Mobile App Development: Consider the Cost, Not Just the Price!

This article was originally posted on my companies blog site found here


When we are talking to customers, either new or existing, we often get asked about the best way to develop mobile apps for both Android and iOS. For many years the options were native versus hybrid. More recently these options have become more complex. The typical reason we get asked this question is that companies are looking to reduce the price of mobile app development. We feel that there is much more to consider in this decision than just the price of development, it’s the true cost that needs to be understood.

At Chariot Solutions, our Mobile Practice focuses on native application development. We didn’t start out with that approach. We worked on native and hybrid apps for our clients. What we have learned over the years is that native simply works best. Sure, for very simple, basic mobile apps it might be worth considering an alternative approach. But we have consistently found that apps that start as hybrid end up suffering from shortcomings that result in sub-optimal user experience or require significant work arounds and even potentially complete re-writes. Based on these experiences, we prefer to focus our efforts on native development resulting in a highly performant, beautifully designed mobile application for our client’s users.

What is Native, Cross Platform, and Hybrid

In order to understand all the aspects of deciding what direction to go with your mobile app development approach, it is important to understand each option and the advantages and trade-offs each has to offer.

At a very high level, native applications are written in a programming language supported by the platform provided SDKs (Software Development Kits). Hybrid and cross platform applications are written in essentially a single programming language and use framework provided software layers to allow developers to generate a user interface and provide access to underlying device features. While this sounds good on paper, the diagram below demonstrates the additional complexity that comes along for the ride.

The following sections provide more detail around the different mobile application development approaches.

Native Mobile Approach

Native mobile apps are written with platform specific languages to directly access the manufacturer provided SDKs.  For iOS, this means writing in either Objective-C or Swift, and for Android the language options are either Java or Kotlin.  Within iOS and Android, each of their supported languages interoperate with the other.


  • It is not possible to exceed the performance of a natively developed application.
  • Immediate access to all platform features via native SDKs (e.g. bluetooth, AR, machine learning, etc.).
  • The similarities between Apple’s Swift and Android’s Kotlin languages make it much easier to cross-train developers and to port the application code between the two platforms
  • More mature tooling in terms of UI development, debugging, and profiling
  • Easier to support multiple device sizes and orientations through the use of provided tooling
  • Built in support for non-phone device types (wearables, TV, Car, etc.)


  • Developers need to be familiar with different tool sets
  • Two languages to learn when cross training developers
  • Maintaining two code bases

Hybrid Approach

Hybrid applications are written using HTML, JavaScript, and CSS, which is then wrapped in an application container that allows it to be treated as an app by the device.  It is essentially a browser-based web app wrapped for the ability to access device features like local storage, bluetooth, and push notification support.  One programming language is used to build the app, which is then wrapped for deployment and distribution.  Examples of hybrid frameworks include PhoneGap, Sencha Touch, and Ionic (built on top of PhoneGap).


  • One programming language to learn
  • Shared code for business logic
  • The same developers and code modules could be re-used for web development.  This is a comment we hear often, but rarely works in practice.


  • Sub-optimal UI performance
  • Reliance on frameworks and the support they will have moving forward
  • Frameworks are so numerous and evolve so quickly that code written 2-3 years ago can become obsolete and riddled with security and performance issues
  • Difficulty in integrating new versions of the frameworks
  • There are more layers of software in the application, which makes debugging and troubleshooting more difficult
  • Tooling is less sophisticated
  • UI/UX tends to blur between iOS and Android, or forces code branching (i.e. if android do this, else do that) throughout the code base in order to differentiate each of the user experiences
  • User Experience can suffer if you decide to stick with common design patterns from one platform; Android users sometimes get offended if your app looks like an iOS app or vice versa.
  • Plugins required to access native OS/device features, which might require a native developer to implement
  • Delayed availability of new platform SDK features

Native Cross Platform Approach

This category is also referred to as just “Cross Platform.”  Mobile applications are written using a single language (e.g. JavaScript, C sharp), and use framework provided APIs to access the underlying native SDKs.  UI components provided by the framework get translated into native UI widgets, allowing close to native application UI performance levels.  While there are numerous frameworks available, currently, the most popular native cross platform frameworks are ReactNative (written using JavaScript) and Xamarin (written using C#).


