The new ownCloud iOS app has received a completely redesigned architecture that includes significant security enhancements and many new features. Users now benefit from more freedom in processing their files and an improved user experience, thanks to the integration with iOS. The app also provides more options for managing TLS certificates. In addition, the file sharing project presents a new SDK for iOS which focuses on security, data protection and performance.
One particular highlight the developers are excited about is the “File Provider Extension.” This allows users to access and work with their files in Apple’s “Files” application among many other apps. Tablet users can especially look forward to an increase in productivity with the support of iPad multitasking functions such as split screen or slide over. With the planned drag & drop support, they can also move files from other applications right into ownCloud by dragging them directly into the application. Due to its similar usability, ownCloud now brings tablet users and desktop users closer together.
The new app consistently uses Apple’s auto layout and, therefore, adapts well with different languages and screen sizes. The new themes support also brings more adaptability to the end device. This is made possible by Themeable Vector Graphics (TVG), a new format specially developed for the new app. Based on SVG, TVG delivers razor-sharp images and supports dynamic color changes.
Improvements in background connectivity, as well as planned offline capabilities will also provide users with a better user experience when downloading, uploading and managing files, even when no Internet connection is available.
ownCloud has already launched an official test flight program where interested users can test the app and give feedback to the developers. Learn more about how to get early access to the beta version and/or how to participate in the test program: https://owncloud.org/news/working-brand-new-ios-app-sdk/
Progress on Security
Should potential security problems occur, such as a TLS certificate that cannot be validated or a redirect during authentication, the app will notify the user of the problem. The user can then decide whether or not to trust the connection and if it should continue or abort the process.
In contrast to most other iOS applications, the new ownCloud app offers users a detailed, meaningful summary of TLS certificates so that authenticity can be determined without a doubt and so that a well-founded decision can be made as to whether the certificates are trustworthy.
The decision to allow a TLS certificate with failed validation can also be reversed; the choice is stored in conjunction with a timestamp for later reference. A special certificate in the management section of the settings allows users to review previous decisions and revoke trust if necessary.
In addition to these larger functions, there are also some noteworthy minor enhancements:
- The new app supports password managers such as 1Password, which facilitates the implementation of stricter restrictions.
- OAuth2 authentication now uses SFAuthenticationSession according to RFC 8252 Best Practices.
- When users switch to another app, the app appears blurry in the iOS App Switcher.
- Access to the app itself can be restricted by a password or biometrically viaTouch ID or Face ID.
A Basis for the Future: The New SDK for iOS
The new app is based on a new, modern foundation, the new ownCloud iOS SDK, which is completely asynchronous, highly modular, extensible and geared towards security, data protection and performance. It also promises to be much more user-friendly.
With the new SDK, it will be easier to add projects as there are no external dependencies. To enable this, ownCloud has developed its own SSL/TLS certificate management, extensible infrastructure for authentication methods, SQLite library, MDM integration, XML parser, as well as composer, logging, keychain and reachability wrapper.
Since developer requirements can vary significantly, the SDK offers both a low-level interface for direct communication with ownCloud servers and a high-level interface that considerably simplifies the implementation of clients. Automated testing is increasingly becoming an important instrument for early detection of many problems. Therefore, the SDK not only uses normal unit tests, but also provides its own mocking APIs that can greatly facilitate writing unit tests for apps that use the SDK.
The development of the new iOS app and SDK was conducted on GitHub, where users can contribute directly to the projects. Interested users who want to use the SDK in their own app are invited to contact ownCloud directly. The SDK is licensed under GPLv3, but the license can be customized in coordination with ownCloud.