Archive

Category: Mobile Development

Needed to Know About Flutter Interact 2020

  |   By  |  0 Comments

Needed-to-Know-About-Flutter-Interact-2020

Flutter Interact has ended with some great announcements; some amazing Flutter features are declared in this immense event that made the developer community excited all around the world.
In the event, every announcement came with a note saying “there’s more to come!”.
All the Flutter update previews were enough to make you go crazy about Flutter, so let’s have a look at what this event brought to the Flutter world.

Flutter 1.12

Although a minor release, still, this new version of Flutter fixed a lot of issues and bugs along with bringing many new exciting APIs and material theme additions.
Let’s have a look at the fresh features of Flutter 1.12:
A piece of big news for Flutter developers that upcoming Flutter projects will fully support AndroidX. No need to manually migrate each project to AndroidX anymore.
Flutter Framework already has extensive support for the Material theme and Material widgets which can be used for making both Android and iOS applications. Cupertino widgets, however, took some time to catch up. There’s good news though. Flutter themes now support iOS 13 dark mode. This means your applications will look amazing in the dark!
This one brings a lot of relief. Now you don’t need to download and add the Google fonts in your Flutter app and the Pubspec file. This new version of Flutter has Google Fonts plugin, which allows direct use of Google fonts in the Dart code. We’ll write a separate blog post about it soon.
Flutter 1.12 now supports the direct add-to-app feature in Android Studio. This means that you can now add Flutter to your existing Android app easily. Previously, it took several steps to import a Flutter project in an Android app.
All new Flutter Gallery has been introduced. It is fully new where you can find the code samples for new Flutter widgets and features. Flutter Gallery has always been the go-to source for many new developers to understand Flutter widgets, and this new Gallery app will be more helpful now.
Flutter community has introduced Flutter 1.12 as a big announcement for Flutter developers.
Not only that; but also Flutter Interact brought more cool things, Check out:

Dart 2.7

With version 2.7, Dart is safer and more expressive now. The most notable changes are Extension methods, character packages, and Null safety. All of these new additions were long requested by the community and the Dart team delivered them in this release. There are, of course, more changes but these are the major ones.

Hot UI

This one is a game-changer in our opinion. Flutter was already fantastic for doing quick iterations in terms of UI thanks to Hot Reload, but now with Hot UI, you can preview the design right there in the IDE without even running the project. That’s Great, isn’t it? Moreover, HotUI also stores the data of the last preview of Android Studio.

All New Dart Dev Tools

The major ones are:

  • Widget Inspector to view the hierarchy of the widget tree.
  • Timeline view to diagnose the app frame-by-frame therefore that you can identify the performance issues in the layout rendering
  • Full source-level debugger to view the call stack and to set breakpoints
  • A log view to view the logs, network requests and garbage collection events.

Multi Debugging Tool: VS Code

After building the Flutter UI and app layout on a single device, wouldn’t it be great, if you can perform debugging on multiple devices at the same time?
The multi-debugging extension allows multiple devices to be attached at the same time to the debugger while you debug your app in VS Code.
You can use multiple platforms and devices to run & debug your app simultaneously. It is not ending here, you can even view the call stack of each device separately while it’s running on multiple devices. In the Flutter Interact event, they represented the live preview of this feature with 7 devices connected with a Mac.

Supernova & Adobe XD

Supernova is a software that can help you in generating UI code for Flutter from your Sketch and Adobe XD files. The code can be edited directly from an editor with the app running on a real device.
With the Adobe XD plugin for Flutter, you can now generate Flutter UI code directly from Adobe XD itself. It’ll be a great tool to simplify the communication between design and development teams. XD to Flutter is a collaboration between Adobe and Google that will be available in early 2020.

Flutter for Web

Beta version of Flutter for Web has been released and can be used by developers for developing prototypes. It has many great plugins and features like Page routing, control over native text, mobile accessibility and more. Of course, it’s not ready for production usage yet, therefore be careful with where and how you use it.

Flutter for Desktop

An alpha version of Flutter for Desktop is now active for MacOS. Moreover, Flutter Gallery supports Flutter desktop applications. Many enhancements are made in the desktop version of Flutter, like keyboard accessibility and more. Know what is new in Flutter for Desktop.

Wrapping Up the Flutter Interact Event

All in all, it’s very clear that Flutter is going to be the Ambient Computing platform that has long been desired by developers worldwide. Google is also putting a lot of effort & investments in making sure that the developer community at large is happy and contributing more to Flutter, one way or the other. With so many shiny new things, one can rely on Flutter to be here for the long-term.

Source: medium.com

Will Native Development be dead in 2020?

  |   By  |  0 Comments

Mobile-App-Development

With the advent of cross-platform toolings such as React Native and Flutter, does it make sense for companies to invest in multiple native development apps on iOS and Android?

In the mobile development space, there are many going all out with Flutter and React Native. Most of them claim that it could save up to 30–35% of your time (and thus costs) by working with Flutter or React Native. Let’s analyze as to how much of this is really true, and does this apply to you?

Long Version

There are more than 100 mobile applications are developed in the past five years, many of which have gone viral, got funded, and ranked in top #10 lists. In 2010 there were Objective-C in iOS and Java with Android and transitioned to Swift and, in recent years, to Kotlin.

There were satisfied with the tooling and didn’t pick up Hybrid Apps (built on Cordova or any Web layer) as they reduced the User Experience to a great extent. AngularJS (1.x) appeared in 2015 much before v1.0 was launched and then came along React - as it matured.

With React already being used in production systems and clients want to work in React Native. In Dec 2018 - Flutter was launched!

The approach that flutter took was different from React Native, and it held a strong premise of overcoming the pitfalls that React Native (and other Cross-Platform apps had in general). Thus, It’s time to debunk some myths and establish some facts around mobile app development.

