Com2uS Uses Parse to Power their Top Downloaded for-Kakao Game “Heroes Classic”

Heroes ClassicWith over 100 million registered users on its Kakao Talk platform, Korea’s Kakao is quickly becoming one of the most direct and powerful channels possible for reaching potential game players. Kakao Talk is a hugely dominant player in the mobile communications market in Korea, and has begun extending its reach through gaming. Over 90 percent of mobile smartphones in Korea have the Kakao Talk app downloaded, allowing multiple game developers building on the platform to finally break through 10 million downloads.

The latest of these concepts, Heroes Classic for Kakao, is an game powered by Parse. Heroes Classic is the third output from the C-Lab’s mobile game development segment, and will be serviced by Com2uS in a collaboration between C-Lab and Com2uS. Com2uS will take care of overall game operations and promotion activities, which are already surging with over 100,000 downloads since its release on the Google Play Store on June 13th.

Heroes Classic is a role-playing game (RPG) where the main goal is to fight off as many monsters as possible within a given time. Its characters, however, are incredibly unique, falling under 8 different categories.

Heroes Classic was intentionally launched on Kakao, as it is the most popular SNS game platform. As the game approaches a global release, more of Facebook Platform’s products will be utilized to drive new user traffic. Before selecting Parse, the Heroes Classic team vetted multiple backend-as-a-service companies until Parse’s versatile features won them over. As the project leader of Heroes Classic puts it:

The main benefits of Parse for us was its scalability and Unity integration. Our favorite Parse features are the dialogue control to adjust request limits in addition to the native APIs for each programming language.

Heroes Classic is now available for download on the Google Play Store, and keep an eye out for more hits from Com2uS!

Nancy Xiao
August 21, 2014

Big Fish Games Releases A New Hit With Parse


As the long-standing veteran of the casual games industry, Big Fish is its largest producer. With a growing catalog of 3,000 plus unique PC games, and 300 plus unique mobile games, Big Fish has distributed more than 2 billion games to date. Its latest game, Cascade, is a new free-to-play title that combines Match-3 functionality with a slot machine for an entirely new, patent-pending game mechanic. Currently, the game features over 140 handcrafted puzzles to be solved by players, with even more to come with regular content updates. Upon its release in July 2014, Cascade was instantly featured as one of the Best New Games of the App Store.

Initially created by developer Funkitron Inc., Big Fish Games is the publisher behind Cascade. With new lands, characters, obstacles, and gems being added each month, Big Fish has turned to Parse to power the game’s backend infrastructure. Cascade uses a combination of Parse Core and Cloud Code to sync game data across players’ devices, in addition to utilizing Parse Push to send remote notifications. Given the popularity of playing on both iPhone and iPad, it was crucial for Big Fish to find a solution that allowed for cross-device syncing. According to a producer in the Big Fish internal studio, SkyRocket Studios, Parse has proven to be a key piece to the Cascade puzzle:

Funkitron engineers found Parse’s APIs and SDKs to be stable, full-featured, and easy-to-use, with good documentation and lots of sample code. The ability to customize the service via custom, server-side code was a tremendously useful asset as well. Parse was easy to get started with, and I thought it had a good amount of depth to it in the longer run.

Don’t miss Cascade’s new spin on Match-3! Available for download on the App Store today.

Nancy Xiao
August 15, 2014

OKpanda Tackles Language Learning in Asia With Parse


Learning a new language is often a task full of tangled tongues and frustrating phrases. With the arrival of OKpanda, however, these roadblocks to learning English may be alleviated. Launched on iOS in December of 2013, OKpanda has taken a mobile-first approach towards creating a novel curricula combined with smart gaming to pioneer innovative ways to help users learn English.

It’s not the first time this team has taken on mobile development, or gaming. Cofounded by Nir Markus, the former CTO of PlayerDuel, a mobile platform that turned any mobile game into a social game with friends, Markus and his PlayerDuel team saw installations in over 30 million mobile devices in its first year. With this experience shaping the strategy behind OKpanda, the team has initially tackled the Japanese segment of the Asian English-learning market. Japan is one of the largest language learning markets in Asia, with approximately $5 billion currently spent on language services.

