Citation
A Platform for Designing and Scaling Mobile Applications

Material Information

Title:
A Platform for Designing and Scaling Mobile Applications
Creator:
Dubno, Bryan
Publication Date:
Language:
English

Subjects

Subjects / Keywords:
Analytics ( jstor )
Digital libraries ( jstor )
Email ( jstor )
Google ( jstor )
Mailboxes ( jstor )
Mobile applications ( jstor )
Scalability ( jstor )
Software applications ( jstor )
SQL ( jstor )
Web services ( jstor )
Application software
Smartphones
Genre:
Undergraduate Honors Thesis

Notes

Abstract:
The purpose of this project is to determine the factors that are crucial for creating a platform that provides a top-of-the-line app experience for potentially millions of users. As more and more people rely on smartphones for everyday life, designers and developers are called upon to ensure a consistently smooth user experience. This entails factors such as reliably, dynamic scalability, and the ability to handle the multitude of diverse uses of an app. As such, I'll explore a variety of user interface components, backend systems for storing data, networking protocols, and the importance of data analytics in providing an ideal user experience. ( en )
General Note:
Awarded Bachelor of Science in Computer Science; Graduated May 7, 2013 magna cum laude. Major: Computer Science
General Note:
Advisor: Dr. Douglas Dankel II
General Note:
College/School: College of Engineering
General Note:
Legacy honors title: Only abstract available from former Honors Program sponsored database.

Record Information

Source Institution:
University of Florida
Holding Location:
University of Florida
Rights Management:
Copyright Bryan Dubno. Permission granted to the University of Florida to digitize, archive and distribute this item for non-profit research and educational purposes. Any reuse of this item in excess of fair use or other copyright exemptions requires permission of the copyright holder.

Full Text

PAGE 1

A Platform for Designing and Scaling Mobile Applications Bryan Dubno Graduating Spring 2013 Magna Cum Laude Bachelor of Science in Computer Science from the College of Engineering Advisors: Dr. Douglas D. Dankel II (Chair) Dr. Rong Zhang Dr. Kim McCall

PAGE 2

! Contents 1. Introductio n ................................ ................................ ................................ ..... 2 1.1 Abstract ................................ ................................ .............................. 2 1.2 Overview ................................ ................................ ............................. 2 2. User Interface ................................ ................................ ................................ .. 3 2.1 Concept of i ntuition ................................ ................................ ............ 3 2.2 Language localization ................................ ................................ ........ 3 a. Online services ................................ ................................ .......... 3 b. Localized strings ................................ ................................ ....... 4 2.3 Accessibility f eatures ................................ ................................ ......... 5 2.4 Case Study: iOS ................................ ................................ .................. 5 3. Backend components ................................ ................................ ....................... 7 3.1 MySQL ................................ ................................ ................................ 7 3.2 MongoDB ................................ ................................ ............................ 7 3.3 Am azon Web Services (AWS) ................................ ............................ 8 4. Dynamically scaling ................................ ................................ ........................ 9 4.1 Virtual Private Servers ................................ ................................ ...... 9 4.2 Dedicated Hosting Solutions ................................ ........................... 10 4.3 Cloud based technologies ................................ ................................ 10 4.4 Case Study: Mailbox ................................ ................................ ........ 11 5. Networking ................................ ................................ ................................ .... 13 5.1 HTTP Protocols ................................ ................................ ................ 13 a. RESTful vs. SOAP web services ................................ ............. 13 b. JSON vs. XML ................................ ................................ ......... 14 5.2 SSL Encryption ................................ ................................ ................ 15 5.3 Authentication ................................ ................................ .................. 15 5.4 Case Study: Dropbox ................................ ................................ ........ 16 6. Data Analytics ................................ ................................ ............................... 17 6.1 Methods and services ................................ ................................ ....... 17 6.2 Case Study: Flurry Analytics ................................ .......................... 17 6.3 Case Study: TestFlight ................................ ................................ .... 17 7. Acknowledgments ................................ ................................ ......................... 19 8. References ................................ ................................ ................................ ...... 20

PAGE 3

! # 1. Introduction 1.1 Abstract The purpose of this project is to determine the factors that are crucial for creating a platform that provides a top of the line app experience for potentially millions of users. As more and more people rely on smartphones for everyday life, designers and developers are called upon to ensure a consistently smooth user experience. T his entails factors such as reliably, dynamic scalability, and the ability to handle the multitude of diverse uses of an app. As such, I'll explore a variety of user interface components, backend systems for storing data, networking protocols, and the impo rtance of data analytics in providing an ideal user experience. 1.2 Overview There are numerous factors that go into designing the ideal platform for a scalable mobile application. There are a number of vendors offering products that provide solutions to many of the problems faced when developing a robust application for millions o f users. In an effort to cover as many components as possible that would contribute to a highly scalable platform for serving mobile applications, I've given a high level overview of these topics, focusing on the necessary components of a scalable design r ather than the implementation of these mechanisms. In doing so, I hope this project can be a starting point for others to develop their own mobile applications with scalability in mind.

