Rising User Expectations
Control of location data is just one aspect of mobile application security that may find the developer unprepared. Mobile applications may be handling medical data or engaging in financial transactions, both of which require security measures that meet rising user expectations and stand up to growing regulatory scrutiny.As mobile devices get smaller, they are more easily lost or stolen, making it all the more important to authenticate the userpreferably with multifactor approaches, including biometricsrather than authenticating the device with technologies such as stored passwords or browser cookies. Back-end costs could quickly get out of control as developers strive to support a diversity of mobile experiences, all too easily leading to multiple and largely redundant (or, worse yet, inconsistent) logic paths and data stores. Making it easy to repurpose data requires upfront attention to data representation; making it easy to serve diverse devices requires thoughtful separation of presentation from core logic and loose coupling among the modules that deliver both basic and premium services. These practices will maximize developers ability to take advantage of new opportunities to reach the mobile user. Mobile applications value-adding opportunities will rapidly expand during the rest of this decade. In June, Computer Industry Almanac Inc. projected that, by 2010, mobile PCs will represent 43 percent of all PCs in the United Statesup from less than 30 percent this yearwith a projected installed base five years from now of 125 million units in the United States and nearly half a billion worldwide. The worldwide percentage of mobile PCs will be less than in the United States, according to the same forecast, most likely because other countries have moved more aggressively to adopt Web-capable handsets rather than carrying cumbersome Wi-Fi laptops. Worldwide, 49 percent of mobile handsets are Web-capable; in North America, penetration of Web-capable handsets is only 37 percent, according to comments made by Philipp Hoschka, World Wide Web Consortium deputy director for Europe, at the W3C 10th anniversary symposium held in Boston last December. Web-capable handsets will outnumber WAN-capable laptop PCs by a 7-to-1 ratio by no later than 2008, with an anticipated worldwide installed base on the order of 1.4 billion units, Hoschka estimated. Read more here about emerging mobile devices and wireless technologies at C3 Expo. What holds back mobile handset acceptance in every market, Hoschka indicated, is not Internet access on the demand side but device-appropriate content on the supply side. He painted a picture of todays smart-phone user seeing a Web address on a billboard and trying to access the site. In his scenario, the UI on the handset is cumbersome, the graphics and other layout conventions of the site dont translate to the small screen, and the security protocols (such as support for cookies) are frustratingly inconsistent. Of such experiences, markets are not made. The W3C issued in October a working draft of the 1.0 release of its Mobile Web Best Practices. These provide useful guidance to developers on major topics that include application and device requirements; overall application behavior; and developer practices for site navigation, content presentation and user interaction. Next Page: Key points.
At the same time, those measures must not overwhelm the processing power of mobile devices, the bandwidth of wireless connections or the tolerance of mobile users who are probably attending to multiple tasks.