03-13-14 07:38 PM
35 12
tools
  1. jamespaulmuir's Avatar
    I'm not so sure Snap2Chat is ready for prime time (BlackBerry World) and I don't think we should be fighting to get it into BlackBerry World. I wanted to share my personal thoughts/experience with Snap2Chat.

    Security/Privacy - I started to look at Snap2Chat and went to side load it, but decided to unzip the BAR and check out a few things first. I quickly found a hardcoded url which looked suspicious. I fired up my browser and visited the url and found a collection of PHP files that seemed to be some sort of API. I found out that every single action from this app was hitting a php file on this server, which is unhardened and used non-ssl http connections. I warned everybody in the official Snap2Chat thread it didn't really get much traction. I also found out recently that the “Shoutbox” feature of Snap2Chat is completely open and unsecured. Anyone (unauthenticated) in the world can spoof a message, delete any message, create a comment, or perform a like in the shoutbox without even having Snap2Chat installed or even have a Snapchat account.

    Headless - I don’t think Snap2Chat is a candidate for a headless app. If Snap2Chat owned the actual content, it would use push notifications to check for updates. An app like this as headless would end up polling a server every X minutes and drain the battery.

    “Pay to unlock” experience - I firmly disagree with NemOry on charging money for an app like this. This app has broken many times and will break again, it’s only a matter of time. If the core functionality of your app is solely dependent on a third party, you have no control. Usually when you charge money for a product, it is to gain a profit, but more importantly so you can better support the product. This model doesn’t work for an app like this.

    Privacy Policy/Terms of Use - I didn’t see anywhere that NemOry is keeping my account/data safe. As a matter of fact, digging into the BAR, I found that Flurry analytics are in use and various events in Snap2Chat are sent to flurry. All these events have my username attached to them. The only thing in here is a link to Snapchat’s documents, which mean nothing in the context of Snap2Chat.

    __

    As you may all know, I'm the developer of Snap (Google Play Client). Snap is in a similar situation as Snap2Chat, where it’s not really an “approved” effort. It is black market, unauthorized, rogue, could-break-at-any-minute.

    I don’t believe Snap belongs in BlackBerry World unless BlackBerry and Google both ask me to submit it, which would never happen unless one of them “acquired” me (which would then be a completely different ballgame).

    I really hope NemOry continues to grow as a developer. That’s why I am writing this message. I want him to be successful. I hope he becomes a great influence on the BlackBerry community, I am rooting for him.

    Choose your battles - It’s frustrating to me that there are all these signatures for the petition for this app to get into BlackBerry World. We as the CrackBerry community and #TeamBlackBerry really need to choose our battles! This should not be one of them. BlackBerry developer relations has more important things on their plate.

    my 2 cents...

    Respectfully,
    James Paul Muir
    habs_fan, jaacksay, rai187 and 9 others like this.
    03-06-14 08:49 PM
  2. bluetroll's Avatar
    thanks for your insight.

    i'm not a user of snapchat, but it's great to hear input from a seasoned developer.

    Off topic, but BTW, thanks for creating Snap.
    03-06-14 08:54 PM
  3. Nemory Studios's Avatar
    FYI Snap2Chat since v0.9 is now using direct pure servers. Not anymore passing to my PHP Server which was really unsecure. All the encryption stuffs are now done inside the app. So it IS very secure.

    I can say the shoutbox is very unsecure but it's out in the SnapChat API. It's my own implementation. Also the shoutbox is meant to be VERY OPEN AND PUBLIC! It's not a private stuff, I even plan to make a web version for it. That's the reason I made shoutbox since I want it to be very OPEN to EVERYONE. Also I don't have any privacy policy for ShoutBox, I don't have the time to write.

    For headless, I always love to give OPTIONS to my users. It;s their choice to set the X minutes to refresh, it's their option to enable the polling or not. It's their option to drain their battery or not.

    yes I am sending events, this is the purpose of flurry to learn how the people use the app, to event errors. And flurry is very SECURE since it's owned by BlackBerry. Nothning to worry.

    About the petition, it's the people who made it not me. But I like it too anyway.

    Thanks for this, I agree it will make me a better developer. for now on I will do things right, will never build apps that I know won't reach the masses. Will ask for permission if required, make it more secure.

