to store sensitive user information tied to PFUser. All of this happens automatically and under the hood so you don’t need to make any changes on your end.

Try It Out

The latest iOS SDK is now available for download here. Send us your feedback! We hope you’re as excited as we are about the new features and possibilities that iOS 8 brings.

Nikita Lutsenko
September 18, 2014

Ready for iOS 8? So is Parse Push

In this year’s WWDC, Apple announced some great changes to iOS Notifications. First, Apple has increased the maximum payload size to two kilobytes rather than 256 bytes. This new limit is retroactive and works with all existing devices! The more subtle changes to push notifications involve security and interaction with notifications.

“Silent” pushes are push notifications that don’t create UI; they instead tell your app to fetch or react to new content available online. In iOS 8, Apple has separated out the permissions for UI and push. The push permission is auto-accepted by default too! This means your iOS 8 apps will be able to much more reliably depend on the ability to receive silent notifications in iOS 8. To migrate your app, change the following code:

// Before iOS 8:
[[UIApplication sharedApplication] registerForRemoteNotificationTypes:UIRemoteNotificationTypeAlert |
                                                                      UIRemoteNotificationTypeBadge |
                                                                      UIRemoteNotificationTypeSound];

to

// For iOS 8:
UIUserNotificationSettings *settings =
    [UIUserNotificationSettings settingsForTypes:UIUserNotificationTypeAlert |
                                                 UIUserNotificationTypeBadge |
                                                 UIUserNotificationTypeSound
                                      categories:nil];
[[UIApplication sharedApplication] registerUserNotificationSettings:settings];
[[UIApplication sharedApplication] registerForRemoteNotifications];
Even if the user declines permission for creating UI, the permission to send (silent) pushes is auto-accepted for most users.

Notice the nil param for categories above? Categories unlock a whole new dimension to push notifications in iOS 8. Categories describe “actions” that should be presented in your notification in various views. Actions provide custom buttons your users can use when interacting with your push notification; your action can launch the app into the foreground or even trigger a background action, such as accepting or declining a calendar invite. To enable this feature, you must define a UIUserNotificationCategory. These categories have an identifier string and a map of UIUserNotificationActionContext to many UIUserNotificationActions. A UIUserNotificationActionContext comes in two flavors: default and minimal. The default context specifies which actions should be presented when the notification has an alert UI and supports a maximum of four actions; the minimal context specifies which actions should be presented when the notification has a banner UI or is on the lock screen and supports a maximum of two actions.  Once you’ve registered notification categories with your application, sending them via Parse Push is easy: simply pass the category identifier as the category option in your push. This feature is supported retroactively on all Parse SDKs, you don’t even need to upgrade! You may, however, want to check out the new UIApplicationDelegate method application:handleActionWithIdentifier:forRemoteNotification:completionHandler:

iOS 8 allows developers to define actions an end user can take when responding to a notification.

We look forward to seeing the great things you build with Parse and iOS 8!

Thomas Bouldin
September 15, 2014

Archives

Categories

RSS Feed Follow us Like us