How to share text and Image on WhatsApp in iOS

Sharing text and Images on WhatsApp is now possible through Open URL Scheme (deep linking).

Send Text –

NSString * msg = @"YOUR MSG";
NSString * urlWhats = [NSString stringWithFormat:@"whatsapp://send?text=%@",msg];
NSURL * whatsappURL = [NSURL URLWithString:[urlWhats stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]];
if ([[UIApplication sharedApplication] canOpenURL: whatsappURL]) {
    [[UIApplication sharedApplication] openURL: whatsappURL];
} else {
    // Cannot open whatsapp

Send Image –

— in .h file

@property (retain) UIDocumentInteractionController * documentInteractionController;

— in .m file

if ([[UIApplication sharedApplication] canOpenURL: [NSURL URLWithString:@"whatsapp://app"]]){

    UIImage     * iconImage = [UIImage imageNamed:@"YOUR IMAGE"];
    NSString    * savePath  = [NSHomeDirectory() stringByAppendingPathComponent:@"Documents/whatsAppTmp.jpg”];

    [UIImageJPEGRepresentation(iconImage, 1.0) writeToFile:savePath atomically:YES];

    _documentInteractionController = [UIDocumentInteractionController interactionControllerWithURL:[NSURL fileURLWithPath:savePath]];
    _documentInteractionController.UTI = @"net.whatsapp.image";
    _documentInteractionController.delegate = self;

    [_documentInteractionController presentOpenInMenuFromRect:CGRectMake(0, 0, 0, 0) inView:self.view animated: YES];

} else {
    UIAlertView * alert = [[UIAlertView alloc] initWithTitle:@"WhatsApp not installed." message:@“No WhatsApp installed." delegate:self cancelButtonTitle:@"OK" otherButtonTitles:nil];
    [alert show];

You need add these lines in .plist file for iOS 9:


How to delete a folder from git history

You can follow these steps to delete a folder from git history.

#Removing folder from git history
git filter-branch --tree-filter 'rm -rf node_modules' --prune-empty HEAD
#Adding removed folder in ".gitignore" file so that we don't track it anymore
echo node_modules/ >> .gitignore
#Adding .gitignore and committing this change in repo
git add .gitignore
git commit -m 'Removing node_modules from git history'
#Now freeing up spaces from removed references
git gc
#Pushing changes to server forcefully
git push origin master --force

Clone a Git repo without history (just latest commit)

One common problem with big git repos is it takes a lot of time to clone, because in cloning git download everything beginning form the first commit. Sometimes we don’t need that much of history with code.

We can use “–depth” option in “git clone” command to specify how many commits we need. By providing an argument of “–depth 1” to the clone command, the process will copy only the latest revision of everything in the repository.

For example –

git clone --depth 1 jquery

This command only clones the HEAD of the jqueyr repository.

Note: Prior to git 1.9 we can’t use do pull or push on such repos.

How to show GPS strength value in iOS SDK

To show the signal strength of GPS we can use the properties of CLLocation like horizontalAccuracy and verticalAccuracy which indicate how accurate the device believes that location fix to be.

Here is some sample code –

if (someLocation.horizontalAccuracy < 0)
// No Signal
else if (someLocation.horizontalAccuracy > 163)
// Poor Signal
else if (someLocation.horizontalAccuracy > 48)
// Average Signal
// Full Signal

How to transfer Facebook app from one account to another

Recently one of my colleague had to transfer a Facebook app from his personal account to client’s Facebook account. (Some might think is it even possible!! For those yes its possible!)
I am posting steps to do this here hoping this will save someone’s time.

1. Assign a Facebook friend as an administrator.

Screen Shot 2014-06-11 at 6.54.29 pm
2. Ask him to accept the request and become an admin. (He has to add his account as a developer account, if not already a dev).

3. Now he goes to the App Dashboard and can see the app there. Can access the entire app. Good to go!!!

The primary administrator of the app can even delete the app from his account. Nothing happens to the transferred app.