    About the pay to unlock, is an experience that regular snapchat users can't experience.

    Overall I thank myself that I still pushed to build Snap2Chat even though I know since the start that it has a very low chance to reach BlackBerry World or SnapChat will just take it down. Snap2Chat made me a BETTER developer A LOT. It's my first full blowned QT C++ QML Application ever built. Before I was an Android, Windows Phone, Web, Desktop, Unity3D Game Developer. Now I'm more happy that I am now a BlackBerry Developer .
    Last edited by NemOry; 03-07-14 at 01:24 PM.
    03-06-14 09:29 PM
  4. jamespaulmuir's Avatar
    FYI Snap2Chat since v0.9 is now using direct pure servers. Not anymore passing to my PHP Server which was really unsecure. All the encryption stuffs are now done inside the app. So it IS very secure.
    awesome to hear! keep in mind for your next app: security and privacy of your users should be a prerequisite, not an afterthought.

    I can say the shoutbox is very unsecure but it's out in the SnapChat API. It's my own implementation. Also the shoutbox is meant to be VERY OPEN AND PUBLIC! It's not a private stuff, I even plan to make a web version for it. That's the reason I made shoutbox since I want it to be very OPEN to EVERYONE. Also I don't have any privacy policy for ShoutBox, I don't have the time to write.
    Open doesn't mean you can be insecure. The root of this particular problem is authentication. If anyone can post a snap to the shoutbox without proving they are you they say they are it is not a good thing. Good authentication requests is a bare minimum for a service like this.

    For headless, I always love to give OPTIONS to my users. It;s their choice to set the X minutes to refresh, it's their option to enable the polling or not. It's their option to drain their battery or not.
    As someone who has worked very hard for headless approval, I disagree. Options should only be offered if 80% of users want to customized their experience (from the BlackBerry UI guidelines). You don't want people sending support emails complaining about battery drain issues.

    yes I am sending events, this is the purpose of flurry to learn how the people use the app, to event errors. And flurry is very SECURE since it's owned by BlackBerry. Nothning to worry.
    Tracking is an excellent tool for developers! You just need to let your users know that you are doing so, and let them know you are tracking their username along with their actions (as opposed to anonymous tracking).


    The pay to unlock, is an experience that regular snapchat users can't experience.
    My advice is to be careful in this realm. At any moment (with no notice) all of this could be blocked by Snapchat and it's unfair to those who have paid you for this.

    Overall I thank myself that I still pushed to build Snap2Chat even though I know since the start that it has a very low chance to reach BlackBerry World or SnapChat will just take it down. Snap2Chat made me a BETTER developer A LOT. It's my first full blowned QT C++ QML Application ever built. Before I was an Android, Windows Phone, Web, Desktop, Unity3D Game Developer. Now I'm more happy to be a BlackBerry Developer.
    Awesome! this is the most important part! Thanks for responding!
    jaacksay and blackguy07 like this.
    03-06-14 10:48 PM
  5. anand_ma's Avatar
    Being a developer myself (not a mobile apps developer), I thank James for his advice/thoughts and NemOry for the inspiration. I guess you guys have more to learn from each other.

    The respect and sincerity you guys have shown to each other is commendable. I would like to see you too get-together for some development effort in future.

    Wish you all the very best for you both. Rock the app world.
    SmileDahling, ryanza and pkcable like this.
    03-07-14 01:56 AM
  6. KRZR101's Avatar
    Dually noted and ignored.
    Nemory Studios likes this.
    03-07-14 10:05 AM
  7. rajbir01's Avatar
    He's just jealous =D

    Posted via CB10
    03-07-14 10:44 AM
  8. Deathcommand's Avatar
    ^ learn to read.

    This thread is great. I love Snap and Snap2Chat. Privacy is important but honestly who says Snapchat itself is super private.

    You guys are both awesome.

    Q10
    03-07-14 11:17 AM
  9. pkcable's Avatar
    I truly respect both of you guys and I'm glad you are discussing this as true gentlemen! Keep up the good work!!!!!!!
    03-07-14 12:49 PM
  10. adamlau's Avatar
    JPM: Give us a proper KeePass client please.