For many new English speakers, OKpanda’s research found that the number one requested skill by students is conversation practice. The app then simulates real life situations, and allows the user to practice their conversation skills. Users can participate in an exchange by listening and selecting the right answer, and vocal conversation is now in the works. With this emphasis on conversation practice, OKpanda saw over 260,000 downloads in Japan within the first 50 days of its launch without any marketing spend.

As OKpanda continues to grow rapidly in Japan, and across Asia, it has become more important than ever to be able to directly reach its users. Given the repetitive and consistent nature of language practice, engagement through Parse Push has allowed OKpanda to continually captivate the concentration of their users. Currently, OKpanda releases a new conversational situation 2 times a week, and users are notified of each release through Parse Push. The choice to use Parse Push is one that has been positively reinforced through OKpanda’s ability to immediately preview how the push notification will look on mobile. Additionally, according to its cofounder Nir Markus, the team has found that the use of Parse Push has accelerated the company’s efficiency on a variety of levels:

When starting a new startup, it’s very important to move fast, especially before you’ve reached a product-market fit. To move fast, there is no need to invent the wheel, and the possibility of using services like Parse to power your product is a huge time saver.

OKpanda delivers a unique language-learning experience that can be found now on the App Store. Mobile language learning finally has a taste of the best of both worlds–it’s now both fun and easy.

Nancy Xiao
August 8, 2014

Parse for PHP: A Fractal of Rad Design

Parse for PHP

Today we are very happy to release the Parse PHP SDK, which will enable Parse integration for a whole new class of apps and different use cases. This is our first SDK for a server-side language, and the first to be truly open-source.

PHP is an incredibly popular programming language and has consistently been in the top 10 on the TIOBE index for the past 15 years. Some metrics report that it is still serving the vast majority of websites on the internet. Until now, if you wanted to access Parse from PHP, the REST API was the only option. A few Parse API wrapper libraries have been released by third parties on GitHub. While we think this is awesome, many developers requested better PHP support and we decided to build a first-party SDK.

Earlier this year at Facebook’s f8 developer conference, we launched the completely re-invented Facebook SDK for PHP. In the 3 months since it was released there have been over 160 commits, with good solid contributions and enhancements from 20 passionate developers who use and care about the product. It has been a lot of fun managing the process for the Facebook SDK, and I’m looking forward to working together with the community on this Parse SDK.

For a fast overview of the SDK, check out the README file. We’ve also updated our documentation with a new PHP guide, and added a PHP Quickstart with installation instructions. We encourage you to report any issues and requests on GitHub.

Go build something awesome with Parse + PHP!

Fosco Marotto
August 5, 2014

Parse Security VI – Quiz Time

In Part VI of our five-part series on how to secure your Parse app, let’s take a quiz and see how well you know your stuff. If you can’t handle having Part VI in a five-part series, then maybe you should go read up on buffer overflow exploits. ;-)

Part I   Part II   Part III   Part IV   Part V

Bryan Klimt
August 4, 2014

Parse Security V – How to Make Friends

In the first four parts of this five-part series on how to secure your Parse app, we’ve taken a look at all of the different features that Parse has to help you secure your app and your users’ data. In Part V, let’s put it all together and take a look at a real example of how you can use these features to solve a complex use case.

Most classes in your app will fall into one of a couple of easy-to-secure categories. For fully public data, you can use class-level permissions to lock down the table to put publicly readable and writeable by no one. For fully private data, you can use ACLs to make sure that only the user who owns the data can read it. But occasionally, you’ll run into situations where you don’t want data that’s fully public or fully private. For example, you may have a social app, where you have data for a user that should be readable only to friends whom they’ve approved. For this you’ll need to use ACLs, roles, and Cloud Code together to enable exactly the sharing rules you desire.

If you aren’t clear on those features, go back and read Parts II – IV of this series. Once you’re clear on what ACLs, roles, and Cloud Code are, let’s dig into some code. The first thing you’ll need to do is set up a place for the user’s social data to live. Let’s assume you want to create a “FriendData” object for each user that stores the data that should be visible to their friends. To create this object for each new user, you can use an afterSave handler.