A Big Thanks to Akhilesh Nair for finding this for us.


What is heartbleed?

Basic Intro to TLS & Encryption

You (a client) go to a website (known as a server) that uses encryption (the address starts with https://) to make it so no one but you and the website at the other end can know the content of the messages you are sending or receiving. So when your messages are transported across computers on the internet they are encrypted — they call this transport layer security (TLS) and it is one type of encrypted protocol. One library that implements TLS is OpenSSL (TLS is the newer name for SSL, but both have the same intention — encrypt network traffic on the internet).

What is Heartbeat – the compromised TLS feature?

To set up a TLS connection there’s a negotiation that’s relatively expensive (it takes time). Several messages have to be exchanged between the client and server before they can trust each other and safely send encrypted data back and forth. To have a quick and responsive experience (and minimize server load), you want to perform this negotiation rarely when possible, rather than do it before every single request (as you often will perform hundreds of requests in minutes with modern interactive websites). Complicating matters, packets on the internet often get lost or corrupted. The server may be overwhelmed with too many requests and need to drop its end of the TLS connection. Or the client may have closed its browser window, so the server has no need to continue storing its end of the encrypted connection.

So in 2012 a proposal was implemented in OpenSSL (called Heartbeats) to send “keep-alive” messages between client and server to reduce the number of negotiations, when both ends still are using the connection. The client asks the webserver periodically “Are you still there?” and the webserver (if it is still there), replies telling whether or not it is still there or whether future requests need a new TLS negotiation.

How the Heartbeat Extension works

The client sends a Heartbeat message consisting of a payload chosen by the client, as well as a brief header containing the size of the payload. E.g., you could send a Heartbeat request of size 18 and text This is my payload (though generally it will be randomly chosen data). The webserver gets that request, saves the content of the payload to the memory of the webserver, as well as the saving the size of the payload 18 that the client told it.

Then when the server sends a “keep-alive” response back to the client, the library reads those next 18 characters of memory starting from where it stored the payload and sends it back to the client (who checks that they received the right data back) and then the connection is kept alive.

The Heartbleed flaw in OpenSSL

The fatal flaw (that has been named Heartbleed) is that the OpenSSL library never checked that the Heartbeat payload size corresponds with the actual length of the payload being sent. A user is allowed to input any number up to 65535 (64 kilobytes) regardless of the true size of the payload. If an attacker sends a Heartbeat request saying the size is 65535, but a payload that’s only 18 bytes long the vulnerable server will store only 18 bytes in memory. However, the response will start with those stored 18 bytes, but continue sending data from the next 64KB of memory back to the client. This data could be usernames and passwords, private keys, username, HTML pages, random junk, or even the private secret that the webserver uses to establish its identity. (The fix to OpenSSL implemented in 1.0.1g and later versions is essentially to perform sanity checks on the payload size as told by the client).

The attack can be repeated many times and in general will reveal different parts of the webserver’s memory each time. The attack can be performed anonymously in an undetectable manner for typical webserver configurations. Typically, you only log IP addresses when you serve a web page, but this attack can happen early in the negotation process in vulnerable versions, before any webpage is served.

Attack on Clients

There is also a reverse version of this, where a user connecting to a malicious TLS server will trust the keep-alive request sent from a malicious server where the server lied about the size of its keep-alive payload. This would cause the web browser to leak up to 64KB of information to the webserver. (Granted this would be much harder to get usable information out of it and cannot be done anonymously and must be initiated by the client choosing to go to that webpage. However, it still makes sense to patch OpenSSL quickly if you browse the web with an affected version.)


The remedy for clients and servers that use OpenSSL is to update it. System administrators running webservers that used the vulnerable OpenSSL library need to revoke their secret TLS keys and generate new ones (as well as invalidate long lived session tokens). Clients should change their passwords on affected websites, which may have been leaked. For clients, lastpass released a heartbleed checker tool that tests whether a site is (1) currently vulnerable, (2) previously tested to be vulnerable, or (3) likely vulnerable (using a unix/linux webserver and TLS, likely indicating use of OpenSSL which is primarly used on unix/linux systems) which may help determine whether you need to update your password at a given website.