  1. Your code can be 100% in React Native/Flutter Mobile applications these days can’t be an island; depending upon the product features, one will need to interface with a lot of third-party solutions to integrate within the apps - more so for cross-platform apps than native. There are different libraries for error tracking, performance monitoring to very specialized tasks such as video conferencing, and chat tools. Most of these libraries provide first-class support for Native libraries, and then, if they deem essential - create wrappers for cross platforms.
    Depending upon your approach, you will have to choose between writing parts of your applications in native code or in Flutter/React - at times, causing more pain than ease.
  2. Flutter is here to stay, now and forever Huge corporations such as Google will never have a single strategy, and it has a history of knocking down projects (some even successful by many standards) if it doesn’t live up to their expectations. Also, frontend libraries and frameworks are notorious for having a short life cycle.
    In early 2016, Microsoft acquired Xamarin for $500–600 Million - and in my opinion. Microsoft dropped Xamarin like a hot potato in recent years and has instead moved its focus on Machine Learning.
    Google’s beloved AngularJS, once considered revolutionary came into existence, got a lot of fanfare, adoption; and then criticism all within a span of a few years.
    Google is simultaneously also backing Kotlin; it can create not only cross-platform native apps (like Flutter) but also can work on Web (Flutter supports it too) and backend systems too.
  3. You will always save costs upwards of 30% while working with Flutter/RN Yes, there are cost and time savings when it comes to working with cross-platform apps - not just in development; but also in QA and Project Management; But these benefits are assuming that you don’t rely on too many third-party frameworks that have little to no support for your SDKs.
    There are some animation effects, gradients, and such which are not available in React Native despite it being in existence for a long time.
    So sometimes getting these to work with your apps can be a pain; but if you’re looking to build apps that aren’t heavily dependent on these services or if these SDKs form a minor portion of the app then yes; you will still save money working with Flutter/RN
  4. My Flutter/RN team need not know any native development It would be foolhardy to take a beginner, not knowing any native development to work directly on Flutter/RN. If you’re starting mobile development, learn Kotlin/Swift first - get a firm grip and then move on to Flutter/RN; also to know RN, you will first need to get acquainted with React - not a short learning curve, eh.
    Again, depending on your application, you could do away with this requirement, but if you need support ;  you will have to get your hands dirty in native code or get help from other native developers on your team.

And now, time for some facts!

  1. Your Flutter app will be as performant as a native app Flutter was built for performance, and our recent experience in building flutter apps has been a resounding success. We recently launched a Flutter app for the fifth-largest marine player in the world!
    The only downside you can see upfront is the size of the apps developed in Flutter; they are usually 30MB+ (though it’s not a deal-breaker for most considering increased bandwidth and internet penetration around the globe)
  2. You will be able to ship apps faster While it might look to a developer at a macro level that he’s spending more time than needed; sometimes while working with React Native/Flutter as opposed to native development - they do save time overall.
    With Flutter; you’re able to ship apps quicker, which means you can pack in more features in every sprint; so everyone’s usually happy.
  3. You can add Flutter to existing apps! With the launch of v1.12 of Flutter, the “add to app” functionality has finally gone mainstream; even within Solutelabs,  we have started pitching to clients about creating new features in Flutter.
    Adding Flutter to existing apps would mean that your native development team would have to reskill themselves in Flutter. This could be a deterrent factor for some teams and might not be for some.

If you already have a native iOS or Android app and don’t need many external SDKs; try adding flutter to the mix, it’s easy to learn, and there are some excellent tutorials on Flutter out there!

And if you’re starting from scratch; have a look at your app and see if it’s heavily dependent on SDKs that don’t have a Flutter/RN SDK. If not, and if you’re starting - go for Flutter.

Why Web App Security Testing Critical to Build Secure Apps

  |   By  |  0 Comments

security-testing

There are a lot of ways that put websites and web app security at critical; however, the scale of threat varies as does the difficulty in hacking.

Imagine if it can be as serious as leaking of valuable information or personal images for a common user, how severe can it be for companies who protect the valuable data of millions of users; even large corporates or software service providers. It is way beyond one can imagine!

For hacked users, they take the extra precaution of changing passwords or using more secured firewalls; yet there’s no guarantee that they won’t face a similar calamity again. Hence arises the question, what security measures to take which can avert such breaches in the future?

What is Web App Security Testing?

Ever thought where lies the credibility of the websites who promise uncompromised security to their clients, when they cannot protect their own? The focus should be on finding loopholes in the application’s security during building it; rather than pondering over how to strengthen the firewall when the fortress has already been breached.

The amusing part of the story is that these bugs are usually critical mistakes by the developers. There lay so many cases of website hacking in front of us that make you question the immunity of sharing and/or storing data on the Internet and clouds. Some pretty recent incidents which have made headlines and become topics of big discussions have raised these security concerns.

Recently after attending a seminar with the OWASP team, I realized that although we think we are following the best Quality Assurance methods yet there are ambiguities overlooked on our part as developers and lead to disasters for the client at a later stage. It is time we hand down the necessity of best practices that are going unnoticed in most cases.

The below-mentioned list of vulnerabilities is the most common impact of coding carelessness, by the hands of developers. The list is long hence we will be covering a few critical ones here.

Injections

When the control plane data is injected into the user-controlled data plane thus modifying the control flow of the process; it results in the disclosure of useful and data-sensitive information. Injection issues occur mostly due to logic errors, caused either due to lack of knowledge or the habit of doing smart work when cautiousness is required. Amongst other threats caused due to injection problem, there is a lot of data, jeopardized authentication and loss of data integrity. It is broadly classified under these three categories:

1. Code Injection

Improper validation of data is the main cause of code injection; a code is inserted into the application which is later executed by it leading to loss of availability and/or accountability. Inaccuracy when validating data formats or the extent of predictable data leaves the gap for the hackers to tamper and use code injections.