Parse.Cloud.afterSave(Parse.User, function(request, response) {
    var user = request.object;
    if (user.existed()) { return; }
    var roleName = "friendsOf_" +;
    var friendRole = new Parse.Role(roleName, new Parse.ACL(user));
    return {
        var acl = new Parse.ACL();
        acl.setReadAccess(friendRole, true);
        acl.setReadAccess(user, true);
        acl.setWriteAccess(user, true);
        var friendData = new Parse.Object("FriendData", {
          user: user,
          ACL: acl,
          profile: "my friend profile"

The first couple of lines just set up the request. On line 3, we check to see if the user already existed. If so, then we’ve already completed this setup, and there’s no reason to do it again. On lines 4-6, we create a new role. This role will represent the friends of the user being created. We generate a unique name for the role. The role is created with an ACL that only allows this user to read or write it. In other words, only the user themselves can decide who their friends are.

Once the role is created, lines 7-10 create an ACL that grants read permission to friends of the user. And of course the user receives read and write permission for their own social data. Once the ACL is set up, lines 11-16 actually create the object. The user is set on the object so that it can be found with a query later. The profile field is set as an example of data that will be readable only to the users friends.

So, that’s everything you need to set up an object for every user that will be readable only to people in their special friends role. Of course, that’s worthless without any way for people to get added to your friends list, so we need to address that with another function. Technically, this function could be written in any client and be secure, but for the sake of consistency, let’s make another Cloud Code function. This function will be called “friend.”  It will take one parameter: the objectId of the person to friend. This person will then be added to the friends role of the current user.

Parse.Cloud.define("friend", function(request, response) {
    var userToFriend = new Parse.User(); = request.params.friendId;

    var roleName = "friendsOf_" +;
    var roleQuery = new Parse.Query("_Role");
    roleQuery.equalTo("name", roleName);
    roleQuery.first().then(function(role) {

    }).then(function() {

Lines 1-3 just set up the function and create a User object to represent the person being added to the friend role. Lines 5-8 fetch the Role object using its name. A Role is just a special kind of Parse object, so we need to fetch it before we can modify it. Once the role has been fetched, we add this user to it on line 9, and save it on line 10. That’s all there is to it! Now we have an easy way to store data that’s only accessible to a user’s friends.

Over the course of this five-part series on how to secure your Parse app, we’ve looked at a lot of features. You know the about the various keys used to access your app. We’ve looked at the permissions you can set to lock down a whole class. You’ve learned about ACLs and how they can secure per-user data. And we’ve even dived deep into a particular example of how you can use Cloud Code to tackle even the trickiest data models.

We hope that you’ll use these tools to do everything you can to keep your app’s data and your users’ data secure. Together, we can make the web a safer place.

Part I   Part II   Part III   Part IV

Bryan Klimt
July 28, 2014

Red Bull Brings Its A-Game to Mobile With Parse Core

Red Bull WallpapersWhile some reach for Red Bull on the shelves of beverage aisles, the global brand itself has reached far beyond the boundaries of any storefront. Since 2007, the Red Bull Media House has been constantly seeking innovative ways to expand the boundaries of the user experience that is the Red Bull brand. From its inception, Red Bull Media House sought to establish itself as a multi-platform media company with a focus on sports, culture, and lifestyle. Given the wide range of media products housed across its umbrella brand, Red Bull Media House began to double down on app development in 2009 in search of ways to tie them all together. Today, Red Bull Media House has put 30 apps to market across all platforms.

Its latest hit, Red Bull Wallpapers, is a demonstration of Red Bull’s incredibly unique offerings, and of its ability to bring them together in innovative ways with Red Bull Media House. With the use of Parse Core, Red Bull Wallpapers brings captivating imagery from the World of Red Bull straight to the palm of a user’s hand. Android users can customize their home and lock screens with static wallpapers or with animated and enhanced live wallpapers of their favorite Red Bull athletes. Other choices include photos from sports including motocross, motorsports such as Formula One, skateboarding, surfing, skiing, BMX, and more.

