Mobile App Security: In Search of the Silver Bullet

In October, 2016, the use of mobile devices to access the internet surpassedi that of desktop computers. Today, more than half of internet access is done with phones and tablets.

What, Me Worry?

Given this, you might assume that mobile apps would be designed with high levels of security or that security itself would be an utmost consideration in app design, but that’s not the case. In fact, the problem of security in mobile apps is enormous – and not new, either.

First the Breach, Then the Fix

As far back as 2014, Gartner predictedii that, by 2017, 75% of mobile security breaches would be due to a failure of what it called “app misconfiguration”.

A study by the Ponemon Institute in 2018 claims that a majority of organizations admit they don’t invest in app security until AFTER they’ve suffered a breach. No wonder the dollar value of the average security breachiii today is nearly 4 million dollars US.

Albert Lo, Senior Mobile Engineer with Optimus Information, says it’s a mistake for a developer to assume that web security tools can be applied to mobile apps. “You can’t lump them into the same bucket,” he says. “Mobile security has its own set of characteristics.”

Why Mobile Security is Different

Mobile apps also have their own unique security risks, Lo adds. Malware developers target mobile apps by first trying to “decompile” them. They change a few things so they can inject their own malware, recompile the app and sign a new security certificate that binds to the app, he says.

This is one of the chief security differences with web apps, that don’t need to sign a security certificate, and why different security strategies must be employed.

The best approach to securing a mobile app is in the design stage. “It’s really a mindset you need, that security should be part of the development process right from the start – especially when different frameworks are being considered.”

Choosing the Right Framework

Mobile apps often have a need for persistent data – user data or network data stored in a database, for example. Not all databases, however, are created equal and the choice will ultimately impact the app’s security features.

Albert Lo works with Android-based apps, which use a database called SQLite. The problem with this database is that it’s not secure, so an Android developer can reach for a framework known as Realmiv which comes with 256-bit encryption built in – but also demands up to 4MB of space for its database.

Optimus-Mobile-App-Security Mobile App Security: In Search of the Silver Bullet

Others, like Google’s framework called Roomv, can also be used. Room provides an abstraction layer over SQLite to allow for more robust database access but it doesn’t support database encryption – unless a developer puts in extra work to build encryption support. Room’s database, as a result, is much smaller.

One tool that has proven very useful here at Optimus is Google SafetyNet. SafetyNet is an API that lets a user know if an app has been compromised or tampered with. It can run on the server side and perform checks in real time to determine whether the mobile app has been compromised.

Open Source Open to Risk?

Albert Lo says he’s often asked if an open source code base like Android doesn’t have inherent security risks. He maintains that because of its open source nature, Android can be constantly improved when those with security backgrounds scrutinize and review the OS code base, something that can only help the code base become better and more secure over time.

“But, using an open source OS like Android means you also have to immediately adopt standards and best practices to safeguard against security threats and attacks on user data,” Lo states. Once adopted, the OS developer ensures that the app is less vulnerable to attack.

No Simple Fix

At the end of the day, “there is no silver bullet or framework that will magically address all your security concerns and requirements. That’s just the way it is. Securing a mobile app is complex and there are different concerns to deal with. For those apps that don’t store credit card information or have a database, for example, there’s no concern about encrypting a database,” Lo says.

He often refers to the Open Web Application Security Project or OWASP for counsel. OWASPvi is an open community “dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.”

OWASP’s Top 10

Recently, OWASP published its Mobile Top 10, a list of potential app security issues with suggested workarounds. At Optimus, Albert Lo and his associates adopt a layered approach when it comes to security, using OWASP guidance to assist them in providing fortress-like security during app development.

Best Practices Work Best

Will there come a time when mobile apps are fully and permanently secure? That’s hard to say with certainty. Blockchain technology holds great promise but, by simply following best practices and standards right now, developers can go a long way in creating secure mobile apps.

Albert Lo says he’s an evangelist when it comes to promoting mobile security best practices.

“Security is ever-changing because there’s new technology and new best practices every year. Security is not static. There is always something to learn.”

Rely On Our Expertise

At Optimus Information, that learning, as Albert says, is ongoing. As a result, we are delivering top quality – and highly secure – mobile apps to our customers, every day.

We invite you to tap into our wealth of experience in the critical area of mobile security by calling us to discuss how we can assist you with your project.

Dos and Don’ts of Software Outsourcing

Outsourcing software development can be a great way to save your company or organization time and money. However, if done haphazardly, it can also become a source of great headaches. It’s easy to make common mistakes, such as not clearly defining goals or expecting the process to magically produce results. It’s much harder to manage the process and see that it achieves the results you desire. Here are some dos and don’ts for you to consider as you get involved with software development outsourcing.

Do Define Your Goals and Metrics

One of the hardest things for any outsourcing services provider to deal with is a moving target. It’s important that you have clear planning documents in place that outline the goals for each project. Likewise, you also need to use clearly understood and widely trusted metrics to measure the success of a project. If you and your outsourcing provider agree on the measures of success, there’s a much better chance you’ll hit your target.

Don’t Fire and Forget

Handing a pile of specs to an outsourcing firm does not count as passing the project along. The process is inherently collaborative. It’s important that everyone on your side, the client side, stays engaged. When mockups come in, check them. When requirements are reportedly fulfilled, verify them. If errors occur, correct them. Do not plan to hand off the specs and just come back months later expecting to see a finished product.