  • One programming language to learn
  • Shared code for business logic
  • Near native UI performance


  • The same cons as hybrid, plus the following
  • Steep framework learning curve.  While there is a learning curve for native, that skill will still be required when using a cross platform approach.  More on that later.
  • Reliance on the framework providers to continue to exist and evolve along with the native platforms

Mobile App Development Considerations

Now that we understand what each option actually represents, we need to look at the various considerations that go into choosing a mobile app development approach. Most of these considerations go beyond the “development cost” that people speak about. These include things such as the importance of mobile to the overall business strategy and goals, what platforms are really required by your user base, how complex the app is for both business logic and user experience, and the developers you have on staff. Below is a high level comparison of each approach, with the underlying details following the table.

Business Strategy

If your mobile applications are core to your business, then the only real option to consider is native. The user experience quality and performance obtained when developing a fully native app simply isn’t achievable with the other options. How is mobile core to your business when you don’t have a mobile product? As an example, one of our clients is in the home security space. Their main focus is the security system and its sensors and cameras. But the mobile applications provide the user the ability to control the system as well as providing a view into its current state. This makes mobile core to their business. Maximizing UI performance is critical to the user’s happiness and therefore the success of their product.

Platform Requirements

One of the first questions businesses need to ask about their mobile apps is “Who are the users?” In some cases the answer is “90% of the user’s have iOS devices”. One of our clients came to us with a hybrid application that was suffering with significant performance and usability issues. Their clients all used iOS devices (iPads). For their initial version, they chose hybrid “in case they need to support Android someday.” Our recommendation to them was to develop an iOS app optimized for the platform and taking full advantage of what it has to offer. If an Android app is needed somewhere down the road, given the similarities between Apple’s Swift and Android’s Kotlin, it’s pretty straightforward to port the app over.

Another consideration with respect to platform support is access to device specific features. A good example of this is augmented reality (AR). Apple introduced AR to their SDK with the release of iOS 11. Native apps that want to take advantage of this capability could access it immediately, while hybrid or cross platform apps needed either native plugins written or would need to wait for the capability to be added to the relevant framework.

Application Complexity

When it comes to application complexity, there are really two levels: UI/UX complexity and business logic complexity. UI/UX complexity can include things like compound views, custom controls, complicated transitions, the need to support non-phone device types (e.g. wearables, TV, car, etc.). The more of these types of complexity in the application, the higher the need is to take a native approach. UI/UX performance is one of the most important attributes of a mobile app. It directly impacts the user’s perception of the app and therefore the overall success of the app.

If the business logic for an app is complex, we will typically recommend moving that logic out of the app and into the cloud or some other server that can be accessed via an API for all clients, mobile or otherwise. If this cannot be done, this doesn’t mean hybrid or native cross platform is your only option. There are cross platform tools like KotlinNative, ElectrodeNative, J2ObjC, C/C++, etc. that can allow complex business logic to be written once and shared across native apps. Also, with the similarities between Kotlin and Swift, porting complex business logic from one platform to another isn’t as difficult as it once was.


The type of developers you have, or want to have, on staff is extremely important. While native cross platform and hybrid may require developers to know only one language, the reality is that platform experts are going to be required for each platform on which your app is released. There are numerous differences between the platforms in terms of what device features and functionality is available or unavailable on each. Unless you go with a full native approach, plugins will be needed to access some features. And during development, bugs and build/distribution issues will creep up. Any of these things can happen and will require deep platform specific knowledge. For good developers, language is mainly about syntax, but good platform knowledge is much more than just syntax. It’s understanding the various capabilities of each platform, their restrictions or limitations, and their UX paradigms.

In the End, We Choose Native

There are multiple options when it comes to building mobile applications.  Deciding on the proper path for your application is about more than just the line item cost of development.  Many considerations need to be assessed when determining the actual cost of development.  Ultimately you need a highly performant, beautifully designed mobile application for your users. My goal is to make sure your users have exactly that. Contact me to help you determine the right path.


UITableView Swipe Actions


One of the new but little discussed APIs in iOS 11 allows the addition of swipe actions on UITableView rows via the new UISwipeActionsConfiguration class and associated UITableViewDelegate methods. Adding swipe left or swipe right actions is now pretty simple, so lets just dive right in. To try out these new APIs, a very basic list view was created with some hard coded data. This app will allow the user to swipe right to make a row “read” or “unread” and swipe left to either “flag” a row, or “delete” the row from the list. The code for this post can be found here.


The UITableView delegate

The keys to adding swipe actions start with new UITableView delegate methods, defined as follows:

func tableView(UITableView,
              leadingSwipeActionsConfigurationForRowAt: IndexPath)
                                    -> UISwipeActionsConfiguration

func tableView(UITableView,
               trailingSwipeActionsConfigurationForRowAt: IndexPath)
                                    -> UISwipeActionsConfiguration

As you can see in the method signatures, these both return a UISwipeActionsConfiguration class. This class is initialized with an array of UIContextualAction classes. So let’s start at the bottom and work our way up.


