1. Mobile Apps –
Development Approaches &
Conclusions
Prakash C Sinha,
CEO, Lataant Technology Pvt. Ltd.
prakash@lataant.com
+919845563560
www.lataant.com
1
2. Types of mobile development
Native
Using IDEs and SDKs for iOS, Android…
HTML5
Content generated on the server
Rendered on mobile browsers like safari/chrome…
Hybrid
Native container app on handset per OS
Html5 content from server
Java script call native APIs where needed/possible
2
3. Pros & Cons of Native
Pros
Ease of use, High Performance - The native platform is what people are accustomed
to
Built-in components – Native UI Widgets, encrypted Storage, Camera, address book,
Fast graphics API - the native platform gives you the fastest graphics
Fluid animation - related to the fast graphics API is the ability to have fluid animation
Multi touch - double taps, pinch-spread, and other compound UI gestures
Documentation - There are over 2500 books alone for iOS and Android development
Integrated IDE - IDEs provide tools for building debugging, project management,
version control, and other tools professional developers need.
Distribution through App Store
Specially useful for Enterprise for tracking the devices & apps – useful in case of thefts etc…
Allows Mobile Device Manager integration - Integration with Mobile Iron for
example
Useful for enterprises to manage devices
Useful for MAM & MCM (Mobile Application & Mobile Content Management), wipe out etc…
High on security of content
Undoubtedly it provides the best user experience with high performance
Cons
3
Multiple Devices development costs.
However it can be argued for Enterprise App how many devices really need the support
Also with better IDEs and 3rd party libraries the development time in native is becoming much
faster
4. HTML5
Pros
No distribution needed
Upgrades & Release cycles reduced & easy
Write once use any where
Cache support for limited offline access
Cons
It’s questionable how much incentive Apple and Google have to deliver timely standards-based
support in their browsers with the latest and greatest APIs.
By its nature, the standard puts at risk traffic to these large commercial app stores and marginalizes the unique
capabilities of their devices.
HTML 5 standard support across browsers not standardized
As a result the “write once use anywhere” becomes the common minimum capabilities of the browsers
Not only there are so many browsers, there are so many versions of browsers
There are 200+ different types of available browser interpretations of HTML5. And the pace of browser updates is
increasing, which adds to the challenge. Over the past two years, Android has had 21 updates to their browser.
HTML 5 upgrades itself doesn’t keep up speed with native OS releases
Performance - Users expect high responsiveness. Slow Loading & Rendering compared to Native
High Security risks
Shared data base through cache
HTML5 capabilities only represent a small number of the new native features. Speed of innovation
in Native is faster than HTML5 standardization
4
Example - Apple introduced 1,500 new APIs in iOS 5 for developers to leverage, including access to iCloud
Storage, Newsstand and Twitter. Both Apple and Google continue to deliver new releases each year with
thousands of new APIs. HTML5 is actually falling farther behind native versus the popular belief that it’s
catching up
5. What about Hybrid Apps – How does it work
A hybrid app is one that is written with the HTML5/CSS/Javascript technology, and
that is hosted or runs inside a native container on a mobile device.
It is the marriage of web technology and native execution.
Hybrid Apps – How it works
A web view control (UIWebView on iOS, WebView on Android and WinJS on Win 8)
To present the HTML and JavaScript files in a full-screen format, using the native browser rendering engine
(not the browser itself).
WebKit is the browser rendering engine that is used on iOS, Android, Blackberry and others.
The HTML and JavaScript used to construct a hybrid app is rendered/processed by the WebKit rendering
engine
There is no constraint to using HTML and JavaScript for only in-browser implementations on mobile
devices.
An abstraction layer – Native Container
That exposes the device capabilities (read: native APIs) to the hybrid app as a JavaScript API.
This is something not possible with Mobile Web implementations because of the security boundary
between the browser and the device APIs.
PhoneGap is the best example of a JavaScript abstraction layer over native APIs
When the native wrapper is compiled around the HTML, CSS and JavaScript resources, there is an interop
layer added that connects the JavaScript APIs with the platform specific APIs.
5
Through this abstraction layer a common set of APIs is exposed in JavaScript, and these JavaScript APIs
work on any device supported by the framework (for WinJS that’s only Windows 8, but for Phonegap that is
seven mobile platforms including iOS, Android, Blackberry and Windows Phone 7).
What this really means is that, for example if I build a mobile app with Phonegap, I can use JavaScript to
access a native API, like the camera, using a single API call regardless of what platform the app will run on.