PAGE 4

! $ 2. User Interface 2.1 Concept of i ntuition The smooth interaction between people and software has been the core topic of interest since the advent of the graphical user interface. As cited by researchers, "the best rendering [of a user interface] depends on how the user will use an interface, and users with di erent needs may disagree on the best rendering" (Gajos 95). Developers constantly look at ways to improve applications, often times trying to determine how many clicks it takes to perform a certain action, or attempting to pinpoint the precise lo cation of where a user expects certain buttons to appear on a screen. With such a wide range of potential users from all over the world, answers to these questions become essential when attempting to create a single, unified branding and interface. The id ea behind intuition in software engineering is that a user can look at a website, program, or other front facing layer of technology, and have the ability to understand how to use it immediately. As described by a scholar published by the IEEE Computer Soc iety Press, "most computer system designers use a great deal of intuition in the design process. Intuition is often used to handle uncertainty in design parameters" (Chandy 281). In essence, designers try to compensate for the vast and diverse number of u sers by planning out software in such a way that previous working knowledge of a software application is not required. 2.2 Language l ocalization With a number of developers moving from the conventional desktop application in to the world of mobile apps, t he idea of language localization becomes a key component in the success of a worldwide product. In this context, language localization refers to "the process of adapting a [piece of] software to a different region by changing the language, image resources, reading direction, or other regional requirements" (Tschernuth 179). As imagined, this presents a significant challenge; not only can the costs of translation be high, but the aesthetics of a design must completely adapt to a text that can have multiple meanings across the limited available screen space seen on mobile applications (Tschernuth 179). The following sections take a look at a few tools used to confront this challenge, in addition to a comparison of a number of devices in the mobile sphere tha t currently utilize such tools. Online s ervices One of the most popular tools for providing translations include a crowd sourced translation web application called Crowdin, self described as "a translation and localization management platform that handles both document and software

PAGE 5

! % projects" providing "localization tool[s] for desktop, mobile apps, [and] websites" ( "Transla tion Management Service." 1 ). Crowdin's selling point is its efficiency and accurateness, having multiple translators works on the same content at the same time, resulting in the maximum likelihood of a correct, in context translation. Most interestingly, Crowdin doesn't simply provide a one time translation; rather, the company works off of a subscription model, providing an API for developers to automatically receive fresh translations in a dynamic environment. Their powerful translation tools allow deve lopers to keep track of the quality of translation s in addition to their associated costs. Another popular tool for providing language localization is the Google Translate API, a highly scalable tool that "can dynamically translate text between thousands of language pairs" ( "Google Translate API." 1 ). The Google Translate API gives websites and programs the ability to integrate with Google Translate programmatically. Rather than a crowd sourced model or a statistical machine translation, Google Translate has "adopted an interactive color highlight system by which words or phrases in the source text that correspond to those in the translated text light up as the reader passes the cursor over them benefiting thus from an existing metaphor refined over the years (Chessa, 108). This interactive alignment of source text to transl ated text is a clever method for providing both accuracy and feedback for future translations. Localized s trings Localization of strings in the iOS, Android, and Windows Phone environments are handled in a variety of ways. A platform dedicated to a well designed, worldwide distribution model emphasizes the importance of localized strings in a well thought out design pattern. The iOS software development kit utilizes an interface builder provided by the Xcode IDE to create iOS specific XIB files. These XIB files are structured in an Apple specific XML format called a Property List. A property list focuses on key value pairs, in which each key is associated with a correspondin g localized translation ( Tschernuth 183). An NSLocalizedString is utilized to replace all strings with their respective translation according to their definition in the property list during runtime As for the Android OS, an XML based layout file is also used to de fine the user interface ( Tschernuth 183). In the Android environment, this layout file is referred to as a resource file, providing a translatable block of text for every string resource in the string.xml file ( 183). During runtime, the correctly localized value for the string is looked up in this file an d presented to the user ( 183).

