Selecting Right Technology For Your Enterprise Mobile Solution

The main purpose behind writing this article is to focus on the different variants of mobile technologies present in the market.

The mobile market has been quite crazy over the last 5 years. We have seen too many trends, techniques and technologies emerging and dissolving over the period of time. This article assumes that you are a mobile app developer who wishes to choose the best technology for his Enterprise Mobile Solution.

Let’s go through different mobile development technologies generations one by one and see their advantages/disadvantages.

• 1st Generation (Native)
  • iOS – Objective C / Swift
  • Android – Java
  • Windows -.NET
  • Advantages
    • Native UX
    • High Performance
    • Hardware and Platform Access
  • Disadvantages
    • Single Platform
    • No Unified Codebase
• 2nd Generation (Hybrid HTML and JavaScript)
  • PhoneGap
  • Appcelerator
  • Apache Cordova
  • Kony Mobile
  • Advantages
    • Multiple Platform
    • Unified Codebase
  • Disadvantages
    • No Native UX
    • High Performance
    • Hardware and Platform access
• 3rd Generation 
  • Xamarin
  • React
  • Advantages
    • Multiple Platform
    • Native UX
    • High Performance
    • Unified Codebase
    • Hardware and Platform access

There is a transition from Native, then hybrid and now cross platform. The technology is getting much better and faster day by day.

The native generation is still transition proof and many prefer it over the later two generations. It is because it offers seamless performance, support, and resources. The direct support from Apple and Google is an important factor in selecting these technologies.

The growth in the second generation is stagnant due to the rise of the third generation. People are using Cross Platform (Native) to use a single language for development across platforms and also share more than 40% codebase to reduce time-to-market.

The only factors which help people use the cross-platform app (native) over the normal native apps are code sharing, time-to-market and resource constraints. Those who fall in this category are going towards cross-platforms apps which not only have native UX but also performance.

Also, I see that many still are confused between Hybrid and Cross Platform. Let me tell you, these are completely different kind of technologies. Let’s understand their definition:

Cross Platform:

It is a solution developed to minimize development efforts by compiling the source code for further execution on multiple mobile platforms. But the result of each separate compilation will be an individual executable file. For example, iOS executable file has .ipa extension, and for Android, it is *.apk, etc.

Hybrid:

These apps are developed using web technologies like HTML, CSS, Javascript etc. It is an app which runs in a “wrapper” and serves not as a web page, but as a standalone application.

Good professionals are very sensitive to the concept of development, efficiency and productivity and most of them have unique vision “what is good and what is bad?”, but usually, it is all about technology set that use, care and cherish. In general, it may happen that the budget decides everything, so the basic background for the emergence of cross-platform solutions was their benefits to business, namely:

• Need a single developer who can develop a mobile app and deploy it for different OS. Thus you eliminate a need for full-time developers for every single OS;
• Difficult to find developers for individual platforms when the business requirement is critical
• Ease to manage the app versions for different mobile operating systems

Let’s see some key takeaways and considerations to compare Xamarin and Hybrid Mobile App. To understand the difference in a much better way with quantification, I have created a sample app which demonstrates and provides the detailed analysis of the key points as follows.

Key Takeaways:

1. Cross Platform (Native) app fulfills most of the requirements whereas Hybrid app was unable to deliver on the key piece of functionality without requiring custom Objective-C and Java

2. Xamarin performs CPU-intensive tasks much faster than Hybrid HTML

3. Cross Platform Native loaded large datasets faster than Hybrid HTML

4. Cross Platform Native used less memory than Hybrid HTML

User Experience Key Considerations:

• Native look and feel
• Hardware & Platform Access
• UX Design Capability

Developer Productivity Key Considerations:

• Volatility of HTML frameworks
• API Access Extensibility
• Stack Complexity
• Strongly-Typed Development
• Compilation Time

Metrics:

Performance (ms) – to load and display a single page

1. iOS
   • Xamarin – 1400 ms
   • Hybrid – 2000 ms
2. Android
   1. Xamarin – 3690 ms
   2. Hybrid – 4502 ms

Compile Time (sec) – to compile the mid-size app

1. iOS
   • Xamarin 34 sec
   • Hybrid  18 sec
2. Android
   1. Xamarin 32 sec
   2. Hybrid 25 sec

Code Reuse (%) – considering the basic flows and libraries used

1. Xamarin Native – 45%
2. Xamarin Forms – 96%
3. Hybrid Mobile – 99%

App Size (MB)

1. iOS
   • Xamarin – 35 MB
   • Hybrid  – 11 MB
2. Android
   1. Xamarin – 11 MB
   2. Hybrid – 6 MB

TCO Key Considerations

• UFC (Upfront Cost) vs Maintenance
• End-UserProductivity App Adoption
• Agility Costs

Conclusion:

The selection of technology for your enterprise solution is a process which consists of various parameters. Some of them are budget, time-to-market, user experience, performance, explicit requirement and code reuse.

