Develop Native Apps on Linux, Mac or Windows with Smartface Command Line Interface (CLI)

Today, we announce yet another step towards OS-free native mobile development. With the Smartface Command Line Interface (CLI) tool, you can develop native iOS and Android apps on Linux, Mac or Windows with any code or text editor.

Moreover, it’s free and it works with your current Smartface license, including the community edition. Below are the features of the CLI tool:

Coding Without Boundaries

Code with JavaScript to develop native mobile apps on your favorite code editor on any OS. Use Sublime Text, Atom, Notepad++ or any other code editor.

Publish Easily

Publish native apps with a single command or use the interactive mode for guided publishing.

Automation

Full automation of Smartface publishing process for your iOS and Android apps:

  • Utilize the power of Smartface Platform in batch processes
  • Use testing automation tools for Smartface apps
  • Automate version releases

 

Click here to visit Smartface CLI product page for installation and documentation.

News from Smartface: Introducing Smartface University, Updated Smartface-in-Action and New Pricing Page

As a part of our efforts to improve your Smartface experience, we are happy to announce some new changes, a small part of the big change that we will announce soon.

 1. Smartface University opens its doors

Smartface University is live! With the official training materials, learning Smartface is easier than ever.

You can access training resources on various topics. Start from the basics to more advanced topics and you can become a Smartface expert with Smartface University.

 

2. Smartface-in-Action updated with iOS 9 support

Our best practice app and iOS Emulator Smartface-in-Action is updated with iOS 9 support. You can download it from the App Store. Full source code of Smartface-in-Action comes shipped with all Smartface App Studio installations.

 

3. New pricing page and updated license plans

We updated our pricing page and licensing plans. You can get an overview of all plans and compare the plans in more detail. Subscribing to a plan is also easier now.

Moreover, we now provide special arrangements for educational institutions and small startups regarding our commercial and enterprise packages. You can contact us for more details.

Develop iOS 9 Compatible Native Apps with Smartface

iOS 9 release date is on September 16 with many changes and new features for both users and developers.

Get ready for developing apps for iOS 9 with Smartface. The new Smartface release 4.4.0.3 provides day-one support for iOS 9.

Notable changes in iOS 9 include:

  • New and revamped Apple apps such as News and Notes
  • Multitasking support on iPad (only on high end models)
  • Improved search and Siri
  • 3D Touch for iPhone 6S and 6s Plus
  • New and improved kits and APIs for developers
  • App Thinning for iOS
  • Swift 2 for development

As with most major OS version changes, migration requires an intense amount of effort for developers and Smartface is here to ease that pain. You don’t need to worry about the complexities of the fragmented world of OSes and devices.

For instance, Swift 2 makes things even more complicated for developers with new questions. Should you learn a new language? What if Objective-C becomes obsolete? How can I keep up if things change in every iteration of Swift?

With Smartface, you don’t need to worry about such burdensome questions. Smartface supports standard JavaScript with a single codebase for iOS and Android development, so you don’t need worry about learning a new language or keeping up with a constantly changing language.

As for app thinning, this is nothing new for Smartface developers. Smartface already offers more than what Apple offers with app thinning without OS limitations.

You already have the option of using remote resources for iOS and Android apps with Smartface.

iOS 9 is not needed and you can download not just images or icons but all of your runtime code from an external source and change your app on-the-fly. Moreover, you don’t need to bother with learning and applying things like bitcode or slicing. Just point your external JS file as an include to update native iOS and Android apps remotely.

As always, Smartface isolates you from the headaches of upgrading your apps to support new OS versions.

Just republish your app with the latest version of Smartface and you are good to go. As long as you use the latest Smartface version, your apps can support iOS 9, iOS 10 or whatever version comes in your way. Everything is already upgraded and tested for you in the framework.

Download Smartface now and develop iOS 9 ready native apps with remote updating.

Tips and Tricks with Smartface for Mobile App Development

This week, we present you a small but useful mobile development tips and tricks to facilitate mobile development process and enhance your mobile applications.

 

1. Faster Android virtual device emulation with Genymotion

While developing mobile applications, especially for Android, we need a variety of devices that offer different screen sizes. This necessity is a major disadvantage in testing process. The Smartface App Studio allows you to run the applications on virtual devices, such as Android Standard Emulator, but there is a problem of insufficient performance of the virtual devices.

Smartface supports Genymotion for faster Android emulation.