The Details

For our sample app, we’ll create a struct called an Email. It looks like this:

struct Email {
    let subject: String
    let body: String
    var isNew: Bool
    var isFlagged: Bool

    static func mockData(numberOfItems count: Int) -> [Email] {
        var emails = [Email]()
        for idx in 1...count {
            let email = Email(subject: "Email \(idx)", body: "This is my body for email \(idx)", isNew: true, isFlagged: false)
        return emails

    mutating func toggleReadFlag() -> Bool {
        self.isNew = !self.isNew
        //normally make some call to toggle and return success/fail
        return true

    mutating func toggleFlaggedFlag() -> Bool {
        self.isFlagged = !self.isFlagged
        //normally make some call to toggle and return success/fail
        return true

We will use this class to load up the table view with data. This is accomplished using the typical UITableViewDataSource methods and can be seen within the ViewController class. The real area of interest is within the UITableViewDelegate. Here we introduce the 2 new methods mentioned above.


Setting up the UISwipeActionsConfiguration

Let’s take a deeper dive into the trailing actions method, since it will apply more than one possible swipe action.

func tableView(_ tableView: UITableView, trailingSwipeActionsConfigurationForRowAt indexPath: IndexPath) -> UISwipeActionsConfiguration? {
        let deleteAction = self.contextualDeleteAction(forRowAtIndexPath: indexPath)
        let flagAction = self.contextualToggleFlagAction(forRowAtIndexPath: indexPath)
        let swipeConfig = UISwipeActionsConfiguration(actions: [deleteAction, flagAction])
        return swipeConfig

Here, we are using a helper method to instantiate each of the UIContextualAction classes we will need to build our swipe actions. Then we can instantiate a UISwipeActionsConfiguration using the UIContextualAction classes to populate the actions array. The UISwipeActionsConfiguration is then returned from the delegate method.

The important thing to note here, is that the order of the items in the action array determines the order of the actions displayed when the table view row is swiped. The easiest way to remember is that the first item displays furtherest out, and subsequent items display moving towards the cell. So if we are dealing with trailing actions, the first item in the array corresponds to the rightmost action (“Delete”), the second one will be one inside of that (“Flag”), and so on.


Handling Contextual Actions

Next, lets take a look at the UIContextualAction. This is where the work happens. The documentation found here. The initializer takes a UIContextualAction.Style, title, and UIContextualActionHandler block. The UIContextualActionHandler gives you access to the UIContextualAction, the view that displayed the action, and a completion handler that you pass a bool indicating whether or not the action was successful. An example can be found in the contextualToggleFlagAction method shown below:

func contextualToggleFlagAction(forRowAtIndexPath indexPath: IndexPath) -> UIContextualAction {
        // 1
        var email = data[indexPath.row]
        // 2
        let action = UIContextualAction(style: .normal,
                                        title: "Flag") { (contextAction: UIContextualAction, sourceView: UIView, completionHandler: (Bool) -> Void) in
            // 3
            if email.toggleFlaggedFlag() {
                // 4
      [indexPath.row] = email
                self.tableView.reloadRows(at: [indexPath], with: .none)
                // 5
            } else {
                // 6
        // 7
        action.image = UIImage(named: "flag")
        action.backgroundColor = email.isFlagged ? UIColor.gray :
        return action

In this method:

  1. We are simply retrieving the data element from our data array
  2. Instantiating the UIContextualAction class, providing a style, title and handler
  3. Mutating the object. Of course our email struct could have been a class to ease the mutation handling.
  4. Saving the mutated object back to our data and reloading the appropriate rows.
  5. Call the provided completion handler, indicating success.
  6. Had the update to the object failed, we can indicate that to the completion handler by passing false.
  7. Setting the image and color attributes on action. By specifying an image, the title in the initializer is not displayed. This certainly makes localization a bit more work, since the images would need to contain any text we wanted to display for an action, assuming we wanted both text and images.

One more thing of note is that on the UISwipeActionsConfiguration class, you can specify whether the first action in the collection should be performed with a full swipe. This defaults to true. Here is a video of the working app with both leading and trailing swipe actions.

Changing your iOS App Icon programatically

When iOS 10.3 was released, Apple opened up an API to allow developers to change the app icon for their app. Of course this doesn’t mean you can change it every second like the Clock app, or even every day like the Calendar app. What you can do is change the app icon when the app is running in the foreground, and it will notify the user with a pretty ugly system alert dialog that the icon is changing. This post will walk through the configuration and API calls to allow an app to change the app icon.