PAGE 6

! & Windows Phone 7 relies on a Microsoft specific markup known as the Extensible Application M arkup Language or XAML ( Tschernuth 183). Although the implementation of localized strings for Windows Phone is out of scope for this project, coding a localized string in the Windows Phone environment entails parsing relevant translation data from a binary file, stori ng this information in a csv file, localizing this csv file, and finally merging this data back into binary form ( 183). Fortunately, the Windows Phone software development kit provides an interface similar to the Android SDK for performing these actions. 2.3 Accessibility Features With the number of smartphone products entering the market every year, manufacturers are fighting to compete by adding more and more functionality. Over traditional devices, smartphones allow users to surf the web, check their email, take photos and videos, send text messages, video chat, and much more. However, the mode of interaction among these devices is primarily through touch interfaces, providi ng no tactile feedback (Chiti 607). For those with a visual impairment, using such a mobile device provides a considerable challenge to overcome. 2.4 Case Study: iOS Apple has specific Accessibility API's to define how developers can make their apps and user interfaces available to external assistive hardware components or services. Apple touts their award winning accessibility features, noting, "iOS comes standard with a wide range of accessibility features that help people with disabilities experience everything iPhone, iPad and iPod touch have to offer" ( "Apple Developer." 1 ). On e of these features includes VoiceOver, allowing users to receive vocal feedback for various performed actions on the phone (see Figure 2.1) Users requiring these features can rely "solely on an alternative set of gestures for control, and on speech synth esis o r braille for feedback" (1 ). In addition to these auditory feedback methods provided by VoiceOver (and additionally Siri), users with low vision can use the built in zoom accessibility feature and the white on black display mode to make text appear clearer. Apple provides a very unique, unprecedented feature set in the iOS environment that revolutionized the smartphone industry in terms of accessibility.

PAGE 7

! Figure 2.1 VoiceOver accessibility feature.

PAGE 8

! ( 3. Backend components 3.1 MySQL MySQL is an open source relational database management system. I t is a highly scalable system that can be distributed across multiple servers making it an ideal candidate for use in the design of a scalable mobile application platform, depending on the application's needs ( Vicknair 2) For example, some believe MySQL is an inappropriate technology for areas of high security, such as financial institutions or particular areas of government ( 2) In terms of scalability, performance, and flexibility, MySQL is capable of quickly handling massive amounts of data with a minimal footprint. According to the MySQL website, MySQL databases are easily capable of "hold ing terabytes of information" ( "MySQL Enterprise Edition." 1 ). In addition, the MySQL platform is capable of processing billions of queries a day, through high speed load utilities, distinctive memory caches, full text indexes, and other performance enha ncing mechanisms (1 ). This becomes important with a mobile application that might initially start off with a small number of users, and exponentially grow with time. With the resources provided by MySQL, scalability and performance does not become an issu e of concern. Another significant feature of MySQL is its touted strong data protection. MySQL is capable of providing "powerful mechanisms for ensuring only authorized users have entry to the database server" going as far as the ability to "block users d own to the client machine level" ( "MySQL Enterprise Edition." 1). Further, MySQL provides a framework for encryption and decryption methods to "ensure that sensitive data is protected from unauthorized viewing" (1). Security is an extremely critical funct ion of a mobile app platform, as these devices in particular have a higher likelihood of relying on untrusted networks. With that, MySQL is fairly easy to configure and start using, with claims that installation can be completed in less than fifteen minute s ( "MySQL Enterprise Edition." 2). Included with the self management features are dynamic configuration options that allow modifications to be easily made to the system based on performance monitoring. Finally, MySQL offers backup and recovery options, making MySQL a database manageme nt system that is robust, secure, and high performance. 3.2 MongoDB Unlike MySQL, MongoDB is not a relational database. It emphasizes storing documents that are indexed and it provides a query mechanism for accessing these documents ( Chakraborty 477). MongoDB stores data in binary JSON like format referred to as BSON; fittingly, BSON is opti mized for data that can be stored like

PAGE 9

! ) documents ( 477). These attributes of MongoDB come together to make the management system a great tool for scalable application s. One of MongoDB's strengths is that its documents can be distributed acr oss multiple servers ( Chakraborty 477). By storing instances of the same document in various geographic areas, applications can be protected from failure of a single location This geographic dispersement is a major advantage with the MongoDB system. Another benefit of the MongoDB system is its automated horizontal scaling infrastructure ( Chakraborty 477). In the event that the load on a single database server exceeds its available resources, horizontal scaling ensures load balancing and automatic ma nagement of failover ( 477). This is another key feature of a scala ble application implementation; automation of management responsibilities becomes an exponentially valuable tool as the number of users increase. 3.3 Amazon Web Services (AWS) Amazon Web Services are described as offer[ing] a complete set of infrastructure and application services that enable [developers] to run virtually everything in the cloud: from enterprise applicatio ns and big data projects to social games and mobile apps" ( "Amazon Web Services 1 ). Some of the major benefits of using AWS include no upfront costs, fast delivery of web content, and dynamic scalability based on demand. With no upfront costs, Amazon emphasizes a pay as you go business model. As described in their overview, AWS enables [developers] to eliminate the need for costly hardware and the administrative pain that goes along with owning and operating it ( "AWS Economics Center." 1). Amazon Web Services provide a very economic conscious solution for young entrepreneurs, developers, and startups. In addition, AWS relies on another Amazon product known as CloudFront. CloudFront is described as a global content delivery network with 36 locations worldwide, so [] pages always load fast ( "Start ups on AWS." 1 ). This notion of geographic dispersement is again important, as worldwide users are directly affected by the location of data centers. Finally, the ability to automatically scale from hund reds of requests to millions of requests within a matter of minutes is perhaps the most important feature for such a platform. As dynamic scalability is such a major component, I've devoted the following section for a more in depth look.