 

Solutions to common issues working with Xamarin

Hi everyone, I have been thinking to write this article for quite a while now. Being continuously working on Xamarin in-depth and proposing solutions to the clients, you face some common problems. This article focuses on the resolving these issues faced by Xamarin developers and help them for smooth Xamarin Solution.

You may find some problems related to core development and some related to the solution proposal. If you feel anything is missing and needs to be present in this list, feel free to drop a comment and I would be really happy to add it to this list with mentioner’s name.

 

Problem 1: It may happen that you are unable to access Android SDK as it was installed in the administrator folder and was not having required permission to access it.

Solution: User must have Admin rights to access that folder.

Problem 2: Unable to provide internet access to emulator even after changing the proxy settings.

Solution: You can try to increase the target API level and install the ARM EABI v7a system image for it and then change the proxy settings of the emulator.

Problem 3: Emulator starts and stops immediately. Failed to create Context 0x3005 for an emulator.

Solution: It requires to update the Intel GPU driver.

Problem 4: Unable to use the local database in Xamarin app as it cannot find the physical path of the database file.

Solution:

Xamarin creates its own database in its APK file as follows:

Set absolute path for folder creation like:

String path = System.Environment.GetFolderPath (System.Environment.SpecialFolder.Personal);

String Applicationfolderpath = System.IO.Path.Combine (path,”Database1”);

Where Database1 is the name of the newly created database

Create the folder path like below:

System.IO.Directory.CreateDirectory (Applicationfolderpath);

Create database in set path like below:

String databasefilename = System.IO.Path.Combine (Applicationfolderpath,”User.db3”);

Where User.db3 is the name of the database file.

SQLite.SQLite3.Config (SQLite.SQLite3.ConfigOption.Serialized);

SQLite.SQLiteConnection Db = null;

Db = new SQLite.SQLiteConnection (databasefilename);

Var res = db.CreateTable<Classname> ();

Problem 5: Unable to provide WCF service on another machine

Solution: Provide service on other machine using IIS manager.

Problem 6: What is the difference between Page and Activity?

Solution:   

• Page

1. It is a visual that occupies most or all of the screen and contains a single child.
2. A Xamarin.Forms.Page represents a View Controller in iOS or a page in Windows iPhone.
3. On Android each page takes up the screen like an Activity but Xamarin.Forms Pages are not Activity.

• Activity

1. Activity represents a screen in an application.
2. Android Application Architecture doesn’t have a single application instance so there is an aggregation of one or more activities.

 Problem 7: Mac machine is required to develop iOS app on Xamarin

Solution:

developer.xamarin.com/guides/ios/getting_started/hello,_iOS/hello,iOS_quickstart/

Problem 8: Visual Studio for showing option to select an emulator to debug and run iOS simulator on Windows only

Solution:

1. Build the application
2. Select the emulator from Device Manager
3. Start the Emulator
4. Click on the Start button of the Visual Studio
5. It will then display error as “deployment failed due to fast dev process”
6. Go to Project=>Properties=>Android application then uncheck the “use FastDev process”
7. Again click on start
8. With the latest updates for Xamarin.iOS, you can run iOS simulator on Windows Machine only. To enable this, go to settings and check run emulator on windows option

Problem 9: How to develop iOS app using Visual Studio.

Solution:

Required Components

For Mac

• Latest iOS SDK
• XCode latest version
• Mac OS X 10.9.4 + or 10.10 above

For Windows

• Windows 7 or higher
• Visual Studio 2012 Professional or higher
• Xamarin’s plugin for Visual Studio

Create Xamarin.forms blank project in Visual Studio. It will then ask for Mac IP or Mac name. Provide the required information and connect it to the Mac machine.

 Problem 10: How to add an application on Google Play Store.

