Mobile and Retail

criteoCriteo has a great free report and slides on the State of Mobile Commerce Q2 2015. The slides include some very useful country specific data towards the end of  the presentation.

Takeaways include…

  • Mobile is very significant in all retail categories with 1 in 3 transactions being in fashion and luxury.
  • The majority of transactions come from smartphones as opposed to tablets.
  • In the US, iPhone makes up 66% of transactions compared to 5.6% for Android.
  • Quality apps can currently generate up to 42% of mobile transactions for sellers.
  • Cross device shopping is important and makes up 40% of purchases in the US.
  • Android produces more transactions in many countries…

androidecommerce

iOS vs Android Across Countries

mobiforgeMobiForge has a great post on ‘25 mobile market statistics that you should know in 2015‘ subdivided into Mobile Hardware Statistics, M-Commerce & Banking, User Behaviour, Mobile Software and Mobile Networks.

The most useful statistic for mobile developers is iOS vs Android across countries…

androidvsiosbycountry

However, the data comes from DeviceAtlas. This means the data is based on web usage which might (or might not) skew the data. However, it’s probably a more useful way of measuring the user base than shipments because it gives the installed base which takes account of the cumulative affect of shipments/replacements.

Nokia To Be a Smartphone Vendor Again

nokiaThis site was born 10 years ago in the era when Nokia was the top smartphone vendor and the iPhone and Android didn’t exist. February 2011 was turning point for me when I said that Nokia were heading off in the wrong direction and shortly after that I went ‘Android only’ from working on all mobile platforms at that time. Microsoft ended up taking over the Nokia handset division and more recently, according to Wired, Microsoft finally gets that it won’t win the smartphone war and Stephen Elop is leaving the company.

However, there’s a twist to the story. Tomi Ahonen is quoting Nokia CEO Rajeev Suri telling German periodical, Manager Magazin that Nokia will return as a brand to smartphones in 2016 as the exclusivity period out of the Microsoft deal ends. Tomi says “Obviously these will be Android based”. I’d like to think so. However, as the past has shown, companies don’t always follow what might seem like the obvious path.

Samsung Keyboard Vulnerability Learnings

nowsecureThere has been lots of press about the recent Samsung keyboard vulnerability. The vulnerability comes about because a new language can be downloaded under a privileged context which can be network hijacked to run arbitrary code.

Many articles mentioning this vulnerability are over sensational because it’s very unlikely that the user/app would download a new language pack AND be on a hijacked network taking advantage of the vulnerability. However, I think it’s more useful to pull apart the vulnerability and look for simple learnings to apply to other existing and new apps.

There are three main problems…

New Android ‘enjarify’ Decompile Tool

It’s very easy to reverse engineer most Android apps using dex2jar, JEB or Dare and there are even online tools that can reverse engineer an app without having to install any tools.

Each tool has its own limitations and those limitations are often used by other obfuscation tools to make reverse engineering more difficult. However, to make things even easier, a new tool enjarify has been ‘unofficially’ released (presumably means there’s no support) by Google that claims to resolve many of the limitations of dex2jar such as support for unicode class names, constants used as multiple types, implicit casts, exception handlers jumping into normal control flow, classes that reference too many constants, very long methods, exception handlers after a catchall handler, and static initial values of the wrong type.

I can’t see why Google would want to release such a tool other than it’s the result of a Googler’s 20% ‘free’ time. It will probably encourage more copied apps, ip theft and thwarting of in-app purchasing.

However, it does serve to emphasise how much more sophisticated and easier decompilation has become over time. You shouldn’t rely on the fact it’s difficult to do nor assume what might have protected your app in the past will protect it now or into the future.

Android M Permissions

googleio15Of all the changes coming out of Google I/O 15, the new permissions model will have the greatest longer term impact on developers. I say ‘longer term’ because for existing apps on existing phones, users will see no difference. Existing apps on phones running ‘M’ can have their permissions taken away by the user which will, no doubt, cause them to malfunction and possibly cause confusion for the user (and people supporting the app).

The real power and possibilities come when an app is built for ‘M’ (or in the future ‘M or later’). Developers and designers now really have to think hard about their messages to users. There’s an article on Medium about the Cluster app, on iOS, that covers similar issues and the complications.

The good thing is that (‘M’ built) apps will no longer sit around, as now, waiting for the user to upgrade when they need more permissions. The down side is that the user disallowing a permission can seriously bazooka your app and you need to really try your hardest to explain to the user why a permission is needed.

Obviously, more transparent permissions is good for everyone – in theory. In practice, I find many clients and some designers already have trouble agreeing/deciding how screens and messages should look and feel. Adding permissions screens/dialogs into the mix is bound to lead to protracted mobile development, more testing of permissions-based scenarios and more support needed when apps don’t work due to revoked permissions.

Counterpoint Smartphone Market Share

counterpointCounterpoint has a new infographic based on their Q1-2015 Market Monitor report that tracks more than 75 top vendor shipments across countries that contribute to more than 95% of the total global smartphone volumes.

globalmobilephoneshare

The infographic is particularly good if you need region specific data.

Multiple App Publishers, One Company

trendmicroTrend Micro has an article on how companies should better ensure their (multiple) apps are published under the same account/name so that uses can better determine whether they are fake or not.

For example, how do users know all the Santander apps below are official?

santanderapps

Trend Micro previously published an alarmist article saying that “70% of top free apps have fake and mostly malicious versions in app stores” and that “80% of the top 50 free apps found in Google Play have bogus versions”. However, they later added the caveat that “Note that the fake apps samples we gathered are from third party sources and none was found in Google Play“.

So, if you only distribute via the Play Store (or App Store) should you care? I think so. If people download a bogus app from anywhere it can lead to loss of a user/customer, financial or information theft, fraud and loss of reputation/trust. You should direct end users to download from specific app stores, pre-declare your one publisher name and ask end-users to check this prior to downloading.