DEV Community

Paul Shilla
Paul Shilla

Posted on • Originally published at chista.app

I shipped my first iOS app in 30 days for $300. Here's the build log.

#showdev #ios #ai #indiehackers

I take a lot of screenshots. The article I'll read later. The recipe I'll cook on Sunday. The movie name from someone's Instagram story. A job post, a product, a tender.

Most of them die in my camera roll.

So I built Chista — an iOS app that auto-imports every screenshot, classifies it with AI (Article, Product, Event, Reference, Media), and surfaces a one-tap action: Buy on Amazon, Add to Calendar, Reserve on OpenTable, etc.

It shipped on the App Store thirty days after I started, for about $300 in total cost. The interesting part wasn't the app. It was what the build revealed.

What I built

Chista is a native iOS app + Python backend.

  • iOS reads new screenshots in the background via PHPhotoLibraryChangeObserver, scoped to PHAssetMediaSubtype.photoScreenshot (so it literally can't see your other photos).
  • Each new screenshot gets OCR'd on-device with Apple Vision, then the image + OCR text get POSTed to the backend.
  • Backend sends the pair to OpenAI GPT-4o with a structured prompt that returns a CategorizationResult JSON: category, subtype, title, suggested action, extracted data (price, deadline, URL, etc.).
  • Result gets persisted and pushed back to the inbox via Supabase real-time.

That's the whole thing. The "magic moment" is just: you screenshot something, switch to Chista a few seconds later, it's already sorted with a contextual action button.

Stack

Layer Tool Why
iOS app Swift 5.10, SwiftUI, StoreKit 2 iOS 17+, modern surface
Backend FastAPI on Railway One-file ergonomics, fast cold starts
Database + Auth Supabase Postgres + JWT auth out of the box
AI OpenAI GPT-4o (Pro), gpt-4o-mini (Free) Tier-routed at categorization time
Push APNs via aioapns Direct, no Firebase middleman
Subscriptions StoreKit 2 + app-store-server-library Server-side JWS verification
Affiliate routing Custom matrix in Supabase tables Amazon Associates wired, more pending
Hosting (web) Cloudflare Pages Free, fast, never goes down

No frameworks I wouldn't reach for again.

What it cost

Line item Cost
Apple Developer Account $99/yr
Domain (chista.app) $10/yr
OpenAI API credits $100 (one-off prepaid)
Cloudflare (web + DNS) free
Railway (backend) $5/mo trial credit, then hobby tier
Supabase free tier
Everything else mostly free tiers

Total to ship v1: about $300.

The hardest bug I shipped through

Apple App Review's reviewer kept hitting INVALID_CERTIFICATE when validating in-app purchase JWS payloads on our backend. We chased it through four library versions:

app-store-server-library==1.8.0  → INVALID_CERTIFICATE
app-store-server-library==1.9.0  → INVALID_CERTIFICATE
app-store-server-library==2.0.0  → INVALID_CERTIFICATE
app-store-server-library==3.1.2  → INVALID_CERTIFICATE
Enter fullscreen mode Exit fullscreen mode

I enabled online cert checks. I bundled app_apple_id. I made the verifier environment switch independently from APNs. Nothing worked.

The actual problem: the library has a constructor like this:

SignedDataVerifier(
    root_certificates=[],   # ← THIS
    enable_online_checks=True,
    environment=Environment.SANDBOX,
    bundle_id="com.chista.app",
    app_apple_id=6771318695,
)
Enter fullscreen mode Exit fullscreen mode

I assumed root_certificates=[] meant "use Apple's bundled roots." It doesn't. The library ships with zero root CAs. An empty list means "trust nothing." Every Apple-signed JWS fails because the cert chain has no trust anchor.

The fix: download Apple's Root CA G2 and G3 directly from apple.com/certificateauthority, check them into the repo, and pass the bytes:

cert_dir = Path(__file__).parent.parent / "data" / "apple_certs"
root_certs = [
    (cert_dir / "AppleRootCA-G3.cer").read_bytes(),
    (cert_dir / "AppleRootCA-G2.cer").read_bytes(),
]

SignedDataVerifier(
    root_certificates=root_certs,
    enable_online_checks=True,
    environment=env,
    bundle_id=bundle_id,
    app_apple_id=app_apple_id,
)
Enter fullscreen mode Exit fullscreen mode

One line of additional config, ~2KB committed to the repo, problem solved.

If you're integrating Apple's library and hitting this: the empty default is the bug, not your environment. The official docs imply bundled roots; the code does not.

On AI-assisted development

I built Chista with heavy AI assistance — drafting Swift views, generating prompt templates, debugging gnarly things like the cert chain above. It would be dishonest to tell this story without saying so.

What that actually changed:

  • Things that would have been 4-hour debugging sessions became 20-minute conversations. Not because the AI solved them — because pasting an error message into a chat and getting three hypotheses to test beats reading Stack Overflow.
  • The cost of trying an architecture went from a weekend to a few hours. I rewrote the affiliate routing twice. Once in env vars (clean, inflexible), once in DB tables (verbose, manageable). The second version won. I wouldn't have explored both five years ago.
  • It does not write the app for you. Every non-trivial decision — what to categorize as a "product" vs a "reference," how to handle the Photo Library re-grant edge case, how to gate sensitive content from affiliate routing — was still mine to make. The AI accelerates execution. It does not replace judgment.

That last point is where I think the whole industry is heading.

The thesis

A decade ago, the hard part was writing software.

Today, the hard part is deciding what should exist.

The cost of creation is collapsing. The time from idea to first version is shrinking. The number of people who can build is exploding. None of this is news on dev.to — but watching it happen in real time on my own project felt different than reading about it.

Software is starting to behave like content. The bottleneck is moving from can you build this to should this exist, and is it actually better than what's already there.

That's a great problem to have.

Lessons learned

  1. The cheapest dependency is one that already trusts the right thing. Apple's library shipping with zero root CAs cost me ~6 hours of debugging. A 2KB file solved it. Audit the defaults of every security library.
  2. Sandbox testing is the unreliable narrator. TestFlight + Sandbox testers + propagation delays + cached storefronts = 12 hours of "why won't products load." Local StoreKit Configuration files let you skip 80% of that during dev. Switch back to real Sandbox only when you absolutely need server-side verification.
  3. Move config from env vars to DB tables earlier than you think. I started with AMAZON_ASSOCIATES_US=... style env vars for affiliate keys. Six countries in, I moved them all to a affiliate_keys Postgres table. Should have done it on day one.
  4. OCR locally, classify in the cloud. Running Apple Vision OCR on-device cut ~900 vision tokens per screenshot from the OpenAI bill. The hybrid is significantly cheaper than a pure cloud pipeline.
  5. Ship the unsexy quota system early. Day 1 free tier limits + cost ceilings, not "we'll add it later." Pre-emptive limits saved me from a half-dozen runaway-cost scenarios in testing alone.

Try it

Chista is on the App Store. Free tier covers 30 screenshots/month. Pro is $4.99/mo with a 14-day trial.

I'd love to hear what's in your camera roll graveyard.

This post mirrors a version on chista.app. The canonical link is set so dev.to credits the source domain for SEO.

Top comments (0)