The first step is to obtain your app icon image assets. These must be .png files and you will need 2x and 3x resolutions. An important thing to consider is that you want all the proper icon sizes available so that when the icon changes it is consistent across settings, spotlight, notifications, etc.

Unfortunately, these cannot be placed in a xcassets file, however, they must be packaged in the main bundle. The source code for this post can be found here.

The next step is to configure the Info.plist file. Review the documentation for the plist file carefully. In the provided code, the plist file contains the CFBundleIcons dictionary configured as show below:

Screen Shot 2017-07-13 at 9.19.42 AM

In the CFBundleAlternateIcons dictionary, the key represents the string that will be used when making the API call to change the app icon.  You will see these used in the code samples later in this post.  The value is an array of CFBundleIconFiles.  In our case, its an array of one item, with the relative path to the filename (without extension and size modifier).  If you like to keep your files organized in both Xcode and the filesystem like me, you’ll want to store your icons in a sub folder within your project, so it’s important to specify the relative path, otherwise you’ll get a runtime error when trying to change icons.

Now on to the code.  The API docs can be found here:  The APIs are pretty basic.  Ideally you want to check if the app can change the app icon with something like the following:

if UIApplication.shared.supportsAlternateIcons {
    print("I can do it")

Then to change the icon, do something like this:

//note that the name corresponds to the key in the 
//  Info.plist CFBundleAlternateIcons dictionary
UIApplication.shared.setAlternateIconName("hockey") { (error: Error?) in
    guard let error = error else {
    print("switching icon to hockey encountered and error: \(error)")

Finally, to reset the icon back to the primary one by setting the name to nil:

UIApplication.shared.setAlternateIconName(nil) { (error: Error?) in
    guard let error = error else {
    print("switching icon to primary encountered and error: \(error)")

Simple as that. Check out the sample app and switch icons between your favorite Philadelphia sports teams 😃

Using Node.js and Charles Proxy to Mock a Server API

While working on an iPhone project for a client, I came across a situation where I needed to test some error conditions returned from a server API which I have no control over.  I ended up using Charles Proxy to remote map the server API calls to a locally running Node.js server.  Of course the proper way to do this is to write functional tests and mock the networking classes to return the appropriate responses, but that is a blog post for another day.

In this post, I’ll walk through the steps to create a simple iPhone app that interacts with a public API, using Node and Charles to simulate an error response.  This post assumes some experience writing iOS code, but all the source code will be available at

Create an iOS App

For the iOS app, I’ll write a simple weather app that uses the OpenWeatherMap API.  We all know the world needs yet another weather app :).

Let’s start by creating a new single view project in Xcode.  In my iOS projects I almost always use CocoaPods for dependency management.  CocoaPods makes it easy to add/remove 3rd party libraries to your iOS project.  In this app, we’ll use AFNetworking to access the API, and I’ll add MBProgressHUD in case the response time is slow and the user needs to wait for UI updates. The following assumes that you already have CocoaPods installed.

After creating the Xcode project, quit Xcode (or close the project) and create a text file named “Podfile” at the root of the project.  The contents should include the following:

platform :ios, '7.0'

pod 'AFNetworking', '~> 2.0.3'
pod 'MBProgressHUD', '~> 0.8'

With that file in place, drop to a command line and execute pod install

That will create a workspace and configure the libraries. From this point forward, we use the workspace instead of the project. The final version of the application will look like this:


The code base can be found at, but the key portion is the API call, which is below (without all the details)

[[CSMServerAPI sharedInstance] weatherForLongitude:-75.1914 
    successBlock:^(NSDictionary *weatherDict) {
        // code to map API response to UI elements here
    } failureBlock:^(NSError *error) {
        //access error message parts from response here
        NSString *msg = ...
        UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Houston - We have a Problem" 
        [alert show];

If everything is successful, the UI gets populated with the weather data. But, if there is a failure, we throw an alert up to the user containing the error messages (I know, alerts are not user friendly, but this is an example).

Mocking an error with Node

Now that we have the API calls in place, we need to set up our node server to fake an error response. Sticking with the theme of keeping things simple, I used the express framework for node. With node installed, I created a directory for my server app and added a ‘package.json’ file inside. The ‘package.json’ looks like the following:

  "name": "mock-api",
  "description": "for use with charles proxy to mock error conditions for OpenWeatherMap API",
  "version": "0.0.1",
  "dependencies": {
    "express": "~3.4.7"

Dropping to a command line and executing npm install will set up the node server with the express module. Now we create an ‘app.js’ file and add our mock API, as follows

var express = require('express');
var app = express();

var errorJson = {error:"API Error",error_msg:"You have encountered an error thanks to Charles and Node....have a nice day!"};

app.get('/weather', function(req, res) {
  	res.json(400, errorJson);

app.listen(process.env.PORT || 4730);

Since our call to the OpenWeatherMap API is a get request to the /weather URI, we simply handle that request route in our code and return the response we want, which is an error containing a JSON error message. To start the server, execute node app.js at the command line and the server will be listening on port 4730.