Amongst the varied types of code injection, I have pointed out the major two here:

a) SQL Injection

The commonest injection in ASP and PHP, an SQL query is injected through the input data from the client to the application. An SQL injection can affect the performance of predefined SQL commands. It can lead to destroying data or making it unavailable; the hacker can even become the administrator of the database server.

b) HTML Script Injection

The hacker inserts their own content into the page using valid HTML values, often parameterized. The attacker creates a malignant content along with HTML codes and sends it to the user. The receiver takes it to be coming from a trusted source and clicks on it. As soon as the user fills in his username and password it reaches the hacker, thus causing a huge loss to the former.

2. Command Injection

Inserting the command injection in the host application is possible when the latter is passing unsafe cookies to a system shell. The motive of the hacker usually is implementing random commands on the operating system of the host. Although the hacker is unable to add his own code as is the case with code injection however, it points out that your application is vulnerable.

3. Broken Authentication and Session Management

For developers who often prefer to create their own session tokens; although most application development environment has the session capability; it turns out to be riskier. If your session identifiers and authentication credentials have not been protected with Secure Sockets Layer (SSL), from defects like cross-site scripting (elaborated below), the hacker can easily break-in into a running session posing as a user.

4. Cross-Site Scripting

CSRF or Cross-Site Request Forgery makes the user execute undesired actions on a web application with the aid of social engineerings, such as sending malicious links via mail or chat. This must-have happened with many of you, here I will explain the reason why it happens even when you take the precaution of using a secret cookie.
In general cross-site scripting happens when a hacker sends malicious codes or links to the end-user, usually in the form of a browser side script. XSS can lead to some major issues like disclosing the data in secured files; sending out malicious links from the account of the end-user ultimately compromising the whole account; inserting viruses into the database etc.

Even your secure cookies will not be helpful in this regard since XSS code will have access to all your details, the only way is to perform a security review of the code.

Some Protection Measures

As goes the saying a stitch in time saves time, I would like to put forward these easy to adopt security tools and ethics for my fellow developers:

1. Headers

Using secured HTTP headers is one of the best practices for making safe your connections to the server. Applying headers in the web server configuration such as Apache, Nginx, etc; is helpful if you want to strengthen the defense mechanisms of your new applications.

For example, X-Frame-Options denies rendering within one frame; it does not render if the origins do not match but allow rendering when carried out frame by frame from the domain. The other secured headers that can be used are X-Content-Type-Options, Strict-Transport-Security.

2. Password Protection Measures

There should be no restriction on the password strength i.e. the size and complexity of characters. Moreover, the storage of passwords should be in the encrypted form; preferably in the hashed format because it is irreversible. The definite number of login attempts and informing the user of the timings of their logins as well as failed login attempts are commonly applied helpful secured practices.

3. Secured Session ID

Guarding your session transit with the help of SSL is amongst the best ways to save your day. The session id should ideally be never included in the URL; they should be long enough that makes them impossible to be guessed. Never accept a session-id suggested by a user!

4. Avoiding Hidden Components

Authentication of every component with the other is highly important; applying strong procedural and architecture mechanisms prevents the misuse of site architecture as it progresses over time. Using no-cache tag deters from going back to the login page using the back button and obtaining the resubmitted user credentials.

These are simple measures if taken will keep you on the safer side.

Top 5 Cross-Platform App Frameworks

  |   By  |  0 Comments

Top-5-Hybrid-Mobile-App-Frameworks-For-Cross-Platform-App-Development

There are a number of cross-platform app frameworks out there, each with their own set of pros and cons, however, as per the following trend where we have picked the most competitive and top-performing frameworks available in the market today.

  1. Xamarin:

Loved by Developers, Trusted by Enterprise

Xamarin was launched in 2011 as an independent cross-app development framework but was later acquired by Microsoft in 2016, thus lending it more credibility than before.

It is an open-source framework that was launched to solve the problem of disjointed native technology stacks, which made mobile app development a difficult and expensive affair.

Pros of Xamarin

  1. Xamarin app development uses C# for coding, meaning that it works seamlessly on an array of platforms (including Android and iOS).
  2. Xamarin has a strong community of over 60,000 contributors from more than 3,700 companies.
  3. Share more than 75% of your code across platforms, for “write once, run anywhere” ease.
  4. A single tech stack for faster development

Cons of Xamarin

  1. It is expensive for enterprises. Xamarin is a framework that comes free for individuals and startups.
  2. Xamarin is not recommended for apps that demand heavy graphics because each platform has a different method for visually laying out screens. A UX/UI-rich application is advised to be executed natively.
  3. It also offers limited access to certain vital libraries that the app developers need for mobile app development. Also, since the core of its user-interface conception is not mobile, creating the UI is time-consuming.

Apps Made with Xamarin Cross-Platform App Framework

  • Fox Sports
  • Alaska Airlines
  • HCL
  • American Cancer Society
  • BBC Good Food
  1. React Native:

Learn Once, Write Anywhere

React Native is an effort by Facebook launched in 2015, and it did cause a wave in the market for hybrid frameworks. Within a few years of its primer in the market, it is already one of the most popular ones and the most trending one we discussed here.

Pros of React Native

  1. Up to 80% of a codebase can be shared across platforms, depending on the difficulty of the app.
  2. Apart from code reusability, it allows you to preview results right away, besides offering readymade elements, thus shortening the developing time significantly.
  3. “Hot reloading” feature enables developers to see changes made in code within seconds not minutes as when using native technologies.
  4. React Native emphases on UI to a great extent rendering a highly responsive interface.
  5. It also gives you access to certain great native functionalities like accelerometer and camera. The result it renders is a high-quality native-like user interface.

Cons of React Native

  1. React Native is not fully a cross-platform app framework. To use some functions like a camera or accelerometer you have to use native components, so there will be a separate code for Android and iOS.
  2. Since the framework is not built in conjunction with iOS or Android, it lags behind the native platforms at times. This is one of the reasons that led Udacity to stop investing in React Native for new features.
  3. React Native lacks consistency when it comes to releasing the updates.
  4. React Native improves the speed of development, but also increases the duration of the debugging process, especially on Android.