PAGE 10

! 4. Dynamically Scaling 4.1 Virtual Private Servers As cited in an article titled The Evolution of Virtualization the author comments, It's no secret that virtualization, a technology long associated with mainframe computers, has been transforming data centers due to its ability to consolidate hardware resources and reduce energy costs. But in addition to its impact on data centers, virtualization is emerging as a viable technolo gy for smartphones []" ( Kroeker 18) Evidently, it is very rapidly becoming a trend for companies to make use of virtual servers inste ad of physical hardware ( Basak 86). In recent years, the number of virtualized servers in use surpassed the numbe r of physical servers (86). This fact is no surprise, as virtual private servers have a number o f distinct advantages; some of these include the small initial setup time, the ability to dynamically scale resources as demand fluctuates, security at the software level, and immediate availability to young entrepreneurs. Setting up a physical data ware house is costly and time consuming. Location space needs to be rented, equipment needs to be bought, configured, and setup with proper security policies. In a research article published by VMWare Inc., an industry leader in virtualization and cloud computi ng, it was cited that this "process can take anywh ere from days to weeks" ( Basak 86). A virtual private server provides a means of hosting and serving content to users. For example, when a webpage is viewed in a browser, the browser is downloading conten t (images, text, etc.) from a server to display to the user. The virtual private server is responsible for storing, transferring, and executing any server side applications. Recognizably, this requires the server to have memory to store content, RAM for co nnection variables and buffers, and a CPU capable of responding to the client's requests. Virtual private servers can often be spawned in minutes, especially those that offer semi managed hosting. A number of virtual private servers can be hosted on a sin gle piece of physical hardware, guaranteeing an assured amount of space, RAM, and CPU. Additionally, depending on the configuration options that the host provides, these values can be modified in real time, providing an elastic means of serving content to the user. This flexibility to dynamically scale in the face of high or low traffic is one of the prime benefits of using a virtual private server. As mentioned above, security at the software level is another significant feature of virtual private servers. As explained in The Evolution of Virtualization "one of the strengths of virtualization is its ability to isolate data and applications," which i s said to "represent a core e nhancement to security" ( Kroeker 18 19). The concept of isolation is a key notion in the security of technological systems. Mendel

PAGE 11

! "+ Rosenblum, founder of VMware and a professor of computer science at Stanford University, states, "I look at virtualization as a step toward getting out of the mess we have in terms of [traditional] systems being so insecure," and notes that "better security is a natural resu lt of virtualization" ( 19). 4.2 Dedicated Hosting Solutions Although the benefits of a flexible virtual private server are clear, these systems have the potential to be limited in a sense. Because a number of virtual servers are residing on a physical machine, they are naturally limited by the amount of available memory, R AM, and CPU of the machine itself. A dedicated hosting platform can be described as a high performance, business class server that would be ideal for a high volume website or CPU intensive application. Instead of sharing any resources of the machine with other running instances, the platform is dedicated to a single application ( Urgaonkar 2). This makes control and management of the system's resources completely at the discretion of the administrator, rather than restricted by the limited resources of the system. 4.3 Cloud based technologies As was the case with virtual private severs, dedicated hosting solutions are also restricted by the limitations of the hardware itself. Cloud computing has been garnering noteworthy consideration in industry as it "p romises unparallel levels of scalability and flexibility without making upfront investment in setting up and running large scale computing infrastructures and data centers" ( Babar 50). These were the precise issues and concerns we explored with virtual pr ivate servers and dedicated hosting solutions. The fundamental feature of cloud computing is its ability to scale up or down in relation to demand of resources without the high upfront costs typically associated with such scalability ( Babar 51). This abi lity to acquire resource on demand, often referred to as elastic resource provisioning, is considered to be a key feature of modern cloud computing ( Han 644). In general, elastic resource scalability is achieved by increasing or decreasing the number of v irtual machine instances that host the applicatio ns' server components ( 644). When designing a mobile application with a server side architecture in mind, it's important to think about hosting requirements. Will the app be making constant hits to the serv er? Will the app support a large audience? Will this audience drastically fluctuate (see the case study on Mailbox below)? What types of resources does the client need from the server? A platform for scaling a mobile app takes these considerations into min d in order to choose the best server side option.

