Implicit requirements in a mobile application development

It’s been almost a decade that smartphones were introduced. When the smartphones were launched 10 years before there were not many capabilities except for making voice calls, limited browsing, taking decent photos, listen to stored music, etc. However, as years passed, the capabilities of smartphones have increased by multiple folds.

Mobility and mobile app development have grown from being a niche skill to a citizen developer skill. This expansion tells about the reach of mobile apps development. But still what makes a professional mobile application developer better than a citizen developer is their ability to understand, consider, analyze, architect, design, develop and distribute mobile apps by putting together their experience to identify and walk through the implicit requirements in the mobile application development cycle.

Implicit requirements are requirements that need not be documented by the business team for the development team to be included as part of their delivered product. Rather, these requirements have become more like common sense which may not be called out explicitly and will be expected in any mobile app.

Let us see some of the common implicit requirements in mobile application development -

1. UI, VUI, and UX experience — User experience and the means with which the user experience will be implemented will depend on the UI elements associated with the UX.

App navigation — Make sure the user can navigate through the app more intuitively. Hamburger menus, Tab bars, Floating action buttons, Gesture navigation, Screen to screen navigation are very common design patterns in navigation. However, not everything can be used or should be used. Look at the pros and cons of each navigation style and choose the best based on the business needs.

App state management — Handling different states of the app in the app life cycle management leads to better user experience. MVVC pattern helps in isolating the data from GUI and thereby helps in caching the data needed more easily.

Memory management — Unlike older times, allocating and de-allocating the memory used by the apps, in both android and iOS, are taken care of by the OS seamlessly. This is good in a way, however, on the other hand, things are out of developers’ hands. So, use tools like memory profiler, etc to monitor any memory leaks and understand the memory allocation by the app as RAM is precious.

Background services — Use background services only in extreme use cases which may need location tracking, syncing data in the background constantly, etc. Always, show notification about the background service running from the app.

Keyboard display -

1. Scroll the content up to fit the keyboard
2. Use the right keyboard, in general, qwerty vs numeric keyboard
3. Have right actions buttons like prev/next/done/submit in the keyboard
4. Carefully let the user use auto-correction and auto-fill functionality

Accessibility — Web content accessibility guidelines 2.0 (WCAG 2.0) recommends 4 principles around mobile accessibility -

• Perceivable
• Operable
• Understandable
• Robust

Orientation factors — Support for portrait and landscape should be carefully considered. There should be 2 different design guidelines that accommodate both the form factors. There are 4 different styles in orientation design -

• Fluid — Simply fit in both orientation
• Extended — Adjusts to the screen’s size, adding or subtracting layout components according to the dimensions of the chosen orientation
• Complimentary — A changed orientation triggers an auxiliary screen with relevant supplementary information
• Continuous — A continuous design enables the user to access a secondary interface by a simple rotation of the device

Battery consumption — Determine the remaining battery life in the mobile device and come out with the plan of what resources the app would handle in a low battery mode. If needed, alert the user to connect the mobile device to the charger to fully utilize the app functionalities.

Notifications management — Easy access to turning on or turning off notifications. Show different categories of notifications within the app notifications manager. Do not stack up notifications. Clear up and show only the latest one. If needed, maintain notification history within the app. Enable smart actions and smart reply from within the notification.

2. Crash management — Firebase crashlytics are a free and lightweight tool that can be easily embedded in the app. Use tools like Instabug to get Real-Time Contextual Insights throughout the entire mobile app lifecycle. Instabug automatically attaches screenshots, device details, network logs, repro steps, and tons of other critical insights needed to resolve issues and prioritize product backlogs.

3. Offline capabilities — As the network and bandwidth capabilities have increased, it may look that there is no need to have offline capabilities in the application. At the same time, with increased computing capacities, smartphones can do a lot of things without having to have a network call. TensorFlow Lite provides high ML capability for mobile devices. Examples like voice recognition, image recognition, what’s next suggestion can be achieved based on AI/ML algorithms running within mobile apps.

4. Analytics management — Mobile analytics involves the practice of collecting data from the apps and using the same for taking action to drive retention, engagement, and conversion. With the introduction of CCPA and GDPR, more care should be taken on how the mobile app collects the data with proper consent and how the same can be presented back to the user when a report is requested.

5. Real-time logging — Use tools like logz.io to send the logs generated by mobile apps in real-time. Or in some cases, the store and forward mechanism also work fine. In this case, collect the logs in the app sandbox environment and only forward the logs when there is an issue or if requested by the app developer.

