DoubleTree App Redesign: Behind The Scenes

DoubleTree iPad App Design

DoubleTree Hotels first approached us in 2013 to redesign Home & Away, their app that acts as a concierge for business travelers staying at DoubleTree properties. When we initially looked into redesigning the app, we wanted to stay close to the core strategy.

The concept is simple: tell the app which bank, gas station, coffee shop, pharmacy, rental car, etc. that you, as an individual, prefer, and the app will effortlessly map your brand preferences around your hotel.

That core mission has stayed the same, but DoubleTree enlisted us to redesign the app once again this year based on updates to iOS. After research, design, and user testing, we were able to completely revamp the app with added functionality and a greatly improved user experience. The following is a look at the key features we updated.  You can also head over to the app store to check it out.DoubleTree iOS7 iPad App Design

The Map

The original app featured a map with an omnipresent sidebar allowing the user to select their favorite brands for each of the available categories (banks, pharmacies, etc). Once selected, the app will remember your favorite brands no matter which hotel you’re searching from. For the redesign, we wanted to make the map even larger — after testing it was revealed that the main area of interaction was the map, and we were losing a lot of space to the wood-grain texture. We designed a slide-away tray that is accessible from the icon menu, hiding the brand favorites tray when not in use, creating a more immersive experience. We’ve also pulled in search results from Yelp, so if  users are looking for something that’s not featured in one of the sidebar categories, they’re able to search the map for anything they can dream up. DoubleTree iOS7 iPad App Design

The Styling

The wood grain was warm and inviting, but took up a large amount of real estate on the main map screen. During the redesign we were able to take advantage of the advances made in increased interface familiarity, removing the wood texture and skeuomorphic buttons in favor of a minimally-styled side and top bar. We also added a plethora of animations to the app to enhance the character of an otherwise lightly designed interface. To display the favorites bar, the user swipes their finger to the right on an icon. You can check out all of these new features by downloading the app today.

DoubleTree iOS7 Updates from iStrategyLabs on Vimeo.

The Size

One of our client’s goals was to reduce the size of the app, which in its original version featured images of each of their  370+ hotels in 32 countries across 6 continents, leading to a gigantic app. Size is a huge factor in apps, because large apps lead to longer download times. We removed the images from the app, reducing the size from about 300MB to just 30mb. DoubleTree iOS7 iPad App Design

This decision mainly impacted the hotel selector screen, because the first version of the app each hotel was shown with its own photos. The photos looked beautiful, but were not a necessity for the app experience. In the new version, the hotel selector screen has been reworked to allow the content to come to the forefront. DoubleTree iOS7 iPad App Design

The Hotel Selector

The hotel selector screen has been changed dramatically as well. On scroll, the title bar fades away and the hotel tiles take over the screen, featuring a slight color fade as the rows of hotels slide by. Our hypothesis was that users are not interested in photos of the hotel. Presumably, users are already staying at a DoubleTree hotel; when they’re scrolling, they’re looking for a specific hotel location. Listing the hotels alphabetically and offering a pleasing color fade allows the user to scroll at will and without distraction. The app also offers a search based on text or current location. DoubleTree iOS7 iPad App Design

Testing & Iteration

In early rounds of testing, we realized that users were confused about the goal of the app, especially in relation to the DoubleTree brand. We recognized this as a huge problem, and came up with an elegant two-fold solution to teach our users about the benefits of the app. When the app is launched, the user is met with a welcome screen, a short description of the app, and a large button that entices them to “explore” the map. When they enter the map view for the first time, they’ll see a brief three part tutorial, complete with an animation. The tutorial explains how to use the app and then drops off the screen. In our second round of testing, we saw that although the tutorial worked well for some, about half the users swiped through the tutorial without reading it and were still confused. So, we added one last cue to help our eager users — a one-time interface hint that pops up to guide the user through their first interactions in the app. They can tap the bubble to be walked through the action, or perform the action on their own to get rid of the cue. Our last round of testing was highly successful. All of our cues did the trick, and users were having a great time navigating around the app. The animations were a big hit, delivering a surprise dose of fun for people who might otherwise not be so happy (if they’re on a business trip).

Check out the app in the App Store today!

DoubleTree Home and Away App

The Facebook “Mentions Box” Goes Live At The Emmy Awards


Facebook, already the biggest brand in social media, was looking for a better way to bridge the gap between celebrities and fans, specifically at live events. Behold: The Facebook “Mentions Box” which just debuted at the 2014 Emmy’s — allowing celebrities to “shake” the device to surface a fan question (pulling directly from the event’s Facebook Page) and immediately record a video response back.

At the Emmys, the Mentions Box was used by everyone from Jimmy Fallon, to Matthew McConaughey, to Ty Burrell and Jason Biggs — to stars from Game of Thrones, Orange Is the New Black, and HBO’s Silicon Valley (see below!).

