About a year ago, I created AndroidSecurity.guru with the dual aims of teaching myself more about Android security while sharing insights and guidelines with developers and those people commissioning apps. The article on WebViews as been the most popular and it turns out most banking apps rely on them which is a bit disconcerting.
While working for clients, I have often been asked how to better secure data and my answer has usually been along the lines of ‘it’s difficult and it’s probably a project in itself to do it well’. And that’s really the problem. More background to the security problem itself can be found in the Android Insecurity document (pdf).
This year I have been working on a solution to this problem in the form of a native c++ library. While the premise of being able to have encrypted values bundled with an app and see/add to these values at runtime is very simple, actually doing it well is a lot more complex.
The resulting solution stores the decryption key at the server and only loads it when the device has no security problems. There are measures to authenticate the server, authenticate the client (app), detect app tampering, detect OS tampering, detect root (essential for security), detect c++ debugging, thwart memory dump analysis, bypass OS hooking and also anti-decompile features to make unpicking of the binary very difficult.
It’s an extreme solution to a simple problem and I am therefore currently targeting it at my existing customers and organisations working on security sensitive apps such as banking, payment and health. There are also UK export implications as it uses strong encryption. ActiveVault is currently undergoing trials and should be available October 2015. Contact me to enquire about early access, further information or for access to the current demo version (under NDA). You can also learn more at AndroidActiveVault.com.
Although I wouldn’t normally associate Adobe with mobile, they have a great blog on Mobile Marketing. There’s a recent article on Day to Day Operations of Mobile App Store Optimization (ASO), details on From Development to Marketing: An App Roadmap for your Business, tips on Jumping the Hurdles to Effective Mobile Marketing and Mobile Marketing: Covering The Basics.
Marketing tends to be done too little too late. It’s easy to concentrate on the more immedate challenges of creating an app rather than thinking about how to get it into users hands.
However, also think about retention. Another recent article on re/code, as it happens based on Adobe data, shows that Mobile Apps Have a Short Half Life; Use Falls Sharply After First Six Months:
Appindex, the app development marketplace and organisers of the app promotion summit have an interview with me where I talk about my involvement in mobile development, the types of apps I have worked on, tools I use, what app I have been most proud of, trends in mobile development and my current views on mobile development.
Appindex also previously kindly listed me in their Top UK App Developer Agencies.
The Yahoo developer network has a useful analysis of some Flurry stats that show consumers are spending 35% more time on their mobile devices than a year ago. However, of more interest to developers is that the browser is being sidelined and users now spend only 10% of their time using web browsers compared to 14% a year ago…
Another surprise is that gaming is in decline, taking up 15% of the time as opposed to 32% a year ago.
IDC have a new smartphone growth forecast up to 2019. Developers will be more interested in the split by operating system…
As with other recent forecasts, iOS and Android are predicted to remain at roughly their current market shares.
Moovweb has an informative article on how iOS vs Android conversion rates and revenue per session are converging. iOS used to convert at significantly higher rates and have a higher average spend but the differences are now starting to be much less significant…
“The difference in e-commerce conversion rates between Android and iOS decreased by 75% year-over-year in Q1. The Android-iOS conversion rate gap is now a mere 5%.”
The difference in revenue per session is now only 9%, down from 15% a year ago.
Last month Peter-Paul Koch (PPK) of quirksmode published a contentious post asking if it was time to stop pushing the web forward. His argument was that “cramming in more copies of native functionality at breakneck speed” is futile and native apps will always be better. Instead, the web should concentrate on its strengths: simplicity, URLs and reach. There has now been a newer post, stop pushing redux, on the mixed reactions to the original post.
I think what web developers are coming up against is what I described in 2007:
“Once we try to write real applications within the browser we will be exposed to similar issues that make native development difficult”
Even though the web now is still nowhere near feature parity with native in 2007, web developers are having a hard time developing for it. As I mentioned recently, the web vs apps outcome has resulted in the (mobile) web platform having security and fragmentation headaches.
The web still has a possible alternate successful future and I agree with PPK that it’s time to play on its strengths… and particularly it’s strengths over apps. Maybe new features should be those that native apps don’t have?
There’s some interesting new research by CIRP (pdf) that shows people are more likely to switch from iOS to Android (20% of users) than Android to iOS (16%). The net flow is in a different direction than the media (or Apple?) had us expect and the actual percentages are higher than I had expected. The CIRP report says that changes in OS happen more often when users change carriers. It seems people are not so loyal about their mobile OS after all.
Device upgraders and OS switchers bring extra challenges for developers. For some apps, you might want to consider how users might migrate data to their new devices. This might go beyond normal OS app backup schemes if you also wish to also support OS switchers. You might also like to think about in-app purchased items but in most cases if the user changes OS they won’t expect to keep purchased. Exceptions are usually subscriptions, like Spotify or Evernote, where the user will expect to continue with their subscription.