Business Tips

The Costs of App Security

The security features of an app are often ignored in the rush to get a new product to market. We naturally tend to focus more on what an app should do, rather than what it shouldn’t. Making sure that an app doesn’t have security issues is a difficult and potentially expensive process. Lately there is evidence that developers are trying at least to face app security costs issues. A recent post from our partners in DZone shows exactly this.

There are no automated tests to ensure user data hasn’t been left vulnerable. This goes for unencrypted passwords as well. Typically this requires a manual audit of the code and some form of penetration testing, with a skilled developer attempting to compromise the app. However, the costs of implementing security features and adding security testing to your development process are much smaller than the potential costs of a major security breach.

Problems with payments

For some types of app the consequences of this are more obvious. There are even standards in place to try to ensure a minimum level of security. For instance, any application which handles payment card details needs to process that data securely as specified by the Payment Cards Industry. However, PCI standards compliance is only audited for large merchants. Smaller merchants self-certify compliance.

If an app or service for a small merchant was compromised, resulting in abuse of payment card data, then any non-compliance discovered could result in significant fines or even liability for any fraudulent payments. Merchants who add interfaces to their existing payments infrastructure to support mobile apps need to be particularly careful. New attacks can be made possible when the payment authorisation occurs on a native mobile client, rather than a website.

Even for apps selling digital goods via in-app purchase there are still payment security issues to consider. Of course stakes are nowhere near as large. However, attackers can still impersonate the official store provider servers and simulate in-app purchases without any genuine payment.

Apple’s system was compromised in this way last summer. Another hack was reported for payments on Google Play just before Christmas. There is no link to this because, although it was only for rooted devices, we’re not aware of a fix in place yet. (Indeed it may even be a scam to get users to install malware).

Losing data can cost you even more

For enterprise app developers, being associated with a major security breach could mean the end of your business.

A harmful loss of data for a client could send valuable market data go to the competition, or even key employees. You would lose trust (and business)! If the breach is sufficiently public, you could lose the trust of all potential future clients as well.

The larger a company the more vital it is that they implement good security practices.

For consumer apps, leaking user data to attackers has direct costs. Firstly, in terms of service downtime whilst fixing security holes (usually in a hurry with the aid of expensive experts), notifying those affected and possible compensation. Secondly, there are serious indirect costs in terms of lost trust and users. Again here, the larger the user base, the more attractive the app is to attackers and the more serious any breach.

Invest in app security appropriately

Investments in security need to be proportional to the risks. How many users are involved and the value of data stored should determine the level of effort required to ensure that data is safe.

Not knowing about the security implications of your application is somewhat like driving without insurance.

Everything is fine until the unthinkable happens. Then it’s likely that lots of innocent people suffer and you get into a lot of trouble.

The technical details of app security are beyond the scope of this post. However, we have prepared a list of top 10 vulnerabilities and how to avoid them. Read on if your app deals with any user data or payments.


Which apps make money?

[This post by Andreas Pappas, Senior Analyst at VisionMobile, first appeared on the VisionMobile blog on 13 November 2012.]

[Andreas Pappas takes another look at the results of VisionMobile’s Developer Economics 2012 survey and comes up with interesting new insights on app monetisation: how does app revenue vary by app-category and by country? Is there a correlation between time spent developing an app and they money it makes?]

VisionMobile - which apps make money

In Developer Economics 2012 we discussed app revenues and how they vary across platforms. We found that overall, around half of all app developers that are interested in making money did not earn a sustaining income, i.e. they were below the “poverty line”, which we drew at $500 per month per app. Of course the real poverty line will vary widely across countries and regions: while $500 per month may not be enough for a San Francisco-based developer, it could be more than enough for a developer based in Bangalore where average living cost is less than a third, according to Numbeo.

Business Tips

Crowdfunding: Leanest Way to Launch?

One question that divides opinion among developers is when to start marketing your app. Some say if you start marketing too soon, the early interest you create will dissipate before you actually have something to sell. Others argue that you can’t start talking about your app soon enough, build a following of early adopters and you have great word of mouth marketing and an initial sales boost to climb the store charts. What if you can have the benefits without any of the downside? It might just be possible with crowdfunding.

Business Platforms Tips

Backend-as-a-Service – Should You Use One?

Many of the most engaging and popular apps connect to cloud services which either regularly deliver new content, enable users to interact with one another or both. Unlike a standalone application, such apps can incur ongoing hosting costs throughout their active usage life. Ideally your revenue model should mirror the cost structure. Using a Backend-as-a-Service (BaaS) reduces execution risk and time to market as well as removing server maintenance and scaling headaches, however, it typically increases the ongoing service costs making the revenue model fit even more important.  Obviously the technical requirements of the app constrain the selection of service and for basic backend features Cloudspring has a good overview article. The variation in pricing of backend services is even greater than the diversity of their technical capabilities but this post will provide some generally applicable advice.


Revenue and cost breakdown per platform

In a previous article, we discussed revenue and costs for app developers overall. Here, we add some more detail for each platform individually.


Planning your development costs

The bar for successful apps is high: if you want your app to stick out among a million others, it needs to be well designed, user friendly and working flawlessly, all of this comes with significant development costs. In this article, we give an indication of the types of costs you need to take into account when planning your app.

Costs can differ wildly depending on your platform and type of app. A mobile game with 3D graphics will have a radically different cost structure than a weather app. The range goes from $5,000 for very simple apps to hundreds of thousands for extensive apps. Often cited, Twitterific estimated their development costs as high as $250,000 back in 2010. Use common sense when thinking about your costs, be realistic and plan for cost overruns.

Here are some costs you need to take into account.