Apps Made with React Native Cross-Platform App Framework

  • Instagram
  • Bloomberg
  • Pinterest
  • Skype
  • Tesla
  1. Flutter:

Beautiful Native Apps in No-Time

Flutter is another open source and free cross-platform framework for creating native interfaces for Android as well as iOS. Google announced Flutter in February 2018 at Mobile World Congress and released its first version on December 5th, 2018, and this makes ‘Flutter’ in this list of cross-platform app frameworks.

Flutter is a cross-platform app framework and Google maintained it.

In the Developer Survey Results, 2019 Flutter is amongst the top 3 most loved frameworks and it add another complexity to the existing popularity of the Reactive Native framework.

Pros of Flutter

  1. “Hot reloading” feature enables developers to see changes made in code within seconds not minutes as when using native technologies.
  2. It is an ideal framework for MVP development. Instead of spending extra money and time on two separate apps, you can build a Flutter mobile application rapidly that looks native on both Android and iOS.
  3. Flutter is based on Dart, an object-oriented programming language that developers have found rather easy to acquire the skill for.
  4. Flutter has a full set of widgets in Google’s Material Design and in Apple’s style with the Cupertino pack.
  5. Many ready-made solutions for native Android and iOS apps enable you to work with Continuous Integration platforms like Travis and Jenkins.

Cons of Flutter

  1. There is limited TV support with apps built on Flutter framework i.e, Flutter offers no support for Android TV and Apple TV.
  2. Though by the virtue of being developed by Google, there are several libraries with ready-to-implement functionalities, Flutter still lacks with respect to native development.
  3. Since Flutter-enabled apps use built-in widgets and not platform widgets, therefore the size of the app is usually bigger. Currently, the smallest possible app made with Flutter can weigh no less than 4MB.

Apps Made with Flutter Cross-Platform App Framework

  • Alibaba
  • Google
  • Google Ads
  • Tencent
  1. Adobe PhoneGap:

Build amazing mobile apps powered by open web tech

PhoneGap was previously known as Apache Cordova and  Adobe owned it. It is a simple cross-platform app development framework that uses HTML5, CSS, and JavaScript.

Pros of Adobe PhoneGap

  1. It allows you to share the application with the team to garner their feedback.
  2. It also offers a cloud solution in case you want to create your app directly.
  3. Features like access to third-party tools, a large community (the one behind the free and open-source Apache Cordova), and a large number of plugins, make it better than its competitors.
  4. It uses an intuitive desktop as for mobile app development and then serves the app created on the desktop to mobile devices connected to it.

Cons of Adobe PhoneGap

  1. PhoneGap is not recommended for high-performance applications and hardware intensive apps like gaming apps due to its poor performance and lack of UI Widgets.
  2. PhoneGap is dependent on iOS SDKs to build an app and downloading these SDKs requires a Mac.
  3. Apps built with PhoneGap to incline to go a little low on performance as related to native apps

Apps Made with PhoneGap Cross-Platform App Framework

  • Wikipedia
  • TripCase
  • FanReact
  1. Ionic:

Make App Creation Lightning Fast

Ionic is an open-source cross-platform app framework and licensed under MIT. It uses HTML5 for translation. Very similar to AngularJS in design and structure. It also inherits a few design elements from iOS as well as Android. It allows you to build native-like hybrid apps for Android and iOS as well as progressive web apps. Ionic has introduced Ionic React: One codebase. Any Platform. Now in React.

Pros of Ionic

  1. Ionic is based on a SAAS UI framework designed specifically for mobile operating systems. It provides numerous UI components for developing robust applications.
  2. The Ionic framework allows you to ship continuously. From automated native builds to live updating and CI/CD, Ionic App flow addresses the entire mobile
  3. DevOps
  4. A vibrant community of more than 5M developers in over 200 countries back Ionic.

Cons of Ionic

  1. The knowledge of AngularJS becomes almost a necessity if one wants to go beyond basic apps.
  2. Designing in-app navigation is complex because of its not-so-easy-to-use UI-router.

Apps Made with Ionic Cross-Platform App Framework

  • IBM
  • ING
  • SAP
  • NASA

How to Get B2B Mobile Commerce UX Right

  |   By  |  0 Comments

B2B & B2C

Since the B2C expertise is superior, it’s pushing businesses to boost their B2B aspect still. With B2B customers on the move, it’s imperative for businesses to boost their mobile client expertise.

If you’re not puzzling over up your B2B uxor, you should. Your competitors are most likely finished the design and already getting rid of your customers and profits.

Steps to Get B2B Mobile UX Right:

Enhance client Satisfaction

Your business’s longevity depends on the satisfaction of your customers. Your business will solely be as sturdy as your client retention rates.

Avoid Negative Reviews

Easy Search

A B2B app normally offers expansive product catalogs, which makes robust search capabilities an essential feature. You should allow customers to go beyond the basic SKU-based searches, and search products based on price, availability, etc.

Develop a Well Thought out Navigation

Poor navigation will certainly value you, customers. Here are some ways to create higher navigation:

  • Card kind will assist you to analyze your visitors’ expectations to find product or pages
  • Use familiar words
  • Put the pushcart within the top-right corner.
  • Navigation ought to be simple enough to faucet on a mobile device (not too tiny for fingertips)
  • Use breadcrumbs —your customers mustn’t feel stranded on a page with no thanks to going back to
  • Navigation ought to be unbroken as consistent as attainable from page to page

Purchase History

You should give your customers access to their previous purchase information; it will facilitate them to place new orders quickly. You must additionally modify your customers to edit their orders: change quantities, dynamical shipping addresses, etc.

Personalization

Personalization is a very important tool for making a loyal client base. you can do it in the following ways:

  • You can send personalized deals and offers to your customers to encourage them to stay shopping for you.

create the cargo efficient and straightforward for your customers by providing integrated and automatic shipping. Hassle-Free shipping expertise can gain you the customer’s trust and can convert them into loyal purchasers.