PAGE 12

! "" 4.4 Case Study: Mailbox Mailbox, a new iOS email management app, was designed by a small team of engineers and designers at Orchestra, claiming to "redesign the inbox to make email light fast, and mobile friendly" ( "Put Email in Its Place." 2 ). Because of the way the app was designed, Mailbox requires the user's email to be downloaded to their servers, and then transferred to the user's phone via the app. This allows the user to perform the actions that make Mailbox a desirable new way to manage email. In order to accommodate the huge demand for Mailbox on its servers, the makers decided to distribute this "world class email experience" in a very unique way through "reservations on a first come, first served basis ( "Put Email in Its Place." 4 ). When users first download the app, they're automatically given the next available spot in l ine (see Figure 4.1 ) before they can actually start making use of the app. The app does not do anything else besi des show the user his or her spot in line. Gentry Underwood, a designer at Mailbox, said, "transparency is important to us we're asking people to trust Mailbox to handle their email and so we chose to be as straightforward as we could" ( Pavlus 2 ). A lthough the app itself has go tten very positive reviews, it has been under harsh scrutiny for perhaps being too transparent. On March 15, 2013, Mailbox was acquired by Dropbox in order to "scale the service" and include "support for more email providers a nd mobile devices" ( "Reservations." 6 ).

PAGE 13

! "# Figure 4.1 Mailbox app reservation system.

PAGE 14

! "$ 5. Networking 5.1 Client Server communication HTTP is an application layer protocol, consisting of clients and servers. Once a TCP connection has been established, a number of transfers occur, with data being sent back and forth between the client and server. A fundamental challenge for content providers is scaling their HTTP servers to handle the growth of a client initiated load ( Hayes 57). To h andle this exchange of data, HTTP relies upon web services as a means of transferring data. RESTful vs. SOAP web services Representational State Transfer, or REST, was developed by Roy Fielding in 2000 as an abstraction to the basi c architecture of HTTP ( Schreier 15). The REST architectural style has become a common method of designing web services, as it puts emphasis on "generality of interfaces" and "scalability of c omponent interactions" ( Porres 1598). These are two key elements that we look for whe n designing mobile applications to scale reusability and scalability. In addition, REST can be defined by the following three attributes: 1) addressability, in that resources are exposed and addressable via a consumable URI; 2) a uniform interface, in t hat the standard GET, POST, PUT, and DELETE methods are capable of retrieving a resource or altering its state; and 3) statelessness, in that any request from the client contains all of the state information needed to service the request ( Porres 1599). St atelessness is an important trait of scalable software, as no client context needs to be stored on the server in between requests. Since making a TCP connection between a client and server already requires session buffer space and variables to be allocated statelessness allows the server the capability of handling even more active sessions. Another important concept to introduce in the realm of RESTful web services is the notion of replication. Because of the ability to access content anywhere and at anyt ime (although not necessarily reliably) via a mobile device, replication becomes an important technique in "improv[ing] performance, availability and scalability of distributed systems i n mobile environments" ( Peters 1). Often times, smartphones are affli cted by weak or sporadic Internet connectivity, contributing to a slow response time for data access. Replication systems are "aware of disconnected clients and weak connections and therefore must implement special replication protocols" (1). To manage thi s, replication relies on the simplicity of REST interfaces to transmit not every transaction that is transmitted during synchronization, but rather just the last changed data segment ( 1). This is an ideal trait for applications that rely on a network conne ction, as replication uses a limited amount of bandwidth.

