Odecee Lead Mobile Engineer Alexey Vlaskin takes a look at WWDC 2016 announcements and what they mean for financial organisations.
This year at WWDC there were no hardware updates; instead, Apple focused purely on software updates and improvements for developers. The keynote was received with a degree of controversy from Apple fans and developers, with some being disappointed in the perceived lack of “new things”. However, by the time WWDC was over, most developers were very optimistic – as a result of the announced changes, there will be many new avenues for improving and building upon apps. Perhaps most noteworthy, WWDC 2016 unveiled numerous opportunities for developers to integrate their apps deeper into Apple platforms.
In this post, I’ll take a closer look at some of the new features that were Apple’s focus this year, and consider how financial organisations may use them in their future applications. While WWDC covered broader areas such as game development and specific macOS/tvOS updates, for the purpose of the article I’ll concentrate purely on iOS and watchOS experiences.
Security and Privacy
This year, there were several presentations dedicated to privacy – it is clear this is a theme that is becoming increasingly important to Apple. Apple shared with developers a number of app privacy approaches and the thinking behind why they are so important. Big Data initiatives are based on the idea that the more we know users, the better we are able to work with and for them. However, Apple suggest developers proceed cautiously when collecting customer data and instead focus on protecting user privacy.
Bucketing, handling identifiers and differential privacy
One technique presented was ‘bucketing’. Instead of the system recording the actual user data, with ‘bucketing’, the system records the range in which this particular record belongs. Other approaches presented by Apple were ‘differential privacy’ and appropriate use of identifiers. These were covered in the presentation “Engineering privacy for your users”, which goes into some depth around those approaches and should be considered a recommended session for anyone involved in the production of apps.
TLS 1.2 enforcement
At the end of 2016, Apple plans to enforce TLS 1.2 for all app connections. All SSL connections up to SSLv3 are widely considered outdated and do not provide enough security. Although TLS 1.2 is a standard from 2008, Apple chose this over the more reliable and new TLS 1.3 due to it being still in development. Blind allowance to use unsecured HTTP connections will be prohibited for iOS apps from 2017. App developers will be able to add some of their web services or web sites into exceptions list and will be required to request an exception from Apple during the App review process. If your financial organisation is not yet using TLS 1.2 as a standard, it is now time to improve it – don’t get caught by surprise in the new year.
Apple reworked and deprecated several security algorithms like SHA 1 or 3DES, which no longer supply significant protection. These will be removed from iOS and substituted with more secure versions.
SSL Pinning – Certificate Transparency
OCSP stapling and TLS certificates pinning techniques were explained and introduced as part of Apple’s new security standards, referred to as “Certificate Transparency”. Developers are now encouraged to try the system for apps; in the next year there is a possibility it will be enforced as the new standard.
In general, WWDC made it clear that Apple are taking significant steps towards user security and app developers have no choice but to change their apps to accommodate these changes.
Openness and Extensions
Openness was a consistent theme of this year’s WWDC, despite being an area not traditionally associated with Apple and their platforms. The operating system was opened up in several areas to developer app extensions. Apple even left the first beta version of iOS with unencrypted kernel, which was reported and commented on by TechCrunch.
These changes suggest we are entering a new era where app developers should start thinking “outside the app box” and begin to integrate their app with the different iOS sub-systems, such as Siri, Messages, Maps, Notifications, Search, Today screen and others. Apple seems to be taking app developers into a new interaction paradigm where users will have more choice; they’ll have small atomic micro-interactions with apps integrated into the OS of a phone or a laptop or a wearable.
Voice is becoming a more popular interface these days with products like Amazon Echo; this year, Apple is taking Siri to the next level. Voice-to-text plus search capabilities makes it possible to integrate your app directly into the Siri search requests. In iOS 10, there are only limited intents developers can intercept, but they cover the most common cases: audio/video calls, messaging, payments, searching photos, workouts, ride bookings. For payments it is recommended to use the Local Authorisation framework (i.e. TouchID) to authorise payments (so that, for example, kids cannot make payments without parental control). You can not only intercept the intent, you can also present a custom interface where required.
Proactive suggestions allow developers to add layers to the iOS map app. NSUserActivity is the eyes of the system and it allows you to expose data from your app that can be used by other apps. For example – your app has a list of location addresses; by sharing this info with the system, users can navigate or share the address with others.
iMessages extensions allow app developers to participate in user message feeds. The simplest application is Stickers, where you can add static or dynamic pack of stickers and users will be able to use them in the chat. More interesting, though, is how Apple have created a collaborative platform where customers can add or modify the content of the messages. For the moment, iOS does not allow app developers access to detailed contact information of peers in an iMessage chat, so sending payments in iMessages apps would be require some level of on-boarding of the user. However, it will be interesting to see what payments flows are possible with iOS 10.