Source: Netsolutions

Why B2B Mobile Commerce is Going the B2C Way?

  |   By  |  0 Comments

Why B2B Mobile Commerce is Going the B2C Way

The B2B online marketplace is getting increasingly competitive; but competition is good because it pushes you to get better by trying new things, thinking up new strategies, and taking risks. Sometimes you may even come up with something that becomes a big trend. Competition forces you to sit up and take notice.

Here are 5 reasons why B2B mobile commerce is going the B2C way:

1- The rise of the mobile

It’s the age of mobile, and it’s gradually becoming the age of a mobile-first strategy in both B2B and B2C marketplaces. With the rise in mobile usage, B2C companies have already been leveraging mobile and rising in the m-commerce realm; lately, B2B companies have also started being inspired by the strong numbers B2C companies are achieving.

Mobile commerce has obviously existed in the B2C realm for much longer than it has in B2B. For mobile solutions, B2B suppliers have so far been using legacy solutions only, such as a barcode scanner, or other expensive proprietary hardware.

But in the last few years, B2B buyers have also started offering their clients a way to place orders on a mobile device, although it is relatively new for them. The suppliers going in this direction are able to seize enormous opportunities because B2B buyers are enjoying the ease and speed of order, which they experience as B2C buyers.

B2B buyers are no different than B2C buyers. Business buyers possess an on-the-go nature and this makes it necessary for them to have access to a robust app experience on their mobile devices, in addition to desktops.

Below are some statistics that show why B2B businesses are following the B2C m-commerce trends:

  • 80% of B2B buyers are using mobile at work.
  • 60% of B2B buyers report that mobile played a significant role in a recent purchase.
  • 70% of B2B buyers increased mobile usage significantly over the past two to three years.
  • 60% of B2B buyers expect to continue to increase their mobile usage.
  • 50% of B2B queries today are made on smartphones. The figures are expected to grow to 70% by 2020.

2- B2C has changed the B2B buyer

The typical B2B buyer is changing; With this change in buyer behavior, businesses are also changing their sales process.

B2B buyers also expect multi-channel ordering experiences so that they can purchase from websites and mobile apps.

A millennial B2B buyer prefers the same seamless, personalized mobile experience that they have on B2C platforms as consumers.

B2C best practices that are being adopted by B2B:

  • High-quality product images and videos
  • Robust onsite search with visual merchandising
  • Social proof in the form of reviews and ratings
  • Flexible shipping options and order updates
  • Personalization based on past purchases
  • Meant-for-mobile storefronts
  • Online catalogs for easy browsing
  • Real-time product and stock availability
  • Customer service via chat and phone support

Mobile can fast-track time to purchase by 20% through facilitating efficiencies in decision-making and enhanced team collaboration, particularly with more complex purchases.

Millennials spend more than six hours a day on their phones, twice the time spent by people over 45 years old.

With the right platform, B2B companies can completely transform the way they do business and drive more long-term sales.

3- B2B buyers open to new opportunities

B2B merchants are adjusting their business models to accommodate m-commerce/e-commerce because it’s the need of the hour.

It cannot be mentioned enough that B2B buyers are the same people who make purchases as consumers. It’s a simple truth that cannot be overlooked anymore.

As people have increasingly started shopping online, they have become accustomed to a certain level of the online experience. Those expectations are still there when they put on their “B2B buyer’s hat.

The stats below show that B2B merchants are incorporating online selling into their business:

  1. 78% of survey respondents that sell online have done so for at least two years.
  2. 41% of B2B retailers expect B2B online sales to grow more than 25% in 2018.
  3. Payment options are a vital part of the B2B e-commerce sales process.

The rise of mobile apps and marketplaces like Amazon clearly shows that B2B retailers are quickly moving from early experimentation with m-commerce/e-commerce channels to full-fledged omnichannel sales approaches.

In short, B2B retailers are no longer novices in the online selling process.

4- An improved B2B CX leads to new customer acquisitions

B2C companies are using a variety of acquisition channels; therefore, B2B merchants are doing the same. The good thing for B2B is that everything has been tried and tested by B2C companies and all they have to do is pick the things from B2C that will fit into their B2B business.

A few of the businesses that had websites were more of portals and they only served as online catalogs. The idea was not to replace customer service reps with online technology. Only the existing customers were served, which means, no online strategy for new customer acquisition.

Social media also plays an important role in bringing in new customers, which again highlights the shift in B2B buyers’ behavior as it moves toward a more B2C-behavior path.

5- The success of other B2B online sellers

Grainger is a Fortune 500 industrial supply company and it perfectly exemplifies the emerging overlap of B2C and B2B. Once logged into their account, buyers are navigated to a homepage that mirrors any popular B2C site. Similarly, their product pages also bear all the major B2C hallmarks.

There are many B2B merchants who are leading the way for others, who are still new to this mirroring of B2C UX, or who are in the e-commerce development stage. But it is evident from all the above points that B2B is benefiting a lot by becoming more like B2C.

Source: BCG, 2017

Choosing a Mobile App Development Company

  |   By  |  0 Comments

mobile-app-company

Did you know that mobile app development is one of the biggest industries on the planet?

