Is Your Mobile App Safe From These Security Breaches?

Data ProtectionAs a mobile app tester, part of your job is to ensure that the mobile app downloaded onto a user’s phone is protected against a potential security breach. But which ones, exactly?

Information Week has recently explored the most important, plausible security breaches, and we have highlighted the top three that your mobile app developers and testers should specifically zone in on when creating a mobile app.

Data Storage Security
A common accommodation that most mobile apps provide is the option for a user to save their password for a particular account.  This option saves the user time – a selling point that most customers are drawn to this present day.

However, in order to provide this option to your user, mobile app developers need to be sure that the information is secure.

It’s common for users to employ the same username and password across systems, so if someone compromises that particular password, the potential also exists for them to compromise additional user accounts.”

What should mobile app developers do in order to avoid this mistake? Plan your mobile app in a way so that the private information – names, phone numbers, credit card numbers, etc. – for your mobile application are not stored directly on the phone in any way.  This way, if a phone is plugged into a PC or the phone has been stolen, this private information cannot be extracted from the mobile device and used with other purchases.

Read more …

uTest - Essential Guide to Mobile App Testing

Mobile Apps Are Killing the Web, But Does It Matter?

appsThere is no doubt that mobile app usage is climbing at incredible speeds, but will the result of that be the end of the web? And if so, is that something that is concerning? Matthew Ingram provides some great insight into the discussion in his post here.

As the two infographics in the article display, mobile usage has surpassed desktop, with nearly 86% of mobile time usage being spend in applications rather than the mobile web. App usage provides companies with far greater control over the user’s experience, so clearly it is more popular from the company’s point of view. As a result, users of course get a much better experience using applications over the mobile web, which is not being focused on by developers.

Apps Vs. Web – Does it Matter?
One of the main concerns to an increased movements to applications over the mobile web is that apps are controlled by a very few number of main players in the industry. Google and Apple control a vast majority of apps in their markets, and can influence what apps become more popular or are even allowed to exist. Google just recently pulled the number 1 paid app from the market (because it was a scam) showing the power it ultimately holds over individual applications. Of course this was done for a good reason, but it is easy to see how people could be wary of potential abuse.

Bad intentions aside, the app market is begging to foster a “rich get richer” mentality. The apps that are chosen to be placed on the homepage of the markets obviously get bigger and more popular. Related apps (made by the same companies) are dragged upwards with them, thus perpetuating the cycle. This is making innovation more difficult amongst app developers.

Read more …

Testing Biometric App Technology

fingerprintsIn the world of mobile, there are certain apps with certain features that have practically NO room for error. A good example would be an app that uses a fingerprint scan to grant access to your banking information. Such an app would need to be tested extensively under all sorts of real-world scenarios, yes?

Hopefully. According to IT News, Westpac New Zealand has created such an app; one that provides users with the option to either set up a password or enable the use of their fingerprint in order to access their banking information. Since these types of apps will only become more common in the coming years, it’s important to take a closer look at some of the key QA considerations. Here are a few from this specific instance.

“Biometrics has been around for some twenty years but banks have been slow to adopt the technology and with good reason. A fingerprint scan is certainly more secure than an insecurely stored PIN or password, but if your password is stolen you simply change it. There is no DR approach for a stolen fingerprint.”

The point here is that no app – nor any piece of software – is ever 100% safe. So while fingerprint scans might seem like a bullet-proof way to ensure that the user (and only the user) has access to the data, they will still need to make security testing a top priority, which leads us to our next point…

Read more …

3 Not-So-Obvious Ways to Avoid Mobile App Security Problems

enterprise-mobile-apps-securityBy now, most companies understand the importance of mobile app security, even if they’re not entirely sure how to best achieve it. Security testing – via real testers and automated tools – is the obvious route, but there are several lesser-known methods for ensuring that your mobile app is safe for users.

Here are three such methods (along with our own commentary) courtesy of SearchCIO:

Avoid Open-Ended Questions

Any personal data collected from a mobile app could turn up in unintended and awkward places. And you will get blamed, even if the customer is at fault for the privacy invasion.”

Although there are security measures in place to format your app so only select individuals are able to view consumer information, accidents can occur. The chance of a company grabbing hold or misplacing data is very possible and almost always happens as the result of human error.  For example, if you have an advertisement that’s sponsoring the survey within your app, it’s possible that said advertiser may click through to view the information your customers are giving your company, even if by accident.

