It’s Risky Doing Digital Half-way

I attended a software-related conference recently; I’m not going to say which one as this is about something I observed at the conference, not about the conference itself. Being a software conference, the conference organizers did a lot of the expected digital stuff: registration, reminder emails and conference check-in. Up to the end of the registration process, everything I did with respect to the conference was handled electronically. The first time I went analog was after I picked up my geek badge (conference credentials) from the printer and went over to a human who handed me my badge holder, backpack and requisite stack of sponsor advertisements.

I dutifully loaded the conference app and proceeded to manage my interaction with the event (session schedule, location of special events and so on) through the app. When attending conference keynotes and sessions of interest, I carried my smartphone and tablet, nothing more, and that’s when it got interesting.

One of the things the conference gave me during registration was a pen. I’m a digital guy; I didn’t have any reason to use a pen, so I dropped it on the desk in my hotel room and carried on. As I approached any conference session, the gatekeeper outside the session would try to hand me an evaluation form. Yes, a paper evaluation form. This is what started me thinking about what happens when you only do digital half-way.

Being digital is like jumping out of an airplane: Once you’re out that door, there’s no getting back in the plane.

In this case, the conference had an app, so I expected to do session evaluations in the app. At each session, I politely informed the gatekeeper that I didn’t have a pen, so I couldn’t do the evaluation. They got to know me and eventually started letting me know they’d have a pen for me the next time, but never seemed to come up with one.

Read more

My Mobile Mind Shift Acceleration

My Mobile Mind Shift (MMS) happened this year! What’s interesting about this revelation is that I’ve been working in the smartphone industry for more than 10 years now. If that’s how long it took me, and I work in the industry, how long is it going to take the rest of the world? Not much longer, I expect.

I used to work for BlackBerry, so I was involved with early smartphones. At the time, a smartphone was a phone that did ‘more’; it had a browser, email, PIM, and you could make apps for it that allowed you to do pretty much anything you wanted. The definition has changed a bit, and nowadays most of the world thinks that Apple created the smartphone, but experience tells me otherwise.

Anyway, for all these years, I’ve loved having a smartphone – Just having a phone, email and a browser was enough for me. I helped a lot of people write apps for smartphones, and used a few apps myself (Facebook, Fandango, Twitter and Flipboard for example) but my phone wasn’t such an important part of my life that it replaced other things. Actually, having worked for BlackBerry, and being connected all the time, drove me to want to disconnect from access at the end of my day. If I was on the road, you could reach me any time, but while at home. I’d leave my phone in my office at the end of the day. Friends or coworkers would call or email me after hours and not hear back from me until the next morning.

So, what happened? Well, mobile just got easier, that’s what happened. I don’t know how to explain it any other way.

Read more

Viv.ai and Developers

At the TechCrunch Disrupt event in NY today, Dag Kittlaus delivered the first public demonstration of Viv, his team’s follow-up to the popular Siri service. There’s been a lot of press in advance of the demo and frequent chatter around eBusiness and bots and what Viv means to them. My focus is on Application Development and Delivery (AD&D) professionals, so I thought I’d update you on what all of this means to them.

Viv is attempting to create what they’re calling a Global AI. While I’m not an AI expert, as I understand it AI entities are typically ‘trained’ using either algorithms or by dumping a bunch of data into it and helping it sort through it all. The self-training algorithms are where AI research had stalled until recently, but machine learning and other methods are revitalizing it. The Viv team, however, is taking a different approach. They’ve built the requisite language processing capabilities (through a partnership with Nuance) and coupled that with a code generator (what they call dynamic program generation) that delivers the needed results. What happens in between? Well, that’s the special sauce that will be very interesting for developers.

The knowledge Viv uses to deliver on voice requests is directly driven by direct input from developers. Well, that’s not necessarily true, but you’ll see what I mean in a minute.

Read more

Security Conscious Developers

I’ve been a part of several development organizations, and, for several of those teams, security was an afterthought to the development process. We’d secure databases and even implement field level encryption but we rarely had to consider many attack vectors as we were building internal apps for enterprises and the risks were there, but not as great.

Fast forward to the Mobile First world we live in and that lazy attitude is no longer acceptable. S&R teams have real concerns and actively work to protect their computing environments – both internal-facing and external-facing. Development teams work the other side of that and implement secure code as part of their daily activities (right?). With an appropriate level of trust between the two organizations, many use code scanning utilities to verify delivered code and hunt for vulnerabilities. There are many sources of vulnerabilities; it could come from code written by the company’s developers, code pasted in from Stack Overflow or even added through some third-party or open source library. In my experience, static code scanning tools are effective and can catch a lot of potential vulnerabilities but, from a developer behavior standpoint, what the ultimately do is simply teach developers how to get their code to pass the scans, not actually deliver more secure code.

Read more

Mobile App Functional Testing, Device Labs, and Open Source

In the latter half of last year, I started researching mobile application testing tools. My research focused, so far, on functional testing, primarily around mobile app front-end testing. As I began the research, it became clear that the automation capabilities testers needed to validate app UIs was there, but application development and delivery teams felt that device labs were too expensive to be practical. During the research for the Vendor Landscape: Front-End Mobile Testing Tools report, we expected that device labs would be a differentiator among products only to discover that most of the major mobile testing solutions provide them in one way or another. There are differences between vendors when it comes to the flexibility, configurability, and management of their device lab offerings, but if you’re delivering customer-facing mobile apps you can do much of your testing on physical devices (our recommended method).
 