There are about 2.5 million apps in the Google Play Store in 2019; and over 205 billion mobile app downloads worldwide. Nothing fancy, right? Wrong.The mobile application is an increasing trend for businesses in recent years. So, if you don’t have a mobile app yet, now is the time to ride in with the trend. You can develop your app by considering a reliable mobile app development company.Before hiring a mobile app development company, you need a thorough evaluation. In this post, we give you seven questions that you need to consider if you plan to hire a mobile app development company in Turkey. As a bonus, find out what Full Scale has to say for themselves.7 Questions When Choosing a Mobile App Development Company1. What’s your development process?A precise and fundamentally structured process is very important in application development. It is by knowing the company’s development process that the client and the development team convey and implement their shared vision according to the client’s preference.Since companies differ in their development process, choose a company with a refined and well-implemented development process. This is to eliminate defects, decrease the delivery time, and generate high-quality output.One of the best processes that most app development company practices are Agile development. This process promotes well-disciplined project management wherein frequent inspection and adaptation are practiced.Not only that, Agile encourages teamwork, self-organization, and accountability among the members. IBM and Microsoft are few of the multinational information technology companies, along with huge Fortune 500 companies, that use agile development.2. Where can I find examples of mobile apps you’ve developed?When you shop for a couch online, brief descriptions and lengthy details are not enough; you need to see the actual picture of the couch. In choosing an Android and iOS application development company, you also need to see — not the developers’ pictures — but the applications they have developed. You can ask for the company’s portfolio or any platform that houses the apps they have developed so far.Don’t trust words or promises of the company’s works, you need to see the real output. Through their portfolio or sample works, you can determine whether the development company’s application is suited for your business.3. Can you provide documentation for the applications?Upon asking this question, a reliable iOS and Android app development company should answer a straightforward, “Yes!” Documentation is the manual of a user or software, a very important script for mobile developers.The documentation holds all features and aspects of the software. Its three main focuses are development, maintenance, and knowledge transfer. Let’s say, that you hired a team of developers to build an app. Along the way, you decided to have an in-house team of developers.How will your in-house team continue to develop the app? The documentation is the answer. It contains everything about the app so the succeeding developers can continue to manage the app.4. What is the platform you are using?A mobile app development platform enables developers to build, test, and deploy mobile applications. The company of your choice should be experienced enough to determine the development platform that will be best for the application that your business needs.There are two popular mobile app types: native apps and hybrid appsNative apps are developed solely for a single mobile operating system. For example; apps built for Android cannot run on iOS, an operating system of iPhones. This is because Android apps are only built for the Android operating system.Hybrid or cross-platform, on the other hand, are built using multi-platform technologies. This mobile app type is typically faster and easier to develop since its code targets multiple operating systems. Because of this, a lot of businesses often prefer to hire a cross-platform app development company.5. How do you do testing and QA?You now have an app! What to do next, launch it? No. Before you launch your app to Google Play Store or App Store, your application should be examined for bugs, connection, design, compatibility, battery and resource consumption, and speed.6. What are your security policies?Security should never be taken for granted in information technology. It is every company’s nightmare to have sensitive information leak for the public to see. Before signing an agreement with a mobile app development company, make sure that their security and compliance measures are industry-standard and up-to-date.7. How can we communicate during the development process?Communication is the key to create an efficient and beneficial mobile application, especially if your team is time zones away. The transfer of ideas and feedback is important in the mobile app development process — a role crucially played by communication.Failure to communicate ideas and feedback may slow down the process; which will lead to an increase in production cost and cause a painful delay of launching. The horror!Source: Fullscale

How to Secure Software in 10 Steps

  |   By  |  0 Comments

How to Secure Software in 10 Steps

These are practical, straightforward steps that developers can take, with code examples, links to Secure Software. Consider this article a sneak peek at the latest OWASP Top 10 list for developers. If you have questions or suggestions, we’d be happy to hear from you, Just send an email to  info@apptech.com.tr.

1. Protect Your Database From SQL Injection

One of the most dangerous (and most common) attacks on web applications is SQL Injection: attackers inserting malicious SQL into a dynamic SQL statement. SQL injection vulnerabilities are easy for an attacker to find and exploit using free tools like SQL Map or SQL Ninja, or even manually: try inserting a value like 1′ or ‘1’ = ‘1into the user name, password, or any other text fields and see what happens. Once SQL injection vulnerabilities are found, they’re easy to exploit.

Luckily, SQL injection is also easy to prevent. You simply need to parameterize your SQL statements, making it clear to the SQL interpreter which parts of a SQL statement make up the command and which parts are data. OWASP has a Cheat Sheet that explains how to parameterize queries in Java (using prepared statements or Hibernate) and in other languages.

2. Encode Data Before Using It

SQL injection is only one type of injection attack. Stopping SQL injection is easy. Stopping other kinds of injection attacks—LDAP injection, XML injection, XPath injection, OS Command Injection, and especially JavaScript injection (aka Cross-Site Scripting)—takes a lot more work.

The solution to injection attacks is simple in concept: if you can’t clearly separate code from data (which is what you do to prevent SQL injection using a parameterized API), you have to make the data safe before handing it off to an external interpreter, such as an XML parser, an OS command shell, or a browser.

To do this you need to output encode/escape data before handing it to the interpreter so that the interpreter will not recognize executable statements in the data.

3. Validate Input Data Before You Use It or Store It

All data from outside your program or service, especially data from remote clients, is evil and needs to be validated: files, parameters, HTTP headers, cookies, … It doesn’t matter if the client or the other system validated the data. You need to validate it again.

The basic rules of data validation are as follows:

  • Don’t rely on client-side checking. Always check on the server.
  • Use positive, whitelist validation rules wherever possible. Negative, blacklist checks that reject data if they contain dangerous or illegal values can be subverted through (double) encoding and other evasion tricks. Where you can, use strong whitelist rules that specify the size and range of acceptable values using regular expressions. Look to libraries like the Apache Commons Validator for help in how to properly check for data types like dates, currencies, IP addresses, URLs, and credit card numbers.

4. Access Control—Deny by Default

Deciding who needs what access to which data and to which features—and how these rules will be enforced—should be carefully thought through upfront in design. It’s a pain to retrofit access control later without making mistakes.

  • Implement access control rules in a central, server-side management library, instead of sprinkling these rules throughout the business logic. This makes it much easier to audit and update the rules. Use the access control functions of your application framework, or use a security library like Apache Shiro to do this.
  • Only use server-side trusted data (data that has been properly validated) to make access control decisions.
  • Deny by default—all functions should check to make sure that the user is authorized before proceeding.