    SQN100-1 10.2.1.2141 | STA100-3 10.2.1.2141
    jamespaulmuir likes this.
    03-07-14 02:08 PM
  11. Apollo_IV's Avatar
    Dually noted and ignored.
    This redundant comment right now...

    LOL

    Posted via CB10
    03-07-14 02:19 PM
  12. jamespaulmuir's Avatar
    Alright so it sounds like NemOry is just going to stick with trying to "defend" everything I've said instead of actually doing anything... no plans to actually fix anything I've suggested.

    I'm a bit frustrated because I tried to reach out and help a young developer who is making very big mistakes.

    NemOry,
    I know it's probably hard to get unsolicited feedback out of the blue like this and I'm sorry for that.
    I'm going to stay away from the Snap2Chat issues and promise I won't exploit any of the holes in your app, but don't say I didn't warn you.
    I encourage you to read the BlackBerry UI Guidelines again before doing your next app and also recommend reading some software development ethics articles.

    Anyway, keep in touch, I'll be around the CB forums and twitter-sphere.

    This is the last post I'm going to make about Snap2Chat. I attempted to get my point across and I will leave it alone now.
    03-07-14 04:13 PM
  13. Danny Ocean's Avatar
    All fine feedback. HOWEVER, Snap2Chat is still in beta. Your criticism seems as though you are critiquing a final release product. Also, again as this is a beta phase project, this isn't the appropriate forum to provide development suggestions. As a fellow developer I am surprised that you feel the need to publicly write an "open letter" as opposed to utilizing the proper channels to address your concerns and development suggestions.

    Posted via CB10
    blackguy07 likes this.
    03-07-14 07:26 PM
  14. Saberhagen's Avatar
    All fine feedback. HOWEVER, Snap2Chat is still in beta. Your criticism seems as though you are critiquing a final release product. Also, again as this is a beta phase project, this isn't the appropriate forum to provide development suggestions. As a fellow developer I am surprised that you feel the need to publicly write an "open letter" as opposed to utilizing the proper channels to address your concerns and development suggestions.

    Posted via CB10
    I think you need to be a more updated on what is actually happening. Snap2chat was submitted to BlackBerry World but turned down due to some ToC stuff.. So it is out of the beta phase, even with the small bugs here and there.
    03-07-14 07:52 PM
  15. Danny Ocean's Avatar
    I think you need to be a more updated on what is actually happening. Snap2chat was submitted to BlackBerry World but turned down due to some ToC stuff.. So it is out of the beta phase, even with the small bugs here and there.
    Hi Saberhagen. I am working closely with Oliver, so I am very much up to date. The fact is, that every single user of snap2chat is currently a beta tester. There has not been an official release, regardless of how complete the current version is or is not, or whether a version has been submitted to BlackBerry world for consideration.

    Posted via CB10
    03-07-14 11:15 PM
  16. Saberhagen's Avatar
    Hi Saberhagen. I am working closely with Oliver, so I am very much up to date. The fact is, that every single user of snap2chat is currently a beta tester. There has not been an official release, regardless of how complete the current version is or is not, or whether a version has been submitted to BlackBerry world for consideration.

    Posted via CB10
    Im also one of the "hardcore" beta testers. So im very much up to date as well. When the app has been submitted to BBW, isnt it logical to say that it is out of the beta stage? A developer is ready to submit the app when he is done beta testing it. So even tho it didnt get accepted doesnt mean that its still in the beta stage. Thats my opinion.

    Black cards, Black cars - All BlackBerry-thing!
    03-08-14 09:49 AM
  17. rajbir01's Avatar
    Why display this to the entire community and ruin some of his credibility? You should have reached out to him in a DM. I'm sure Snap isn't perfect but you don't see people telling you that in the forums.

    Posted via CB10
    SmileDahling and Danny Ocean like this.
    03-08-14 02:27 PM
  18. anand_ma's Avatar
    Why display this to the entire community and ruin some of his credibility? You should have reached out to him in a DM. I'm sure Snap isn't perfect but you don't see people telling you that in the forums.