Configure Charles Proxy for Remote Mapping

If you code against server APIs and don’t use Charles Proxy, or something like it, you really should start. It is immensely valuable for troubleshooting API calls, and the more I use it, the more nice features I find. I’ve used it for bandwidth throttling, request/response inspection, breakpoints (to change requests or responses), and now URL mapping. In order to map the OpenWeatherMap API to our local node server, access the Map Remote settings via the Tools -> Map Remote... menu. Once there, add a new remote mapping, filling out the fields as shown below. The configuration was also exported and is available at


With that in place, enable remote mapping, run the iPhone app and get the following error:


If you used Charles to record your network requests, you can even see the mapping occurred in the request overview notes. That’s all there is too it. You can certainly do a lot more than just simulate errors with this set up. I’ve used it to simulate server application errors as well, where server returns an http 200, but the response includes some application specific errors. Timeouts can be tested as well using the connect-timeout module. There is an example in the source code for that too.

So this is one way to intercept your API calls and modify them for testing. This is certainly no replacement for good functional tests, but simply another thing to add to your developer toolbox.

Using Custom File Types to import data into your iOS Apps

Disclaimer: This is a repost of my entry on the Chariot Solutions blog.


I recently came across a situation where I needed the ability to share data between users of the same iOS application. Unfortunately, these users can not share an iCloud account and there is no server side components to this application. It is a standalone app.  Services like DropBox were not really an option either, as the devices are owned by an enterprise and will not have any service like that deployed onto them.

One solution is importing data via custom file types. Files can be sent to a device numerous ways (e.g. email, drop box, etc.), but for this post we will assume email. iOS makes it very simple to define a custom file type that your app can handle. This way, when the device receives an email with that type as an attachment, the user can select our app, giving it access to the underlying file. This post will walk through creating a simple app to access the contents of a text file received via email.

Create the Project

Lets start by creating a new project in XCode. I created a single view iPad application and called it “CustomUTIHandler”. I always use ARC. You can choose to use storyboards or not, as the UI in this app will do nothing more than display the contents of our file. The resulting project for this post can be found at:

Define the File Type

The next thing is to define a file type extension that our application will support. This is also known as a Uniform Type Identifier (UTI). For our purpose, we will use a filetype of ‘csm’ (for Chariot Solutions Mobile). The contents of this file will be some string. It could really be almost anything, but for simplicity we will use a string. For a list of Apple defined UTIs, look here:

Once we know what our custom file type extension is, we can add support for it to the project by modifying the Info.plist file for the project. We are going to be the owner/exporter of the new file type, so we add the “Exported Type UTIs” key to the Info.plist file. The default definition that gets created looks like this:

Based on the bundle key definitions found here:, we can fill in the required values. Since our example only has one file type that it is defining and the underlying data is text, we can add the system defined identifier for text to the “Conforms to UITs” item:


Next we need to add the identifier for our custom UTI. Apple recommends using the reverse DNS format in order to ensure our new UTI is unique. I will be using the following:


Finally, we want to identify the file extension that our app will be handling. This is defined under the “Equivalent Types” node. Add a node under the equivalent types with a name of “public.filename-extension” and a value of “csm”. You can optionally add a “Description” element under the Item for the exported type. My Info.plist now looks like this:

Support our new File Type

In order for our app to be recognized by the OS as supporting the newly defined file type, we need to add a “Document types” declaration to our Info.plist file. Doing so gives us the following in our Info.plist file:

The possible keys for the CFBundleDocumentTypes property can be found here: We can add anything for the “Document Type Name” value. The handler rank will affect the order that Launch Services uses to present apps that handle this file type. Since our app is really the owner of this file type, we will use that as the handler rank. Now we need to add the “Document Content Type UITs” that our app will handle. In this case, we are only handling one type (as defined in the export key above):


Just for fun, we will also give our file type an image icon (included in the project). The specs for the image are defined in the keys document referenced above (64×64 in this case). So our final Info.plist looks like the following:

Now all we have to do is create a text file with a “.csm” extension and email it to our device. Once there, long press the resulting icon and we should see our app listed as one of the “Open in” apps.