5. Establish Identity Upfront

Building your bulletproof authentication and session management scheme isn’t easy. There are lots of places to make mistakes, which is why “Broken Authentication and Session Management” is #2 on the OWASP Top 10 list of serious application security problems. If your application framework doesn’t take care of this properly for you, then look at a library like Apache Shiro to provide functions for authentication and secure session management.

Try to enforce multi-factor authentication if you can. If you have to rely on just User IDs and passwords, make sure to follow rules for password length and complexity. If you are using an email address as the User ID, be careful to keep it safe: bad guys will try to harvest email addresses for other purposes.

When storing passwords, you can’t get away with just salting and hashing the value anymore. OWASP’s Password Storage Cheat Sheet explains what you need to do and what algorithms to use.

6. Protect Data and Privacy

Protecting data and privacy is about access control (which we’ve already talked about), auditing (which we’ll cover under logging), and encryption: encrypting data in transit, at rest, and during processing.

For web apps and mobile apps, encrypting data in transit means using SSL/TLS.  Using SSL isn’t hard. Making sure that it is set up and used correctly takes more work. OWASP’s Transport Layer Protection Cheat Sheet explains how SSL and TLS work and rules that you should follow. The Cheat Sheet on Certificate Pinning explains how you can prevent man-in-the-middle attacks when using SSL/TLS.

The most common mistakes in encrypting data at rest are:

  • Forgetting to encrypt data in the first place
  • Trying to roll your encryption algorithm
  • Mishandling keys or other setup steps for standard encryption libraries

OWASP has another Cheat Sheet on Cryptographic Storage which covers the different crypto algorithms that you should use and when. Libraries like Google KeyCzar or Jasypt will take care of the implementation details for you.

7. Logging and Intrusion Detection

Logging is important for more than troubleshooting and debugging. It is also critical for activity auditing, intrusion detection (telling Ops when the system is being hacked), and forensics (figuring out what happened after the system was hacked). You should take all of this into account in your logging strategy.

Watch out for Log Forging attacks where bad guys inject delimiters like extra CRLF sequences into text fields which they know will be logged to try to cover their tracks or inject JavaScript into data which will trigger an XSS attack when the log entry is displayed in a browser-based log viewer.

Review code for correct logging practices and test the logging code to make sure that it works. OWASP’s Logging Cheat Sheet provides more guidelines on how to do logging right, and what to watch out for.

8. Don’t Roll Your Own Security Code

Know your tools and use them. There are lots of built-in security features in frameworks like Spring Security, Ruby on Rails, .NET, AngularJS, and Play, along with iOS and Android mobile platforms that will take care of common security problems for you, if you use them right. Take the time to understand and use them properly.

9. Handle Errors and Exceptions Correctly

Error Handling isn’t sexy, but it has to be done right. Mistakes in error handling and exception handling lead to different kinds of common and serious security vulnerabilities:

  • Leaking information that attackers can use to penetrate your system. Stack traces and detailed error messages can disclose too much technical information about your run-time environment or architecture. For example, “invalid user” or “invalid password” instead of “invalid logon” helps bad guys as much as it helps users.
  • Missing or inconsistent error handling can lead to errors going unnoticed, unpredictable behavior, or crashes. A University of Toronto study found that small mistakes in error handling can lead to catastrophic system failures in large systems.

10. Build Security Testing Into Development

Make sure that you have good automated unit and integration test coverage for security features and controls (like authentication, access control, and auditing) and critical business features: code that handles money, private data, trade secrets, and admin functions. This has to include both positive and negative tests.

Other system-level security tests and checks can be automated in CI/CD using tools like Gauntlet, BDD-Security, and Zapper (a Jenkins wrapper over the OWASP Zed Attack Proxy). These tools make it easy to run security tests and provide clear pass/fail feedback.

It’s your code. It’s your job to make sure that it is safe and secure.

10 Tips To Build A Secure Mobile App

  |   By  |  0 Comments

mobile-app

It’s essential for developers to include app security in their development plans. Here are several different ways to build a secure mobile application.

First comes the app concept–that’s the easy part. After the stroke of inspiration comes a lot of planning, outlining, and strategizing to make that app dream become reality.

There are a lot of factors that go into app development, and in a world where hacking, data leaks, and cybercrime is more prolific than ever security needs to be at the top of the list when starting a new project.

The last thing any app developer wants is their idea to go bust because of a major security flaw. With proper security planning and strategy, it doesn’t need to, though. Here are 10 tips to ensure your mobile app hits the ground securely.

1. Incorporate the security team from day one

Security should be part of the mobile development process from the first time the dev team sits down together. Whether you’re SWOTting, Scrumming, using DevOps, Rapid, or Agile it makes no difference: Include security so every change incorporates it.

When a change is made or a major revision is planned, always consult the security team so they know how to account for any issues that may arise.

2. Test, test, and retest

As reported on TechRepublic last year, 60% of developers lack confidence in the security of their code, yet don’t take steps to fix it. The problem, as NodeSource and Sqreen mentioned in their report, is partially due to testing–lots of developers just aren’t doing it.

QA is an important part of building secure code, and like security as a general concept, it shouldn’t simply be tacked on to the end of the process. Review code constantly and identify every potential security hole you can find, then fix it before it ends up live.

The biggest concern that developers have, according to the report mentioned above, isn’t actually due to lack of testing: It’s due to something else entirely, particularly the problems inherent in third-party dependencies.

3. Don’t assume the safety of third-party dependencies

It’s common for developers to incorporate portions of code available free or for sale from other sources: Why reinvent the wheel when it already works fine as-is?

Third-party code isn’t always safe, and according to the NodeSource/Sqreen survey cited above, only 16% of developers trust the third-party dependencies they use. 40% skip review for those third-party components, though.

Don’t be one of those programmers. Thoroughly pick apart your third-party modules to be sure they’re safe.

4. Careful with that API

APIs are an essential part of backend programming, but they’re also a security headache since they often need to face the outside world. Be sure that the APIs you’re using are verified for the platform you’re developing on.