SSH is not TLS so SSH keys are safe

SSH (which stands for Secure Shell) is a common tool on unix and linux machines, allowing users to remotely login to a machine and issue commands that are transported over the network encrypted. SSH is an entirely different protocol from TLS (the answer says SSL, but that’s just the old name for TLS — the terms are often used interchangeably). Even though OpenSSH (the most common implementation of SSH) and OpenSSL have similar names, your SSH keys are not vulnerable due to the Heartbleed attack.

Only memory from the process that is doing the TLS encryption can be leaked through the Heartbleed attack. (A process is the computing term for a running instance of an application.) Modern operating systems implement process isolation that prevent processes from reading or writing memory assigned to other processes on the same system. So contrary to you do not need to worry about all of your computer’s memory being compromised, just the memory of the webserver process (or the webbrowser for the reverse form). Secrets like SSH keys used by other processes (ssh, sshd, ssh-agent) are not being leaked because you also used TLS in a webserver.

For completeness, I should mention that this vulnerability should affect anything that may use the OpenSSL library to perform TLS, which isn’t limited to webservers; e.g., FTPS servers (but not SFTP), Email servers, Database servers all may be vulnerable depending on the configuration.

Simple Illustration



How to install “command line tools” with xcode 5.0.1

With Xcode 5.0.1 and Mavericks 10.9 the command line tools are no longer available via Xcode. There is only two ways to install command line tools.

1) Download directly from Apple developer downloads (

2) Using command line. Run this below command to install –

xcode-select --install

After you enter this command you’ll get a popup like below –


Just press Install and it will start downloading command line tools.. and you are good to go.

How to add UITextField in UIAlertView in iOS 7

For iOS 6 and below we have been adding UITextField in UIAlertView by adding a subview in UIAlertView. Something like below –

UIAlertView* dialog = [[UIAlertView alloc] init];
[dialog setDelegate:self];
[dialog setTitle:@"Enter ESC Score"];
[dialog setMessage:@" "];
[dialog addButtonWithTitle:@"Cancel"];
[dialog addButtonWithTitle:@"OK"];
dialog.tag = 5;

nameField = [[UITextField alloc] initWithFrame:CGRectMake(20.0, 45.0, 245.0, 25.0)];
[nameField setKeyboardType:UIKeyboardTypeNumberPad];
[nameField becomeFirstResponder];
[nameField setBackgroundColor:[UIColor whiteColor]];
[dialog addSubview:nameField];
CGAffineTransform moveUp = CGAffineTransformMakeTranslation(0.0, 0.0);
[dialog setTransform: moveUp];
[dialog show];

But in iOS 7 Apple have changed things in UIAlertView class and not its not possible to add things in UIAlertView. Also as per the documentation its not a good idea to do so.

Fortunately Apple already have a functionality by which we can add a UITextField in the UIAlertView.

There is a property “alertViewStyle” for UIAlertView. We can set this style to get desired UIAlertView.

See this example –

UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:@"Folder Name?" message:@"" delegate:self cancelButtonTitle:@"Cancel" otherButtonTitles:@"Ok", nil] ;
alertView.tag = 2;
alertView.alertViewStyle = UIAlertViewStylePlainTextInput;
[alertView show];

We can get this textfield in alert view’s delegate method like this –

- (void)alertView:(UIAlertView *)alertView clickedButtonAtIndex:(NSInteger)buttonIndex{

            UITextField * alertTextField = [alertView textFieldAtIndex:0];
            NSLog(@"alerttextfiled - %@",alertTextField.text);

// do whatever you want to do with this UITextField.

Here are supported UIAlertView styles.

A standard alert.

An alert that allows the user to enter text. The text field is obscured.

An alert that allows the user to enter text.

An alert that allows the user to enter a login identifier and password.

Hope this would help and save someone’s some grey hair.