Look over the information and determine what you need to know (as opposed to what you want to know) from your client base.  And focus “yes” and “no” answers; don’t leave any room for error or for a consumer’s privacy to be breached.

Avoid Adding Photos or Videos

Digital photos today are married to metadata, which can intrude on a person’s privacy by indicating the exact location, time and date of the photo. Take enough photos over time and the metadata provides a detailed roadmap of that customer’s travels.”

Yes, photographs are able to give your app that extra “jazz,” but if you can avoid using them within your app, do it.  Enabling photos will only make your company more liable to any potential harm and misconstrued information that your customers provide while using the app.

Read more …

3 Things Every Enterprise Should Know About App Testing

enterpriseBelieve it or not, testing – particularly security testing - is still not a high priority for enterprises who develop mobile apps. Despite all that’s at stake, they continue to neglect even the most basic fundamentals. And in doing so, they are putting YOUR personal information (contacts, calendars, passwords, etc.) at risk. Scary, right?

We thought so, which is why we wanted to share a few things every enterprise should know about mobile app testing from this recent article on SearchSoftwareQuality.com. Let’s take a closer look:

1. There’s still a lot we don’t know about the mobile space…

“Mobile app platforms are relatively new, and therefore, both the know-how — as well as inherent security in the code — is not very well understood.”

The downside about mobile app platforms being so new is that even the developers who do have experience writing code are still exploring a new territory with the mobile app.  Writing code for a mobile app is very different from other programs and, although a web developer may be under the impression that the code works out well for the mobile app, there is plenty of room for error – something many enterprises end up learning the hard way.

2. Security testing is NOT a post-launch activity.

“We can sometimes expose these vulnerabilities through open source tools, vulnerabilities that we were not able to expose through commercial tools.”

Read more …

Lessons Learned from Forgotten Mobile Apps

why-mobile-apps-failAnybody with a smartphone has a folder of forgotten apps. We have come to an age where the mobile smartphone is the primary, if not exclusive, platform for launching an application. But the formula for mobile-app success is not as simple as some may think. Here’s a list of 5 companies that you probably don’t want to follow.

1. Spork

Spork let users rate specific dishes at restaurants. Unfortunately, rival app Foodspotting had similar features and was released around the same time. Foodspotting had a bigger budget for advertising and marketing compared to the Spork start-up company. Thus, one mistake that companies often make is they allow their apps to stay in development for too long. By the time the app launches, the field is already filled with competing apps with similar capabilities.

Spork registered about 100,000 downloads but the company took it’s biggest hit when OpenTable, a restaurant-reservation app, acquired Foodspotting for $10 million. Spork fizzled out only a year after it was launched.

2. Amp UP Before You Score

Tailor your app to a specific target audience, but make sure it doesn’t offend audiences outside of it. Pepsico’s iPhone app “AMP UP Before You Score” had an initial buzz when it was first released, but was later pulled due to the nature of it’s content.

The app was invented to help guys pick up girls. It categorized women into 24 different stereotypes, such as “Princess”, “Cougar”, “Indie Girl” and had pick-up lines associated with each type of girl. If you “scored” you could share it on Facebook in your “Brag List.”

Read more …

The 3 Essential Questions for Mobile App Testing

img_mobile_questionmarkLaunching a mobile app is relatively easy. Launching a mobile app that becomes part of the user’s everyday life, well, that’s much more of a challenge. Consider this frightening statistic from business2community.com:

“A recent study from Compuware shows that 80-90% of apps are deleted after only one use. In other words, first impressions count.”

Lucky for you, the same article references 10 Essential Tests to Drive Mobile App Downloads, Engagement & Retention. I wanted to focus on three of those tests in particular – in the form of questions – which will help your app stay on the user’s device. Let’s take a look:

Does your app include a registration?

“Apps that require a registration before using it, lose up to 56% of its users.”

You’re launching a mobile app that you want consumers to embrace – so don’t have a lengthy registration before use. Ideally you want to slip the registration in there after they fall in love with the app; perhaps after they complete a certain level if it’s a mobile game, or in order to receive a specific piece of information in their profile if it’s a mobile dating service.