Click here for Genymotion guide on Smartface

 

2. Use Icon Font as a replacement for icons and images for convenience

Icon font library provides an easy way for displaying icons in applications.

With icon font library, labels will be able to show icons. There is no need to crop images to acquire icons for different device screen resolutions.

Click here to learn more about using Font Awesome as icons in your iOS and Android apps with Smartface

 

3. Push Notification on Parse Services for iOS and Android

If you have your own server has integrated with GCM or APNS, you can send push to mobile devices with Smartface apps, but if you don’t have your own push server, Parse is a popular free alternative for push notifications.

With Parse, you can start sending push notifications in just a few steps with your iOS and Android apps.

Click here for the guide for push notifications with Parse for iOS and Android apps with Smartface

 

4. Parse with REST API on Smartface App Studio

Parse allows you to create your applications without worrying about creating the backend of the application. Using Parse, you can create a flexible and powerful backend without worrying about server management and investing time in writing code for backend servers.

The REST API lets you interact with Parse from any medium that can send an HTTP request. You can use it for a number of purposes in Smartface App Studio for iOS and Android.

Click here to learn more about using Parse REST API in iOS and Android apps with Smartface

 

Visit Smartface Guides for more tips and tricks on mobile application development.

Smartface Architecture for Native iOS and Android Development with Single JavaScript Codebase

Smartface is a native cross-platform JavaScript interpreter framework for iOS and Android. The framework consists of two main elements: Run-Time Engine and Desktop IDE. The IDE is Windows-based and has no dependency on Mac for iOS testing and debugging, meaning that whole iOS development can be done on Windows. Run-time engine is explained below in more detail.

  1. Overview of the Architecture
  2. Run-time Package
  3. Interaction
  4. Security
  5. Extensibility
  6. Performance
  7. Stability
  8. JavaScript Compatibility
  9. Connectivity

 

1. Overview of the Architecture

Smartface run-time engine is built upon a single Core, which is common across platforms:

Smartface Architecture Diagram

Smartface Architecture Diagram

1.1. Smartface Core

Smartface is shaped around the Core. It is written in C++ and is used across all platforms.

This Core contains the main logic of the engine, such as event triggering, encryption & decryption, data relay & translation between other modules.

Every JavaScript object or method that interacts with native objects first interacts with the Core, which in turn updates the native object via the platform specific bridge. This abstraction model in the Core ensures single codebase development in Smartface.

1.2. Native OS Layer

In each platform, native objects such as Label, Editbox (textbox) are provided. Each OS platform provides bindings for the native objects written in the native development language of the platform: Objective-C for iOS and Java for Android. OS specific behaviors are implemented at this level.

1.3. Android and iOS Bridges

The OS Bridge establishes communication, translation and wrapping between native objects and the Smartface Core. The bridge is developed in C++ and is customized for each OS based on the needs of the native environment.

1.4. SQLite

SQLite engine is used as the built-in database within the application.

1.5. Curl

Curl is the library used for network communication in Smartface, it is used both in iOS and Android.

1.6. JavaScript Engine

JavaScriptCore a part of the open source WebKit Browser engine is used across all platforms. This ensures the compatibility of JavaScript features between each platform. This engine is customized with remote debugging features.

1.7. Core Plugins

There are a number of built-in plugins shipped with the platform. These plugins have core level integration, which enables them to be bound as native objects, such as AdMob. Additional plugins can also be added with the upcoming plugin support.

2. Run-time Package

Run-time engine is precompiled targeting the OS. Smartface iOS Runtime and Smartface Android Runtime have their own separate runtime implementations. Android also has two runtime options based on CPU architecture: ARM & Intel (x86).

Smartface Native iOS and Android Runtime  Packages

Smartface Native iOS and Android Runtime Packages

 

When a project is ready, it can be published from the IDE. This generates an APK file for Android, and an Xcode project in a zip file for iOS. Smartface runtime is precompiled; packaged by IDE with project files and plugins to be delivered to device.

 

Smartface Project Package

Smartface Project Package

Static project data & info is an XML data, converted to binary format on IDE to be parsed faster on runtime. This data consists of static objects, database schema and project info. Static objects are the objects designed on the IDE: UI, Network, DataSets and DataTables. If an object is declared within JavaScript code, then it is referred to as a Dynamic object.

Plug-ins are also pre-compiled and ready to be shipped out of the box.