Do Put Processes in Place

Every aspect of your project should have a clear process in place to ensure that both you and your outsourcing company understand what it means for a step to be considered complete. This means verifying that mockups are passed along and that both parties sign off on each step. Requirements for each stage should also be outlined clearly, and all parties involved should agree to them. Nothing dooms a project as fast as an ambiguous understanding of what it means for a step to be truly completed.

Do Communicate Well

This can be trickier than it sounds. Even if you’re running a North American firm that’s outsourcing to another firm on the continent, time differences matter. If your vendor doesn’t have flexible hours, then you’re likely losing collaboration time. For example, if a company in New York City is outsourcing to a firm in Vancouver, it’s important to know that the Vancouver folks are prepared to have someone show up early on some days to touch base with the New York crowd before the work day gets rolling.

Don’t Judge on Price Alone

One of the greatest temptations of outsourcing software development is to simply take the lowest price offered. This is a terrible idea. There are many tradeoffs required to get to the lowest price. Will you be dealing with people who speak your language natively? If the vendor is on the other side of the planet, will they even be able, at that price point, to have someone communicate with you live at a convenient time?

Do Expect a Performance Curve

If you’re beginning your first project with a specific vendor, it’s unrealistic to assume they will be able to just hit the ground running. Every outsourcing firm requires time to make sense of your company’s culture and figure out the best way to achieve the results you seek. Getting frustrated by this process can be very costly. There’s little benefit that can be expected by bouncing from vendor to vendor. Give vendors time to acclimate.

Don’t Outsource Core Functions

Some parts of your company just have to work. The best way to see that your operation works the right way is to ensure that core functions stay in-house. For example, if you ran a vinyl sign company, it would be insane to outsource your graphic design work. On the other hand, it might be perfectly reasonably to outsource backend coding for your website.

Do Prepare for the Future

No matter how strong your relationships may be with your current set of vendors, you need to know the market and be prepared for the future. If the day comes that your preferred vendor can no longer handle the scale of your work, you want to have a list of vetted alternatives in place. You can lose months of project time trying to find a new vendor.

Don’t Use Outsourcing as a Stopgap

Adding an outsourced software development team to your organization means incorporating it on a long-term basis. If you drop a project on an outsourcing company and then turn around expecting in-house people to maintain or even expand it, the results will be rubbish. It will may foster discontent among the in-house team. Look at long term partnerships where certain projects or tasks stay with your outsourcer and others stay with your in-house team. Your guys handling the outsourcing on your software will then become comfortable dealing with your in-house people handling core functions, and vice versa.

Don’t Rely on Technology Alone

There’s a lot to be said for getting in at least one face-to-face meeting, ideally more as required. Your vendor and you can both demonstrate commitment to the project. You also can interface more quickly. If at all possible, try to make in-person meetings part of the process.


Outsourcing is an amazing tool for any company to have access to. It is important, however, to appreciate that it’s not magical. It’s a process that your organization has to fully accept and integrate. With the right checks and balances in place, you can ensure that your outsourced software development efforts achieve the results you want.

Ultimately, successful IT outsourcing comes down to finding the right partner that fits with your organization and IT needs. Optimus Information has become a trust partner to companies of all sizes and in all verticals; we know what works and doesn’t work when it comes your your IT challenges and working with your organization. 

Contact us today for your next IT project. We’re always happy to help.

Start outsourcing effectively. Download our How to Overcome IT Outsourcing Challenges whitepaper.

Tactical Outsourcing vs Strategic Outsourcing

The term outsourcing scares people for various reasons, but there is no reason that it should. Outsourcing is very effective for certain situations, especially when developing software solutions. For a company to grow its internal IT department, it must search for a qualified candidate and go through the long process of interviewing, hiring, and training the new employee. This can take a long time and cost the company a lot of money. The alternative to this is outsourcing.

There are two main types of outsourcing that you can find for your IT needs: tactical and strategic.

Tactical Outsourcing

Tactical outsourcing refers to hiring a firm to perform specific development functions as part of your existing software development process. You retain oversight of the project, giving you more control over the process. This is very helpful if you need a project done on short notice because you can avoid the long process of searching for the right candidate.

Tactical outsourcing is also helpful when you have a short-term need for a highly skilled developer in a specific technology that you do not normally use. A developer with the right skill set may be very difficult to locate, so going through a skilled tactical partner can mean fast turnaround and lower overhead than hiring internal resources.

With tactical outsourcing, you maintain the planning process, including gathering requirements from stakeholders and designing the system that the developers will create. This increases management overhead, but it also allows you to have more control over the process and more knowledge about what is happening. They are familiar with your processes and answer to you throughout the process.

Strategic Outsourcing

Strategic outsourcing involves partnering with an IT company that provides top-down services. They handle the entire planning and development processes, leaving you free to focus more on other aspects of the business. This is nice for some companies because they are able to pay prices per project instead of per hour of work.

With either type of outsourcing, you should address a few key points with your prospective outsourcing partner. The first is documentation because you never know what could happen in the future. If a support issue comes up or you need new functionality added to an existing product, you will need proper documentation to know how the product is supposed to work. Ensuring that your partner provides proper documentation, both in the code and out, can be vital to handling these situations.

You should always provide full technical information about your requirements to your outsourcing partner. Leaving out any details could cause severe problems as you go through the process. Always remember to include all of your key decision makers and stakeholders in discussions to ensure that everybody’s goals align properly. Repeated changes over time can greatly increase the cost of any project, so planning everything up front is vital to a successful partnership.

