3 Tips for Building Mobile Apps
Building an app can be tough fo ...
A few weeks ago I was discussing with an ex-colleague of mine who is responsible for enterprise application development. He mentioned that all clients from his portfolio are looking for a mobile solution. Almost everybody in the company is talking about mobile development – how to build, what is the usability, how to test, how to release etc. The most important element of creating a mobile solution, he said was about assessing risk of the devices and data during the development. Modern enterprises are being run, or intended to run, on mobile devices. Enterprises pride themselves on the ability to implement their strict policies on their data, and security systems across distributed teams all across the globe. What sort of testing strategies would help the enterprise to mitigate such potential business risks and increase return on investment (ROI)?
Source: SAP-HBR White Paper: “How Mobility is changing the Enterprise”, by Sanjay J. Poonen, SAP.
A test strategy is an outline that describes the testing approach which includes: the types of tests that are to be performed, how the product risks of the stakeholders are mitigated with these tests, and which entry and exit points we should be focusing on. In this document we shall discuss different types of testing with respect to enterprise application testing.
One of the biggest considerations when bringing enterprise to the mobile landscape is understanding the possibility that the user may lost this device, and all its precious data! This scenario is not even considered in the desktop situation. UI standardization across mobile platforms means our application must not only have a nice design, an excellent user experience, and quick response time, but high-level data and network security. while remaining privacy compliant. Phew! Now that’s a big task.
Most enterprises are running on stable licensed softwares and network and access to data are quite secure and required multilevel access control. The biggest thing to nail down at the beginning of any enterprise app are the security protocols. You want the focus of your next app iterations to be on design, UX, features etc. but not security. Example, an estimated 114,000 Apple iPad 3G owner’s e-mail addresses and the identification number that those iPads were using when they communicate over AT&T’s network known as an ICC-ID were compromised few years ago. Similarly in Feb 2012, Citibank detected a potential threat through their iOS application. These kinds of exploits generate the risk of losing customers and diluting your brand’s reputation.
In the era of mobile communications and growing number of mobile platforms and devices, risk assessment and management are significantly complex tasks to achieve.
Source: www.lovehatedata.com, SAP
1. Device Coverage
It’s almost impossible to actively test on EVERY SINGLE mobile device and use case. This where you really need to do your due diligence and figure out which market(s) your application is targeted for. Using the 80/20 rule, (20% of devices are used by 80% of target audience) you can quickly figure out which technological use cases you should be focusing on. You can mitigate a huge amount of risk simply by doing your market research. This will also save you lots of time (and money) in research and development!
2. Device Governance
Securing mobile devices and its data is a major challenge, due to their importance and portability. This goes threefold for enterprises in the financial, defense and health sectors. Mobile devices use (2G/3G/4G), Wifi, Bluetooth, IR etc. and they are exposed to potential malware infections and general security threats from all these incoming signals. WiFi hotspots or intrusion through BT are common scenarios in accessing the data of mobile devices. Even connecting mobile phones to the desktop using USB often put the corporate network at risk.
By figuring out what our market’s biggest threats are, we can begin to put locks in place. We need a testing strategy that detects these potential threats opened by enterprise mobile applications. Find these security points and provide recommendation to the product management team with a constant feedback loop to make sure these security points are being taken care of.
During testing and development an efficient device management tool (like DeviceAnyWhere, PerfectoMobile, etc.) could be used to control, manage and audit the usages of the mobile phones and a set of processes and SLAs should be established to ensure no misuse of the mobile devices and it’s data during development, testing and post-production.
3. OS and Application version control
The number of devices and their models are determined based on the target market and applications are tested thoroughly on all those selected devices before releasing to the market. The problem starts when there are second or subsequent releases.. When the new devices and OS versions launch in the market, the existing market share ratios all become history. This may not be an issue for the internal applications but is intolerable for business critical applications where audiences are external.
Assessment of the application ready for enterprise
To maximise the ROI on your product and security testing, here is a quick list of items we go through to make our QA teams as efficient and cost effective as possible::
When development cycles are released quickly to end users and changes are unavoidable, then automation of the most popular test cases become a critical success factor.
Mobile testing teams should consider different testing tools to automate test cases. Main factors to consider while choosing a tool are:
To maximize the value from the investment of building an enterprise mobile application, one needs to ensure that the risk is reduced through a robust test strategy. This will satisfy the security needs as well as the adaptability of the application and will make everyone, especially your end-users, very happy!
Please feel free to leave us any questions or comments and Sougata will do his best to reply! Or feel free to connect with us on Twitter and we’ll answer your questions: @sourcebits