6. What about Hybrid Apps – How does it work – Contd.
What it means to use Phone gap (or another SDK) however is
Understanding the Phonegap SDK instead.
How to develop/build apps using yet another SDK (outside the native SDK)
There is a waiting period for Phonegap (or such) to implement new functionality released
by an operating system
This often means writing native code to be used by the Javascript wrapper APIs – this is
where it becomes native again- requirng development in Objective C, Java, C#
Programmers also have to learn the details of building on each platform
Even though the code base is the same, a different configuration and build for each operating
system is still required
Hybrid Choices
Local
You can package HTML and JavaScript code inside the mobile application binary, in a manner
similar to the structure of a native application.
In this scenario you use REST APIs to move data back and forth between the device and the
cloud.
Server
Alternatively you can implement the full web application from the server (with optional caching for
better performance), simply using the container as a thin shell over the UIWebview
6
(c)Lataant Software Technologies Pv
7. A word on Security
HTML5 presents unique security risks when compared with native apps.
HTML5 based apps has more of logic and data executed and presented in the HTML format on the mobile client itself
This is also true of most hybrid “container” based apps that store and present their data in the open HTML format.
Whether the apps are HTML5 or hybrid, there are four key security concepts to evaluate for an organization.
App source code
Application source code for HTML5 is freely available on the mobile device, open to source code access (e.g.,
routing the mobile URL to a desktop). Malicious code can be injected to run in the app or in background.
With compiled native applications, it is difficult to access this source code.
Data at rest
HTML5 offers the ability to cache data within the browser. Since both native and HTML5 applications manage data
on the device, this data should be appropriately secured and encrypted while at rest.
iOS and Android deliver data security for native apps in ways beyond HTML5 apps
o
o
Objective-C and Java API data encryption calls are available for native applications.. No equivalent capability in the HTML5.
o
Sand boxing of apps including non-share of DB and Files in native secures data from other apps., not true with with HTML 5
MDM and MAM vendors provide another level of security for native apps. These vendors cannot affect data on the browser’s
cache therefore, they cannot secure or manage that data.
Data in transit
Secure Socket Layer (SSL) is the most common way that both native and HTML5 apps secure their data in transit.
For additional security, organizations also implement Virtual Private Networks (VPNs) – a feature supported in
iOS7.
URL security issues
7
While VPNs can support native and HTML5 traffic, they typically are not implemented for HTML5 due to high performance overhead.
URL security vulnerabilities are unique to web apps. Techniques such as cross-site scripting (XSS), cookie
manipulation, and SQL injection can be used to gather sensitive data from the back end servers as well as from
the mobile device itself. These attacks are not possible in the native app world.
8. A word on MDM/MAM
Mobile Device Manager (MDM), Mobile Apps Manager(MAM) is used for
mobile device management (also for BYOD) inside an enterprise
Example IOS
The MDM framework built into iOS gives MDM solutions the ability to wirelessly
interact with iOS devices that are managed by organizations.
Third-party vendors use this framework to build MDM servers that communicate
seamlessly with iOS devices.
MDM gives IT departments the ability to securely enroll devices in an enterprise
environment, configure and update settings, monitor compliance with corporate
policies, and remotely wipe or lock managed devices.
Using an MDM server gives organizations a simple way to get users up and
running with access to company services regardless of who owns the device
Mobile Iron is a recommended MDM provider by apple.
It also supports Android
There are other providers like Good Technology, Open Peak etc…
8
9. A word on MDM/MAM Contd.
The MDM/MAM framework in iOS
supports the following features:
Managed accounts.
Installation, management, and removal of
accounts that provide access to
corporate services.
Managed configurations.
Configuration of settings including
passcodes, device restrictions, voice and
data roaming policies.
Security commands.
Ability to clear the user's passcode and
remotely lock or wipe a lost or stolen device.
Managed apps.
Installation, management, and removal of
App Store and custom in-house apps.
Device queries.
Scheduled querying of device, network,
9
application and security information.
Some of the supported
MDM Commands
Managed configuration
• Install Configuration Profile
• Remove Configuration
Profile
• Data roaming
• Voice roaming (not
available on all carriers)
Managed apps
• Install managed app
• Remove managed app
• List all managed apps
• Install Provisioning Profile
• Remove Provisioning
Profile
Security commands
• Remote wipe
• Remote lock
• Clear passcode
10. Server Types & Features
Servers with SDK with a native container approach (eg.
