Meet The Aptoiders: Diogo Pires, Python Developer & Security Specialist
The Meet The Aptoiders series rolls on, as we continue to feature members of the international Aptoide team who are leading change in their respective fields, and helping shape the future of Android and mobile technology.
Today we introduce you to Diogo Pires, a passionate roboticist and big data engineer who has been toying with bots and bytes ever since he can remember. He is also the man responsible for Aptoide's anti-malware platform and our backend specialist, and this is what makes him a unique asset to Aptoide. Read on to learn more about Diogo.
1. Hi Diogo! Could you tell us a bit about yourself, your team and what you do at Aptoide?
Hi, I'm Diogo Pires, I joined Aptoide in the beginning of 2016 and I'm part of the Backend Team.
From the professional point of view, I try to be very organized and systematic. One can say that I'm very passion-driven when it comes to work, meaning that my motivation comes from liking what I do and the challenges it yields. I'm always reading about software development, about what are the hottest trends in technology and looking for the next MOOC to do.
Our team is responsible for three main areas: backend services, Big Data and Business Intelligence (BI). The moment I started at Aptoide was when the backend team became an actual team since until then it was integrated into the SysAdmin team. At that point I was the only one in the team - now we are 5 - and Aptoide was made up of only 20 people - now we are 70, and counting. At that moment, the main focus was on making sure the backend services were performant and scalable. A few months later, the backend services became stable, which meant I could devote my attention to different tasks. This coincided with the arrival of two more members to the team, which gave us the manpower to start developing new areas. First was the BI and then the implementation of a Big Data architecture to handle Aptoide's available data.
Right now I'm responsible for part of the Big Data architecture and data processing, as well as the backend services.
2. Aptoide is an open social platform with user uploaded content, so we must take extra measures to ensure it's consistent quality over time. What is it that you do to ensure this happens?
You're right, we do! The backend services we have running are part of that effort. One of our backend services tries to make sure we have the most updated versions of our apps and other provides the complete set of information for all apps. Sentinel, other of our backend services, scans every app in every store in Aptoide trying to find hidden malware. This is probably the biggest and most critical backend service we have running. I say "critical" because if there are a lot of infected apps in Aptoide, it will seriously decrease our credibility and the overall user experience.
Another part of the effort to provide quality to our users is the Big Data platform. We process data obtained from our users to give them personalized content about Android apps and recommendations. This takes place in the Apps Timeline tab, which was released in the new Aptoide V8. Not only is this a way to maintain and increase quality in Aptoide, but it's also part of Aptoide's effort of enhancing the user experience of an Android app store.
We try to maintain Aptoide as a malware-free marketplace, as well as give the best user experience to our users. This is a multi-team effort and we try to do our part.
3. You helped developing Sentinel, our Anti-Malware Platform. Can you tell us a bit more about this and what are the biggest challenges of managing such an important platform?
Sentinel is our automatic real-time malware detection system capable of scanning more than 60000 apps per day, spending an average of 35 seconds per scan and with a successful real-time malware detection rate of over 96%.
First of all, let me clarify that I didn't develop Sentinel all by myself. When I got to Aptoide, the codebase was already done and it was good. Where it was lacking was in the ability to scale in terms of number of scans - it was doing an average of just 1500 scans per day and spending 120 seconds per scan - and its efficiency in terms of real-time malware detection was not where we wanted it to be - it was only detecting 37% of infected apps in real-time.
We realized there was the need for a change in the architecture that would both yield the scale capacity we needed and greatly increase the detection rate. After a couple months of implementation, we achieved an increase of 400% in the number of scans per day and 260% in the real-time malware detection rate. When I say "real-time", it means the scans we perform when a user uploads an app. We actually achieve a detection rate close to 99% with our scheme of rescans. The 1% we miss are caught by our QA team, whose leader Ruben you've already interviewed before.
Managing Sentinel is actually fairly easy now. When we were reimplementing some parts of it, we always thought that we wanted it to be running 24/7, with fault-tolerance mechanisms and easy monitoring. Nowadays, with most of the team members focusing on Big Data and BI, and with the kind of stability we were able to achieve in Sentinel, we only closely check its performance once or twice a week to make sure everything's working as expected.
Although in a startup one can never actually say one has only a task to do at each moment, this was my first major task in Aptoide.
4. A new malware attack dubbed as Gooligan has recently hit several Android devices. What kind of actions are we taking to protect our users and improve the security of the Android ecosystem on Aptoide?
We have been monitoring this issue because it can obviously hurt our users. We have already seen this type of malware with Ghost Push and we managed to protect our users from apps containing it. Now we are doing it again and are working with partners of the group Check Point who traced Gooligan to ensure our users are protected.
Overall, we are always thinking about ways to improve Sentinel, which include the malware detection itself and the other processes that compose the system. The security of our users is one of our biggest concerns because it directly affects their experience while using Aptoide, so this is definitely our priority.
5. We were checking your presentation at Pixels Camp, and you mention that Big Data is really important for Aptoide. Why is that? And what kind of technology does Aptoide use to handle that information?
Big Data is a very interesting field and clearly one of the most hyped at the moment. It gives companies the ability to convert user and internal data into actual value for the users and the business. This copes very well with Aptoide's ambition of disrupting the Android app store experience, since we use it to give more differentiable, personalized content to our users, thus changing what the user experience of an app store is.
Aside from the insights we gather for business purposes, we take all the information we have related to our users and cross it with the content we have. We use it to generate a timeline of content personalized to each user, which was released in V8 and is called the Apps Timeline. In the Apps Timeline, we give each user articles, videos, recommendations of apps and stores based on their use of Aptoide. We strongly believe that this coupled with some new features we've been working on really enhance the Aptoide's user experience and differentiates it from the other Android app stores.
Our Big Data architecture is based on the AWS cloud stack, as well as open source tools as Apache Spark, Redis, and Flask. We decided that, since this was a new business area in the company, it would be good for us to base it in cloud services since they are easier to manage and faster to deploy.
6. You have a background in Robotics, and you even worked on a project where you got robots playing soccer for the RoboCup. This is pretty amazing! When and how did you become so interested in robotics? Was it something you dreamed of when you were a kid?
You actually did your homework before the interview. I never expected you would ask me this.
As a kid, I always liked to play with Lego and to inspect how everything worked. I remember a Christmas day where my dad, who's an engineer, and I were assembling a toy I got. There was a part of the assembly process that we weren't being able to finish. Suddenly, it made sense to me and we got passed it. I remember my dad's face of surprise for not being able to assemble it before his 6 or 7-year-old kid.
When I was in college, I joined one of the Robotics teams in ISR (Institute for Systems and Robotics) in my 3rd year. This team participated in soccer competitions in what is called the middle sized league (MSL) - there are different leagues for different types of robots. This experience was very interesting and helped me learning new concepts, ways of approaching challenges and all-in-all theoretical knowledge. Later the Professors in charge of the team decided that we would pivot to a different kind of competitions to be more in line with the European projects we had going in ISR. This new team was focused on having a robot helping an older person at home, either by fetching things, receiving guests and packages, or understanding voice commands that would trigger different actions.
Developing software in the field of Robotics can be very challenging because you end up needing to have a broader set of technical skills and general knowledge about more fields than you would expect. It helps you understand different concepts and paradigms easier, and how different modules of software integrate with each other to create more intelligent and interesting behaviors. I can fairly say it helped me get to where I am now.
Would you like to join our big family and work with us?
Funny you should ask, 'cause we're actually hiring 40 (!) new people until the end of the year. Come join us or tag someone below you think would be a good fit! Check out all our job openings and get in touch with us.