3. Interaction

When an app developed by Smartface is published by the IDE, and Android APK file or an iOS Xcode project is generated.

After app is deployed and ready to run, it is executed as explained in the Smartface App Execution Flow.

There is an important thing to notice, every static object is loaded to the memory during startup, and dynamic objects are loaded when code calls for it.

In the JavaScript example below, there are static objects in Page1, TextButton1 and Label1. TextButton onPressed event is mapped to function Page1_TextButton1_OnPressed. When a user clicks the button to set the text of the label as given by the code below, following steps are executed:

function Page1_TextButton1_OnPressed(e) {
     Pages.Page1.Label1.text = "hello world";
}
  1. JavaScript engine accesses to Pages object, which resides in Core
  2. JavaScript engine gets Page1 property of Pages which resides in Core
  3. JavaScript engine gets Label1 property of Page1 which resides in Core
  4. JavaScript engine sets text property value of Label1 which resides in Core. While setting this value, before returning to the JavaScript Engine, Core performs following operations:
    1. Core access the native Label object through bridge.
    2. Updates the value in UI
    3. Returns to the JavaScript engine to proceed with next line. In this case, both Core and UI has the copy of the value.

 

While getting values from objects, execution occurs in the following way for the code shown below:

function Page1_TextButton2_OnPressed(e) {
alert(Pages.Page1.Label1.text);
}
  1. JavaScript engine accesses to Label with same steps explained above
  2. JavaScript engine gets value from the Core. The Core does not retrieve this value from an UI object, it directly returns the value from the value stored in the Core.

 

4. Security

Compiled C++ and Objective-C codes and obfuscated Java code hardens Smartface engine for reverse engineering.

Binary data and JavaScript code of the project are encrypted.

The Core provides easy-to-use encryption facilities to encrypt the database for security. Smartface also comes built-in with security plugins from different security providers.

Built-in level encryption keys are generated dynamically by the IDE during publishing process, this encryption key is retrieved by the master key within Smartface. This hardens the stored data against known text attacks.

5. Extensibility

Smartface is an extensible framework and third party native libraries can be added as plugins.

This integration can be done in several levels of integration between Core and Native OS level.

Some plugins are shipped with Smartface App Studio and some of them are obtained separately from external sources. Shipped plug-ins are part of the run-time engine and IDE does not add them separately during publishing process except AdMob for iOS. The other plugins are precompiled and added to the app package by the IDE during publishing. Presence of these plugins is checked by engine during runtime and feature support is managed accordingly.

6. Performance

Smartface core is developed in C++ for iOS and Android and the architecture is designed to minimize the performance loss.

There might be a performance loss up to 3%. However, this performance difference is not noticeable unless milliseconds are critical for an app.

7. Stability

Smartface Engine takes care of memory optimization; UI rich components are implemented with their memory usage optimized.

Since the framework is a product of 4 years of intensive testing, device-specific issues are addressed and solved within the framework.

For multi-threaded implementations, Smartface Engine itself takes care of thread synchronization and internal data transfer.

8. JavaScript Compatibility

Smartface supports plain pure JavaScript; it has no parts of HTML or DOM. The engine is taken out of WebKit, and stripped out everything except the JavaScript engine.

The engine is ECMAScript 5 compatible. Same compatible engine and version is used both in iOS and Android to ensure the highest compatibility of JavaScript features in both environments.

Built-in JavaScript engine of WebKit does not include remote debugging protocol and debugging features. JavaScript engine is extended with remote debugging features, enabling JavaScript debugging from IDE both in iOS & Android with full debugging features.

9. Connectivity

Smartface has built-in web socket client support. Any application developed using Smartface can consume any web services without any problem, such as Restful, SOAP and OData services. This web socket client architecture is built on Curl. Curl is a very popular and stable cross-platform connectivity library, which eliminates the behavioral differences between iOS & Android.

Any mobile app can call the app developed with Smartface in a bidirectional way with passing data to and from it.

Apps developed with Smartface can register for receiving push notifications for iOS and Android. Using push notifications, apps can receive push data.

iOS Framework also has support for iBeacon, it can receive data from iBeacon source and estimate proximity.

 

With its superior architecture, Smartface enables you to develop native iOS and Android apps with a single JavaScript codebase. Download Smartface now and start developing mobile apps right now!

Smartface: The Only Solution for Native iOS Development on Windows PC

There are more than a million apps in iTunes store and Google Play and this number is rapidly increasing.