You should always examine your prospective partner’s portfolio, looking for consistent, high-quality performance over time. Not all outsourcing companies are equal, and even great companies may not be the right choice if their goals do not align with yours. It is also important to note for what industries the company has worked. If the company has worked for other companies in your industry, it could mean that they are already familiar with many of your processes and terminology, making communications much easier.


Both outsourcing solutions could work for you, depending on your situation. Many companies prefer tactical outsourcing because it allows them to maintain more control over the process and usually means less of a commitment. However, the trade off is significantly more involvement from the client. 

At Optimus, we find there is a lot to gain from ongoing strategic outsourcing partnerships, and clients typically reap more benefits: less hands-on management, higher quality work, faster delivery and greater flexibility.

For an in-depth look at strategic outsourcing, check out our guide.

Download our Guide to Strategic Outsourcing


What to Look for in an Outsourcing Partner

Bad experiences with outsourcing providers are often traceable to badly designed selection processes or the use of deficient selection criteria. Whereas, you can find ample guidance online on how to build a robust selection framework, we will share the most important vendor attributes for comparing and contrasting outsourcing companies to ensure you select one right for you.

Sizing a Vendor to Your Project

When optimizing the capabilities of an IT provider to your project, size matters. If your organization can fund nine-figure deals, then the number of companies to field such a deal is not large, whereas for smaller projects you have a lot more choices.

The key is to find a provider of a size that will consider your deal to be a big deal. This significantly increases the odds that your project receives the attention it deserves by having their most talented staff assigned to it. Additionally, right-sizing usually provides meaningful accommodation in contract terms and professional treatment from the executive staff.

The risk of choosing an outsourcing company that is too small, however, is that they may not have a sufficient level of technical capabilities, skilled staff, certifications or experience to deliver what you hope to accomplish.

Local Presence with Global Delivery

If your company is based in North America, then choose an outsourcing vendor whose headquarters there. They will better understand your industry, business model, goals and processes since you are working within a similar cultural context.

Your company also benefits from local contractual protections should your project hit a serious speed bump. It also provides the distinct possibility that they can provide onsite staff at your site, which improves communication and timely escalation of critical issues.

However, vendors that also provide delivery from offshore will save you money. Furthermore, vendors with a global presence could directly interact with your own global sites and offer the possibility to add shifts in other time zones that work collaboratively with your local staff, which provides you with 24-hours a day of development.

Consistency in Quality and Delivery

Until recently, the majority of IT outsourcing firms sold themselves mainly on cost and based contracts on hourly rates. These days, more companies compete on their ability to produce results. Those results should include both timely delivery and measurably high-quality products or services.

During your due diligence, evaluate the vendor’s past work and pursue references to gauge how well the vendor has delivered on their promises. Have a detailed discussion with their senior staff about how their corporate culture reinforces the importance of on-time delivery and high quality throughout the ranks.

When you are convinced they will deliver what they say they will, it is still prudent to start the relationship with one or more smaller projects of a few months in duration to validate their work and timeliness for yourself.

Communication Capabilities

Well-planned, thorough and frequent communication is critical when using an IT outsourcing vendor. This goes double if the company you select has offshore resources, since both time and language may present communication barriers.

How much, when and how you each of you communicates with the other should be driven by the client. Both sides must identify primary contacts for specific areas. These people must have seconds in cases where the primary is unavailable. Daily meetings with program and development managers are not unreasonable as are weekly meetings with BDMs or department managers. To gauge frequency, ask yourself how much time you can afford to lose should a process go astray.

Vendors uncomfortable with your communication plan should raise a red flag with you, since this is such an essential element in your business relationship.

Their Range of Skill Sets

Except for the largest IT organizations, most companies do not have all the personnel with all the right skill sets for every project. When evaluating vendors’ technical and process capabilities, strike a balance between broad and deep skills that align with your business and project needs.

If you hope for the vendor to work on more than one type of project or you wish to establish a long-term relationship, then one with a broader range of skills may work out better in the long run. A possible drawback is that a project comes along that is a mismatch for the vendor’s skills and quality suffers.

Many enterprises today recognize that one size does not fit all, especially when working with small to mid-size IT outsourcing companies, so they choose to multi-source these services. This can complicate internal management of vendors, but often the point solutions that smaller vendors provide are of higher quality, with faster delivery and at the same or lesser cost.


Proper selection of an IT outsourcing vendor will significantly augment your company’s strategy and operations. Lack of due diligence, however, often leads to negative consequences plus lost time and money.

Use the selection criteria above along with a robust process comparing business requirements against each company’s pros and cons. This will lead to asking the right questions and building a seamless working relationship with a talented development provider.

The Optimus Information model is designed to allocate the right mix of local and offshore resources in order to optimize expertise, speed and cost. We provide the ability for development teams to quickly add specialty skills to a development team without incurring long-term costs.Our successful track record speaks for it’s self, and we love to share past work we’ve done. Our global team is made up of a diverse range of experienced professionals, allowing us to work on complex solutions requiring a wide variety expertise. The result for our customers is the capability to far better manage resource capacities and outcomes.

Contact us if for your next IT project. We’re always happy to help.