Matthew McConaughey - Mentions Box

After many discussions, brainstorms, and rapid prototyping efforts focused on how to best represent the Facebook platform in physical space, we landed on a simple concept drawing inspiration from mediums people already know and enjoy (landing on something between a Magic 8-Ball in function and an Etch-A-Sketch in form).


Ultimately, we settled on a tablet encased in a polycarbonate form factor, with a luxury car finish.



We started the process by concepting potential types of physical devices that talent would be able to easily (and quickly) interact with — using cardboard and simple materials to play around with various form factors.


The admin console (primarily a question moderation tool) sources questions from specific Facebook posts and then pushes approved questions straight to The Facebook Mentions Box.


Leading up to the Emmy’s, The Mentions Box was featured on Access Hollywood by hosts Billy Bush and Shaun Robinson:

Screen Shot 2014-08-21 at 5.51.08 PM



More pics of the Mentions Box in action, straight from the Access Hollywood Facebook Page!






On September 5th, Facebook teamed up with Stand Up To Cancer to utilize the Mentions Box to connect celebrities with donors supporting the live charity event.

su2c_mentions 2

su2c_mentions 1


What It’s Like To Be A Teacher At General Assembly


Teaching is something iStratetyLabs fully supports — nay encourages — for its employees both internally and within the community. We have a multitude of opportunities to both teach and learn from our coworkers. We have “Battle Schools”, which allow team members to teach  a topic they’re passionate about to follow ISL-ers. It’s a great way to learn and a great way to practice public speaking. There are other awesome things we do, but they’re G-14 classified! You’ll have to join the team in order to have access to such knowledge.

A few months ago, Samia Khan wrote the post “What’s it like to be a student at General Assembly”. At the time I was just getting started with my Front End Web Development course. I thought I’d give an alternate account to round out the experience so that potential students as well as instructors have an idea of what to expect from a GA class.

I began a GA 10-week front end web development (FEWD) course back in May. Other than the standard instructor preparation I wasn’t sure what to expect. What I walked away with was much more than a teaching experience. Sure, I created lesson plans, spoke in front of people on a regular basis, critiqued assignments, and all the other responsibilities that come along with being an instructor of any kind, but that’s just the beginning.

Having to teach people what you take for granted every day is an incredibly enlightening experience. I found that concepts/ideas that I thought to be simple and straightforward are actually nuanced and fairly complicated. On the other hand, concepts that I thought I understood well, were brought forth and I was forced to reevaluate my own understanding– this is a humbling experience to say the least.


On the first day of class expectations are set. Students are informed that the course is not designed to create expert front end developers, rather, to provide building blocks and tools that can be used to enrich an individual’s knowledge and experience — “Give a man a fish…” you know the rest. One thing I had to reiterate to my students was that professional developers (and myself by extension) don’t know everything and that asking for help and googling for answers was a big part of the job. I even touched briefly on the myth of the genius programmer.

By far the most rewarding portion of the class was final presentations. There were students who, prior to the course, had never really touched HTML/CSS/JavaScript and whom by the end, presented interactive websites and in some cases the beginnings of web applications! Creating a foundation of working knowledge that empowers students to grow individually is a responsibility I do not take lightly. It was an honor and privilege to take part in that process. Kudos to my TAs Michael Dick and Rami Chowdhury — you guys rock.

Investigating Browersify: The Development Tool That Lets You Write Modular Code For Use In Browser

Screen Shot 2014-06-16 at 3.55.31 PM

A while back, the engineering team adopted AngularJS as the front end JavaScript framework of choice. Not every project we work on requires a framework like Angular, but when we need one — it’s where we go. This post, however isn’t about Angular itself — or why we chose it — it’s about how we manage the multitude of files associated with using such a framework. Every FED (front end developer) knows that simply using a separate script tag to include all files does not scale very well. Most take to simple concatenation, allowing them to use one js file for their app code. This also works, but can get out of hand and also forces you to either pollute the window namespace or create your own namespace in order to access various components outside of their respective files.

Our development team decided that a more modular approach was appropriate to solving this problem, so we turned to Browserify. Browserify brings node.js style require statements to the browser. We can write code that looks like this:

// mainCtrl.js

   module.exports = [‘$scope’, function($scope){
      $scope.theThings = [ ‘thing1’, ‘thing2’, ‘thing3’ ];


// fooCtrl.js

   module.exports = [‘$scope’, function($scope){
      $ = ‘bar’;


// controllers.js

   var controllers = {
      MainCtrl: require( ‘./mainCtrl’),
      FooCtrl: require(‘./fooCtrl’)

   // a utility module to dynamically attach modules
   require( './moduleUtils' )
    .forModule( myApp.controllers' )
    .setType( 'controller' )
    .injectAll( controllers );

// finally in app.js

   angular.module(‘myApp’, [
      // …. and so on


Using a build system, we point Browserify to app.js and that’s it! Another benefit to using browserify is that many node modules are automatically compatible and can be used in the browser. At the end of the day, Browserify is the best tool for allowing us to handle code in different files and keeping it all modular.