PAGE 15

! "% It's important to briefly touch upon SOAP, or the Simple Access Object Protocol. Originally designed for use in wired networks, SOAP has "high overhead" and does not comprehensibly account for the resource limitations of mobile devices such as slow CPU, memory constraints and limited battery life" ( Phan 1139). Although some of the major benefits of SOAP include its capability to handle complex objects, maintain state over a reliable Internet connection, and provide additional security standards, the simplicity of REST is a better candidate for mobile applications over an unreliable network. JSON vs. XML Once information has been retrieved from a server using an HTTP protocol, it must be returned in a serialized format that can be understood by the client. Two of the most popular data serialization formats for performing such an action are JavaScript Object Notation, or JSON, and Extensible Markup Language, or XML format. To get an idea of some of the benefits of both serialization formats, an example of a dynamic menu system representation has been reproduced below. {"menu": { "id": "file", "value": "File", "navigation": { "menuitem": [ {"value": "New", "onclick": "newFil e()"}, {"value": "Open", "onclick": "openFile()"}, {"value": "Save", "onclick": "saveFile()"}, {"value": "Close", "onclick": "closeFile()"} ] } }} Figure 5.1 Sample JSON Format < menuitem value="New" onclick="newFile()"> Figure 5.2 Sample XML Format Note that with XML, each menuitem needs to be explicitly defined and closed. Evidently, whereas XML is much more verbose than JSON, JSON is simple but not as easily readable. Although XML's verbosity lends itself to creating rich data structures, JSON is the frontrunner from a mobile persp ective, as it uses less data to transmit the same information, thus requiring less bandwidth between the client and server a key feature in a scalable application. This is not only important for

PAGE 16

! "& the client who is waiting to receive the data, but addition ally for the server that is required to allocate a large enough buffer space to transmit the data segment. 5.2 SSL Encryption A secure socket layer, or SSL, is a cryptographic protocol implemented as a transport layer security feature ( Lee 83). As RESTful web services transmit data in plaintext, cryptography is an essential feature in client server communication. The first deployable version of SSL was introduced with Netscape in 1994, with later versions improving on the "security and f unctionality of SSL ( 84 85). In its simplest form, SSL consists of two layers: 1) the record layer, and 2) the handshake layer. The record layer obtains data from the buffer at the application layer, converts the data into manageable segments, and performs compressi on and sy mmetric key encryption ( Lee 84). The handshake layer is responsible for establishing a secure session and determining the session symmetric keys used by the rec ord layer ( Lee 84). Once established, data can securely be exchanged. Rather than di ving into the specific implementation of SSL encryption, it is important to point out why it is needed in a mobile application context dedicated to worldwide scalability. Sensitive information from the user is sometimes required when a RESTful method is ca lled to gather or modify a resource. This confidential transaction might include such things as a password or credit card number. Secure transactions are guaranteed with an HTTPS protocol that correctly implements SSL, providing "authentication, privacy, a nd integrity" of the application ( Lee 83). 5.3 Authentication There are a number of ways to authenticate a user including facial recognition, voice recognition, and fingerprint scanning; however p assword authentication is the prime standard in user authentication due to its simplicity in design ( Teat 103). As passwords should never be stored in plaintext in the event of a security breach, passwords are cryptographically hashed before being stored on a server. Cryptographic hashing is defined as "th e process of applying a one way algorithm on given data to produce a fixed length output" ( Teat 103). This output is then stored on th e server; when a user attempts to authenticate an account, the stored hash is c ompared to a similarly hashed input passwo rd from the user to ensure that the two are equal. This prevents the actual password from ever being stolen from a breached server or from a man in the middle attack. The process of br eaking cryptographic algorithms, referred to as cryptanalysis, serves as a major vulnerability to hashing ( Mishra 798). In its simplest form, a rainbow table is a pre computed table consisting of a very large number of already hashed passwords. Therefore, if a database containing one way hashed passwords

PAGE 17

! "' were ever breached, c yber attackers would be able to utilize a rainbow table to reverse lookup the hashed password, revealing the user's true authentication token. To mitigate this concern, most authentication schemes rely on long salts to ensure a uniquely hashed password. 5 .4 Case Study: Dropbox Dropbox is one of the many cloud based services to recently spring up, offering virtual storage in remote data centers with the goal of sharing files, backing up files, and keeping all computing environments in sync. An interesting technology that keeps costs down is referred to as deduplication, with the idea that only a single copy of repeating data is stored on the server, minimizing the amount of required storage space while also saving bandwidth ( Halevi 491). To understand further, assume John stores a song in his Dropbox. This song is then uploaded to Dropbox's servers, along with a hash value of the file itself. Suppose another user, Jane, decides to store that exact song in her Dropbox as well. When she plac es the file in her Dropbox, the program hashes her file and then makes a check on Dropbox's servers to see if this hash already exists. In our case, the hash will exist, so rather than store a duplicate copy of the same song on the Dropbox servers, Jane's copy of the song will instead point to John's file, since they are deemed to be exactly the same. In effect, this saves Dropbox bandwidth and storage capacity. As described in a research publication on the topic, "b y learning just a small piece of informat ion about the file, namely its hash value, an attacker is able to get the entire file from the server" ( Halevi 492). The concept of Proof of Ownership is a mechanism that intends to solve this issue. In essence, proof of ownership requires a number of sup plementary components in addition to the hash of the file, in order for the client to prove to the server that he or she is the actual owner of the file (493).