Once we select our app, it will launch and pass the file URL to this app delegate method:

- (BOOL)application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation
So, adding a simple NSLog statement to the method and we can display the contents of our text file:
- (BOOL)application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation {
   if (url){
      NSString *str = [NSString stringWithContentsOfURL:url encoding:NSUTF8StringEncoding error:nil];
      NSLog(@"The file contained: %@",str);
   return YES;

Important Safety Tip

The files that are being opened by the application are actually copied into a directory called “Inbox” within the apps Documents directory.  My file was called “This is a test.csm” (great name right, what am I a windows user?).  As shown in the image below, there are copies for each time I imported it on my device.

These files should be cleaned up as required by your app.


So by adding some configuration to our apps Info.plist file and implementing a delegate method, we can handle any uniform types within our app.  The source code for this project can be found at  I added some code so that it will display the contents of the file on the screen….very exciting.

Added Bonus

Since we are declaring to launch services that our app handles “csm” files, drop your custom file type into drop box.  Assuming you have the drop box app on you device, find the document in the app and try to open it.  You should get “Unable to view file”.  But if you tap the icon in the upper right of the screen, you should get a list of apps that can open that file….including our app.

It’s like magic 🙂  You see those other apps listed because we defined our UTI as text type, and those apps will handle text documents.

Using Cocoapods to Manage Private Dependencies

This is a re-post of my original blog entry, which can be found at:


Cocoapods ( is a dependency management framework for XCode. It allows you to declaratively define project dependencies and have them included in the build of your project. It’s like Apache Maven or Ruby Gems for XCode. There are many tutorials on getting started with Cocoapods, so in this blog post I will present a simple case where we have a project that depends upon two internally developed projects or private libraries.
We will start by creating two projects, each with a simple UI screen and some 3rd party dependency. Each of these projects will contain a file known as a Podspec that defines what gets included when another project depends upon it. Next, we will create a third project that depends upon these internally developed libraries and see how everything gets tied together.
In my contrived example, I’ll create two projects, each with a dependency on AFNetworking (a nice network abstraction layer). AFNetworking is already available via the public cocoapods spec library. Cocoapods will be used to add this dependency. Each project will also use YQL to query a weather service (Yahoo versus Wunderground) and present the forecast for a given zip code. The master project, which I like to call the Weather Comparator, will pull in the Yahoo and Wunderground projects and use their code to present a comparison of the services.

The Private Libraries

We start by creating the first project, Yahoo Weather. Once we have Cocoapods installed on our system, we create an XCode project for our first framework. I started using the Empty iOS application template. Once the XCode project is created, exit XCode. Create a text file called “Podfile” at the root directory of the project. The contents of the Podfile looks like the following:

platform :ios, '5.1'

xcodeproj 'YahooWeather.xcodeproj'

pod 'AFNetworking'

The first line defines the platform and SDK version, the next line defines the name of the XCode project file, and subsequent lines define the dependencies for this project. Podfiles can be much more complex, but this post will keep things simple. Check out the Cocoapods site for more information. Once the Podfile is complete, drop to a terminal and execute pod install at the root of the project directory. You’ll see some messages about the dependencies being downloaded and configured and when the process is complete, there will be a message indicating NOT to use the YahooWeather.xcodeproj anymore, but use the YahooWeather.xcworkspace file now. This is a workspace that includes your project and the Pods project.

Under the Pods project, there is a Pods directory, which contains the libraries specified in the Podfile (AFNetworking in this case). Besides creating the workspace, Cocoapods configures your project to include a static library called libPods. This is the output of the Pods project build. Essentially it includes the compiled version of the pods for which you asked to be included in the project. We can now use the AFNetworking classes within our code. The source code for the YahooWeather project can be found on my github account: The finished app can actually be run and looks like this (I know, gorgeous, right):

Following the same steps, we create a second project called WunderWeather. Much of the code is similar, except now we are using the Wunderground weather API. There are some other small changes, but for simplicity sake I reused much of the same code, just using different names for the classes (notice the class name prefix). Again, remember this is a contrived example, so reusing the code was merely for time efficiency. The source code for WunderWeather can be also be found on my github at And for your viewing pleasure, here is what it looks like:

One important thing to note here, is that each of our frameworks uses a slightly different class prefix. This ensures that when both of these projects get used in a third project (the WeatherComparator), there are no name collisions. Wouldn’t namespaces be nice?
When we are done coding each of these projects, we can commit them to our “private” git repository. In this case I am using github public repositories, but these projects can reside anywhere that is accessible from the projects that will depend upon them. That could a private repo, file system, etc. Cocoapods also support SVN and Mercurial, but git is what all the cool kids are using, so that is what this example will use.