In order to deliver such high-quality sports photography to its mobile users, Red Bull Media House utilizes Parse Core to store and load all wallpaper-related data. This includes the name of the athlete or the photographer credits. The data browser is also used for analytics, insights, and updating the use count.  With the use of Parse, development time is saved on the server side, enabling developers to focus even more strongly on the core aspects such as quality and content of the app.

Alongside the release of Red Bull Wallpapers, the brand has become more prominent than ever by tackling all perspectives of a customer’s daily life. From the home screen to the big screen and beyond, experiences such as the one offered by Red Bull Wallpapers provide an inspiring extension of the Red Bull brand.

Nancy Xiao
July 25, 2014

Parse Security IV – Ahead in the Cloud

In our first three posts on how to secure your Parse app, we looked at your app’s keys, class-level permissions, and object-level ACLs. For many apps, that’s all you need to keep your app and your users’ data safe. But sometimes you’ll run into an edge case where they aren’t quite enough. For everything else, there’s Cloud Code.

With Cloud Code, you can upload JavaScript to Parse’s servers, where we will run it for you. Unlike client code running on users’ devices that may have been tampered with, Cloud Code is guaranteed to be the code that you’ve written, so it can be trusted with more responsibility. For example, if you need to validate the data that a user has entered, you should do it in Cloud Code so that you know a malicious client won’t be able to bypass the validation logic. Specifically to help you validate data, Cloud Code has beforeSave triggers. These triggers are run whenever an object is saved, and allow you to modify the object, or completely reject a save. For example, this is how you create a Cloud Code trigger to make sure every user has an email address set:

Parse.Cloud.beforeSave(Parse.User, function(request, response) {
  var user = request.object;
  if (!user.get("email")) {
    response.error("Every user must have an email address.");
  } else {

To upload this trigger, follow the instructions in our guide for setting up the Parse command line tool.

You can also use your master key in Cloud Code to bypass the normal security mechanism for trusted code. For example, if you want to allow a user to “like” a “Post” object without giving them full write permissions on the object, you can do so with a Cloud Code function. Every API function in the Cloud Code JavaScript SDK that talks to Parse allows passing in a useMasterKey option. By providing this option, you will use the master key for that one request.

Parse.Cloud.define("like", function(request, response) {
  var post = new Parse.Object("Post"); = request.params.postId;
  post.increment("likes");, { useMasterKey: true }).then(function() {
  }, function(error) {

One very common use case for Cloud Code is sending push notifications to particular users. In general, clients can’t be trusted to send push notifications directly, because they could modify the alert text, or push to people they shouldn’t be able to. Your app’s settings will allow you to set whether “client push” is enabled or not; we recommend that you make sure it’s disabled. Instead, you should write Cloud Code functions that validate the data to be pushed before sending a push.

In this post, we’ve looked at how you can use Cloud Code to write trusted code, to keep your data secure in cases where class-level permissions and ACLs aren’t enough. In Part V, we’ll dive into a particular example of how to use ACLs, Roles, and Cloud Code to let users have data that is shared only to their friends.

Part I   Part II   Part III   Part V

Bryan Klimt
July 21, 2014

Wargaming’s World of Tanks Blitz Uses Parse Push to Keep Users Engaged

Wargaming takes the world by storm once more with the release of World of Tanks Blitz onto iOS.  Wildly popular on desktop, World of Tanks has attracted more than 85 million players from all corners of the globe.  Now, Wargaming has put the franchise directly into the hands of its players, running on iPad 2 and up or iPhone 4S and up.  Featuring over 90 tanks from Russia, Germany, and the U.S., players can challenge each other in synchronous 7-on-7 matches.

Since its release, gamers have been spending an average of 70 minutes in the game. With player engagement and long-term retention representing a core challenge, Andrey Ryabovol, Director of Global Operations at World of Tanks, turned to Parse to power push notifications as part of their strategy.