PAGE 18

! "( 6. Data Analytics 6.1 Methods and services The concept of data driven decision making is a key component in making intelligent decisions about offering better services and inc reasing profit margins ( Dhiman 253). There are a number of different companies offering services that cater to this need 6.2 Case Study: Flurry Analytics Flurry's business proposition is stated as building better apps, measuring consumer behavior, advertising to the right audience, and monetizing t hat audience ( "Thrive." 1 ). Flurry Analytics are compatible with a number of platforms including iOS, Android, Windows Phone, HTML5, and BlackBerry The tool tracks a variety of parameters from demographic estimations and app engag ement benchmarks to app categories and consumer interests With Flurry Analytics, developers can keep track of session lengths, the number of active users, device analytics, and many more data points in order to determine the best ways to further engage user interest and make improvements. This is an important aspect when designing an app that targets a diverse user base. 6.3 Case Study: TestFl ight Although slightly different, TestFlight is a beta testing service aimed at analyzing crashes and feedback before an application is distributed to the public. TestFlight advertises, Complete tracking of [a] build, from distribution to se ssions, check points and crashes" ( "TestFlight." 1). Provided with TestFlight are over the air distributions, analytics reports, and in app feedback. With over the air distributions, developers are given the opportunity to seamlessly test their apps before releasing them. This not only provides valuable insight, but also gives developers an idea of how w ell the app will scale once deployed. TestFlight provides the standard analytics tools for providing user data, but with an added layer of informative data Since Tes tFlight makes unique builds of an app for beta testers, developers can keep track of "which testers installed the app, started testing, or opened their email invite" and is described as "bring[ing] transparency to beta testing, all in real time" ( "TestFlig ht." 2 ). This is a significant feat, as many other analytics companies can't quite provide this type information for beta versions of an app.

PAGE 19

! ") Further, TestFlight provides a unique in app feedback mechanism for garnering opinions or questions from beta use rs. As this is all performed remotely and in real time, developers get an up to the minute dashboard of relevant bugs and concerns that a user is facing. As such, it is clear that TestFlight is an essential tool for the young entrepreneur looking to design a scalable mobile application.

PAGE 20

! "* 7. Acknowledgments I want to thank each of my committee members, Dr. Dankel, Dr. Zhang, and Dr. McCall, for assisting me in choosing a research topic, providing helpful feedback along the way, and giving me the opportunity to learn about a topic that I was passionate about researching.

PAGE 21

! #+ 8. References "Amazon Web Services, Cloud Computing: Compute, Storage, Database." Amazon Web Services Amazon Web Services, Inc., 2013. Web. 16 Mar. 2013. "Apple Developer." Accessibility Apple Inc., 2013. Web. 16 Mar. 2013. "AWS Economics Center." Amazon Web Services Amazon Web Services, Inc., 2013. Web. 16 Mar. 2013. Babar, Muhammad Ali. "A Tale of Migration to Cloud Computing for Sharing Experiences and Observations." Proceedings of the 2nd International Workshop on Software Engineering for Cloud Computing (2011): 50 56. ACM Digital Library Web. Basak, Debashis, Rohit Toshniwal, Serge Maskalik, and Allwyn Sequeira. "Virtualizing Networking and Security in the Cloud." ACM SIGOPS Operating Systems Review 44.4 (2010): 86 94. ACM Digital Library Web. Chakraborty, Sushan, Madhulina Sarkar, and Na ndini Mukherjee. "Implementation of Execution History in Non relational Databases for Feedback guided Job Modeling." Proceedings of the CUBE International Information Technology Conference (2012): 476 82. ACM Digital Library Web. Chandy, K. M. "B ayesian Models of Design Based on Intuition." International Conference on Software Engineering (1976): 281 85. ACM Digital Library Web. Chessa, Francesca, and Gavin Brelstaff. "Going beyond Google Translate?" Proceedings of the 9th ACM SIGCHI Itali an Chapter International Conference on Computer Human Interaction: Facing Complexity (2011): 108 13. ACM Digital Library Web. Chiti, Sarah, and Barbara Leporini. "Accessibility of Android Based Mobile Devices: A Prototype to Investigate Interaction with Blind Users." Proceedings of the 13th International Conference on Computers Helping People with Special Needs (2012): 607 14. ACM Digital Library Web. Dhiman, Karan, and Benson Quach. "Google's Go and Dart: Parallelism and Structured Web Development for Better Analytics and Applications." Proceedings of the 2012 Conference of the Center for Advanced Studies on Collaborative Research (2012): 253 54. ACM Digital Library Web.