Contact us now

Top Ten Software Development Outsourcing Trends for 2016

Originally, the primary motivation to outsource software development was to achieve lower labor costs, but continuing and emerging business and technology trends in 2016 are leading to new client requirements on outsourcers. When choosing an outsourcing partner, more and more businesses are looking for closer alignment to their business goals, flexibility demands and quality requirements.

Thus, clients are evaluating outsourcing companies via increasingly sophisticated criteria. The smartest software providers are reciprocating by developing new service models while taking advantage of many of the same technologies driving these current trends.

1) Moving from Hours to Results

In order to ensure that enterprises are getting what they need for their money, most are now seeking out providers who operate on a results-driven model versus rates based on time. Furthermore, clients are demanding that payment schedules be based on satisfactory achievement of those results versus upfront fees or retainers.

2) Greater Flexibility

Clients are looking for providers who provide on-demand services without locking them into long-term contracts or volume commitments. This enables client companies to respond more efficiently to rapidly changing market demands. In response, development providers who are moving operations to cloud resources are the ones most likely to adapt to the increased demand for flexibility.

3) Utilization of DevOps Practices Continues Apace

DevOps continues to attract adherents as it goes mainstream in up to 25 percent of companies this year, according to Gartner. Most of the IT departments in these organizations are transitioning to a service center model. Service providers who already operate in this manner will more easily blend into these organizations’ processes and decision-making apparatus.

4) Security Risk Perception Increases

A key concern within any outsourcing strategy is security. With the growing presence of the Internet of Things and the potential for an exponentially larger attack surface, software development outsourcing companies must ensure that their own security vulnerabilities are addressed in a manner that will win the confidence of client decision makers. Demonstrating solid track records and establish policies is of high importance when selecting a vendor.

5) Managing Infrastructure as Code

Amazon’s AWS has enabled the application of software development change management systems to development and deployment infrastructure. AWS is dedicated to making this paradigm increasingly easier with new APIs and services. Outsourcers who adopt this practice are reaping large benefits in their software support, testing and deployment efficiency by synching servers, storage and networking infrastructure to precise versions of the source code.

6) Multi-Sourcing Technologies Impacts Integration

Client companies are utilizing a more complex mix of software products and services this year. This multi-sourcing of technologies presents in-house management challenges, and a rise of new vendor management offices. The challenge for software providers is meeting new performance and integration standards from VMOs. Compliance failure may result in the outsourcer being dropped in the interests of streamlining operations.

7) Business Process Outsourcing Being Replaced by Robotic Process Automation

The software outsourcing industry in 2016 will continue to feel the influence of the rise of RPA. In fact, one of RPA’s touted benefits is the reduction of outsourcing, especially via cloud-based RPA services. Those outsourcers who can adapt by offering relevant automated services in the most responsive, scalable and efficient manner are the ones who can survive and profit from this trend.

8) Outsourcing Selection is Speeding Up

Along with the adoption of agile methodologies within software development, business decisions are also being made with more agility and higher velocity. Outsourcers will increasingly recognize this trend as more clients endeavor to close smaller deals faster in order to stay ahead of their competition.

9) Adept Companies Are Being More Selective with What They Outsource

Many organizations who originally turned to outsourcing to compensate for a lack of internal expertise and resources have grown more sophisticated over time. They are progressively learning to be more selective regarding what to do in-house versus handing off to an outsourcing provider. Organizations are looking deeper into what their core competencies are and what they can outsource to make themselves more efficient in-house. Their motivations are usually the desires for greater flexibility, responsiveness or cost reductions, all of which software providers need to be sensitive to in contract negotiations.

10) Outsourcing Company Accommodation Increasing

It is no longer the case that companies seek out only the lowest cost provider. Sophisticated outsourcing companies will respond tactically and strategically to all the trends discussed here to grow or to survive. This trend can be seen in the greater tendency for outsourcers to adapt and adjust terms or offer new services in an effort to deliver the best product and service.


The outsourcing industry is more fluid than ever this year with clients focusing less on price per se and more on results, quality, integration, security and agility from software development providers. As you adapt to your own fast-moving markets and the rise of paradigm-shaking technologies such as IoT and on-demand infrastructure, so do we. Optimus stays two steps ahead in order to support your business in all your software and IT requirements.

At Optimus, we consistently stay on top of these trends while leveraging the forces driving them to bring you the solutions you need. Contact us to help with your next development, testing, cloud, BI or mobile project.

5 Steps to Troubleshooting iOS Applications

When your users are facing issues, how do you go about troubleshooting? The first step is to recreate the issue so that when you think you’ve fixed it you can actually test to confirm. Sometimes even recreating the issue is a challenge because some issues are very specific combinations of devices, OS, app version, account information, or workflows.

Depending on the complexity of the issue you may need to gather quite a bit of information in order to identify the cause and come up with a solution.

Below are some of the key steps we take when working on a complicated issue. Steps 1 and 2 are really just to be able to create the problem – preferably with minimal impact on the user.

Step 1: Gather information from the user

The first step is pretty obvious, try to figure out what the user was doing that lead to the issue. It could be a complicated workflow, an unexpected chain of events, or a normal user story that is simply failing on a certain device.

