For the last couple of months, I have been getting a feature request for SSL Detective (an app of ours in the App Store). I could see how the feature would be useful, but since it wasn’t something I needed personally, I had to justify spending time on updating the app. I knew that people liked SSL Detective (it was been downloaded over 7k times):


However, few people seemed to want to pay for it. First, a bit of background on what SSL Detective does:

1. You can point it at any SSL/TLS enabled port and it will show you the certificate and certificate chain.

2. The chain is passed to iOS and sees if iOS trusts the chain. Note that this is not the same as if the chain is trusted generically, but if the certificate and chain is trusted by iOS. This makes it awesome for troubleshooting issues with certificates on iOS.

3. You can email the certificate chain to yourself to further probe the certificates. You can also use them to install the certificates to trust them.

The original software engineering on SSL Detective wasn’t trivial, since iOS doesn’t provide a mechanism for parsing all aspects of a certificate. SSL Detective does all of its own certificate decoding and display, and only relies on iOS for validating the certificate chain.

But that is all old news. In this update, I added in a SHA1 fingerprint. Fingerprints are a great way to visually verify if a certificate you are looking at is the same as another one by comparing the fingerprints. It was a relatively easy feature to implement, but SSL Detective does not generate any revenue from the App Store (since it is free), and it is hard to justify spending any time on something that people are not paying for.

So a year of so ago, I decided to do an experiment. I tried to make a “free” and “paid” version of SSL detective, figuring that folks that use the free version would like it and then download the paid version to support it. I realize that sounds crazy now as who would download an app again just to give money, but it seemed like a good idea at the time. We had very few paid downloads, and thousands of free downloads. Obviously, people liked the app but seemed unwilling to pay for it.

I also thought about in-app purchases, but I had to remove some features and add them in as paid features. The app is relatively simple feature wise, so that didn’t seem like the way to go. Setting up In-app purchases can be a bit of a pain, since you have to allow folks to restore purchases, you have to set up a server side component, and more. This additional amount of work was not justified for what we could get out of it.

So this new version has an experiment in it. I added in “consumable in-app purchases” as a way to give a “hat tip” if you like the app. It adds a star to the main screen for your purchase, but doesn’t change any of the functionality (aside from not showing a nag dialog).


It all boils down to this: I suspect that people don’t want to pay anything for an app that they are unfamiliar with, but might be willing to pay something after they have tried it for a bit. If it generates some revenue, I will be more motivated to update it.

So there you have it. Check out SSL Detective on the iOS app store. and see if you like it. If you like it buy a star.