Solution:

1. Create the APK file of the application
2. Navigate to Google Developer Site
3. Logging into Google Developer Console. If you do not have an account create a new account. The last step in the process of creating a developer account is paying a one-time $25 developer fee using a credit or debit card
4. Click on the button Add New Application
5. Initialize APK Upload. Select correct language and write the name of the app as you wish it to appear in the google play store. Then select upload APK button
6. Click on Upload your first APK to Production button centered on your screen
7. Select and upload APK file
8. Navigate to the store listing tab on the left side and write the description in the description box which will appear on the google play store
9. The next step in the store listing tab is to add screenshots
10. Then add a store listing icon
11. The final step on the “Store Listing” page is filling out the categorization, contact details, and privacy policy, located below the icon selection area. Fill out the required fields as you wish and hit save. The “store listing” tab should now have a green check-mark next to it
12. Click on Price and Distribution tab where you will select paid or free, distribution countries, and check the boxes saying that your app complies with the guidelines and the US export laws. Click on save button
13. Once all the three tab at the left have a green mark you are then able to select “Publish this app” from the “Ready to Publish” drop-down menu in the top right corner of the developer console. A confirmation bar should appear at the top, stating that your app will appear in the Google Play store in just a few hours

Problem 11: On creating new Xamarin.forms project in Visual Studio it is giving the error “Could not add all required packages to the project.

The following packages failed to install from ‘C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO 12.0\COMMON7\IDE\EXTENSIONS\XAMARIN\XAMARIN\3.9.236.0\Packages'”:

Xamarin.Forms.1.3.1.6296: Could not install package ‘Xamarin.Forms 1.3.1.6296’. You are trying to install this package into a project that targets ‘Xamarin.iOS,Version=v1.0’, but the package does not contain any assembly references or content files that are compatible with that framework. For more information, contact the package author”.

Solution:

1. To solve this issue open your visual studio go to tools -> Extensions & Updates -> select updates -> select visual studio gallery then update your NuGet package manager
2. Update the Visual Studio Version if the updates for it are available. Update it using the same above procedure as for updating NuGet manager

Problem 12: On creating new Xamarin.forms project in Xamarin Studio it is giving the error “Could not add all the required packages to the project”.

Solution:

1. Add the xamarin.forms packages
2. Install PCL libraries. Following is the link to download PCL libraries https://visualstudiogallery.msdn.microsoft.com/b0e0b5e9-e138-410b-ad10-    00cb3caf4981/
3. After this reinstall or repair xamarin
4. In Xamarin Studio, right click on the project select options=>build=>general then change the target framework to that profile which is installed.

Problem 13: Windows application prerequisites and steps.

Solution: Prerequisites for Windows app

1. You need the latest version of windows
2. Microsoft Visual Studio: Microsoft Visual Studio 2013 helps you design, code, test, and debug your apps
3. If you don’t already have Visual Studio 2013, install the free Visual Studio Express 2013 for Windows

If you already have Visual Studio Professional 2013 or a higher edition, get Update 3 for Visual Studio 2013 to add the Windows Phone development tools and other enhancements to your existing installation:

(Optional) Register your Windows phone device for development:

It’s important to test your Windows Phone Store apps on a real phone. Before you can deploy apps to your Windows Phone, you have to register the phone for development.

1. Connect your phone to your PC.
2. Run the Developer Phone Registration tool (phonereg.exe).

Register as an app developer:

Now that you’ve installed the tools you need, you need a developer license or a developer account. A developer license is free and lets you develop Store apps, but you need a developer account to sell your apps in the Windows Store and the Windows Phone Store.

1. To get a developer license, just launch Visual Studio. You’ll be prompted to get a developer license
2. To get a developer account, go to the Signup

Steps to create a Project:

1. Make sure you’ve downloaded and installed the Windows Phone SDK
2. Launch Visual Studio from the Windows Start screen. If the Registration window appears, you can register the product, or you can temporarily dismiss the prompt
3. Create a new project by selecting the FILE | New | Project menu commandIn the New Project window, expand the installed Visual C# or Visual Basic templates, and then expand Store Apps. Select the Windows Phone Apps
4. In the list of Windows Phone Apps templates, select the Blank App (Windows Phone)
5. At the bottom of the New Project window, type MiniBrowser as the Name of the project
6. Click OK. The new project is created and opens in Visual Studio
7. https://dev.windows.com/en-us/getstarted#1

Notes

Installation instructions for Xamarin

• Install Java JDK
• Install Android SDK (Including all API levels)
• Visual Studio 2012 Professional
• Install Xamarin Studio

If Xamarin Studio is installed before Visual Studio then Xamarin needs to be reinstalled

Problem 13: When your codebase is on TFS and linked with the local workspace present on Windows machine. How to design UI for iOS apps easily.