Be sure to also incorporate an API gateway as discussed in this TechRepublic piece.

5. Think like an attacker

When you’re writing code, think about it as an attacker: Could you exploit this? What may seem like a minor issue not worth addressing could be a vulnerability a hacker could use to attack your application.

Code reviews should always include some time spent looking for ways to break the app. Don’t stop at obvious flaws either, some attacks are so inconceivable that you should be testing, and accounting for everything. That goes double for mobile devices, which are subject to a wide variety of environmental variables.

6. Eliminate attack vectors by minimizing permissions

Zero-trust security is one of the fastest-growing security methods, and with good reason: It assumes no one, and nothing, on a network, is secure. As such, only the barest permissions are granted to a user or a machine, and only as needed.

Your mobile app should be designed in the same way. If it doesn’t need access to the camera, or contacts, or the dialer, don’t ask for it. If it doesn’t need a constant connection, don’t program it with one.

Each permission an app need is another connection it has. The best-fortified castles only have a single entrance–think of your app like a castle and eliminate all those secret exits and hidden passageways.

7. Be mindful of what’s being stored on a device

Personal data stored by an app is ripe for the plucking–get rid of it, or move it to a secure location on the device. If you have to store sensitive or personally identifiable information on a user’s device, encrypt it.

If sensitive data is used by your app there’s going to have to be a compromise somewhere: Either it’s going to be on-device or on your servers, and both are a risk. As part of developing your app, take time to determine the best place for user data, both for the user’s sake and from a security standpoint.

8. Secure data transmission

VPNs, SSL, and TLS can all help secure data in transit, as can encrypting it between the sender and the receiver. Find a way to ensure your app is transmitting and receiving data securely so it can’t be intercepted or spoofed.

9. Use tokens to handle sessions

Tokens are the de facto way to handle user logins in the modern app world, and you should use them to better manage user sessions. Not only can they be easily revoked to ensure user security, but they’re also more user-friendly, which is always a plus for an app.

OAuth2, JSON Web Tokens, and OpenID Connect are all great methods for securing and simplifying, user logins.

10. Implement tamper protection

More of a problem for Android apps, which are easily decompiled, tamper protection is a must-have for security. Copycat apps have appeared in Google Play and fooled millions of users, and you don’t want your app to be one of them.

There are a number of different ways to tamper-protect an Android app, so implement one of them, or preferably more, to protect your users and your reputation as a trustworthy app choice.

Source: Ttechrepublic

How to Make Your Mobile App Successful?

  |   By  |  0 Comments

What’s the one thing on the mind of all app developers and marketers? The question is how to Make a Successful Mobile App? Users look for apps to fulfill their everyday needs through app store search and would download and install only those apps that fit their bill.

In the current scenario, an estimated 270 billion apps are expected to be downloaded in 2017 alone. However, it is getting to a point where developing an app now just sits at the tip of the iceberg called mobile marketing. It constitutes only 10% of the app game whereas the rest 90% is all about knowing consumer behavior on the mobile.

Therefore, it becomes essential to decipher user actions and intent through the mobile. Few ways that can help in situations like this can be:

Make sure your app is solving a problem

Developing an app is indeed a task; with so much planning, resources and money being invested. It is important for the app to have its own USPs that appeals to its target audience. It can also be argued that it is not possible for all apps to be 100% different from each other. However, one can draw USPs for different parameters like demographics, pricing, marketing strategy, basically the 4 Ps of marketing.

Beat the clutter

According to a Nielsen survey on consumer preference for mobile apps vs mobile sites – Indian consumers are heavily inclined towards apps that are really personal to them. These include popular social networks, messenger apps, e-mails, and news apps. This trend hardly leaves room for new app discovery to take place. To beat the clutter, it is important that app developers keep in mind the differentiated USPs and convey the same on the right platforms; where they will get a more relevant and targeted audience.

Brands need to become more relevant on the mobile

Marketers need to realize that downloads don’t necessarily translate to active users. Some may get users to download their app, still, there is a high probability that they never use the app. This typically happens when app marketers do not take proper care to sort their audience profile for bringing them on board. The usual practice is to run through CPI (Cost per Install) campaigns with app advertisers who do not consider context and user behavior while promoting apps. These campaigns almost always end up sitting with an irrelevant or inactive audience group.

Leveraging human conversations is the need of the hour

Why conversations? – because conversations eventually lead to an install, download or transaction. This is the place where the next-gen is chatting about everything and taking key decisions. This is indeed achievable by becoming a part of the daily conversations of mobile users. In this regard, human text input presents a great opportunity for mobile marketers to gain insights on users’ goals, plans, next steps, motives, actions, desires and a whole lot more. It is, therefore, safe to say that understanding human expressions and intent will soon be essential to make mobile apps successful.

Language is a critical element

There are close to 117 actively used languages in the world, and all these languages have taken different modern mobile communication flavors amongst smartphone users. Most users today are multi-tasking on their phones and prefer their choice of language input to voice, for activities they want to conduct on their mobile. Thus, an app supporting multiple languages will be in a win-win situation.

App Design should be a winner

Application design is very critical to make the mobile app a success. Most of the drop-offs after a download happens due to unpleasant UI/UX designs. Be sure to think through the design of your application before you launch your app in the market.

Have a strong app monetization strategy

Given the sheer size of the mobile app market, mobile app monetization is a must for most of today’s mobile apps. Competition is fierce and the chance of monetizing every app looks slim. Thus, it is important to have app monetization strategies in place even before the app development phase starts.

Innovation is the key

Innovation is the cornerstone of the success of every app or product. In the current scenario of app proliferation, it is important that the product managers and app developers don’t stop innovating or scaling up the app after it has tasted success. Stagnancy in technology will eventually lead to death. So, if you are a popular app but aren’t innovating over a period of time. The lag can put your app on a reverse gear.

Source: Entrepreneur