One of the big changes in 1Password 5 for Mac and iOS is a brand new iCloud sync engine. This change is a huge, order-of-magnitude-improvement over what we had in 1Password 4, but it came at a cost. I would like to explain how we arrived at this decision.
Mac App Store and AgileBits Web Store
There are two versions of 1Password for Mac. One is available on the Mac App Store and the other is in our own AgileBits Store. For the most part, these two versions are identical. One major difference is that Mac App Store version of 1Password is sandboxed to satisfy the store requirements. Another big difference is the access to iCloud features. Starting with 1Password 5, only apps downloaded from iOS or Mac App Stores have access to iCloud.
Hey Siri, define “iCloud”
“iCloud” is a name that covers many different services and technologies. This umbrella name makes it difficult to talk about iCloud.
For Mac and iOS users, iCloud could mean:
- Services that keep track of your iTunes Movies and Music purchases
- Services that keep your application data and iPhone backups
- And more: apple.com/icloud
For developers, iCloud could mean:
- a low-level API that is used to read and write files to the local iCloud container folders
- a document-based API that is used to store documents for apps like TextEdit or Preview
- an API for apps using Core Data framework
- new CloudKit API
- More information is here: developer.apple.com/icloud/index.html
1Password 4 was using the low-level API tied to the local iCloud container folder. It is similar for both Mac App Store and iOS apps. Because the local container folder was available to all apps on Mac, our Web Store version of 1Password could also use iCloud for syncing.
Here is a short history of iCloud and 1Password:
- 2011: iCloud introduced in iOS 5
- 2012: iOS includes many fixes and new APIs in iCloud. 1Password 4 for iOS 6 (finally!) adds support for iCloud
- 2013: 1Password 4 for Mac is out with iCloud support
- 2014: iCloud gets completely re-implemented and reintroduced as CloudKit and iCloud Drive.
- One-time migration of user data is performed when upgrading to iOS 8 and OS X Yosemite. 1Password 5 for Mac and iOS now use CloudKit
1Password 4 and iCloud
From the developer’s perspective, the original iCloud was pure magic. To sync with iCloud, the “only” thing that the app had to do was to save its files into a special folder and the operating system took care of the rest. The files were magically transferred between all computers and devices.
When the magic worked it was great. When it didn’t, it could be frustrating because there was no way to tell why.
Over time, after dealing with the problems we “learned” and made defensive changes in the app. For example, after initially syncing to iCloud, 1Password would show a message that the data will be available on other devices “in a few minutes”, even though we had no way to tell when it would actually happen. If you were setting up a new device and downloading a lot of data, it would take hours for your 1Password data to appear.
1Password was not the only app affected by iCloud issues:
- Ars Technica: Frustrated with iCloud, Apple’s developer community speaks up en masse
- The Verge. Apple’s broken promise: why doesn’t iCloud ‘just work’?
- Washington Post. Apple’s iCloud woes come just as it doubles down on the cloud
- Michael Schechter. iCloud: It Just Doesn’t Work
- ZDNet. Developers give Apple an iCloud ultimatum: Fix it by June
There is no doubt that these issues triggered a major change in iCloud and the introduction of iCloud Drive and CloudKit. Unfortunately, it seems that iCloud Drive might have inherited some of the issues.
In 2014, Apple announced CloudKit, available exclusively to apps in iOS 8 and OS X Yosemite. It is a simple and elegant network API that allows apps to store data remotely on Apple servers. The biggest difference from iCloud is that there is no magic. Instead of writing the files locally and then waiting for them to magically appear on other devices, the app simply makes a request to update its data on the server. It does require developers to write more code, but the end result is a hundred times better.
CloudKit is very fast, efficient, and makes it easy to detect and troubleshoot errors. CloudKit is predictable. 1Password now knows if the item was successfully updated on the server and is available to other devices. If the operation fails, the app now gets a detailed error message explaining why it happened, be it a network error, a downed server, no space available, or the user was rate-limited.
We don’t have to guess when something goes wrong anymore, and we no longer have to tell our users to perform a set of magic steps hoping that some of them would trigger iCloud to work. CloudKit solved the problems we had with the old iCloud.
Other advantages of CloudKit include:
- CloudKit stores data as records instead of files. It allows apps to perform partial record fetches and updates that make syncing more efficient and do not force dowloading or uploading an entire file.
- Remote CloudKit database supports queries that allow 1Password perform syncing faster compared to scanning a directory of files.
- CloudKit supports “server change tokens”. They are used by 1Password to quickly test for changes made on other devices.
- 1Password on both Mac and iOS uses CloudKit Remote Push Notifications to perform syncing almost instantly when a change made on a remote device or Mac.
- CloudKit provides a special record asset type (CKAsset) that is used to sync large attachments.
All these features made a huge difference. We tested CloudKit integration in early betas of 1Password 5 and we immediately became very excited about it. After using CloudKit in the beta for several weeks, we decided it is the best way for 1Password to support iCloud sync.
I hope this explains why we made a decision to switch to CloudKit. The performance and reliability of CloudKit, combined with issues of the old iCloud sync, made it impossible for us to not use CloudKit in 1Password 5.