As enterprises step up mobile plans, a process and set of best practices known as "mobile application lifecycle management" is gaining importance. Mobile ALM aims to improve the way software professionals plan, code, test, deliver and maintain these key applications that target employees' smartphones and tablet computers.
Early enterprise mobile projects were small-scale, essentially mini-apps that provided, for example, a subset of data from enterprise applications such as CRM or ERP systems. But mobile applications under development today -- sometimes called "fusion apps" -- are more sophisticated than their predecessors. For example, a mobile CRM app might provide a complete set of customer data while also mapping the locations of mobile salespeople. That way, the boss can see who is in close proximity to, and is available to call on, a particular customer.
The results of TechTarget's annual IT Priorities Survey of IT managers worldwide show that mobile projects are gaining traction. More than a third of those surveyed -- 38 % -- said they plan to implement mobile initiatives in 2013. More than 75% ranked mobile device management (MDM) as a "medium" or "high" priority for this year. An even greater percentage -- 85% -- ranked mobile security as a "medium" or "high" priority for this year.
What is mobile ALM?
The term "mobile ALM" refers to the lifecycle process for applications that run on smartphones and other mobile devices. Essentially application lifecycle management (ALM) for mobile projects, the mobile ALM process spans application development, from initial planning to coding, testing, and ongoing deployment. Mobile ALM is emerging as a discipline separate from ALM, because mobile applications pose unique challenges for software professionals at each stage of the lifecycle.
What are some of the challenges developers face with mobile applications?
Some security experts believe that mobile applications should not store passwords. But others insist that this makes the app too cumbersome to use.
The first challenge for developers is determining which devices and operating systems the application will target. This is a shift from Web and desktop software projects, where the target platforms -- the Web or typically the Windows operating system -- are well defined and specified by IT. Thanks to bring your own device (BYOD) policies, mobile applications must target a wide array of employee smartphones and tablets. This means the application must run on Android and iOS, among other platforms. And while the codebases can be ported to different platforms, there are always nuances for developers to deal with. As a result, some mobile ALM projects opt for separate development teams and codebases.
Another challenge mobile developers face is making the trade-off between ease of use and security. Usability is important for mobile applications, where screen size and keyboards are constrained. But protecting key data on devices that are easily lost is crucial too.
Some security experts believe that mobile applications should not store passwords, but others insist that this approach makes the app too cumbersome to use. All agree, however, that how a mobile application stores data is a key issue developers must address in mobile ALM projects. One approach is to encrypt data. That comes with its own set of trade-offs, since data decryption requires a key.
What are the top mobile ALM security concerns?
TechTarget SearchSecurity.com's 2012 enterprise mobile security survey identified device loss as the top mobile security concern. Smartphones and tablets are easy to misplace. And when employees leave them in restaurants or airport lounges, for example, sensitive corporate data, such as customer accounts, is at risk.
Other security threats include code vulnerabilities, such as SQL injections and buffer overflows, which should be addressed during the development and testing phases of mobile ALM projects. These vulnerabilities typically occur not in the mobile application itself, but in the legacy systems and databases that enterprise mobile apps connect with to get at key business data.
Once mobile apps are deployed, malware attacks -- malicious software, such as viruses, worms and Trojan horses -- are a concern. Security experts recommend that users of mobile applications pay attention to the source of software before downloading it. A process known as "code signing" verifies where the software originated.
How does mobile testing differ from testing desktop or Web applications?
Testing mobile applications is a complex undertaking. The first challenge mobile testers face is the sheer number of device and operating system combinations a mobile application might target. The Android operating system alone runs on more than 100 devices, and each device may run a different version of the operating system and use a different browser, or browser version. Because it's impossible to test every device/operating system, experts recommend that mobile testers start with a breakdown of market share for different devices and focus their test efforts accordingly. Web server logs, which often specify the source operating systems and browsers for devices viewing the website, can be a good source for this information.
Another mobile ALM best practice is field testing -- moving out of the lab to see how a mobile application fares in the real world, where connectivity conditions vary widely. It's impossible to predict how a mobile application will perform in every location. But crowdsource testing -- where project managers place testers in different locations -- can paint a useful picture of how your mobile application will likely fare across a wide geographic area.
Nonfunctional testing is important for all applications, but it plays a particularly important role in mobile testing because mobile applications are on the move. That means it's important to test what happens to the application when signal strength declines or is lost. Experts say testing how a mobile app performs under constantly changing conditions is challenging and requires QA pros to assume a whole new mindset.
What is mobile device management?
Mobile device management is a policy and a set of tools used by IT administrators to distribute applications, data and configuration settings to employees' mobile devices. MDM tools include security features, such as remote wipe, which lets an authorized administrator send a command to delete data from a specified device. MDM software can help IT control what users can and can't do on their smartphones and tablets. Experts say MDM software is challenging to set up and administer, in part because it was initially designed for consumers, not enterprise IT shops.
Are you developing, testing and deploying mobile applications? What are your top mobile ALM challenges? Email SSQ editors and let us know.
This was first published in February 2013