Start by gathering the following information from the user either by asking them directly or capturing this information via remote logs:

  1. Device
  2. OS version
  3. App version
  4. Internet connection (if applicable): 2G, 3G, LTE, Wifi
  5. Date & time of issue: this information is used to lookup server logs
  6. Screenshots of the issue
  7. Username and password (if applicable and only if necessary)
  8. Specific records being accessed at the time (if applicable): some issues will be related to specific records that may be corrupted or otherwise not handled correctly
  9. Crash logs from iTunes or remote crash logging services: we highly recommend setting up remote crash logging as it’ll keep track of crashes and provide powerful analytics
  10. Available memory on device and how much memory your application is using (screenshot of the settings screen helps here)

Pro tip: using services like TestFlight or Hockey App you can get remote logs and during beta testing you can even see which user faced the issue. This is a major time saver for both developers and users.

Step 2: Watch the user recreate the issue

If the above information you’ve gathered about the affected user(s) doesn’t help recreate the issue, then watching the user recreate the issue in real-time will help. If you’re able to physically sit with the user while they recreate the issue that’s preferred; however, if they’re remote then you can ask them to recreate the issue while in a conference call.

Using software like AirServer, the user can turn their computer (Mac or PC) into a Air Play server and mirror their iPhone/iPad/iPod Touch. This will enable you to watch them tap through the screens, switch orientation, and so on as they recreate the issue.

Step 3: Recreate the problem

Steps 1 and 2 are really aimed at recreating the problem. It’s very important that the development and QA teams be able to recreate the problem consistently on their test devices. This will make it easier to troubleshoot and confirm once the issue is resolved. This is also the stage where you test on several devices and operating systems to see how widespread the issue is.

Step 4: Resolve the issue and test

Once you have confirmed recreate steps, now you can work to resolve the issue and conduct QA to ensure no other issues have been created. This is a good time to create some additional unit tests or test cases to ensure this issue does re-appear down the road.

Step 5: Deploy the fix

After the issue has been resolved on a test system, it’s time to deploy. Depending on your relationship with the user, this is a good time to test the fix on the production environment and confirm that the issue has been adequately resolved. It’s very important to test once again after deployment as the test environment may behave differently from production.

5 Reasons Why Mobile Strategy Fails

Mobile marketing cannot simply consist of building an app and watching it being downloaded. There has to be a concrete mobile strategy to oversee your moves and plan for scenarios. Of course, there is good strategy and there is bad. Here, we look at some of the bad, and try to learn from those mistakes.

In fact, mobile strategy planning should come before the app, with the app being a part of the whole scenario. A concrete strategy even goes a long way in bettering the app itself, since it essentially is a plan for a relationship between the app and its customers. But mobile strategies fail. Sometimes, failure is due to a factor previously unaccounted for, and that is natural. With constantly changing market and user requirements, trends, business and government policies, there is never one best strategy. What one can do, is not make the same mistakes that were made in the past. So, lets look at some so called bad strategies and why they end up breaking down:

Not Understanding the Intended Customer

Every app is unique, and it is built to serve unique customer needs. And though your app may be perfect to fulfill your customer’s needs, if you don’t tailor it according to their life, the strategy is subject to fail. For example, building an app that replicates desktop functionality for stock brokers was a great idea. But it didn’t work because a typical trader, after spending 14 hours a day working on multiple desktop screens, doesn’t really want to come back home and stare at the same format on his iPad. The key here is that even though the idea was great, the company never thought about product substitution by understanding the lifestyle of the consumer. The solution was to take inspiration from televisions ‘second screen’ approach and provide functions like news feed, entertainment and sms coupled with the initial format.

Lack of Mobile Metrics

Unlike the web, mobile technology has less resources to track metrics. This means that on some level, typical lack of data leads to the generation of inaccurate ROI. Thus, most firms just pick up traditional KPIs and apply them to mobile specific analysis. The key is to spend the extra mile on metric generation – not just download amount and duration. One of the most powerful mobile metrics that can be generated is location. Where your app is being installed the most is an incredible way to judge the consumer diaspora and build up on it.

Purchasing Stock Applications

You can go out and buy stock application code for your mobile app. But if you are catering to a niche crowd with unique requirements, you need to go the extra mile and spend on building a custom application. Else, your app will be one of the tens of thousands of normal, mundane apps based on the same structures without providing anything new. In a world full of shrink-to-fit mobile applications, you need to be unique.

Choosing the Right Platform

Choosing the right platform is such an important decision in mobile strategy that it can make or break your app. You can obtain the first mover advantage by choosing a platform in which your app is unexplored. Going multi platform is also a good option, to embark on a greater market share. Releasing your product in a new platform after it has created some noise in the first one is also a good strategic decision. Timing is an important factor here, and multiple platforms means that you have multiple sub-markets for your products.

Forced Gamification

It often happens that one successful strategy breeds so many copycats that it gets saturated, turning into a bad strategy. This might have happened with gamification. Interactive gaming apps that served an ulterior motive were a good strategy – everyone loves mobile games. There is no dearth for it. But forcibly pushing your app for another one of thousands of established games on the app stores is a no no. Lesson – try not to be a strategy copycat.

Get in touch with OptimusMobility to know more about good mobile strategy. We can help you see where you might be going wrong, and fixing it to make your app successful!

5 Steps for Creating a Successful Mobile App (Part 2)

The following is Part 2 of our article on the 5 Steps for Creating a Successful Mobile App. Click here to read Part 1.

3 – Building Your App

Native, Web or Hybrid

A key decision concerns whether your app will run natively, be web-based or be a hybrid of these two methods. It is possible that you will want to access the advantages of each approach by creating different app versions.

