Mobile Application Design and Development Process

Transcription

1 Mobile Application Design and Development Process

2 Mobile Application Design and Development We pride ourselves in offering world class mobile application development on your terms. As part of the hiring process, our mobile developers are put through a series of practical tests and a rigorous interview process. Successful candidates demonstrate a strong passion for software development and a superior skill set. Developers work in teams with back-end developers as well as UI architects. This creates a productive environment where creativity is encouraged and the same vision is shared. Each team has a product manager who assigns roles and supervises development. The product manager focuses on ensuring an optimal development process to achieve the project goals. This means supervising the successful design, development, testing and deployment of the product. Design Initial Consultation - During the initial consultation we meet with our clients to discuss the project at hand. Often times, our clients are unfamiliar with application capabilities and thus are unaware of features they can offer their customers. Our expertise allows us to discuss and share ideas in order to arrive at a final product that provides value to their users and exceeds their expectations. Our discussion at this stage includes desired functionality, target audience, and desired platforms of deployment. Proposal - After the initial consultation, a proposal is drafted and submitted to our client for review. The proposal includes a full list of functionality, target platforms and devices, full scope of work to be done, cost, and approximate timeline. Project Team Meeting - Once the project is approved, a project manager is assigned. The project team meeting will consist of the project manager sharing the idea with the UI architects, mobile and back-end developers, and a security consultant when necessary. The idea will be discussed between all to ensure everyone has a clear role, and that areas of development are prioritized. This includes all areas of development including user interface design, functionality implementations, overcoming possible road blocks, and security requirements. The unrestricted flow of ideas culminates in all team members sharing the same vision, which is necessary for optimal development. Developers will suggest incorporation of required technologies and sensors to deliver an application which keeps users engaged. The security expert will share his views on security requirements, and propose ways to implement it in the design in a way that does not interfere with the user experience. By incorporating security as part of the application design rather than imposed after development, the resulting applications are both appealing and secure. Wireframe - The wireframe will show the proposed application flow, along with suggestions made during the team meeting. This document will discuss specific features, animations, information shared, and a preview of the application s user interface. The wireframe will be submitted to the client for review and feedback, and adjusted as needed. UI Design - Development begins. The first stage of development will usually be the user interface. The user interface is what the users will see and interact with, and is therefore considered one of the most important aspects of the application. The design of the user interface will include custom animations, and complete application flow from beginning to end. The developers will work closely with the UI architects to come up with an appealing, innovative and interactive design to keep users engaged with the application. Factors to be taken into account include the ease of performing functions such as logins, access information, and displaying it in a way that keep users engaged.

3 Designers and developers work together to deliver custom and attractive user interfaces avoiding applications like the one on the right. UI Submission - At this stage the UI will be submitted to the client for review. The application will be distributed through Testflight for ios and Testfairy for Android users. A complete list of functionality will also be provided. A meeting will be set up with the client in order to explain the application and receive feedback. The final product will appear as it does at this stage of development. Mock data will also be included where necessary. For example, if the application requests server information, a server will be set up with mock data to show full functionality of the application. Logic Design and Implementation- This is arguably the most important part of the user experience. The application s logic is the application s brain. The logic design includes creation and incorporation of all necessary algorithms, including those required for hardware sensors, battery optimization strategies, server communication and localized data processing and storage. The main focus is paying specific attention to optimization and user experience by carefully monitoring areas such as memory usage, network request handlers, and transition performance amongst others. Native development is preferred because of both performance and security advantages offered over multi-platform development. Native code development provides a greater degree of control over the application s functionality resulting in a much better user experience. During this stage, the designers will work closely with security staff as well as back-end developers to ensure optimal development.