    Posted via CB10
    I disagree with you
    03-08-14 03:33 PM
  19. Danny Ocean's Avatar
    Why display this to the entire community and ruin some of his credibility? You should have reached out to him in a DM. I'm sure Snap isn't perfect but you don't see people telling you that in the forums.

    Posted via CB10
    I agree wholeheartedly. There are appropriate channels in place to present development suggestions and concerns. If the goal was to improve the app, he could easily have chosen any number of options to provide his feedback. The fact that this member chose to publicly present his negative feedback definitely bring his motives into question for me. Smells a bit like sour grapes.

    Posted via CB10
    03-08-14 03:56 PM
  20. Danny Ocean's Avatar
    Im also one of the "hardcore" beta testers. So im very much up to date as well. When the app has been submitted to BBW, isnt it logical to say that it is out of the beta stage? A developer is ready to submit the app when he is done beta testing it. So even tho it didnt get accepted doesnt mean that its still in the beta stage. Thats my opinion.

    Black cards, Black cars - All BlackBerry-thing!
    No, that isn't logical. If you are beta testing a version that may be ready for release, you are still beta testing. Nobody has an "official release" of this app, since it hasn't been officially released. As such, any development concerns should be directed through the appropriate channels, as is true of all beta phase projects. Make sense?

    Posted via CB10
    03-08-14 03:59 PM
  21. Acvdm's Avatar
    Personally I don't think Snapchat have a leg to stand on when it comes to criticising a third party developers security since they were compromised two months ago.
    03-08-14 05:25 PM
  22. MrGlenn's Avatar
    So if I read the criticism right, the major issue (now that it directly talks to the Snapchat API) is the Shoutbox.
    If it is really that insecure, maybe the Shoutbox should be disabled until Nem0ry works out a way for secure authentication.

    As far as headless/notifications go, I think this is a pretty necessary function, because "Snapchat" is pretty reliant on a good way to receive notifications.

    I agree that secure connections should be a major focus point for apps!

    Thanks James! (Now give us a Flip Shush update! ).

    BlackBerry 10 signed.
    Danny Ocean likes this.
    03-08-14 05:38 PM
  23. KRZR101's Avatar
    I disagree with you
    And I disagree with you.
    03-08-14 11:15 PM
  24. Saberhagen's Avatar
    No, that isn't logical. If you are beta testing a version that may be ready for release, you are still beta testing. Nobody has an "official release" of this app, since it hasn't been officially released. As such, any development concerns should be directed through the appropriate channels, as is true of all beta phase projects. Make sense?

    Posted via CB10
    We WHERE beta testing the bar file that was uploaded to BBW. The only reason there is no official version of this app is that BlackBerry didnt accept snap2chat due to ToC stuff. So in my mind, its out of beta phase.

    App uploaded to BBW (even if not accepted) = out of beta. But guess there is no reason to discuss this further, as thats logical thinking for me, but not for you .

    Black cards, Black cars - All BlackBerry-thing!
    03-09-14 08:36 AM
  25. KRZR101's Avatar
    We WHERE beta testing the bar file that was uploaded to BBW. The only reason there is no official version of this app is that BlackBerry didnt accept snap2chat due to ToC stuff. So in my mind, its out of beta phase.

    App uploaded to BBW (even if not accepted) = out of beta. But guess there is no reason to discuss this further, as thats logical thinking for me, but not for you .

    Black cards, Black cars - All BlackBerry-thing!
    Were*

    If you're going to make a point of stressing a word by capitalizing it, please use the right word. Lmfao.
    03-09-14 09:51 AM
35 12

Similar Threads

  1. I may buy BlackBerry shares.
    By Haxorleet in forum BBRY
    Replies: 13
    Last Post: 04-14-14, 08:44 AM
  2. Just moved to OS7 from OS5
    By VeryBumpy in forum BlackBerry OS
    Replies: 9
    Last Post: 03-19-14, 12:06 PM
  3. Questions about manually updating to 10.2.1
    By Stevebez in forum General Carrier Discussion
    Replies: 6
    Last Post: 03-07-14, 12:38 PM
  4. BlackBerry Advert spotted!
    By oystersourced in forum BlackBerry 10 OS
    Replies: 6
    Last Post: 03-07-14, 10:18 AM
LINK TO POST COPIED TO CLIPBOARD