PAGE 22

! #" Gajos, Krzysztof, and Daniel S. Weld. "SUPPLE: Automatically Generating User Interfaces." Proceedings of the 9th International Conference on Intelligent User Interfaces (2004): 93 100. ACM Digital Library Web. "Google Trans late API." Google Developers Google, 20 Apr. 2012. Web. 9 Mar. 2013. Halevi, Shai, Danny Harnik, Benny Pinkas, and Alexandra Shulman Peleg. "Proofs of Ownership in Remote Storage Systems." Proceedings of the 18th ACM Conference on Computer and Commun ications Security (2011): 491 500. ACM Digital Library Web. Han, Rui, Li Guo, Moustafa M. Ghanem, and Yike Guo. "Lightweight Resource Scaling for Cloud Applications." Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud an d Grid Computing (2012): 644 51. ACM Digital Library Web. Hayes, David A., Michael Welzl, Grenville Armitage, and Mattia Rossi. "Improving HTTP Performance Using "Stateless" TCP." Proceedings of the 21st International Workshop on Network and Operating Systems Support for Digital Audio and Video (2011): 57 62. ACM Digital Library Web. Kroeker, Kirk L. "The Evolution of Virtualization." Communications of the ACM Mar. 2009: 18 20. ACM Digital Library W eb. Lee, Homin K., Tal Malkin, and Erich Nahum. "Cryptographic Strength of SSL/TLS Servers: Current and Recent Practices." Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement (2007): 83 92. ACM Digital Library Web. Mishra, Deepika D., C.S.R.C. Murthy, Kislay Bhatt, A. K. Bhattacharjee, and R. S. Mundada. "Development and Performance Analysis of HPC Based Framework for Cryptanalytic Attacks." Proceedings of the CUBE International Information Technology Conference (2012): 789 9 4. ACM Digital Library Web. "MySQL Enterprise Edition." MySQL Oracle Corporation, 2013. Web. 16 Mar. 2013. Pavlus, John. "The UX Thinking Behind Mailbox's 800,000 Person Waiting List." Co.Design N.p., 2013. Web. 9 Mar. 2013. Peters, Martin, Christopher Brink, Martin Hirsch, and Sabine Sachweh. "A Client Centric Replication Model for Mobile Environments Based on RESTful Resources." Proceedings of the Workshop on Posters and Demos Track (2011):

PAGE 23

! ## n. pag. ACM Digital Library Web. Phan, Khoi A., Zahir Tari, and Peter Bertok. "A Benchmark on SOAP's Transport Protocols Performance For Mobile Applications." Proceedings of the 2006 ACM Symposium on Applied Computing (2006): 1139 144. ACM Digital Library Web. Porres, Ivan, and Irum Rauf. "Modeling Behavioral RESTful Web Service Interfaces in UML." Proceedings of the 2011 ACM Symposium on Applied Computing (2011): 1598 605. ACM Digital Library Web. "Put Email in Its Place." Mailbox App Orchestra, 2013. We b. 9 Mar. 2013. "Reservations." Mailbox App Orchestra, 2013. Web. 9 Mar. 2013. Schreier, Silvia. "Modeling RESTful Applications." Proceedings of the Second International Workshop on RESTful Design (2011): 15 21. ACM Digital Library Web. "Start ups on AWS." Amazon Web Services Amazon Web Services, Inc., 2013. Web. 16 Mar. 2013. Teat, Chad, and Svetlana Peltsverger. "The Security of Cryptographic Hashes." Proceedings of the 49th Annual Southeast Regional Conference (2011): 103 08. ACM Digital Library Web. "TestFlight: Beta Testing on the Fly." TestFlight TestFlight, 2013. Web. 16 Mar. 2013. "Thrive in the New App Economy." Flurry Flurry, 2013. Web. 16 Mar. 2013. "Translation Management Service." Crowdin Crowdin, 2013. Web. 9 Ma r. 2013. Tschernuth, Michael, Michael Lettner, and Rene Mayrhofer. "Unify Localization Using User Interface Description Languages and a Navigation Context Aware Translation Tool." Proceedings of the 4th ACM SIGCHI Symposium on Engineering Interactive Computing Systems (2012): 179 88. ACM Digital Library Web. Urgaonkar, Bhuvan, Prashant Shenoy, and Timothy Roscoe. "Resource Overbooking and Application Profiling in a Shared Internet Hosting Platform." ACM Transactions on Internet Tech nology 9.1 (2009): n. pag. ACM Digital Library Web.

PAGE 24

! #$ Vicknair, Chad, Dawn Wilkins, and Yixin Chen. "MySQL and The Trouble with Temporal Data." Proceedings of the 50th Annual Southeast Regional Conference (2012): 176 81. ACM Digital Library Web.