Mobile App Development – Best Practices (Part I – SDLC, UX & Security)
Mobile App Development
The application development landscape is quickly changing. Mobile app development is playing a much more prominent role, shifting focus away from standard, well-understood enterprise application development. As discussed in my previous post, a handful of development platforms can be leveraged to develop mobile apps and understanding the pros and cons of each platform is critical. Regardless of which platform the organization picks, however, a common set of best practices should always be kept in mind.
- Iterative Development – Developing in short, iterative cycles with continuous delivery allows developers to get end-user feedback earlier in the development process, making it easy to then prioritize and implement changes.
- Documentation – Adequate code documentation increases code readability and provides clarity to other developers; this becomes important as development teams grow.
- Peer Code Review – A code review cycle is not only helpful in identifying defects earlier in the process but is also a great way to ensure developers are following established coding standards.
- Service Oriented Architecture – A well-architected web services layer (one in which services are reusable, task specific, decoupled, and have a clear separation of concern) will ensure optimum performance for the mobile app.
- Analytics – Embedded at key points in the mobile app, analytics not only expedites debugging, but also provides great insight into app usage. Based on this insight, the well-informed development team can prioritize which features to focus on in future iterations.
The ideal purpose of a mobile app is not simply to perform a set of tasks, but to do so in a manner that is elegant, intuitive, consistent, and responsive. Users expect nothing less from an enterprise mobile app than they get from their consumer apps. There is no surer way to achieve widespread adoption of a mobile app than by offering a great user experience.
- Guidelines – Defining font usage, colors, themes, layout, images, etc. is fundamental to the user experience. Such guidelines should also address alert and notification handling and describe expected behaviors under edge-case circumstances (e.g. user walk-away, network switching, offline user, timeouts, app sent to background, etc.).
- App Branding – Consistent branding both within an app and throughout a company’s entire portfolio of enterprise apps creates a sense of cohesion and familiarity for the user.
- Wireframing & Prototyping Tools – Introducing wireframes and prototyping in the early stages of development will help end-users visualize the mobile app’s look and feel and give them a better understanding of the overall flow. Besides, modifying the app design and interaction flow is significantly cheaper and easier early on than it is once development has begun.
- Navigation & Interaction Flow – A linear, “wizard-like” flow locks users into a specific multi-level path that requires the repetitive use of “Back” button, making for a clunky, inelegant user experience.
- Gestures – Only gestures that are familiar, consistent, and easily discoverable should be used. Overloading an app with too many gestures or with unfamiliar or inappropriately used gestures will only confuse and frustrate end-users.
- Context Awareness – An app user’s environment is important to consider as it can impact both initial adoption and future usage. Any well-designed mobile app will leverage existing device features (GPS, accelerometer, gyroscope, etc.) as well as utilize information users have already provided (e.g. to auto-populate forms) to speed users along and help make interactions feel seamless.
Applications built for the enterprise frequently access and store valuable and sensitive information. If exposed, such information often yields disastrous outcomes for the organization (as well as the employee). For this reason, security measures should go above and beyond the application—this means securing the device on which the app is installed, the data the app touches, and the network leveraged to communicate with other enterprise systems. For the purposes of this post we’ll focus on application and data security.
- Enterprise Authentication – The first step towards ensuring security is to build access control into any app that integrates with the existing corporate active directory.
- Web Services/APIs – Web Services often provide mobile apps with sensitive data. Securing these web services, either by placing them behind a firewall or by requiring user authentication, can protect the organization from exposure to external threats.
- Data Encryption (at-rest and in-transit) – No matter where it is being stored, data must always be encrypted at all times to avoid exposing sensitive information should a device or network become compromised. To this end, any data backups should also be encrypted as an added safety precaution.
- Obfuscate Source Code – Obfuscating tools help organizations thwart malicious hacker attacks by making it difficult to reverse engineer the source code.
- Management of Sensitive Information – Avoid storing hardcoded values or sensitive information in code, config files, cached memory, or anywhere else on the device. If there is no way around this, be sure to encrypt sensitive data and “clean up after yourself” (clear cache, config files, etc).
- Debug Logging – Before promoting the mobile app to production, developers occasionally forget to disable debugging tools, leaving the app highly vulnerable to external threats.
Stay tuned for Best Practices on Testing and Deployment…