Transcript

It’s Tuesday, June 16, and this is my 2015 WWDC wrap-up.

Wow. What a wild week in San Francisco, like it is every time around this time of year when Apple throws their big annual developer conference.

There are just so many people and events happening in all directions that it’s impossible to keep up with everyone, or everything. But that’s part of what makes it so exciting: the community that comes together around WWDC is large, vibrant, and growing. There are so many people building so many interesting things that it’s just a lot of fun to be in San Francisco around this time of year.

If you’re like me, and you tend to go to San Francisco without an official WWDC ticket, that doesn’t mean you won’t be busy! At this point, I can’t even imagine attending both the conference and all the related events happening in parallel.

There is a catch to skipping WWDC proper: when you get back home at the end of the week, there is a massive data dump of videos, technical documentation, and new beta software to go play with. It can be truly overwhelming. This year, as with every year prior, Apple had a ton of new things to share with us. There’s a lot to dig into and learn.

Security and privacy

One of the things I’ve been focusing on as I’ve been catching up are the many new security and privacy related features that Apple has baked into its latest operating systems. There are many interesting new features, many of which will affect the work we do on Cloak, so I’m excited to dig in.

Some of the standouts:

  • App Transport Security. A new feature built into iOS 9 and that’s on by default for apps built against the iOS 9 SDK. ATS prevents apps from making insecure connections to back-end services. Insecure could mean not using (for example) HTTPS whatsoever, or it could mean using weak ciphers, or old versions of TLS (or, heaven forbid, SSL). ATS also enforces the presence of perfect forward secrecy. It’s an interesting new system-level policy that I think will massively improve the security of Apple’s entire app ecosystem.

At least in iOS 9, it is possible to add information to your Info.plist to opt out of App Transport Security, but it seems like a bad idea to do so. Probably the only reason you’d want to do it is if you have legacy backend systems that don’t support modern secure communication. Fair warning: it sounds like this opt-out capability isn’t going to stick around forever; it wouldn’t even surprise me if it disappears in iOS 10.

  • Mandatory IPv6 Support. It’s cool to see Apple throwing their weight behind a feature that, as they pointed out in the Platforms State of the Union, has been baked into their operating systems for over a decade. IPv6 is battle-hardened and field-tested; it’s great to see Apple helping to push it forward.

Probably, most people — who likely use default networking APIs to talk to RESTful endpoints — will find that IPv6 “just works” out of the box. But for people trying to build more exotic things (like, for example, VPNs!), it’s not yet clear to me what the full implications are. I’m looking forward to finding out more.

  • Network Extension. iOS 8 was the operating system that introduced extensions to begin with. The NetworkExtension went essentially unmentioned during WWDC 2014; I think it literally got a single sentence in the official iOS 8 documentation, which simply said “refer to the headers if you’d like to know more.”

In any case, NetworkExtension gives developers the ability to programmatically create and update VPN configuration profiles that apply system-wide. Prior to the existence of NetworkExtension, the only way to get a VPN profile installed on a device was to have a web service that generated and signed a configuration profile and allowed users to download it via Mobile Safari. (Well, almost the only way: MDM services have wide latitude to configure enrolled iOS devices.) This obviously wasn’t an ideal way to do things, especially if you also had a native app.

In iOS 8.0, NetworkExtension was pretty buggy, at least as far as we could tell. We wrote a small test harness because we were so frustrated with how broken it was; it looks like in iOS 8.3 a lot of the key issues are fixed.

With iOS 9, Apple has truly thrown the NetworkExtension door wide open: it gets official documentation, and it supports a number of major new features, including the ability to build completely custom VPN protocols, proxying schemes, and content filters. In effect, NetworkExtension supports a huge number of new network-level capabilities that simply weren’t possible before. It will be interesting to see how people take advantage of these new features.

We’re certainly excited to take advantage of NetworkExtension for Cloak. I’ve always felt that our iOS apps were… not ideal from a usability and experience perspective precisely because we had to go through this odd process of bouncing between our app, our website, and the iOS profile install UI flow. This is terra incognita and isn’t something users should ever have to deal with. For the first time, we feel that we can update our apps to get a lot closer to the experinece we deliver with our OS X app. That, in turn, is a lot closer to our “ideal” VPN software experience: sign in once and never think about your VPN ever again. (Real-world considerations mean this will probably always be impossible to achieve in practice; out there in the wild, there are simply too many networks that have too many problems handling VPN protocols.)

Overall, I’m really excited to rip our iOS app apart and start over in light of these new features. That process has already begun. (Shhh!)

Onward

I’m sure there are many other opportunities and features I simply haven’t seen yet, because I haven’t had a chance to dig in to all the new material. I’m looking forward to spending the rest of the week doing just that.

I’m also looking forward to spending time thinking about where our apps are going to go, and whether there are new interesting apps to go build. That’s the way it should be after WWDC! It’s a good time to sit back, reflect, and think about what’s next. All in all, WWDC was a very fun week; it looks like it will be a fun many many weeks as we start to figure out what to do next.

Alright, that’s the 2015 WWDC “brain dump.” I hope you had fun in San Francisco, and I hope to see you there next year!