Phonegap)
Whether the server is within firewall
This looks like more a Server side hybrid
This means the html content is mostly statically generated for mobile browser
rendering?
This also runs in SaaS model is it more like a Backend Server
providing user management etc…
Does the Server above has a MDM/MAM capabilities
Documents/SDK etc on above can allow us do some
experiments
10
11. Comparison Chart
Native
HTML5
Hybrid
Graphics
Native APIs
HTML, Canvas, SVG
HTML, Canvas, SVG
Performance
Fast
Slow
Slow
Native look and feel
Native
Emulated
Emulated
Distribution
Appstore
Web
Appstore
Camera
Yes
No
Yes
Notifications
Yes
No
Yes
Contacts, calendar
Yes
No
Yes
Offline storage
Secure file storage
Shared SQL
Secure file system,
shared SQL
Geolocation
Yes
Yes
Yes
Swipe
Yes
Yes
Yes
Pinch, spread
Yes
No
Yes
Connectivity
Online and offline
Mostly online
Online and offline
Development skills
ObjectiveC, Java
HTML5, CSS, Javascript
HTML5, CSS, Javascript
App Features
Device Access
Gestures
11
12. Which Method to chose
We should ask right questions
Development for enterprise
With android and ios capturing more than 85% market share how much of
cross platform – hybrid platform is really needed
With duopoly (android & ios) should we aim for supporting so many device
variants
Region for app users – If primarily US and Europe Users – they typically use
iOS/ipad/iphone and Android and then only remaining platforms
BYOD (Bring your own device) users – typically what would they bring
If answers to above mostly is android (& iOS)
Native development would provide best performance, usability rich experience
This goes a long way to have high percentage of users adopt a new app.
Extending to other platforms then would become a need based issue
If answers to above is a vast coverage of the app on multiple platforms
Hybrid could be a good choice
12
13. New features of iOS 7 designed for enterprise use
iOS 7 (in beta release now – will be available in fall’13. This release as claimed
by Apple, outside UI improvements, contains the biggest features useful for Enterprise adoption since iOS 4
(A strong reason to adopt iPad/Iphone First strategy!)
Per App VPN
Every App can have a VPN access in iOS 7
Earlier with a common VPN across apps, malicious apps could abuse the VPN to get into
enterprise servers
Distribute App Configurations
Instead of entering server name, login id etc every time when app is launched, it allows it to be
automatically filled in, depending on location (say when you travel from US to europe, the
server credentials would be different)
Peripheral configuration
Access to printers depending on where you are in office etc…
Access to airplay – share documents over wi-fi/bluetooth in secured way (without tetherring)
Enterprise Single Sign On
Enterprise owned device
If the device is owned by the company (as against BYOD), the automatic enrollment of the
device is possible
13
14. New features of iOS 7 designed for enterprise use – Contd.
Managed Open In
Identify all the Enterprise Apps to be able to share documents with each other
Personal Apps cannot open these documents/data
AppStore License management
License of the app is owned by the Enterprise
Earlier the app license was owned by apple id user. So, if the person left the company he took the app +
data with it
3rd Party Data Protection
In iOS7 development data protection is automatic
In earlier version the data protection was developer driven
iOS data encryption based on app’s passcode
iOS Activation Lock in case of theft
True Multitasking (useful in general for non enterprise apps too)
Example – a CRM app is tuned to auto login at 9 AM in the background while user is busy with the
app
These are supported by MDM/MAM protocols and hence providers
14
15. Recommendations
Mobile Apps Development when at early stage
Adoption at early stage is important
Rich on functional value is important – as people are already
used to the functional value on desktop versions
Rich and prompt user responsiveness of the app is important
Target selective device types as against many devices -
garner early feedback
Being an Enterprise Mobile App unlike app for public use -
devices for rollout can be chosen
Rollout android and/or iOS for limited use and get feedback
This gives time for multi device strategy and development
Smaller Cost
Since the target is only android the costs of initial
development is not high
Pilot geography for adoption – android/iOS user base?
Use a target location for running pilot
15
16. Our
Work
Apply Mobile, Internet & Gaming
Technology to solve business problems
With unwinding simplicity.
Minimizing wastage
Less Is More
Lataant – is a Sanskrit word meaning flower
16
17. Contact us for Mobile & Web Apps Development
Prakash C Sinha,
CEO, Lataant Technology Pvt. Ltd.
prakash@lataant.com
+919845563560
www.lataant.com
Lataant – is a Sanskrit word meaning flower