What’s new in Application Resource Optimizer 6.0

For the last five years, AT&T has taken the lead in creating tools to help mobile developers build efficient mobile applications. We  recently released Application Resource Optimizer (ARO) 6.0 with tons of new features and capabilities, including 15 new best practices that you can test your app against. Oolaya estimates that 52% of all video plays in Q3 2016 were on mobile, up 233% in just 3 years, and it is expected to continue this growth. This means optimizing video delivery and streaming becomes even more critical. So, as a first step we made these enhancements to help you analyze and improve video performance of your app. To further highlight the significance of video optimization, we are rebranding ARO to Video Optimizer, and you can learn more about this in ARO is now Video Optimizer post.

In this blog we will review the key updates in ARO 6.0, namely best practices for Videos, Images and Security.

Video Best Practices

Streaming video to mobile devices is now commonplace and can come in the form of ads, social media, and streaming services. Just like all the other tests in ARO, video is hard to set up correctly. So, we have expanded ARO into looking at video streaming. In fact, video analysis is the keystone of this release, and I think the new features will help you understand how your video files are transmitted over the network.

The ARO diagnostics tab has long been the one with the most detail tab in ARO. We have made this tab a video analysis tool as well. The embedded video is a more detailed tutorial, but we’ll cover the basics in this post.

By switching to the video view in the ARO diagnostics tab (View -> Options -> Video View), you will see the graph update to something like this:

In this view, we can see (top to bottom) the first three rows represent data throughput, and the packets that are sent up and down. Rows four and five show how much video are in the buffer (the pink line represents the number of seconds, and the blue line is the KB total).  Finally, the last line displays the first frame of each downloaded segment.

Looking more closely at the last three rows, you can see a red line across the row of Video Chunks from the first segment (~64s) to 67.5s. This represents the video startup time (when it began playing on the screen) as 67.5s, while the mouse-over image for Segment 7 indicates the download start/end times, playback start time, and video size.

We have added eight new video best practices into ARO, but currently only one test includes pass/fail criteria. The other best practices offer information on how the video was delivered to the device. We will be adding more pass/fail criteria in future releases. Here is a summation of the new video best practices in ARO 6.0:

1. Stalls: Research shows that whenever a video stops playing, your audience is likely to stop watching completely. For that reason, it is important to avoid all stalls in your video.
2. Network Comparison: This test measures the average network throughput and the throughput of the video displayed.
3. Start-up Delay: Measures the time from first video segment is downloaded to when the video starts playing on the device. In general, this should be fast, but not so fast that a stall occurs.
4. Buffer Occupancy: Did your video fill the buffer size your app has allocated on the device? The better your app manages the buffer, the less likely a stall in the video will occur.
5. TCP Connection: Counts the number of connections used to deliver the video.
6. Segment Pacing: Provides the average download time of each segment.
7. Segment Size: Provides the average download payload of each segment.
8. Redundancy: Looks for downloaded segments that are duplicates (perhaps downloaded at different bitrates).

Image Best Practices

After Video, images are the “heaviest” content used on the Internet. In ARO 6.0, we added two image best practices: Image Metadata and Image Compression.

1. Image MetaData: When you snap a photo with your phone, the camera adds details in the text metadata field:

Sometimes, tools like Photoshop will even add a thumbnail of the image into the metadata, further bloating the image size. In most applications, none of this data is necessary in order to display the image properly on a browser or mobile application. When considering this photo information perhaps the dimensions should remain. Strip the metatdata from the file will reduce the payload, resulting in faster delivery of the image to your customers. ARO will test your image, and let you know which images have bloated metadata fields.

2. Image Compression: Image compression is a balancing act. JPEG images are lossy – meaning that the more you compress them, the more “jaggy” and pixelated they appear. However, compression can also significantly reduce the payload size of your images. In this best practice, ARO looks to find a balance in file size and compression. All of the JPEG images in the trace are compressed to 85 percent and 70 percent to allow you to view the differences in optical quality. ARO further compares the image with no compression vs. 85 percent compression to see if there is a significant (15 percent) decrease in file size.

Security Best Practices

The data transmitted by your application is your customer’s data, and you are in charge of its transfer. These five best practices investigate the security of your data transmissions:

1. HTTP vs. HTTPS: Files sent via HTTP are not secure, and you should look at all HTTP connections to help you ensure you application is not leaking data.
2. Private Data: In the Tools -> Private Data Tracking menu, you can add keywords for Video Optimizer to search for in URLs, headers, cookies, and files. This is a great way to see if your application is leaking location, password, or other private data sets in your network transmissions.
3. Unsecure SSL Version: Over the last few years, you have heard of Heartbleed and POODLE and other security vulnerabilities. We look at the SSL versions you use for HTTPS to help you make sure that they are not vulnerable to known attacks.
4. Weak Cipher: Is your security key strong enough? This best practice looks for short keys in the ciphers (which can make cracking easier).
5. Forward Secrecy: Some security certificates have a workaround called forward secrecy. This best practice looks for certificates with this known vulnerability.

This is by no means a full security audit of your application traffic, but it is a good starting point for looking at the traffic your app generates and if the data you are sending is utilizing certain security features .

If you test with ARO 6.0 on an Android KitKat device, you can take a trace in “secure mode” where ARO will install a test certificate on your phone, and attempt to decrypt HTTPS traffic for analysis.

Learn more about ARO 6.0 in this video:

Download ARO 6.0 today, and try out all the new capabilities and best practices outlined in this post. We hope that these new features help you build faster, more robust applications (and video applications). We are excited to hear your thoughts in the ARO forums on how you are using ARO 6.0 and what new features you would like to see in future releases!