The Today screen has changed in iOS 10 and in my opinion it has become much more usable. If your app doesn’t have yet a Today extension, now’s time to make one. iOS allows you to know if an iPhone is in locked or unlocked mode – that can be a trigger to fetch and update the widget with new information.
Another amazing addition is push notification interceptors. The previous version of iOS had two types of notifications: a silent one and a user-facing one. Now app developers are able to intercept the user-facing push notification, get extra hidden data out of it and modify the initial push notification. Why is this important? Well, the first use case that Apple demonstrated to us is push notification end-to-end encryption. We are also now able to fetch extra information from Services if needed.
One feature that might look like a minor update but will end up saving users a lot of time is cross-platform pasteboards. The latest release of iOS and macOS will now all feature the copy-paste operation across Apple devices. For example, a banking app could allow developers to make bank account details “copyable” so that users can copy from their iPhone and paste to their laptop. For security reasons, you could make this information expire within a few minutes – also a great change introduced by iOS 10.
Convolutional neural networks
Another surprise from WWDC was relating to advanced machine learning algorithms – convolutional neural networks – released in a form of energy and speed efficient system APIs. More smart apps might come out of this and I am really excited to see what will be built with it.
The new framework SpeechKit allows app integration with voice commands; for now, it sends the audio to Apple’s backend servers where it is recognised and converted into text. However, during the WWDC presentation, it was mentioned that in upcoming versions of iOS it’s possible the recognition will occur locally. Apple is moving with the trend of voice interfaces towards considering conversation context. It still might take several years to make recognition accurate enough to make it actually usable.
Watch OS Reborn
This year, watchOS has been revamped – as a result I strongly believe we are going to see lots of great apps made purely for the Apple Watch.
It seems Apple is heading to the same direction with the watch as they are with iOS – small and atomic micro interactions. For example, after observing existing market Watch apps, Apple now recommend developers rework the loading/waiting experience. Instead of showing loading indicators on network requests, it is now suggested to ‘release’ the user’s attention by saying “We are working on your request” and combining that message with a success or familiar push notification when the app knows the result of the operation. It seems like this approach might actually soon be adopted on iPhone apps as well.
Quick apps access – glances and complications
Glances are now going to play an even more important role as apps in the dock (row of glances) are kept in memory and context switching to them will be instant. Apple introduced to developers app life cycle changes for watch apps – this area of watchOS became more transparent and clear at the WWDC sessions. Glances and complications are now the most important parts of your watch app and careful design of them is of vital importance.
Background updates were also introduced as a part of the watchOS 3 update. Apps can have up to 50 updates per 24 hours; however, the schedule of updates is now in hands of the developer, which was received very well by the WWDC audience.
A richer experience
Apple gave developers control on touch gestures and events from the digital crown; together with SpriteKit, this opens ways to customise apps and dramatically enrich the watch experience. If your organisation does not have a watchOS app or has only a WatchKit app – it is now the time to upgrade or build it!
NFC API is one of the most anticipated features of iOS. This API, however, is not likely to become available until Apple Pay is dominating in a large proportion of countries. Last year at WWDC, Apple Pay became available to app developers; this year, Apple Pay had several interesting extensions.
The first is being able to dynamically control proxies in iOS apps, which means apps can change supported networks (like Visa, MasterCard and so on) without resubmitting the app updates to the store.
Secondly, Apple Pay can now be used in Apple Watch apps directly, making it easier to use for purchases both within apps and app extensions.
WWDC 2016 introduced plenty of opportunities for developers to improve financial services apps, including:
- Openness and privacy enforced by new security standards which take effect in 2017;
- Seamless platform experiences through making interactions and data shared across apps and platforms;
- Operating systems extensions;
- Broadening of Apple Pay use across Apps, Extensions, Watch OS and Safari;
- watchOS reborn, with richer capabilities.
This article has attempted to cover the most interesting of these opportunities that may relate to financial organisations. Beyond this, though, there were many things released at WWDC 2016 relevant for other industries. You can learn all about them here: https://developer.apple.com/videos/wwdc2016/Tags: Apple, Apple Watch, Apply Pay, iOS 10, WatchOS, WWDC
This post was written by Alexey Vlaskin