In earlier reports, we recommended that, because of the cost of on-device testing, development organizations focused their testing efforts on the most important aspect of their apps, letting users find issues in less popular areas of the app for them. With most of the major mobile testing vendors offering device labs plus Amazon and Google’s entry into the device cloud space, competition will drive down cost and make on-device testing the more common option for mobile app testing. Microsoft’s acquisition of Xamarin now gives Microsoft a robust and capable device lab, stuffed with a variety of Android and iOS devices, which adds to the competition in this space as well.
 
Read more

How Should I Build My Mobile Apps?

A regular inquiry request we get from clients is “Which approach should we use to build our mobile apps?” There are a lot of arguments made for either side of the web vs. native approaches and some compelling arguments as well for using cross-platform tools to deliver apps. Because it’s such a common discussion, we crafted a report that addresses this topic quite well in Native, Web, and Cross-platform Mobile Apps All Have Their Place.

Ultimately, from the report, “it’s not a question of either/or; it’s which approach best fits the app in question.” The app’s specific features and capabilities drive one aspect of the approach you’ll select; any flowchart you’ve seen on this topic deals with that directly. However, you’ll also have to consider other organizational and technical aspects as well. So, if you’re looking for an absolute answer to the question posed, it’s: “It depends!”

So, what about cross-platform tools? Cross platform tools muddy this conversation a bit as platforms generally deliver native apps or web apps and many can deliver both. The selection of a cross-platform tool is driven by the same questions you’d ask about a native or web app: what are you trying to accomplish with the app coupled with specific questions about what capabilities and benefits the platform provides in key areas you’ll be exercising.

Read more

Creating Security Conscious Developers

I recently completed preparing a presentation for the Forrester Digital Business Forum in Chicago this fall. The session I’m delivering is on delivering mobile app quality, and through my research, I’ve learned that security is an important part of app quality. My colleagues Michael Facemire and Tyler Shields recently published a report on The Future Of Mobile Security Development and that, plus some experiences I had working with a development team in a previous position, started me thinking about what it takes to make a developer that understands how to code apps securely. The report I listed above covers the security topic well, and makes some recommendations on how the security aspect of app development is likely to change, but beyond security capabilities and tools, how do you ‘create’ the type of developer that understands exactly what to do to build security into their apps?
 
I know trial and error works, but that’s expensive. Tools exist that can validate security aspects of an application, even tools that enforce security on apps, especially mobile apps, but those are last mile solutions – what do you do to help developers implement solid security into their apps in advance of those tools? If you have insights into this topic, can you reach out to me and let me know? I think this would be an interesting report to write.

Improving Mobile App Quality Testing

In 2014, Michael Facemire and Rowan Curran published a report entitled A Benchmark To Drive Mobile Test Quality. The report covered how organizations had to adjust mobile app testing in a world with an overabundance of mobile devices and applications in constant enhancement mode (very frequent updates). As the new guy, I was asked to do an update to the report, so I reviewed what already existed and proceeded to do some research to see what had changed in the market since the original report was published. Well, my update to the report is called Improving Mobile App Quality Testing and it was just published today.

Later this month, I will be completing reports on HTTP/2 as well as an update to Building High-Performance Mobile Experiences, a report by Jeffrey Hammond and Michael Facemire. 

A focus on mobile app testing and how it affects app quality

Last year, Michael Facemire and Rowan Curran published a report entitled A Benchmark To Drive Mobile Test Quality. As a result of being the new guy on the team, I was asked to give that particular report a refresh. I scheduled a series of interviews and updated the report. It’s on its way into the editing process; I’ll post an entry here when it’s published.

Much of the report is targeted at QA and mobile app testing; there are some pretty interesting stories in the report that talk about how development organizations are integrating more sophisticated testing strategies into their continuous delivery pipelines. Mobile app testing has always been an interest of mine and working on that report allowed me to dig even deeper into the topic. What I learned is that there are a lot of new tools available to Application Development and Delivery professionals that allow them to more easily deliver higher quality, more thoroughly tested mobile apps.

As a result of that work, we’ve decided that I’ll continue to do research and write on that topic. I’ll soon begin work on an update to the existing Market Overview: Mobile App Testing report. Next, Diego Lo Giudice and I will begin work on a Forrester Wave on the topic. Stay tuned, I’ll post here when I have more solid delivery timelines for the reports.

Rethinking Hybrid Development

A few weeks back I published a report entitled New Tools Make Hybrid Apps A Safer Bet. It’s my first report at Forrester, a brief on some of the changes happening in the hybrid application space and what they mean for application development and delivery (AD&D) pros. The topic is something I was noodling on before I joined Forrester and it was a natural topic for my first report.

I’ve been a contributor to the Apache Cordova project and written 4 books on the topic, and while a lot of developers are building hybrid apps using Cordova, broad adoption of the approach has been lacking. Don’t get me wrong, a lot of developers are using the framework, and there are a lot of apps out there, but we haven’t seen a lot of big name adoption. Developers eschew the hybrid approach for reasons both valid and invalid; recent changes in the hybrid space address some of those issues and should set the stage for broader adoption of hybrid. Check out the report and I would love to hear your feedback.