Native apps run directly on a chosen platform, such as iOS or Android. This approach generally provides the highest speed, reliability and direct access to every gadget and widget on a particular platform. The app is written in a particular language tied to the platform you choose, i.e. Swift or Objective-C for iOS or Java for an Android platform. There are cross-platform development environments, but that level of complexity and expense is not recommended for first-time app developers.

Web apps utilize HTML5, CSS3 and JavaScript. The app is executed via the platform’s web browser, so it is more limited in terms of accessing platform capabilities directly, though that situation is gradually improving. Overall performance, especially on resource-limited platforms is diminished. Of course, web-based apps are platform-agnostic, meaning more devices are available to your app.

A hybrid approach is essentially a web-based app that is packaged inside a platform-specific execution shell. Thus, it installs like a native app, may have access to device hardware via a framework such as PhoneGap, but its performance is on par with web-based apps.

There are many more pros and cons to each approach, but for first-time app developers, either the web-based or hybrid approaches make the most sense.

Who Will Code Your App?

If you have no coding experience with any language and are in a hurry, hiring a freelance coder is the best way to go, although it does not alleviate you from the task of writing detailed specifications. In fact, your specification needs to be exquisitely detailed if you expect someone else to interpret it and produce an app that comes close to what you had in mind. That goes double if the contract programmer’s native language is not the same as yours.

Even if you have prior coding experience, you may still want to contract the app code especially if you have more money than time. If you do not already know the particular language or languages that are germane to the platform you are targeting, it will likely take a few months or more to become proficient enough to develop a competitive app yourself.

Here are rough guidelines as to how many hours you can expect a contract programmer to put in to write your app:

  • Simplest app built with templates without backend communication: 100 to 200 hours
  • App requiring a database: 150 to 300 hours
  • Game app: over 400 hours

The nominal hourly rate for a developer can vary widely from $20 to $100 per hour with commensurate variance in their productivity.

If you stick to web-based apps and have the aptitude, patience and will to write your app yourself, there are plenty of online resources to help you with that. Treehouse or Codeacademy, for example, can teach you any relevant language online.

There is more to it than learning the language, however. You must set up a development environment in which to accomplish your work. If you learn HTML5, CSS3 and Javascript, you can leverage a cloud-based mobile app development framework to complete your app end-to-end. Here is a comprehensive list of the best ones:

Once you have written your app, you move on to the next, equally important, step of testing.

4 – Testing Your App

Test Early and Often

Testing your mobile app starts concurrently with writing the app. As soon as there is executable code, test it. Many Integrated Development Environments for mobile apps include some form of device emulator so you need not switch tools to test code as you go. The necessity of early testing is based on the principle that as your code becomes more complex, the more difficult and expensive it becomes to remove defects.

Types of Testing

Most testing falls into the categories of functional, performance, UI/UX and security.

Functional Testing

This is simply testing that everything works according to the specification you made before you started coding. You will ensure that all the menu items, widgets, display pages, calculations, formats and error handlers are accurate and do what you expect them to do.

Performance Testing

Performance testing relates to the speed and responsiveness of your app under different operating conditions. It includes tests that assess app performance under differing CPU capabilities, different amounts of memory, low power, varying platform and network loads as well as server loads if your app requires server interaction.

User Interface and User Experience Testing

UI/UX testing can become very complicated very quickly. First of all, you are looking for how the user interface responds on different screen sizes and in different orientations. Secondly, you want to validate the UI design by actually using the app. The app flow should be smooth, logical and flexible. If you find yourself in UI dead-ends that take more than a single click or gesture to escape from, you have a problem.

The most productive but potentially stressful way to test both UI and UX is to employ unbiased third parties as testers. Do not make the fatal mistake of letting app consumers do your UI/UX testing for you after product release. That is the surest way to entered the lowest-rated category in any app store.

Security Testing

Security is an area where many apps perform a face plant upon release. Most released apps have potential security gaps, but that does not mean that your app must succumb to mediocrity.
Follow these guidelines to raise your confidence level that your app is safe:

  • Always encrypt off-platform data transfers
  • Always encrypt stored data that may contain sensitive information even in log files
  • Identify all app points of entry and decide if any or all should require authentication
  • Do not assume that the server side of your app, if any, is secure. Verify it.
  • Use the best authentication practices and packages available.

If you are unsure of the security of your app, consider hiring a third-party specialist to evaluate it.

5 – Promoting Your App

There is no single path to obtaining widespread adoption of your mobile app. You must take a multi-pronged approach to its promotion:

  • Use as many channels as possible to promulgate the benefits of your app on social media, websites, news outlets, blogs, emails and in the app stores. Of course, if you have existing customers, be sure to contact them.
  • Utilize multiple entry points to the above using QR codes, SMS codes and URLs.
  • Leverage multimedia, especially video, to show how cool your app is in real life.
  • Customer reviews are your most valuable promotion tool. If you executed flawlessly in marketing, development and testing, you should have no worries about getting top ratings.
  • If your app is monetized, figure out ways to incentive downloads by providing free trial versions, purchase or subscription discounts, free premium services such as ad-free usage or raffles.
  • Take advantage of other app outlets besides Google Play and Apple’s App Store.
  • Participate in award contests so you can obtain bragging rights.
  • Display good customer support practices such as timely defect repair, answering questions promptly, responding politely to critical comments and thanking those who leave you high ratings.

If your GQ – geekiness quotient – is higher than most people you know, you may find that promotion does not come naturally. Like coding, it is something you can learn or hire out. There are a plethora of inexpensive, online freelancers who can help with promotion by formulating campaigns and producing eye-catching collateral.


