December 11th, 2012

Clarifying “Hybrid Mobile App”

Hybrid Mobile AppsTomorrow, I’ll be presenting a webinar called 5 Ways to Get Top Mobile App Developer Talent for Your Open APIs. Preparing for this webinar got me thinking about different types of mobile app and how they relate to APIs. One thing that occurred to me was how loosely the term “hybrid mobile app” is used – I’ve seen it used to define two very different types of app.

1. Hybrid HTML5/Native Mobile Apps
The term “hybrid mobile app” is often employed to describe an app that is created using a WORA (write once run anywhere) framework like PhoneGap or Appcelerator. These frameworks basically make it simple for developers to generate mobile apps using HTML5, Javascript and CSS.

In the case of Phonegap this app will essentially be a “wrapped” Web site. For PhoneGap apps, developers will often use a UI framework as well, such as JQuery Mobile or Sencha. These UI frameworks look “good enough” on mobile devices, although they should not be confused with the true native UI controls of iOS, Android etc.

In the case of Appcelerator, the generated app can actually leverage the true native sliders, scrollers, date pickers etc. of the device OS. The limitation to this approach is that a developer is fully locked in to what Appcelerator provides. Currently it offers builds for native iOS and Android as well as an HTML5 build, which could potentially be run through PhoneGap.

2. Hybrid API-Driven/Thin-Client Mobile Apps
The term is also used to describe apps that are installed on and run entirely on the mobile device – similar to how a totally native, offline game or other app might work – but which rely on a data connection for presenting Web-based resources, enterprise application functionality or other information assets.

Of course, these information assets are made accessible to the apps via APIs, which is where Layer 7 comes into the equation. In tomorrow’s webinar, I’ll be mainly focused on hybrid mobile apps that are powered by APIs and discussing aspects that are important to address when developing an HTML5 hybrid native app that is also a hybrid API-driven native app. Click here if you want to find out more about the webinar or if you’d like to register.

December 7th, 2012

Use Hypermedia to Reduce Mobile Deployment Costs

Using Hypermedia to Reduce CostsI speak about the power and flexibility of hypermedia quite often. I explain the general idea behind hypermedia, discuss its historical roots and show how it can help client applications adapt to changes in data input and application flow. Essentially, a hypermedia-based approach aims to take key elements often placed into the client’s source code and move them into the actual response messages sent by the server.

I also point out that using a hypermedia-based approach to building client and server applications takes a different kind of effort than using RPC-style approaches. And I explain that, currently, there is a limited amount of tooling available to support the process of designing, implementing and maintaining hypermedia-style systems.

If your work involves designing, building, testing and deploying a mobile client application, it is likely you need to deal with an “application store” or some other process where your packaged application must be submitted for review and approval before it is available to users for download. This can happen not only with well-known public offerings such as the Apple Store but also within any organization that provides its own application repository aimed at ensuring the safety and consistency of user-available mobile apps.

In an environment of quick-turnaround, agile-style implementations this “app store” approval can be a real bottleneck. It may be not just days but weeks before your app is tested, approved and posted. This can be especially frustrating when you want to deploy a rapid-fire series of enhancements in response to an engaged user community.

A hypermedia-based client design can often support UI, data transfer and workflow modifications by altering the server messages rather than altering the client source code. By doing this, it is possible to improve both the user experience and the system functionality without the need for re-submitting the client code for “app store” review and re-deployment. This also has the potential to reduce the need for interrupting a user’s day with download and reinstall events and can, in the process, cut down on the bandwidth costs incurred during the repeated roll outs of code modifications to a potentially large user base.

Improved agility, a better user experience and reduced bandwidth costs are all tangible benefits that are possible when investing in a hypermedia-based implementation for your mobile client application.

December 3rd, 2012

A Break in the Clouds

A Break in the CloudsA recent study by researchers at North Carolina State University and the University of Oregon describes a threat scenario that allows attackers to exploit cloud-based resources for malicious purposes like cracking passwords or launching denial-of-service attacks. The study has gotten a lot of attention, including articles in reputable sources like Dark Reading, Ars Technica and Network World.

