Are Mobile Apps Destroying Software Quality?

I recently wrote a post for the uTest Software Testing Blog about the degradation of software quality. I pinpointed three reasons that might be contributing to poor software quality recently, one of which is the rise of mobile apps.

The advent of mobile apps has opened the world of development to an unprecedented number of people. People without a formal software development or software testing background are creating apps because they have an idea and mobile app creation is fairly accessible. This is awesome and injects a wealth of outside ideas into the field. But it is also the reason mobile app quality is so hit and miss. Bob Binder, President of System Verification Associates, pointed out in a uTest Testing the Limits interview that many mobile apps are created by individuals, rather than companies or development houses. Binder calls these people “App Artisans.”

“App artisans often have a good intuitive sense of ‘coolness,’” he said in the interview. “But they don’t as often have an appreciation of how easily dependencies and oversights can lead to both annoying and catastrophic bugs.  And, they don’t know how to be systematic in searching for these bugs.”

Even professionally produced mobile apps are lacking in quality when compared to other software. The iPhone was released five years ago, but many companies still regard mobile apps as a lesser medium.

“The mentality around mobile testing is, ‘Most of the app should work. What’s the big deal if there are defects?’” Steve Woodward told TechTarget.

Because these companies are already behind when it comes to mobile apps, they are sacrificing application testing in their rush to market. The 2012-2013 World Quality Report produced by HP, Capgemini and Sogeti found that only 31% of the 1,500 enterprise-level businesses surveyed currently formally test their mobile apps.

“Enterprises seem to have been caught by surprise at the speed by which mobile application adoption has taken place,” said Murat Aksu, vice president and global head of HP Alliance for Capgemini, in a Network Computing article. “We’re finding enterprise quality assurance teams are falling behind. They’re not carrying out an end-to-end process that includes testing for functionality, usability, performance and security concerns.”

The numbers don’t get much better when broken down by testing type.

Do We Worry About App Security Enough?

Do we worry about security enough? Does it keep us up late at night, constantly in the back of our minds? If not, it should.

The reality is, as developers and app users we hardly focus on security enough. Jon Evans of TechCrunch says as users instead of worrying about it ourselves, we let the Facebooks and Googles of the world take care of it for us – which puts both us and the companies and apps we rely on in some treacherous territories:

“Alas, right now it seems that many-to-most people value conformity more than privacy.What’s more, instead of worrying about security ourselves, we trust others — Amazon, Apple, Facebook, Google — to take care of it for us. As the great Bruce Schneier points out, in some ways we’ve regressed to a feudal notion of security.

… Security is, by its very nature, something most people generally hardly worry about at all – until and unless that one awful day comes when it’s the only thing they worry about. By then it’s usually too late to start taking it seriously. “

As users we can certainly become more security-savvy. But more importantly, as app developers, security needs to be top of mind.  Security failures usually occur because of poor design and a lack of testing. Therefore, if there was more forward thinking during the design phase developers would be able to produce better, more secure apps.

As T.L. Neff of Wired says, when it comes to development and security “less is more” and forward thinking is essential:

“Overall, users must include security factors while designing the app. Sure, you can be conservative about what you expose in the first place. Definitely consider some limits on what can be downloaded, and think about using graphical cues instead of text. By taking these kinds of steps, you’ll likely end up with apps that are more streamlined and user-friendly, and minimize security risks for your company.

The bottom line: don’t approach security as a set of utilities you put in place after apps are deployed. You’ll get better security through more of a life-cycle approach where you design with security in mind, and also test for security.”

It seems like it will take a collective effort from companies, developers and users alike in order to really improve mobile app security. Looking for resources on mobile app security? Here is a free whitepaper with security testing tips on common attacks, security tools and ways to build a better QA team: Security Testing and Software Testing.