Screenshot OneScreenshot Two

Wargaming sought to develop its mobile version of World of Tanks Blitz from the ground up.  Rather than making a port of the PC game, the team uniquely tailored the controls and experience towards use on a smartphone or tablet.  However, building their own notification solution would have taken significant resources and time. By leveraging Parse Push, Wargaming was able to focus on product development and the messaging behind keeping players informed and active in the game. High quality, targeted push notifications are crucial to keeping players engaged, especially throughout World of Tanks Blitz’s 10 tiers of gameplay.  Parse Push will also be used to announce the sale of exclusive in-game items, such as premium, high-end tanks.  As Andrey explains:

Parse Push is the ideal solution for us because it is easy to adapt to our business needs.  We have a lot of data, putting a lot of pressure on the system, so Parse was the perfect solution for data management. We consider our cooperation with Parse and Facebook as a long-term strategic partnership.

World of Tanks Blitz is available for iOS on the App Store.  See you on the battlefield!

July 18, 2014

Parse Security III – Are You On the List?

In Part II, we looked at class-level permissions, which allow you to quickly set permissions for an entire class at once. But often, the different objects in a class will need to be accessible by different people. For example, a user’s private personal data should be accessible only to them. For that, you have to use an Access Control List, usually referred to as an ACL. If you have a production app and you aren’t using ACLs, you’re almost certainly doing it wrong.

An ACL specifies a set of users who can read or write an object’s data. So, before you can use ACLs, you have to have Users. There are many ways to handle users on Parse. You can have usernames and passwords, or you can use Facebook Login. If you don’t want to make your users create usernames just to log in, you can even use Parse’s automatic anonymous users feature. That allows you to create a user and log them in on a particular device in a secure way. If they later decide to set a username and password, or link the account with Facebook, then they can then log in from any other device. Setting up automatic anonymous users is easy, so you have no excuse not to protect per-user data!

[PFUser enableAutomaticUser];

Once you have a user, you can start using ACLs. To set an ACL on the current user’s data to not be publicly readable, all you have to do is:

PFUser *user = [PFUser currentUser];
user.ACL = [PFACL ACLWithUser:user];

Most apps should do this. If you store any sensitive user data, such as email addresses or phone numbers, you need to set an ACL like this so that the user’s private information isn’t visible to other users. If an object doesn’t have an ACL, it’s readable and writeable by everyone. The only exception is the _User class. We never allow users to write each other’s data, but they can read it by default. (If you as the developer need to update other _User objects, remember that your master key can provide the power to do this.) To make it super easy to create user-private ACLs for every object, we have a way to set a default ACL that will be used for every new object you create.

[PFACL setDefaultACL:[PFACL ACL] withAccessForCurrentUser:YES];

If you want the user to have some data that is public and some that is private, it’s best to have two separate objects. You can add a pointer to the private data from the public one.

PFObject *privateData = [PFObject objectWithClassName:@"PrivateUserData"];
privateData.ACL = [PFACL ACLWithUser:[PFUser currentUser]];
[privateData setObject:@"555-5309" forKey:@"phoneNumber"];

[PFUser setObject:privateData forKey:@"privateData"];

Of course, you can set different read and write permissions on an object. For example, this is how you would create an ACL for a public post by a user, where anyone can read it:

[acl setPublicReadAccess:true];
[acl setWriteAccess:true forUser:[PFUser currentUser]];

Sometimes, it’s inconvenient to manage permissions on a per-user basis, and you want to have groups of users who get treated the same. For example, your app may have a group of admins who are the only ones who can write data. Roles are are a special kind of object that let you create a group of users that can all be assigned to the ACL. The best thing about roles is that you can add and remove users from a role without having to update every single object that is restricted to that role. To create an object that is writeable only by admins:

[acl setPublicReadAccess:true];
[acl setWriteAccess:true forRoleWithName:@"admins"];

Of course, this snippet assumes you’ve already created a role called “admins”. In many cases, this is reasonable, because you have a small set of special roles you can set up while developing your app. But sometimes you will need to create roles on the fly. In a future blog post, we’ll look into how you can use ACLs and roles to manage a user’s data so that it will only be visible to their friends.

So far in this security series, we’ve covered class-level permissions and ACLs. These features are sufficient to secure the vast majority of apps. In Part IV, we’ll look at how you can use Cloud Code to secure apps even in rare edge cases.

Part I   Part II   Part IV   Part V

Bryan Klimt
July 14, 2014



RSS Feed Follow us Like us