Solution:

1. It is recommended that you must connect with Mac agent and share your codebase for mac machine user. This will enable that same codebase is present on both machines
2. Once the codebase is shared, select the main folder and uncheck read-only option if present by any chance
3. Open the project in Xamarin Studio on Mac
4. Right click on the Storyboard file inside Xamarin Studio and open it with XCode

The support by iOS designer in Xamarin is not much fast yet and you are always recommended to use XCode to design your iOS app. Once the changes in XCode are done, they are reflected in your Xamarin project

Problem 14: How do I share code in Xamarin Native apps?

Solution:

You can create .NET class library if you want to share code between iOS and Android apps. It is recommended for a normal mobile app to consume to class libraries like Common Code and Service Connection Code.

If you wish to extend support to Windows Phone as well, then .NET class library does not work there. You are advised to use Portable Class Library (PCL). This library can be used in iOS, Android and Windows Phone Xamarin apps.

Problem 15: What are different types of Xamarin apps and which one should I propose to my client?

Solution:

1. If you wish to go native, you can go for Xamarin.iOS, Xamarin.Android and Xamarin.Mac
2. If you wish to go cross platform with UI sharing, you can go with Xamarin.Forms option
3. If you wish to develop windows app which works on Windows Phone, Windows 10 then go with Xamarin UWP (Universal Windows Platform) app
4. Still there are lot of different templates being created as the new versions of Xamarin.Studio are coming up

These were some common problems faced by developers. I am working on Xamarin in depth and would keep on posting some interesting information on this blog regularly. If you have any questions, you can post in comments section.

Thank you.

 

 

 

 

Continous Integration for iOS and Android apps using Xamarin

Why Continuous Integration?

In the complex projects, developers and testers (also called as full stack developers in agile methodologies) simultaneously work on their modules. You can imagine several products are getting created in parallel leading to huge amount of integration work in the regular intervals of time. A single change in the development code needs to be checked into the code repository. This delta is then integrated, tested to make sure that the changes didn’t add any defects, hence a stable product, stable build.

This process is called as Continuous Integration (CI). It lets you find defects in the least possible time in the development cycle from the time of their occurrence. It helps to identify code coverage and facilitate the stability of the release build.

Pre-requisites for Xamarin CI using TFS

For this post, we are going to concentrate on using TFS On-Premise Server for Continuous Integration. When using TFS (i.e. configuring Build.vNext), first steps is to log in and configure the agent pools. Agent Pool is called as a collection of several build agents (i.e. services running on the operating system / build server and listens for builds from TFS). This agent pool needs to be created first and then the build agents. It is to be noted that build agents should be free and should also meet the demands of the particular build requested. For example, an iOS build can only be requested to build agent which has Xamarin.iOS capabilities, similarly for Android also. The choice of how many pools or agents you need totally depends on the different projects/purposes.

For the management of the agent pools, you should know below account groups:

1. Administrator Account Group
2. Service Account Group

Administrator account group member is allowed to add, remove and configure agents in the pool whereas Service account group only let you run builds.

At first, you need to add your user account in Agent Pool Administrators group by logging into TFS. Later, you can create any number of Agent Pool Service Accounts for the production environment.

CI for Xamarin.Android

This section will address the complete steps required to perform the continuous integration process for Xamarin.Android Native Apps. This will also consist of the process to add the windows build agent to build the source code for a project.

Create and Configure Xamarin.Android Build Agent on Windows

This section will provide you step by step details for creation of Xamarin.Android Build Agent on Windows.

When Build agent receives a build from TFS Server, it executes the steps in the build definition. Currently, you have to use a Windows build agent to build Windows/Windows Phone apps and Xamarin.Android apps and a cross-platform build agent on the Mac to build Xamarin.iOS projects. In the future, the cross-platform build agent should also be able to build Xamarin.Android projects too.

This section will provide you step by step details about different items to be installed on your machine to satisfy it as a Windows Build Agent:

Install below software’s on the build machine.

1. Xamarin (Latest Version)
2. Java JDK 1.7
3. Android SDK (Latest Target Version)

Please note that ANDROID_HOME and JAVA_HOME environment variables should be set to locate the required components and advertise them as capabilities of a build agent. Once done, you need to download the agent from TFS, configure and run the build agent.