Creating the Podspec

The next step is to configure a podspec for each of our frameworks. The podspec defines the source files, resources, etc. that our libraries/frameworks expose for use by other projects. In our case, we need to expose all the classes in the API, Model, and ViewController directories within our projects. We also want to expose our XIB files. Those are resources which need to get compiled and added to our final “.app” file. In a similar way, resources might include images that will get added into the “.app” file during the final build process. To create a podspec, execute pod spec create projectname at the root of the project directory. In our case, it would be pod spec create YahooWeather or pod spec create WunderWeather
The file that gets created has comments and examples of all the properties that can be set. For our projects, the podpsec looks like this (with all the extraneous comments and unused attributes removed): do |s|         = "YahooWeather"
  s.version      = "0.0.1"
  s.summary      = "Provides a Yahoo weather forecast, with basic UI, for a given zip code."
  s.homepage     = ""
  s.license      = 'MIT'       = { "stevenpsmith" => "" }
  s.source       = { :git => "", :tag => 'v0.0.3' }
  s.platform     = :ios, '5.1'
  s.source_files = 'YahooWeather/API/*.{h,m}', 'YahooWeather/Model/*.{h,m}', 'YahooWeather/ViewController/*.{h,m}'
  s.resources = "YahooWeather/ViewController/*.{xib}"
  s.requires_arc = true
  s.dependency 'AFNetworking'

Notice the source property. This points to our “private” repo. You can also access local repositories (instead of server based repos) by using a URI like this: '/Users/steve/projects/foo', which points to the root directory of your version controlled code. Also note the use of the tag key (which could also be a :commit). If consumers of this library do not specify a tag or commit, this specifies the snapshot of the code that will be provided. Without specifying anything, the latest commit of the master branch will be used. The source_files and resources specify the assets within this project that will be provided to the consuming projects. The dependency property specifies any pods that this pods would depend upon (in our case, AFNetworking). This file needs to be committed to the repository, and if a tag or commit is specified, that must exist within the repo as well. It’s a good practice to validate the podspec by executing pod spec lint <podspec_name>
This will save a lot of grief with typos, incorrect source directories, etc. Once your podspec is clean, commit it to the repository and tag if needed. The podspec for WunderWeather looks eerily similar.

Using the private libraries

The next step is to use these libraries in a new project. This is the WeatherComparator project, and it’s source can be found at We get started like we did before, creating the project within XCode, then exiting and creating a Podfile that references the dependencies. Except this Podfile will look a little different, as shown below:

platform :ios, '5.1'

xcodeproj 'WeatherComparator.xcodeproj'

pod "YahooWeather", :git =&gt; '', :tag =&gt; 'v0.0.3'
pod "WunderWeather", :git =&gt; '', :tag =&gt; 'v0.0.2'

Here we are adding the :git key to the pod declaration. Again, this could be subversion, mercurial, and even a filesystem reference. Notice there are no dependencies on AFNetworking. Our new project doesn’t directly depend upon those, but since the pods do, it will get pulled into our new workspace as it did in the other projects. Execute pod install in a terminal at the root of the new project directory, open the workspace as we did before, and we are good to go. Here is a screen shot of our weather comparator:

If you take a look at the code in the WeatherComparator project, it is very simple. One interesting thing to look at is the script located in the TargetsSupportFiles/Pods directory within the Pods project. Cocoapods generates this script file based on the contents of the podspec for the libraries. This script actually compiles the XIB files and adds them to the projects final build. As you can see, pods can use storyboards as well. This provides a nice way to create modules that include UIs and then combine them into applications.
Even though we used github public repositories, this post shows how to use Cocoapods to manage your project’s public and private dependencies. To try out the project, install Cocoapods, download the WeatherComparator project, execute pod install at the root, open the workspace, run the project, and see how different Yahoo and Wunderground weather forecasts can be. Pretty surprising actually :).

Securing Data in iOS Apps

There are numerous ways to secure data that you are storing on an iOS device.

The Simple/Built-in Way

The simplest way is to take advantage of iOS Data Protection (iOS 4+). This is accomplished by setting an attribute on a file like this:

    [[NSFileManager defaultManager] createFileAtPath:[self filePath]
                    contents:[@"super secret file contents" dataUsingEncoding:NSUTF8StringEncoding]
                    attributes:[NSDictionary dictionaryWithObject:NSFileProtectionComplete

There are several different levels of file protection. The following is taken from the NSFileManager class reference from Apple:

  • NSFileProtectionNone – no file protection
  • NSFileProtectionComplete – file is encrypted when the device is locked or booting
  • NSFileProtectionCompleteUnlessOpen – file is encrypted and can only be opened when the device is unlocked. Once open, the file can continue to accessed even if the user locks the device.
  • NSFileProtectionCompleteUntilFirstUserAuthentication – The file is stored in an encrypted format on disk and cannot be accessed until after the device has booted. After the user unlocks the device for the first time, your application can access the file and continue to access it even if the user subsequently locks the device.