Mobile app development holds much appeal for anyone who has a sound mix of creativity, engineering skill and a bit of craziness. It is a hyper-competitive environment, but one with the potential for phenomenal rewards.

As with any software development exercise, it requires that you pass through a number of steps in order to achieve success: Marketing, designing, prototyping, coding, testing and promotion.

These require a basket of different skills, some of which may be better acquired from others versus taking on everything by yourself. Additionally, if you are in this to make money, you need some sound business skills to ensure a profit.

Even though you have a great idea for a mobile app, always keep in mind that the people who download your app are the ultimate judges of your app’s value. Forming a customer-centric attitude and maintaining it throughout every step of creating your mobile app is difficult but is the most important skill of all.

5 Steps for Creating a Successful Mobile App (Part 1)

The inspiration and motivation for creating a mobile app usually falls into three categories:

  1. You want to use it as part of a promotional strategy for an existing business
  2. You are certain you have the next killer app, which does not yet exist among the nearly 3 million apps already available for download
  3. You have never written a mobile app before but want to try it for your own amusement

The first are concerned with making money indirectly or directly. The third one is for hobbyists, whose feelings would not be hurt if the app was actually monetarily successful. While not trying to sound overly discouraging, you may find that even if you consider yourself in one of the first two categories, you may be telling your friends you were actually in category 3 by the end of your first mobile app development experience.

To simplify the discussion below, however, let us assume you are serious about making money from your activity. If you truly are only interested in creating a mobile app for entertainment purposes, then skip the first section about making your business case.

1 – Make a Business Case for Your App

The mobile app development game has greatly matured in recent years. The competition is ruthless, while writing apps has become easier. The latter means that it is more feasible than ever that you or a hired gun can create the app quickly. However, you must now invest far more attention to marketing and promotion than 10 years ago.

The first priority is to see if you can make a solid, market-based business case for your app before writing a single line of code:

  • Clearly state the specific problem your app solves. If it is a game, then identify how its entertainment value competes with the million other mobile games in app stores. If your app is supporting another business, say, a donut shop, then the business case is straighforward. You are making a portal for local customers to view your menu, promotions and location. For anything else, identify tangible benefits such as productivity increases, revenue increases or improvements in convenience or safety.
  • Quantify the app’s potential market size. Look for how many downloads related apps receive. Use services, such as, to determine how many web sites are related to your app’s niche and Google’s keyword analytics to gauge the volume of searches relevant to your idea.
  • Armed with rough ideas of market potential, consider tweaking your app idea for greater acceptance by prioritizing its features based on the value they bring to customers.

Hold your business case out for scrutiny from other people with objective viewpoints. It is essential that you maintain an attitude of objectivity yourself when accepting constructive criticism.

Test your app’s market potential directly by creating several smaller apps around the same theme and see how well they are received before painting your masterpiece. Many successful app developers make good money by creating large portfolios of smaller, leaner, niche apps.

2 – Designing Your App

Since mobile app customers have so many choices, they are naturally picky consumers. App design, usability and performance must be superb in order to grab their attention and hold it. They have little tolerance for awkward app-flow, clunky graphics and anything that distracts from the purpose for which they acquired the app in the first place.

UI Design

Fortunately, there are now well-defined standards and guidelines regarding app UI layout that result in a pleasant appearance, optimize user interaction and allow UI scaling to different screen sizes and orientations. An example is Google’s Adaptive UI guide –

You should also reference sites that illustrate UI design patterns for various classes of applications such as cataloged on the Mobile Patterns website: It hardly pays to reinvent the wheel when it comes to finding interface patterns proven to work well.

Prototyping the Design

Just as a beautifully architected bridge needs to withstand heavy traffic loads and high winds, your mobile app not only needs to look good but must perform its tasks and perform them well.

For instance, a key annoyance for users are delays. Most often, this happens when an app depends on back-end server communication and network connectivity is flaky or when heavy calculations are required for which the mobile device’s processor is inadequate. Some delays are unavoidable, but they can be mitigated by step-wise animations that impart a feeling of progress to the user.

There are many prototyping tools available, such as that you can use to create your mobile app mock-up before writing any code to test the look-and-feel, UI flows and identify where performance bottlenecks might exist. Upfront design testing is much more efficient within prototypes than with actual app code.

Advantages of Native Mobile App Development (Part 2)

The following is Part 2 of our article on the Advantages of Native Mobile App Development. Click here to read Part 1.

Cross-Platform Frameworks

A number of companies are producing cross-development frameworks for mobile applications that produce native mobile apps that can run on both iOS and Android from the same code base. These are not hybrid apps that utilize web components to achieve portability but truly native apps with full access to native platform capabilities.

Cross-development frameworks use different approaches, which they may combine, to achieve varying degrees of write-once-run-everywhere capabilities. Some take an LCD approach by creating more or less uniform abstraction of various platform capabilities into a single API, whereas others distinguish between target platforms via separate API interfaces, class abstraction or conditional compilation.


Development in Xamarin is solely in C# and the utilization of APIs that encapsulate shared behavior and specific capabilities between platforms in portable and platform-specific APIs. Where platforms diverge, the C# code is written using platform-specific code, which is conditionally compiled.