For configuration of build agent, you need to create a BuildAgents (or any name with which it makes sense) folder in the C:\ drive to store all of the agents in one machine. You can create AndroidAgent folder in it and extract the agent zip file downloaded from TFS. Once done, open Windows PowerShell as Administrator and run .\ConfigureAgent.ps1, press enter. Fill in the required details for the agent and you are done!

The Windows Build Agent is successfully created with the Xamarin.Android Capabilities. The agent starts as a service in Windows. If you wish to start/stop the agent manually, you can stop the service.

Create Xamarin.Android Build Definition

This section will provide you step by step analysis on the creation of a Build Definition for Xamarin.Android project. It uses Windows Build Agent for creation and deployment of the builds.

1. Navigate to TFS Team project Home page, click on the Build tab and click Add button to add new build definition
2. Select Xamarin.Android template and click OK. This will create a new Build Definition with some pre-defined steps

There are different tabs associated with the creation of build definition like Build, Options, Repository, Variables, Triggers, General, Retention and History.

You can modify build steps to build particular Android project present in the TFS Code Repository, sign APK file as a build artifact to TFS. Some more steps are as follows:

3. For the Target input field, type: PackageForAndroid (this will trigger the build target that will create .APK package once the project is built)
4. Add Android Signing builds step, check the ‘Sign the APK’ option and enter valid Keystore details as required
5. Add Publish Build Artifacts step and put ‘Path to Publish’ as $(build.binariesdirectory)\$(BuildConfiguration)

Please note that BuildConfiguration is the variable created under Variables tab which will be used runtime.

6. Check the Continuous Integration (CI) in Triggers tab or you can schedule the trigger as per your project requirements
7. Select the Default agent Queue/Pool which is already created
8. Save the changes and click OK

Once the build definition is created, you can queue new build for the definition and if everything has been configured correctly, your build definition should finish with the message “Build Succeeded”. If failure, you can check logs about the exact cause behind the issue.

CI for Xamarin.iOS

This section will address the complete steps required to perform the continuous integration process for Xamarin.iOS Native Apps. This will also consist of the process to add the windows build agent to build the source code for the project.

Create and Configure Xamarin.iOS Build Agent on Mac OS

This section covers the creation of the cross-platform build agent and configuration for Xamarin.iOS project. The cross-platform agent has been recently introduced along with Visual Studio 2015. This agent can only be configured and executed on Mac OS X and Linux Machines for build definitions created using the Build.vNext tools included in TFS 2015.

Please note that the cross-platform agents are written in Node.js and you can install/update/run them using Node.js.

This section will provide you step by step details about different items to be installed on your machine to satisfy it as a Mac OS X Build Agent:

1. Install below software’s on the build machine:

• Xamarin
• Xcode
• js

2. The next step is to install the VSO Agent using the following command in Mac OS X Terminal:

sudo npm install vsoagent-installer –g

If you think that this will create an agent for you, then it is not. This is just going to create a copy which will be used later to create actual agents.

3. To provide permissions for Node Package Manager, please run below command:

sudo chown –R $USER ~/.npm

4. It is recommended to create a BuildAgents folder in the root of your Macintosh HD partition to store all of the agents you wish to create (you can have multiple agents running on the same machine). Inside this BuildAgents folder, create another folder called Agent1 (or whatever you want to name your build agent). You can create these folders using the Finder
5. Install the VSO agent in the folder you created and run ./config.sh file to start configuration
6. The console will ask following questions to configure the cross-platform build agent on Mac OS X:
   1. Enter alternative username: You need to enter the username of the account that was configured to administer build agents earlier
   2. Enter alternative password: Enter the corresponding password for the account chosen in the previous step
   3. Enter server URL: You need to enter the TFS URL
   4. Enter Authentication Type: Click enter to continue
   5. Enter agent name: You can use whatever name you want to here. This name is to identify agent in the agent pool
   6. Enter agent pool name: This allows you to add an agent to a specific pool which is already available in TFS. If you do not pass this value, the agent will be added to the default pool

The cross-platform build agent is now successfully configured with Xamarin.iOS capabilities. Run ./run.sh to start the agent as a service. Do not close the Terminal window until you want to stop the build agent. You can stop the build agent by pressing Ctrl-C.

