UCL App Lab

uclI have previously written about how many apps an organisation should have, the situation of a brand creating many apps and the problems of an organisation having multiple app publishers.

Today, I came across UCL’s App Lab which uses a private app store to help build a focussed audience and solve the problem of poor discoverability on the public stores. I am not a great fan of 3rd party app stores but their use, in this kind of scenario, seems to make sense.

iBeacon Evolution

beaconzoneBeacons have improved over the last year to solve some problems related to rollout, provide more opportunities via use of extra sensors and also to support Google’s Eddystone.

After you have developed apps and have a beacon rollout, the first problem you are likely to experience is battery life. Manufacturers have responded in several ways. One of the main problems is knowing the battery needs changing. AnkhMaway beacons with the latest firmware now publish the battery level in the advertising data to allow apps to determine battery levels without connecting. Manufacturer’s such as Wellcore are relieving the battery life problem through brute force with beacons that have more batteries. Meanwhile, other manufacturers such as Sky have included time based on/off to save power during the time of day when the beacon isn’t likely to be used.

Beacons are also starting to get more sensors. The AnkhMaway iB003N includes an extra advertising channel that sends real-time accellerometer data. The Sky 201 has precision temperature, humidity and accelerometer sensors.

Form factors are also improving. There are several waterproof and water resistant beacons for use outside or in more extreme environments. The smaller beacons are getting even smaller, down to 2.6mm thick, so that they can be worn or attached less conspicuously.

More beacons now support Eddystone as well as iBeacon. The iB001M and iB003N have a custom channel that supports Eddystone or any other data you wish to advertise and this works at the same time as the iBeacon broadcast.

As I mentioned in a previous post, today’s beacon-based solutions mainly revolve around service-based solutions where you have to use a particular type of beacon with a particular backend. These solutions also tend to be tightly focussed around retail and generally obscure (marketers would say ‘simplify’) the way these solutions actually work.

However, it doesn’t have to be this way. There are many more uses for beacons and opportunities that become apparent when technical information and the beacons themselves become more readily available. My company’s new site provides information on what beacons are, how they can be used and explains the interrelationship with apps. You can also purchase OEM beacons for shipping to the UK and Europe.

We have also developed a beacon demonstrator app for iOS and Android that allows you to experiment with beacon triggering without using particular vendor’s beacons nor signing up to a backend service.

Insecurity of iOS Banking Apps

iosactiveIOActive has an analysis of the security of 40 iOS banking apps. Analysis is usually of Android apps so it’s interesting to see that iOS suffers from similar security problems.

  • ioactivebankingsecuritysummary12.5% did not validate SSL certificates
  • 35% contained non-SSL links
  • 30% were vulnerable to JavaScript injections via insecure UIWebView
  • 40% leaked user information

Usually, I am relatively permissive when I use my phone for personal use but doing banking via mobile is still something I choose not to do.

Mobile Shopping Trends

dynatraceDynatrace has an interesting free report (pdf) on shopping trends based on a four country consumer survey of smartphone and tablet users conducted by Harris Poll.

Millennials (age 18 to 34) are the vanguard of shopping via mobile with 60% of them doing shopping on their devices for this holiday season compared to 42% of all adults. The activity not just the buying itself but also comparing prices, reading product reviews and downloading coupons.


It’s not just Dynatrace who are identifying these trends. Gartner also has new research that claims 50 Percent of Consumers in Mature Markets Will Use Smartphones or Wearables for Mobile Payments by 2018.

However, the uptick in mobile shopping can bring new hazards for retailers. The restricted screen size and less effort put into mobile apps than web sites can lead to abandoned transactions and tarnishing of reputation. As Shay Ben-Barak says on LinkedIn, User Experience (UX) Is Not a Step in Your Project! Consumers are now sophisticated enough to seek the experience rather than features.

App Javascript Vulnerabilities

Fireeye has an infographic where they share the results of analysing 7 million Android and iOS apps. 31% of Android apps were found to be vulnerable to Javascript-Binding-Over HTTP (JBOH). iOS was found to be the ‘next frontier’ for cyber criminals with Universal Cross Site Scripting (UXSS) and sideloaded apps via Apple’s Enterprise Program being of particular concern.


So what’s JBOH? I think it’s another name for vulnerabilities in webviews that I have been documenting for a long time now.

Mobile Payments Lower Than Ever

infoscoutInfoScout has an article that looks into current use of mobile wallets. Apple Pay usage is at its lowest rate since they started tracking it and has only been used for 2.7% of Apple Pay-eligible transactions. Android use is only 2.0% of eligible transactions.


As previously mentioned this is probably related to security concerns and lack of incentives to pay via mobile.

Security Vulnerabilities Through Depending on 3rd Party Code

trendmicroTrend Micro has an article titled High-Profile Mobile Apps At Risk Due to Three-Year-Old Vulnerability. The problem has come about due to a vulnerability in libupnp that allows a buffer overrun to run arbitrary code on an affected device that can give the attacker the ability to take control of the device.

For Android, the architecture of Java is such that it is immune to buffer overflow problems. However, c/c++ written using the NDK can be vulnerable.

This shows iOS and Android developers need to be more careful when including 3rd party libraries that use c/c++. Being careful means keeping an eye out for security fixes in included c/c++ libraries and updating apps accordingly.

Counterpoint on Phone Shipments

counterpointCounterpoint has a new infographic based on data from their latest Mobile Market Monitor report showing mobile handset and smartphone shipments. The report covers over 75 OEMs globally. Global phone shipments grew 4% annually. Three in four mobile phone shipped globally is smartphone.

The following chart is for smartphones and shows which OEMs and, by inference, what platforms are most popular in the various geographic regions…