6. Permissions handling — Unlike web apps, permission handling is unique to mobile apps. Even though the app may need different permissions for it to run, make sure to request the permission only when the user tries to use a feature that requires permission. Even if the permission is denied initially by the user for some reason, make sure to gracefully handle the flow in the app.

7. Secure token storage — Storing OAuth API keys and secret for web service calls in mobile apps is a very bad idea. Anything that is stored within the context of mobile apps can be reverse-engineered and man in the middle attacks will be possible. Storing the API keys in the mobile app is like locking the home and keeping the key under the doormat. One common solution to avoiding storing API keys or secrets is by taking the access token approach using OAuth and PKCE. Identity providers like Okta, Ping, AWS Cognito provide SDK’s which comes will all the baked code for the same.

8. Stateless token usage — With stateless tokens, all the identification information is stored as a client-side token which comes with a pre-defined short expiry time. The tokens can be passed to any API to fetch the data. Stateless authentication is often factored out to an authorization server, which produces, signs, and optionally encrypts the token upon user login. Also, the stateless authentication helps the developer to decouple the authentication from the rest of the business logic.

9. Biometrics handling — Mobile biometrics and biometrics-based authentication are very common and it is all happening at the mobile device without having to contact the server. Fingerprint and facial recognition are the very common biometrics used in mobile apps at this stage. However, not every device supports both forms of biometric, and even if it supports, different OEMs expose different APIs to utilize their biometrics, hence proper pre-identification is needed to understand the device capabilities concerning biometrics.

10. Unauthenticated app usage — Not every time the mobile apps may require a proper authentication mechanism for it to be used. Some times a passive contextual authentication can be implemented depending on the sensitivity of the data and the business use case. Example of this authentication include but not restricted to just the below -

• Geolocation restriction
• IP address range
• Time of the day
• Device being used

11. Third-party SDK validations — In the mobile application development there will be lots of SDKs or libraries that can be used to reduce the lines of code and development timeline. Look for the credibility and authenticity of the library before using it in the mobile app. Constantly scan and analyze the libraries through tools like Data theorem, white hat security, etc. Know if the 3rd party library has access to sensitive information like PHI or PCI or PII data within the mobile app.

12. API integrations — APIs are an essential part of any application development. API’s play a crucial role in mobile app development since mobility has a major role in the evaluation of the API consumption. As SOAP is not widely used with mobile apps development, choose wisely between REST and GraphQL interfaces.

13. Backward compatibility — Unlike web applications where the CDN cache can be cleared and the latest web app can be accessed by any user, mobile apps are thick clients that stick to the user mobile. Proactively notify the user about new versions of the app with options like

• Mandatory update
• Optional update

14. Store reviews — There are 2 aspects with store reviews -

• Engaging the user to provide feedback and rating on the mobile app by utilizing the in-app reviews
• Acting on the feedback provided by users by proactively reviewing the feedback

15. Multiple form factors — As mobile apps are being extended to a variety of form factors, mobile apps should be able to run on form factors like — Wearables, Auto, Smart home assistants, etc. Modularizing the project code will help in extending the apps to different factors.

16. Distribution platforms — Mobile apps can be developed and tested against simulators. However, mobile developers love to test against the actual device through online device farms or the real device. At this stage, the app artifacts have to be generated and shipped and that can be at different stages like -

• Distribution for development
• Distribution for testing
• Distributions for sales and presales
• Distribution for enterprise stores
• Distribution to public play stores

17. Mobile payments — Mobile payment can be classified into 2 different types — A) In-app mobile payments and B) NFC enabled payments over counters. Take the utmost care and follow all the guidelines recommended by the payment platforms. Ensure the phone hardware is not compromised like a rooted phone before doing any payment transactions.

18. Programming language and frameworks — It depends on the landscape and the form factors that the app would support. Also, the functional aspects would mostly dictate choosing development strategies. Over the decade the most common development strategies were developing the app either in the native language, cross-platform or hybrid-platform technologies. With the emergence of voice, auto, tv, AR, VR, etc, new development paradigms are also on the rise.

19. Mobile DevOps — Once when the developer checks in the code to code repository the rest of the process should all be automated with a zero manual touch. DevOps generally includes 3 steps — A) Build, B) Deploy, and C) Manage. Depending on the needs choose between setting up an own DevOps pipeline or go with readily available DevOps tool in the market like buddybuild, etc.

20. Dev testing — Preliminary Unit and UI testing should be done before the app can be released to quality assurance for testing. Below are some common UI testing -

• Android — Espresso
• iOS — XC UI test

Implicit requirements in the mobile application development

Share your thoughts on what other implicit requirements would impact mobile application development.

Keep learning!

Originally published at http://shankarkumarasamy.blog on August 30, 2020.