Airmail: Major Security Vulnerability?


Internet security and cryptography have always been a huge interest of mine and are topics that are becoming increasingly more important for people to understand. To further my knowledge of the subject, I have recently been reading the absolutely brilliant Security Engineering by Ross Anderson, and have been particularly captivated by two particular attacks; man-in-the-middle attacks and the even more devastating phishing attack.

About a week ago, Andrew, a fellow engineer, approached me with an Android-based penetration suite which we decided to use to take a quick inventory of the security of our personal internet properties. While I personally have experience with elementary penetration testing (mostly through using the metasploit framework), I never thought I would be able to perform the more advanced man-in-the-middle-attack that has provoked my interest so thoroughly. To our surprise (and horror), we were able to perform this attack with a tap of a button. Shortly after initiating this attack, we discovered our own two email credentials appearing in plain on our devices. After performing a number of further tests (which I will expand on momentarily) we noticed a trend; it seemed like the Mac application, Airmail, was sending our credentials unencrypted over the network despite us both having SSL enabled within the client.

Before I go into more detail about how we tested this theory and how one could reproduce this, it might be appropriate for me to explain some basic concepts.

Man-in-the-middle Attacks

A man-in-the-middle attack is when a device (phone, computer, or router) spoofs your own personal device into thinking that it is the true party you are attempting to communicate with. The graphic below might help illustrate this concept:


In this example, Alice is attempting to communicate information with Bob (in the vulnerability we are reporting on, we were ‘Alice’ and the email server was ‘Bob’). In a man-in-the-middle attack, however, a third party (in this example, Mallory) intercepts both Alice and Bob’s internet traffic and tricks them into thinking they are talking directly to one another, but in reality, all traffic is going through Mallory who is able to view any unencrypted data.


A key point about a man-in-the-middle attack is that theoretically, only unencrypted information is at risk. Cryptographers have developed a number of extremely effective methods of encryption to prevent this problem; The most popular and widely used being SSL. When you visit a website and see the green “lock” button (assuming you are using Chrome), that indicates your traffic is being encrypted using the SSL protocol. Without going into too many details, SSL, when enabled on your email client, will communicate with the server using an encrypted channel. Even if someone intercepts this traffic, they would have to decrypt the information (an operation that requires a massive amount of time and computational power, or access to either user’s secret key) to be able to read the contents of any data sent between the two original parties. SSL additionally uses a third party to independently verify the integrity of both communicating parties. In essence, SSL is the main defense one can use to prevent any potential man-in-the-middle attacks from obtaining sensitive information.

Our Observations

The problem Andrew and I identified was that Airmail was sending our credentials without encryption, despite the fact that we selected the “SSL” option in the application’s settings and both email providers we used supported SSL. We are still not sure if this is a legitimate vulnerability or if there are other factors at play. In addition, we have notified developers at Airmail and are working with them to investigate this issue further. That being said, we wanted to walk through the steps we used to reproduce the problem in hopes that more knowledgeable members of the tech community will be able to verify or reject our conclusions.

To test this vulnerability, we first created a new Gmail and Yahoo mail account that we would use to test different mail clients and providers. We than loaded those accounts onto Apple’s “Mail” client, Airmail, and accessed each provider’s web client. We than initiated a man-in-the-middle-attack (using dSploit) on all traffic on our network, and sent an email using both Apple Mail and the web client. We were unable at that point to see the two accounts’ credentials. We than sent an email using Airmail (again with SSL enabled) and proceeded to intercept both accounts’ credentials. Not being satisfied with this test alone, we replicated the prior steps on additional networks. Time and time again, we were able to see credentials of accounts using Airmail, but no credentials of accounts using any other email client.

Until this issue comes to a conclusion (with us either being proven wrong, or an update being made to the software), we have discontinued all use of Airmail. In addition, we have encouraged our colleagues to take the following steps to protect themselves from any other potential attacks. Mainly, using a single password for numerous online services is a big mistake. We encourage everyone to use a password manager and generate completely random passwords for each site they use. While this does not prevent the attack we described in this post, it is a essential habit to practice. Additionally, we recommend using software such as HTTPS Everywhere to force websites to use SSL encryption if available.

As we move forward with investigating this issue, we will keep everyone up to date. As stated, we hope more knowledgable parties will reproduce our tests and help us move towards a conclusion.

Please feel free to reach out to if you have any questions or information on this subject – or just leave it in the comments below.