Create Xamarin.iOS Build Definition

This section will provide you step by step analysis on the creation of a Build Definition for Xamarin.iOS project. It uses Mac OS X Build Agent for creation and deployment of the builds:

1. Navigate to TFS Team project Home page, click on the Build tab and click Add button to add new build definition
2. Select Xamarin.iOS template and click OK. This will create a new Build Definition with some pre-defined steps

Most of the steps mentioned in the build definition for Android are pretty similar.

You can modify build steps to build particular iOS project present in the TFS Code Repository. You need to modify Xamarin.iOS build steps so the build agent will build the solution and upload the .ipa package that is created as a build artifact to TFS. Some more steps are as follows:

3. Click on ‘Add Build Step…’ and select ‘Publish Build Artifacts’ item
4. Looking at the new ‘Publish Build Artifacts’ build step, In the ‘Copy Root’ input field type: $(build.binariesdirectory)\$(BuildConfiguration)
5. Check the Continuous Integration (CI) in Triggers tab or you can schedule the trigger as per your project requirements
6. Select the Default agent Queue/Pool which is already created
7. Save the changes and click OK

Once the build definition is created, you can queue new build for the definition and if everything has been configured correctly, your build definition should finish with the message “Build Succeeded”. If failure, you can check logs about the exact cause behind the issue.

This way your Continous Integration System for both Android and iOS apps using Xamarin can be set up. I will cover more details about Xamarin in coming posts.

Security aspects in Mobile Banking

In the last article, I covered Mobile Payments. This article focuses on a specific area in mobile payments i.e. security aspects in mobile banking. Security is a crucial parameter in all mobile banking transactions. Let’s check out some parameters which play important role in secure mobile banking:

1. Authorization: The authenticated users access only to business functionality to which they are allowed. Once authenticated, app should check with cloud to determine if the user has required access to data or not
2. Data Confidentiality: The sensitive data should always be kept in RAM (memory) rather than disk. The application must not store any sensitive data on the file system. Sensitive information should not be leaked through logs and error messages. The cache manager should clear the data when the application operates in the background
3. Authentication: There should be strong authentication mechanism. The Multistep authentication is recommended. An additional recommendation is to check for user location using a GPS during authentication
4. Secure Operating Systems: It is necessary to detect if the application is running on a jail-broken/rooted/malware-infected device. An app should make the decision to close itself if system is found guilty
5. Encrypted Connections: All the connections initiated by the app should be encrypted for safety. HTTPS protocol should be used to connect to the cloud. A white list of IP addresses and domain names should be maintained on the device side to prevent apps from talking to other domains not specified on the white list
6. Prevent Local Data Transfer: Banking application should prevent the data from being locally transferred to other installed apps (e.g., copying it or sending it to an unauthorized external application) by disabling the long press on the sensitive UI fields and by remove the data from the clipboard when the app operates in the background. This will ensure restriction for data sharing
7. Secure cleanup after log-off: The secure objects which are involved in the app (For example: account data, user information, any network requests already made but waiting for response etc.) should be wiped off securely when a log-off is triggered. The application should be forced to quit if application tampering is detected
8. Preprocessing: All the plain-test resources present in the app bundle should be eliminated. This will prevent hackers from gathering information from app internals. The symbol table should be stripped, thus leaving only unresolved symbols and forcing an attacker to trawl for data in the runtime code, decrypt the binary or use more complex debugger tactics to obtain a map of the application symbols for class names, methods, and function names
9. Tamper Detection: The application should check to see if it is getting tracked by someone else. For example, debug flags can be checked to determine if the application is being debugged. An app must prevent debuggers from attaching to it (e.g., to read sensitive data from memory in use by another running application). This can be done by defining a debuggable property to false in android manifest file
10. Root Certificate Check: For secure communications with the cloud, SSL certificate should be bundled with an app. This certificate is required to see if it is signed by the respective authority. If the certificate is not signed, then the app should be closed.
11. Blacklisting older version apps: It should be possible to block certain older versions of the app on the back-end server if there is a security breach. If an app version is blacklisted, then the user will receive an error message and be asked to upgrade the app. This is ultimately beneficial for users for secure transaction
12. Security Logging: All the security events which are going on inside the application should be logged locally and then sent to cloud (back-end server) periodically for later analysis. During log-off, the device data is sent to the server to ensure no confidential data remains on the device
13. Encrypted Assets: All the important data files like property file, configuration file should be hidden and encrypted
14. Anti-pharming Protection: App should always check the hostname lookup with DNS resolves to the whitelisted IP address. This will ensure that app does not redirect to any malicious server in between

This was just an overview of security in mobile banking. If you have any other important points which I missed here, please enlist in the comments.