Once they do reach the registration page, always remember to keep it short and simple; overloading your user with a long list of questions will scare them away from using your app – to be blunt, they won’t want to put in the effort. The attention of a consumer is very short so, instead of a lengthy registration, break it into multiple pages.

Read more …

Devs Rush to Android Wear

android-wear-970x0At first, I thought that Samsung’s ad for the introduction of Galaxy Gear – featuring a sleek and nostalgic montage of Sci-fi smartwatches – was a brilliant piece of marketing…for a product that wouldn’t go very far. I couldn’t have been more wrong. The trend has continued to grow and now the titan of tech (Google) is introducing its first wearable tech: Android Wear.

Developers are taking part in a mad dash to get their apps ready for the new Android platform. Voice control will be a main feature in apps and services that are offered on the Android Wear, because typing with one hand on your other wrist is less than ideal. Quick relevant information, short updates, quick messages and of course Google searches will now be as accessible as a quick glance to your wrist.

The Good –Well to put it simply, it is Google and Android. Developers for wearable tech will now be able to use a software development kit that is connected to the Android codebase and Google Services that they already use for mobile apps. This wearable tech will continue to expand the functionality that many mobile phones already provide. Joe Bondi, the CTO at Runkeeper pointed out that it is a natural step for apps that are used “on the go” such as theirs. You could finally have the option of not running with your phone in your pocket or in an uncomfortable arm band!

Read more …

Mobile App Monetization: Inside the Numbers

mobile-monetizationIn the past, we’ve discussed the many ways it is possible to enable your apps to generate revenue, but now thanks to VisionMobile, we can take a look at the numbers to analyze these methods. These stats come from a survey of more than 7000 developers from 127 countries.

Perhaps it will give some valuable insight as to which method or methods are the best choices in optimizing the profitability of your apps. Below are different methods of monetization with the percent of developers that preferred them and the median revenue per month they generate:

App as a Channel

  • In app advertising – 26% of developers preferred, median revenue of $150 per month
  • Indirectly (through brand awareness) – 12% preferred, median revenue of $150
  • Developer Services – 8% preferred, median revenue of $750
  • E-commerce sales – 8% preferred, median revenue of $2,750
  • Affiliate or CPI programs – 5% preferred, median revenue of $1,500

App as a product

  • Contract work/Commissioned apps – 26% preferred, median revenue of $1,500
  • Pay per download – 24% preferred, median revenue of $150
  • In-app purchases – 22% preferred, median revenue of $425
  • Freemium – 20% preferred, median revenue of $275
  • Subscriptions –  11% preferred, median revenue of $750
  • Per device royalties or licensing fees – 7% preferred, median revenue of$750

Taking a look at the “App as a product” statistics, it seems to fall right into place. The largest portion of developers favor contract or commissioned app work, as it easily generates the highest median revenue per month. Further down you notice subscriptions and per device royalty fees with a drastic drop off in popularity. Despite the higher revenue, as more apps move towards the freemium and in app purchase models, less and less people are willing to pay for subscription apps.

Read more …

The Technology Behind Location-Based Apps

location-basedOne of the other-worldly features of mobile devices is their ability to track your exact location. Can you imagine the sordid stories throughout history that may have been re-written had this technology been invented sooner?  You can almost imagine the courtroom; “Where were you on the night of…”

Anyway, there are two main ways to collect and distribute this type of information in the present day – Beacons and Geofencing – and both have their advantages. More on this in a second. First, here’s why it’s important.

In a recent opinion piece Christian Carle, CEO and Co-founder of Pole Star stated the growing importance of location-based apps – more specifically, indoor location. He says:

“Indoor Location has become the holy grail of location based-marketing, bringing consumers from their home to the closest shopping mall or retailer, greeting them with a message as they enter the mall or the store, helping them navigate indoors, send product information and special promotions as they get closer, and finally allow them to pay for the items right from their mobile.”

And so if you want to develop, test and launch this type of app, you have two choices in terms of the technology behind the application. Let’s take a closer look at each…

Beacons are sent from your Bluetooth device based on longitude and latitude using the same technology as a typical GPS. Your proximity is distinctly pinpointed to inches, with an overall range of approximately 70 feet. Your mobile device requires an app that picks up another emitting beacon and the conversation begins. To some this may seem like hyper-targeting, but retailers are drawn to the ability of capturing market data based on your movements in a store. This same technology is also known as micro-fencing and you’ll see the similarities.

Read more …