In order to optimize the performance of mobile apps or browsers, some computation-heavy functions have been offloaded to cloud-based resources, which in turn access backend resources and Web pages. This creates a middle ground in the cloud that is exploited in the attack, which the authors call “Browser Map Reduce (BMR)”. In reading the paper, it’s clear that this is a legitimate threat. The authors actually carried it out using free resources, although they limited the scope in order not to be abusive.

Aside from questions of curiosity around the mechanics of the vulnerability, the obvious question is this: How can we mitigate this threat? Here are a few perspectives here as well as a method for each.

Apps – This “cloud offload” architecture has arisen because of the processing limitations of mobile devices. When a backend resource is requested by a mobile user, it makes sense to have the data returned in the most consumable format, in order to optimize user experience. Whenever possible, instead of doing this through “browser offload”, data should be returned as JSON objects. This API approach is a proven method that works for mobile devices and is not subject to the BMR threat.

Cloud Services – This threat should not be viewed as a dismissal of the “cloud offload” approach. Cloud-based resources are necessary for handling caching, data indexing and other key functions in the mobile paradigm. However, it serves as a warning that these dedicated cloud-based resources cannot be considered part of a walled garden that includes the associated mobile app. The resource’s entry point must be protected against attackers. Layer 7’s SecureSpan Mobile Access Gateway is an ideal choice for this access control, as it uses identity-based measures to ensure that only requests from legitimate sources are serviced.

Web-Based Resources – Although the backend Web resource was not exploited in this scenario, the study is a reminder that the topology of the mobile Web is changing and increasing in complexity. P2P app-to-API connections cannot be assumed and therefore inbound API calls cannot be implicitly trusted. API access must be controlled and the SecureSpan API Proxy is a leading solution for this purpose.

To sum up, this is a legitimate threat but not a reason to abandon the use of cloud-based resources for mobile app optimization. Be aware of the threats, employ the mitigations and then you can continue to enjoy the exciting growth of the mobile Web.

November 15th, 2012

Optimizing Cloud-Driven Mobile Apps – Tech Talk Featuring Alex Gaber

Alex Gaber Tech TalkI’m excited to welcome back our API Evangelist Alex Gaber to do his second Tech Talk. Back by popular demand, Alex will take your questions on Optimizing Cloud-Driven Mobile Apps. Alex is a dynamic speaker who knows the app economy inside and out, has built several of his own mobile apps and regularly host hackathons all over the globe.

Building cloud- and API-driven mobile apps introduces complex challenges around syncing, caching and securing data. So, connect live with Layer 7 on Tuesday November 20, at 9am Pacific Time, when Alex will be answering your questions about how to address these challenges. Alex will also provide insight into a range of related best practices, including techniques for building cross-platform applications in HTML 5.

Click here to get the full event details and a reminder in your calendar. On the day of the event, join the event at layer7.com/live and tweet questions to #layer7live.

tweet this

 

 

November 8th, 2012

APIs in Apps: Considerations for UX & App Performance Optimization

QConWhen a mobile app is dependent upon APIs, many new challenges are introduced to the developer. To provide the best possible user experience (UX), a mobile app should be snappy and responsive. Often though, in the reality of cell phone networks that are bottlenecked and over capacity, a dependence on a fast data connection can lead to a UX nightmare.

Tomorrow (that’s Friday November 9) at 10:30am, I’ll be discussing the challenges of mobile app UX at QCon in San Francisco. In a presentation called “HTML5 Cross-Platform Mobile Apps Integrating APIs”, I’ll be outlining significant challenges around API-driven mobile apps, as well as mistakes developers commonly make, and suggesting best practices for addressing them.

I hope you can make, if you’re at the show. Also, be sure to visit Layer 7 at booth #11.