Cheers.

All you need to know about Mobile Payments

Mobile is everything.

I hope that every single person would agree on above statement. Every single thing personal computer is capable of doing from several years is almost possible on mobile devices these days. Mobile payments are willing to make their mark too. The new tech generation is all about mobiles and gadgets.

I have been doing research on mobile payments for quite a while and wish to share some analysis in this exciting space.

Below is the scenario of a day in the life of Mr. Chuck Norris. From morning to night, most of the payment transactions initiated from mobile.

You can check the mobile payment segmentation done below based on the category of payments i.e. remote and local (proximity) payments. You can clearly see which payments fall in what category.

Let’s dive into the top five categories of mobile payments:

1. Mobile at Point of Sale: Mobile Wallet
2. Mobile as Point of Sale: —Use mobile device to process credit card payments
3. Direct Mobile Billing: Put it on my phone bill
4. Closed loop mobile payments: Pay via mobile devices only at a specific vendor and only against an established account balance
5. Mobile Payment Platform: —This is the “everything else” mobile payment. Think of it as a “catch-all” category for products that let consumers send money to merchants, or even each other (called as P2P), all while using mobile devices. It might be at the POS, it might be online, it might use text messages or even NFC (Near-Field Communications) someday

Mobile payments are one of the hottest topics of the last year. There’s been a tremendous investment that is going on in this area. Let us check out some of the trends and technologies which are essential for any mobile payment system:

• —Security and Biometrics

1. —[Tech Giant]Pay
2. —Relying on NFC, Tokenization, SE, EMV, HCE, Fingerprint Reader, Biometrics and other different technologies to provide seamless and secure options for users

• —Offer better deal and experience

1. Redesign the bridge for retailers to offer their products to customers and how consumers pay for their retail purchases
2. —Consider a scenario wherein instead of walking into a coffee shop to buy a cup of coffee, users will receive an offer for a better deal, such as 12 cups of coffee or the price of 10, which they can purchase in advance and redeem whenever they like

• —Make payments easier

1. —Transfer the money directly to your friends account with the help of an app
2. —Pay to a merchant in a quickest possible way. For example: Using Touch ID (biometrics), one-touch payment services etc.
3. —Example: When you’re out with a group of friends and struggling to split the bill. These apps streamline that by enabling one person to pay for a credit card and everyone else to pitch in via an app

The common mobile payment technologies used by different companies are:

•  NFC – To make an NFC payment one needs to bring the NFC device close to POS terminal where NFC capable device recognizes the POS device. It uses a token using the POS provided data and a secure element and expected to be default mode of payment currently
• —QR codes – —Most of the smartphones have cameras with the ability to scan and read QR codes. This method is extensively used in mobile payments. There are basically 2 types of QR code payments that can be made:

1. —Receive a QR code on your phone and get it scanned at the counter: In this case, the customer needs to have a payment app installed in the mobile phone, which will generate a QR code for the payment transaction. This QR code can be scanned using a barcode reader by a cashier to process the payment
2. —Scan the QR code at the counter and make the payment: In this case, the customer needs to have a payment app installed in the mobile phone, which can read the QR code and process payment for the same

•  —MST (Magnetic Secure Transmission) – —This method generates changing magnetic fields over a short period of time that emulates the same magnetic field change as when a card is swiped across the read head that emulates the same magnetic field change as when a card is swiped across the read head. This technology is owned by LoopPay which is taken over by Samsung. Samsung Galaxy S6 supports MST
• —STK (SIM Application Toolkit) –

1. —Securely store the IMSI which identifies the subscriber uniquely
2. —Wrapper on top of the SIM technology, this enables the mobile service provider to provide the user with a menu based technology that is used for various services including mobile payments
3. Examples: —M-Pesa by Safaricom

• —Mobile Card Reader – —Can be attached to any smartphone enabling the smartphones to make payments through cards

As you have seen, there are many technologies and applications already present in the market but still there are very less number of people who actually make use of these. The consumer traction ratio is way below expected. This is mainly due to less awareness and security. Let us look out some of the key factors required for success in mobile payments.

