The pace at which mobile apps have permeated into our everyday lives is astonishing. It has, after all, been less than five years since Apple* opened the first app distribution service and, already, apps have become a critical and ubiquitous aspect of most people's everyday lives.
In 2009 – just one year after the first mobile apps were put onto smartphones – users downloaded more than 9 billion1 of them; two years later that number had more than tripled to 29 billion. Pundits suggest that 2015 will see the number soar to 183 billion.2
This is not all Angry Birds and restaurant reviews; many enterprises have also found apps to be a valuable tool for enhancing productivity, driving mobile adoption and increasing efficiency. The trend is set to continue; according to the researchers at Gartner, almost nine in ten enterprises will likely support corporate applications on personal mobile devices by the end of next year.3
In part, this is because app development offers organizations a new and different model for delivering IT support and services. Rather than spending two or more years developing a near-perfect piece of software, apps are developed in a more iterative fashion where improvements and new functionality are bolted on as they are demanded or developed.
This is both a good and a bad thing. On the one hand, this development style allows for greater flexibility, faster development time and a greater ability to make changes or fix bugs as needed. It also means that opportunities for competitive advantage can be capitalized upon as soon as they are identified.
At the same time, however, the approach creates new challenges, particularly for risk managers, security leaders, executives and even the developers themselves. For one, an application that is rushed to market too early may meet with negative reviews and fail to ever gain sufficient traction. Too many upgrades and fixes also carry the potential for overwhelming devices or soaking up valuable bandwidth.
The greatest challenge, however, relates to security and resilience. Indeed, with applications now holding increasing amounts of our personal and mission-critical enterprise data, the ability to adequately test mobile apps has become a vital capability for software developers and enterprise risk teams alike.
But interestingly, many mobile apps seem to enjoy a veritable 'free pass' when it comes to testing, particularly when compared against the rigorous risk testing and resilience planning that once defined enterprise software development.
In our experience, mobile apps – whether in the consumer or the enterprise market – should undergo rigorous testing against six key criteria:
The bottom line here is that testing cannot be an afterthought for application developers and enterprise risk managers. Indeed, organizations must take a risk-based approach to help ensure the success of their mobile apps in the marketplace.
To achieve this, new testing techniques and tools will be needed to help companies quickly develop and redesign secure, stable, functional mobile apps. Such techniques and tools must – above all – help risk managers and developers to manage and mitigate the business and operational risks specific to mobile apps.
By Christopher Ammann and Ryan Burns, KPMG in the US
* Apple is a trademark of Apple Inc., registered in the U.S. and other countries.
1. ABI Research, Mobile Applications Market Data January 2012.
2. IDC Press Release "IDC Forecasts Nearly 183 Billion Annual Mobile Downloads by 2015: Monetization Challenges Driving Business Model Evolution", Jun 28 2011
3. Gartner, Inc.; Gartner's Top Predictions for IT Organizations and Users, 2011 and Beyond: Its Growing Transparency, 23 Nov 2010.