Even before the days of iPhones and Androids, the team at Lookout has been protecting smartphones from security flaws and developing tools to deal with stolen phones. We caught up with co-founder and CTO Kevin Mahaffey to learn what led to the founding of the company and the development of the present-day app.
Back in 2004, Kevin and fellow researchers at USC decided to investigate the risks of a Bluetooth vulnerability -- and discovered they could exploit this flaw from a mile away. This led Kevin and his colleagues to devote their efforts to discovering such flaws, and in 2007 they founded Lookout with the goal of addressing the new field of smartphone security. The contemporary security needs of users has evolved over the years, but Lookout continues to help lock down compromised phones. Here's what Kevin had to say about his company.
Where did the idea for the app come from? Were you trying to solve a problem you'd experienced, or did the inspiration come from somewhere else?
Back in the early days, my co-founders and I got our hands on the Nokia 6310i. It was a candybar phone with a black and white screen, and was one of the first phones with Bluetooth capabilities. This phone was really impressive because it marked the first time you could ever wirelessly connect a phone to a computer.
We had a background in security, so anytime we got a new piece of technology, we tried to break it. In our research, we discovered a few bad security vulnerabilities in the phone and tried to work with the manufacturers to fix them. In many cases, the manufacturers believed the vulnerability was too complex to fix and dragged their feet because the phone's range of Bluetooth was assumed to only be 10 metres.
We knew that wasn't how physics works; you can't just assume the range of a wireless signal is only 10 meters. So, we built something called the BlueSniper to demonstrate this dangerous assumption that manufacturers were making and set a new World Record for the range of Bluetooth by hacking a Nokia phone from 1.2 miles away.
In doing so, we thought we were busting a dangerous myth in the security community that would only interest enterprise IT admins and folks in the security community. We were surprised the stunt got coverage in prominent newspapers, like the New York Times and The Wall Street Journal. It was the first time we realised this was a major problem that could affect many people across the world. Peoples' phones getting hacked was a scary proposition, so we set out to fix the problem.
After you came up with the idea, what was the next step?
We wanted to solve security problems on mobile phones, but we didn't want to simply mimic the signature-based detection models of traditional PC security vendors.
At the end of the day, several antivirus products don't protect you from the advanced threats that exist in the world today. When the New York Times got hacked, there were 45 pieces of custom malware used and its antivirus provider only caught one of them.
So we asked ourselves, "How do we grow a company that builds something that's not only effective against existing threats, but is also something that people love and want to use. We spent time talking to people to get a better idea of the problems they were facing on mobile phones:
- People didn't want to get hacked or get malware on their phone.
- Lost and stolen devices were a frequent occurrence. Owning a smartphone is like walking around with $500 in your pocket -- they're expensive to replace!
- People wanted to protect the data, like photos and contacts, on their phones.
So in 2007, we set out to solve those three problems at Lookout, and those are still the three main problems we're solving today.
How did you choose which platforms to target and which to ignore or wait on?
We started with Windows Mobile because it was the first platform. This was before Android or iPhone even existed, and Windows Mobile was smartphones in the US at the time.
We also built a Blackberry product and were one of the most popular apps on Blackberry. In the end, we made a difficult to decision to shut down a product that had upwards of 500,000 users because we saw no future in the Blackberry platform. We placed an early bet on Android and iPhone, because we saw these platforms as the future of mobile early on. We've been widely successful there.
What was your biggest roadblock and how did you overcome it?
The biggest roadblock was building a world class team that protects smartphones for individuals and organisations across the globe. To build a team requires many talented and passionate people and it's one of the most important parts of building a successful company.
We started in Los Angeles and were able to get a great team together, but in order to scale we made the difficult decision to move to San Francisco. And so, 11 people picked up their lives and moved to a new city in order to hire and grow a team that embraced the passion and drive for securing the next generation of computing.
What was launch like for you?
Launch was very interesting. As mentioned previously, our first product was on Windows Mobile and we were excited to acquire our first 1000 users, because at the time there were no app stores. It was all about promoting the product on blogs, like Lifehacker, and getting people to write about the product. There were only a few smartphone users before Android and iPhone, so it was difficult, but we stayed laser-focused on building a really great product. To this day, we still have people who use our original app.
Further along the road, our Android launch was phenomenal and we got to one million users faster than leading companies like FourSquare and Twitter. PC security products are generally hated, but the fact that we were able to build a security product that people actually enjoy using is amazing.
How do you handle user requests and criticisms effectively?
We have unmatched support at Lookout and there's an actual human on our end responding to each and every person that writes into us. We use an internal system called "This Week in Lookout" (TWIL) where we summarize all of the great user stories that come in. From saving someone's stolen phone to backing up invaluable photos to protecting people from malicious applications.
We tell the great stories, but also make sure to communicate any issues. As the company grows, TWIL is a great way to stay in touch with our user base.
How do you split time between building new features and managing existing ones?
It's a balance. At Lookout, our philosophy is to build features that solve the most important problems extremely well. Solving fewer, more significant problems is better than setting out to build a laundry list of features that might sound impressive but have no real use case.
We take a design-first approach to building products where we seek to understand how people actually use and interact with our products in order to build the best solutions possible.
What advice would you give to others that want to take on a similar project?
- Focus on the most important problems and solve them extremely well.
- Avoid temptation to build things just because you can.
- Build the best team you can, because people are everything in the software industry.
Lifehacker's Behind the App series gives an inside look at how some of our favourite apps came to be -- from idea to launch (and beyond).