4 Testing Our applications go through rigorous testing before they are delivered to the client. The testing is done concurrently with logic design as well as after the final product is delivered by the developers. The testing is done in the most commonly used devices for the target platform. These include iphones 4s and above, ipad, ipad Air, ipad 2, Samsung Galaxy, Galaxy Note, Galaxy Tablet, Nexus 6, Nexus tablet, LG G3, HTC One, and more. The testing is divided amongst the following areas: Performance Testing- The applications are first run through various software tools to monitor what is happening under the hood. Even if the user interface is responding as expected, it does not mean everything is working. Memory management is a crucial part of development and something that is often overlooked. Issues with memory management will cause the operating system to close the application without any notice to the user, which is most commonly seen as a crash. The application is submitted to stress testing where the application is used repeatedly over a long period of time, much longer than what is expected from a user. This testing pushes the limits of the application, and allows us to ensure top performance. Network Testing - Most applications produced today have a necessary back-end component. Communication with these systems is a vital part of the application flow and the user experience. However, network connection errors occur from time to time. It is the developer s job to account for these instances, and handle the errors accordingly. Common errors seen during this testing phase is improper handling of network requests, seen by users as freezing, and failure to keep the user informed. It is critical to keep the user properly informed. The example on the left not only leaves the user confused, but provides an attacker with information about how the application works, including information shared and services used. Hardware Testing - During this stage, the applications are loaded into the devices for the appropriate platforms and tested. The testing of sensors such as GPS accuracy, Bluetooth beacons, cameras, and more is

5 done. Battery and data consumption are also monitored, and logs are kept throughout the testing process in order to be analyzed. The application is also used in ways it was not designed for, and submitted to additional stress testing. The goal is to cover all possible angles of how a user could interact with the application to discover previously unknown bugs and/or issues. A common error seen in this area of testing is using the application in a perfect environment. This is testing in devices that have the latest hardware, have no other applications running in the background, and the fastest connection is always available. This scenario is idealistic and often not the case once applications are deployed. This is why we run applications in systems where the device is stressed by other applications, on older versions of the operating system, on older devices, as well as with different settings of network connections where appropriate. Reporting After testing is complete, a report is drafted by our testers outlining possible issues as well as the circumstances which led to the errors. The developers correct the reported issues and the application is put through the testing procedure again until no issues are found. Security Before any application is released, a security audit is done on the application and the back-end services. The scope of the audit will vary depending on the type of the application being developed. During the Vulnerability Assessment phase, possible points of compromise are identified through code review of both the application s logic and back-end servers including services and operating system. The vulnerability assessment is sent to our developers in order to fix the problems identified. Depending on the type of application being developed and the severity of vulnerabilities identified, a penetration test may be done wherein exploitation of the identified vulnerabilities is attempted. Code Analysis / Vulnerability Assessment - During this phase, the code is reviewed by our security specialists. Depending on the application, common areas of focus vary but they include handling of login credentials and secure storage, hashing functions, salting mechanisms, encryption and decryption protocols, secure key storage, forms submitted to the server, ASLR implementation, jailbreak checks, killswitch integration, session token storage and expiry, proper implementation of https including certificate authorities and expiry checks, and handling of sensitive information, amongst others. In addition to these, the server services are checked for vulnerabilities outlined in OWASP s Top 10. These include cross site scripting attacks, SQL injection, remote file inclusion, sensitive data exposure, cross site request forgery attacks, and more. The vulnerability assessment includes manual and automated techniques in order to provide the most comprehensive list to our developers. Penetration Testing (Mobile/Server) - The penetration test is reserved for those applications that require the highest levels of security. Our pen testers will try to exploit the vulnerabilities identified during the previous phase using physical attacks as well as attacks over the network. The server side attacks will be performed on the modifications made by Acumen during development, and in a controlled manner. These tests are done manually by our skilled staff with over 10 years of experience in the mobile development and security fields. For more information about our penetration testing procedures please refer to our Security documentation. Product Delivery Once the application has gone through the various stages of testing and the product is deemed complete, it will be submitted for final review by our client. If approved, and when necessary, the project will be submitted for approval by the ios App Store, Google Play, and any other stores requested. The applications are usually available for download within 2 weeks after submission, depending on the platform.