A Core Data sqlite store can also be encrypted by setting the NSFileProtectionKey file attribute to one of the above values (after you create your persistent store coordinator).

However, an important thing to realize is that this type of data protection requires the device to have a passcode set on it (


What if you really need to insure that your data is protected regardless of whether the device has a passcode set? One way is to use the CommonCrypto libraries from Apple. This can be fairly complex. There is a great write up here from Rob Napier on what’s involved. Fortunately, he has also provided a wrapper that greatly simplifies this process here. Using this library (or writing your own), you can encrypt your data and store it wherever you need. If you are using Core Data, you could write an NSValueTransformer for the Core Data entity attributes that require encryption using CommonCrypto or the RNCrypto library to encrypt/decrypt the attribute values when accessing or updating them.


One more way to protect your data, specifically data that you want to store in a SQLite database, would be to use SQLCipher. SQLCipher encrypts/decrypts data at the page level and is transparent to your application code. You still use the standard SQLite APIs, with one additional method call when accessing the database (passing your key to sqlite). There are excellent instructions on setting it up for use in an iOS project here.

You can build SQLCipher as a set of static libraries by following the same iOS instructions with some modifications and additions. Here are the high level steps:

  1. Instead of creating a view based iOS project, create a static library project
  2. Follow the balance of the steps for including SQLCipher in your project
  3. Add a new “Aggregate” build target
  4. Add a “Run Script” build phase and paste the following script into it. This will build both the simulator and iOS based targets for the libcrypto, libsqlcipher, and libssl libraries.
  5. xcodebuild -project ${PROJECT_NAME}.xcodeproj -sdk iphonesimulator -target ${PROJECT_NAME} -configuration ${CONFIGURATION} clean build CONFIGURATION_BUILD_DIR=${BUILD_DIR}/${CONFIGURATION}-iphonesimulator
    xcodebuild -project ${PROJECT_NAME}.xcodeproj -sdk iphoneos -target ${PROJECT_NAME} -configuration ${CONFIGURATION} clean build CONFIGURATION_BUILD_DIR=${BUILD_DIR}/${CONFIGURATION}-iphoneos
  6. Add another “Run Script” build phase and paste the following script into it. This will merge the simulator and iOS builds into one for each library. These three libraries are what would be added to a project using SQLCipher.
  7. CRYPTO_LIB="${BUILD_DIR}/${CONFIGURATION}-iphonesimulator/libcrypto.a" &&
    SQLCIPHER_LIB="${BUILD_DIR}/${CONFIGURATION}-iphonesimulator/libsqlcipher.a" &&
    SSL_LIB="${BUILD_DIR}/${CONFIGURATION}-iphonesimulator/libssl.a" &&
    DEVICE_CRYPTO_LIB="${BUILD_DIR}/${CONFIGURATION}-iphoneos/libcrypto.a" &&
    DEVICE_SQLCIPHER_LIB="${BUILD_DIR}/${CONFIGURATION}-iphoneos/libsqlcipher.a" &&
    DEVICE_SSL_LIB="${BUILD_DIR}/${CONFIGURATION}-iphoneos/libssl.a" &&
    # Create framework directory structure.
    rm -rf "${UNIVERSAL_LIBRARY_DIR}" &&
    mkdir -p "${UNIVERSAL_LIBRARY_DIR}" &&
    # Generate universal binary for the device and simulator.
    lipo "${CRYPTO_LIB}" "${DEVICE_CRYPTO_LIB}" -create -output "${UNIVERSAL_LIBRARY_DIR}/libcrypto" &&
    lipo "${SQLCIPHER_LIB}" "${DEVICE_SQLCIPHER_LIB}" -create -output "${UNIVERSAL_LIBRARY_DIR}/libsqlcipher" &&
    lipo "${SSL_LIB}" "${DEVICE_SSL_LIB}" -create -output "${UNIVERSAL_LIBRARY_DIR}/libssl"

Once completed, you can build your new aggregate target and there should be 3 libraries located in a subdirectory within your project build directory. Just add these to your XCode project as you would any other library and you are good to go.

I have also posted this article on my companies blog, located here.