User convenience:

•  —Enormous Freedom to pay for goods and services via mobiles devices for consumers
• —It is important to provide a similar user experience for the validation of the mobile transaction
• —Improve acceptance of payment transactions that are free of slowdowns, delays and re-entry of the same data into different platforms for the same purchase

Perception of security and trust

• —Allow organizations to take full advantage of the business opportunities while at the same time giving end users confidence in the security of the service
• —End users must trust the payment service provider behind the solution

—Payment Processor – —To make a mobile payment app successful, it should be noted that the payment processor should be chosen appropriately. This would make sure proper PCI compliance handling ensuring security to every transaction via mobile device

—Lookers to Bookers – —A process that improves the conversion of interested consumers into paying customers

—Range of Payment methods:

—Support a range of alternate payment methods and digital wallets (former, current and future), including Android Pay, Apple Pay, Samsung Pay, Master Pass, Visa Checkout, Amex Express Checkout, M-Pesa, prepaid cards and others

—Make it easy to buy from you, and passengers will turn to you first for whatever they need.

Development Oriented Trends

     

—Braintree SDK provides an easy to use the collection of APIs for adding native payments to iOS/Android mobile apps. The Venmo touch network provided by Braintree technology allows a user to make a one-tap purchase without having to input the credit card information over and over again.

—Stripe APIs are developer-friendly and robust. Sensitive card data security is accomplished by converting the information on the card to tokens on their Stripe servers. One can charge these tokens later in your server-side code.

PayPal API and Square Connect API are also extensively used.

Market Opportunity

Let’s take a look at different opportunities in mobile payments market –

• —Gartner predicts mobile payments will grow at a rate of 30% per year from 2013 through 2018 – to reach more than $900 billion in 2018
• —1.09 billion people will be making mobile proximity payments globally by 2019, of which 939.10 million will be made through NFC
• —A Focus on providing merchants with Multichannel Payment Services
• —Exciting market ahead for P2P service providers e.g. PayPal’s Venmo and services from Facebook, Google etc.
• —Payment through wallets using NFC, tokenization, biometrics because mobile devices will be a mainstream option for person-to-person or person-to-business payments
• —Cryptocurrencies. E.g. Bitcoin, Litecoin but still in the early phases
• —One touch mobile payments e.g. PayPal/BrainTree provides One touch service to more than 10 million consumers today
• —Support for loyalty cards and strong security
• —Using Touch ID for Apple Pay transactions

Let us look at some of the popular applications which are used for mobile payments.

1.   Apple Pay
2.   Google Wallet
3.   Android Pay
4.   PayPal
5.   Venmo
6.   Facebook Messenger
7.   LoopPay / SamsungPay
8.   BlockChain
9.   PayFroit
10.   Merchant Customer Exchange
11.   Square Cash

Applications in different sectors:

—Healthcare – —The mobile payments industry is expected to reach $142 billion by 2019, and healthcare providers are beginning to position themselves to embrace the mobile space. Health care providers may benefit from the advent of mobile commerce as it will make them more accommodating to consumers and give them access to a growing mobile consumer-base

—Finance – —Google partnered with Citi Group to develop the Google Wallet NFC-based mobile payment system —PayPal, which is now a de-facto member of the financial institution club, has announced the development of proprietary NFC-based P2P system built on a Nexus S Android device. —In the UK, O2 has partnered with Barclay’s Bank to launch the O2 Money initiative.

—Telecom – —Many telecommunications companies are showing an increasing interest in developing mobile solutions for financial services. —The fourth major player in the US cellular network arena, Sprint, has launched its proprietary Sprint Mobile Wallet service in partnership with Cardinal Commerce payment processors.

Companies are looking to invest more and more in mobile payments and finding out innovative approaches not only for the consumer but also for the business users to make payments. To give you an example, Google has come up with an exciting innovative approach to making payments. It is named as “Hands-Free Payments” method. After installing the Hands-Free app for Android or iOS, you’ll add a photo of yourself for identification and either add a credit/debit card or choose one that’s attached to your Google account. Once that’s all done and you’ve rendezvoused with a cashier, mention you’re paying with Google — the app uses Bluetooth LE and WiFi (among other things) to tell whether you’re in a store equipped for Hands-Free payments and passes your information along to the cashier’s point-of-sale system. The cashier confirms you are who you say you are using that photo and your initials, and that’s that. Payment complete.

This is fascinating. Though this sounds quick, there are a lot of complexities involved in this and Google is claiming to take care of them.

Yeah, this is a vast domain and many things are still yet to be researched. As I get my hands dirty with them, I will write an article in continuation with this one.

Hoping for the better mobile payment year this time!