Categories
Business Tips

The Costs of App Security

The security features of an app are often ignored in the rush to get a new product to market. We naturally tend to focus more on what an app should do, rather than what it shouldn’t. Making sure that an app doesn’t have security issues is a difficult and potentially expensive process. Lately there is evidence that developers are trying at least to face app security costs issues. A recent post from our partners in DZone shows exactly this.

There are no automated tests to ensure user data hasn’t been left vulnerable. This goes for unencrypted passwords as well. Typically this requires a manual audit of the code and some form of penetration testing, with a skilled developer attempting to compromise the app. However, the costs of implementing security features and adding security testing to your development process are much smaller than the potential costs of a major security breach.

Problems with payments

For some types of app the consequences of this are more obvious. There are even standards in place to try to ensure a minimum level of security. For instance, any application which handles payment card details needs to process that data securely as specified by the Payment Cards Industry. However, PCI standards compliance is only audited for large merchants. Smaller merchants self-certify compliance.

If an app or service for a small merchant was compromised, resulting in abuse of payment card data, then any non-compliance discovered could result in significant fines or even liability for any fraudulent payments. Merchants who add interfaces to their existing payments infrastructure to support mobile apps need to be particularly careful. New attacks can be made possible when the payment authorisation occurs on a native mobile client, rather than a website.

Even for apps selling digital goods via in-app purchase there are still payment security issues to consider. Of course stakes are nowhere near as large. However, attackers can still impersonate the official store provider servers and simulate in-app purchases without any genuine payment.

Apple’s system was compromised in this way last summer. Another hack was reported for payments on Google Play just before Christmas. There is no link to this because, although it was only for rooted devices, we’re not aware of a fix in place yet. (Indeed it may even be a scam to get users to install malware).

Losing data can cost you even more

For enterprise app developers, being associated with a major security breach could mean the end of your business.

A harmful loss of data for a client could send valuable market data go to the competition, or even key employees. You would lose trust (and business)! If the breach is sufficiently public, you could lose the trust of all potential future clients as well.

The larger a company the more vital it is that they implement good security practices.

For consumer apps, leaking user data to attackers has direct costs. Firstly, in terms of service downtime whilst fixing security holes (usually in a hurry with the aid of expensive experts), notifying those affected and possible compensation. Secondly, there are serious indirect costs in terms of lost trust and users. Again here, the larger the user base, the more attractive the app is to attackers and the more serious any breach.

Invest in app security appropriately

Investments in security need to be proportional to the risks. How many users are involved and the value of data stored should determine the level of effort required to ensure that data is safe.

Not knowing about the security implications of your application is somewhat like driving without insurance.

Everything is fine until the unthinkable happens. Then it’s likely that lots of innocent people suffer and you get into a lot of trouble.

The technical details of app security are beyond the scope of this post. However, we have prepared a list of top 10 vulnerabilities and how to avoid them. Read on if your app deals with any user data or payments.

Categories
Tips Tools

Mapping Cross-Platform Development Tools: Technology Approaches

In our 2012 analysis of the cross-platform development tools (CPT) sector, we have identified five distinct technology approaches being used:

  • JavaScript frameworks
  • App factories
  • Web-to-native wrappers
  • Runtimes
  • Source code translators

Each technology targets a slightly different developer audience – from non-developers to seasoned programmers – and addresses different application use cases. These technology approaches are not mutually exclusive; many tools use a combination of technologies. For example some runtime-based CPT solutions are adding a webview component, which enables them to create hybrid web app wrappers.

Categories
Business Platforms Tips

App Promotion: make or break your app

With well over one million total apps available on Apple and Google app stores combined, plus hundreds of thousands on the other platforms, the competition to get on consumers’ handsets is fierce. As hundreds of apps are added each and every day, app discovery remains a largely unsolved challenge which is only getting worse. With a rapidly changing landscape of app store ranking algorithms, mobile advertising products, cross-promotion networks and specialist marketing services it’s very difficult to decide how to begin app promotion which is cost-effectively. The one very clear piece of advice we can give is what you shouldn’t do – nothing.

Categories
Business Tips

Crowdfunding: Leanest Way to Launch?

One question that divides opinion among developers is when to start marketing your app. Some say if you start marketing too soon, the early interest you create will dissipate before you actually have something to sell. Others argue that you can’t start talking about your app soon enough, build a following of early adopters and you have great word of mouth marketing and an initial sales boost to climb the store charts. What if you can have the benefits without any of the downside? It might just be possible with crowdfunding.

Categories
Business Tips

10 Million Apps: the emerging world app demand opportunity

In a recent post on the app localization opportunity we highlighted the potential for targeting growth markets in the emerging world. Not all apps are equally suited to doing so though. For some high-profile apps such as Facebook, Google Maps or Angry Birds the demand is  global and these apps easily penetrate local markets. For other apps — like a taxi booking, cinema schedules or restaurant reservation apps — what works with US consumers will not work in the local business environment or culture in a European or Asian city. Different language, culture, business environment, promotional channels, regulations, brands and local consumer behaviour will mean that many apps will need adaptation to penetrate local markets. It also means that much local app demand is currently undersupplied. China, Brazil and Russia are good examples of major markets that are hard to penetrate, yet present major opportunities for mobile app developers globally. We believe that in the app economy, global demand for top-seller apps will dominate downloads in most regions. At the same time, regional demand for localised apps will drive the production of the next 10 million apps.

Categories
Business Platforms Tips

Freemium beats Premium, says App Annie

App Annie Intelligence, which tracks more than 700,000 apps, reports that freemium apps – free apps that have in-app purchases – are experiencing impressive revenue growth worldwide, far outpacing premium apps in both iOS and Google Play stores. Over the last 24 months, worldwide revenues for freemium apps on iOS have more than quadrupled. In 2012, worldwide  revenues on Google Play have grown 3.5X. Now, apps generate 69 percent of the worldwide iOS app revenue and 75 percent of global Android app revenues. Meanwhile, premium revenues for both app stores remained relatively flat in these time periods.

This confirms earlier reports of this trend by Distimo, IHS iSuppli and others.

 

Categories
Business Platforms Tips

Methods for Monetizing a Mobile User Base (or Are Mobile Apps the New Internet?)

Mobile apps are a huge and rapidly growing business. Mobile developers have access to a greater number of users and more simple ways of monetizing their creations than any software developers before them. However, selling digital content and services directly, or advertising to users of those services are only two of many, many ways of generating revenue through mobile apps. Which methods are likely to dominate in the future?

Categories
Business Tips

Do Push Notifications Increase Engagement?

Push notifications are a popular tool for this purpose. With the vast majority of app revenue growth coming from in-app purchases rather than paid downloads, it’s more important than ever to keep users engaged with your apps. Updating users about new content or activity and driving them back to the app. At the same time the technology is controversial since unwelcome or excessive push notifications annoy users, who will either disable them or worse yet uninstall the app responsible. So is it worth the risk? Do push notifications work?

Categories
Business Tips

The App Localization Opportunity

As we showed in our Developer Economics 2012 survey, there is a massive gap between the number of developers creating applications for local languages (other than English) and the demand for local language content. For many app types, app localization is only a relatively small incremental investment on top of the original app build costs and yet has the potential to generate significant new downloads and revenue. How should developers decide if it’s going to be worthwhile?

Categories
Business Tips

50+ mobile revenue models

This hackpad (a collaborative list composed by 150 people) has an impressive list of web and mobile revenue models, ranging from the classic ad-driven models and pay-per-download to intermediaries and commerce models.
For Your Inspiration.