Xamarin uses Portable Class Libraries for platform-agnostic code plus Xamarin.iOS, Xamarin.Android libraries or .NET projects. Thus .NET apps can also be ported to iOS or Android using Xamarin. Xamarin’s IDE is Xamarin Studio, though a version also exists that can plug in directly to Microsoft Visual Studio. Xamarin claims they achieve between 60 and 100 percent code reusability and 100 percent native performance.

Appcelerator Titanium

Appcelerator Titanium is a free, open-source framework that supports cross-development on iOS, Android, Windows Phone, BlackBerry OS and Tizen. The Apache Titanium SDK, Apache MVC framework and a proprietary IDE called Titanium Studio are included.
Mobile application code is written in JavaScript, which is interpreted on the target platform by platform-specific JavaScript engines. This code is linked to native Titanium APIs that provide direct platform access. Thus, Appcelerator Titanium uses runtime evaluation versus cross-compilation of the mobile app.

Smartface App Studio

Smartface, Inc. offers an IDE for designing, coding and publishing native iOS and Android apps. Like Appcelerator Titanium, development is in JavaScript. The IDE includes a WYSIWYG design editor and device emulator that claims to support both Android and iOS UIs with a single design. Smartface App Studio runs on a Windows platform so that iOS developers are not tied to using a Mac machine.


Configure.IT is a cloud-based environment supporting the cross-development of both iOS and Android mobile applications. Its tools enable automated code writing and standardization from start to app-store deployment. Even non-coders can use it to produce error-free native iOS and Android apps that are compiled from either Objective-C or Java, respectively. Although it includes a vast features library, custom code can also be written. It also accepts 3rd-party APIs from Facebook, Twitter, Paypal and many others. Configure.IT estimates that data-driven apps can be developed in 50 percent of the time taken by conventional coding methods.

Other Considerations and Disadvantages to Various Frameworks


Although many native, cross-development mobile app frameworks are free, some are not. Even with free frameworks, there may be additional tools or licenses that cost money.

Version Support

Since native applications do not take a lowest-common-denominator approach to a platform’s UI or specific hardware capabilities, they are more sensitive to platform advances such as new hardware, OS upgrades and UI improvements as compared to web-based apps. Thus, it is important to understand a particular framework’s policy toward supporting new hardware and software releases.

In this regard, Xamarin can boast the most responsive policy, which attempts to deliver platform version support within days if not hours. Other frameworks, such as Smartface, only offer upgrades quarterly. Since the framework is updated quarterly, developers who want to keep up with the latest changes in iOS or Android must experience up to a 3-month delay in obtaining these and re-releasing their app.

Execution Time

Any framework that utilizes JavaScript and native libraries will suffer from slower startup compared to a pure native application. This is because the JavaScript application, all the libraries it links to and the native interpreter must be completely loaded into memory before execution begins. Furthermore, some frameworks, such as Titanium have had issues regarding memory management and stability.

Coding Language

Because cross-platform frameworks must necessarily choose a single development language, their choice is not always a convenient one. For instance, even though C# is a relatively easy language to learn, it is not in as common use as, say, JavaScript. Thus, any organization wishing to use Xamarin for mobile apps must take into account the learning curve for non-C# coders.


Naturally, whether a company is producing an in-house mobile app, one that helps customers and partners interact with the company or one that generates direct revenue, that company would prefer that it run on as many platforms as possible. Currently, an app that can run on both iOS and Android has a potential marketplace covering 90 percent of mobile device users. That is the number one reason why cross-development mobile app frameworks are considered in the first place.

Although write-once-run-everywhere apps can be accomplished by using a web-based approach where the app is written in HTML5, CSS3 and JavaScript, these apps have several disadvantages compared to apps that can run natively on mobile devices. Because they run within a mobile web browser, their UIs do not blend as seamlessly as do native app UIs, nor can they access the full platform hardware capabilities. To some degree their performance also suffers.

Developers who wish to produce applications that provide a smoother user experience, tighter integration with platform hardware, full support for user preferences and increased user engagement will choose to develop native applications. These reasons are why both LinkedIn and Facebook traded in their web-based applications for native apps.

Truly native performance, however, is non-trivial to achieve in a cross-platform environment that also tries to mitigate disadvantages such as learning a new coding language, keeping up with platform changes and supplying native performance without limitations at a reasonable cost.

Fortunately, for the organization contemplating native cross-development, there are a large number of native mobile app frameworks on the market today. In all cases, utilization of these frameworks reduces the amount of effort and time-to-market of having to rewrite a particular application in separate native IDEs such as Xcode or Android Studio.

Of today’s cross-development frameworks, Xamarin offers the most comprehensive, optimized and up-to-date environment for iOS, Android and Windows mobile apps but at the highest cost. Many frameworks, such as Appcelerator Titanium and Smartface, utilize an approach of linkable native libraries and on-device runtime interpreters, which reduces cost but somewhat lowers performance. Configure.IT offers a unique cloud-based, automated code generator approach that, despite less flexibility in the types of applications that can be produced, produces completely native code in Objective-C/Swift or Java for iOS or Android versions, respectively.

In the end, the choice of whether to go native versus employing hybrid or web-based approach plus choosing a development framework depends on several factors. These factors include the degree to which the developers want to provide seamless UI/UX to customers, top app performance and the ability to keep up with platform changes. Of course, there are always cost and production time considerations. Finally, the particular requirements of any app may mean that a native version is either not practical or unnecessary. For instance, an app that needs only a simple interface and whose performance is heavily bound by back-end processing could as easily get by with web-based development.