When Apps Go Wrong

I love how good onions bring me to tears.  Sadly, there are bland onions as well and The Onion's iPhone mobile app falls into that category.  You can get your daily laugh riot on an iPhone with their superb writing from the main website, the mobile website, using Apple's Reader, or through their personal mobile app.

Loading up the app, I get a 1990's style animated gif ad on the bottom of the screen which does a great job of grabbing my attention and pissing me off with a quasi real message.

Hey I have a new message!  Wait a min ...

This is not how I want to read their stories so I thought I would try other ways of accessing their content.  Let's hit up the website, which automatically forwards me to their mobile version.

Much better!  Got rid of that horrible ad on the bottom.  In fact, there are only two ads on the page, one above the main image and another at the very bottom.  It's a clean layout with a good choice of fonts, thumbs up.

I clicked on Apple's Reader tab, and the main article's image is removed, but the other image inside the article is still present.  Not perfect but the font is even better for reading and the story in my opinion becomes easier and quicker to access.

In terms of readability, this is the best.

Lastly, I opened the main site to see how that was handled on my smaller screen.

Damn good? Do they sell just ok gifts to?

Ads, ads everywhere.  This is how The Onion makes its money so I'm not going to cry a river.  On the plus side, with the ads formatted outside the main body of text, it becomes an easy double tap on the screen to get this,

The font is a little smaller, but it comes close to the mobile app in terms of usability.

The question I asked myself here is, "When do you really need a mobile app?"  In this case if you're only reading through articles on The Onion's website, it's just a waste.  I could read, scroll, and share just as easily, if not better at times, with the online mobile website compared to the app.

If I was going to do an app for The Onion, I think we can go a much better route.  Like Al-Jazeera's iPad app, open up to a video to get the user's attention.  There could be a pile of fun just waiting to happen with some simple ad-lib programing for their stories or even incorporate fake places on a map overview.  Something, anything, is better than reserving your main website's stories again with poor real estate and bad ads.

Virus Ridden Smart Phones Are Not the Problem: You are

How viruses used to work, 
Trick the user into running a piece of code

This could be a floppy disk (remember those?), an internet download or any way of communicating program code into a foreign host.  One of the most classic ideas was emailing mass amounts of people with a conspicuous excel document that ran code in Microsoft Excel when opened.  This would do anything from setting up your PC to remotely run commands or just maliciously create havoc.

Why did this work so well?  Windows was notorious for virus problems because of relaxed permissions and a vast install base.  Unix/Linux is less susceptible with strict file and directory permissions; which Microsoft began to emulate with implementations like the horrible UAC system.


Now security companies are jumping up and down about virus infections in smart phones and how you need their protection or the world will end.  99% of this is baloney.  Your phone does not get infected with viruses.  Today, you knowingly give access to your phone.

How "viruses" are working today,
Trick the user to blatantly accept an action that collects personal information

Permissions have gotten good enough that just downloading a piece of code and compromising your smart phone is not very likely.  (All bets are off if you're rooting or jail braking your device and using unverified kernels!)  What's changed is that applications are now sectioned off in their own little sandbox and do not have unrestricted access into the main system; unless you give them that permission.

What does this mean exactly?  It means if an evil application wants to read your SMS messages, or take note of all your keyboard inputs - you are going to let it.  If you're installing custom keyboards in Android, you're going to get a notice asking you if you really want to allow this application access into your phone.  You better be damn sure that new keyboard isn't a piece of evil code because you just gave this app and whoever created it, direct access into all of your phone's information.

iOS is an even harder wall to knock down.  It's sectioned off like the Great Wall of China around Apple's house.  With a moat and a dragon ready to take you out if you get too close.  No one gets in, no one takes a look around, period.  There has been a crafty exception where a security researcher was able to get outside code to run from an app and he was kicked out of Apple's developer program for a year.  They're a little touchy on this subject.  This is one of the very few occurrences of this type of execution though.  With Apple's review process and sectioned off OS, almost no threats are going to come from the outside.


It's the same thing with some lame Facebook applications.  For example, there are some apps that claim to show you the frequency of visitors to your profile page, and yeah, total BS.  When you install this type of application, you give it permission to read through all of your posts and friends - so it does just that.  Taking some bogus average of number of posts from friends and direct messages to show you the number of times your profile has been viewed by a particular person.  What really just happened there was you gave this application, and whoever wrote it, full access into all of your Facebook posts and friend connections. 

This next era in computer security has reached a much more social aspect.  Viruses are no longer the main threat, it's the user who allows programs into their lives that is.  The worst part of this?  Agreement Fatigue.  Users are seeing these messages asking for access so often, no one pays attention to them anymore.  When was the last time you read, or even skimmed, an EULA agreement?  When was the last time you paid special attention to what access you were allowing outside apps?  Just like that, users are the weakest line of defense and no security company can sell you a product to improve that.