However, the demand for apps is increasing faster than the supply for developers and the requirement for a Mac computer running Mac OS for iOS app development makes it even more difficult to find iOS developers.

iOS development on Windows PCs is an appealing thought, but it is not possible in the traditional way as Xcode is the only development environment for Objective-C or Swift based iOS apps and Xcode is only compatible with Mac OS, not with Windows. Even though Windows 10 is similarly named and versioned like Mac OS X, iOS development on Windows 10 is still a dream.

There are some alternative solutions for iOS development on Windows, but they are all just workarounds, which either include some kind of technical detail such as virtual machines or non-native development solutions such as hybrid development, which is just displaying a webpage in a native container. Alternatively, you can code your iOS apps with any text editor in Windows, but you would need a Mac anyway for testing and debugging your iOS app developed on Windows.

You can develop native Android apps on Windows with Eclipse and Android SDK, but there is only one true alternative for native iOS development: Smartface is the only solution for iOS development on Windows.

Smartface allows iOS development for Windows with a complete set of iOS development tools, including a drag and drop What You See Is What You Get editor and on-device iOS emulator for Windows as well as a fully featured Windows-based iOS debugger with watches, breakpoints and unique features like code injection during runtime, which is not even available in Xcode.

Smartface iOS Emulator and Debugger for iOS Development on Windows

Smartface iOS Emulator and Debugger for iOS Development on Windows

With Smartface, you can connect your iPhone to your Windows PC to use the iOS emulator to test your native iPhone apps on Windows.

Since Smartface enables native iOS development on PC with a single JavaScript codebase, all of these features are also applicable for Android development for Windows. Therefore, if you are a freelancer or a web developer seeking a way to develop iOS apps with a Windows-based development environment, along with Android apps, you can take advantage of Smartface.

Similarly, if you work with an enterprise with strict security restrictions, where Mac usage is not allowed, you can use Smartface to develop iOS apps in enterprise Windows settings.

Download Smartface App Studio and use it instantly for Android and iOS development on Windows.

15 Frequently Asked Questions about Smartface

Here we present you the 15 most frequently asked questions about Smartface from our community and from our enterprise customers. You can find answers to business-related and technical questions.

 

  1. What kind of mobile applications can you develop with Smartface?
  2. Why should I choose Smartface?
  3. How do you handle operating system and device differences and fragmentation?
  4. How do you support new operating system versions?
  5. How does Smartface work? Could you provide more information on the architecture of Smartface? Is Smartface open source?
  6. Since Smartface is an interpreter framework, would it be possible to update the source code of the application on the fly by downloading it from an external source during runtime?
  7. Are there any performance differences between apps developed with Smartface and apps developed with Objective-C/Swift/Java?
  8. Are there any app size differences between apps developed with Smartface and apps developed with Objective-C/Swift/Java?
  9. What if a device/OS feature is not available in Smartface?
  10. Can I use different JavaScript libraries in Smartface?
  11. Can Smartface do everything a hybrid platform is capable of?
  12. There are many open-source resources for platform-based development. Is it possible to use these in Smartface?
  13. How secure is an application developed with Smartface?
  14. How do you provide the native experience with single codebase in Smartface?
  15. How is memory management handled in Smartface?

 


  1. What kind of mobile applications can you develop with Smartface?

Smartface is a flexible platform and you can develop almost any kind of general-purpose apps for any form factor for iOS and Android, including highly complex apps such as mobile banking or m-commerce.

Smartface has 100% native API access so that you can utilize all native features shipped with the operating systems with the Smartface framework.

There are two types of apps that Smartface is not suitable for: games requiring advanced processing and specific-purpose utility apps requiring system-level access such as memory optimizers or battery life managers.

 

  1. Why should I choose Smartface?

The main focus of Smartface is productivity. Cross-platform native development with Smartface is around 4 times more productive than platform-based native (Obj-C, Java) development. You can see even more reasons why to choose Smartface in our Why Smartface page.

 

  1. How do you handle operating system and device differences and fragmentation?

Smartface release cycle consists of 4 major version updates in a year as well as periodic minor updates. Besides introduction of new features in each release, necessary backward and forward compatibility changes are provided. (e.g. support for new CPU architectures such as iOS 64-bit or OS-level changes such as keyboard handling)

To minimize the impact of OS updates on developers, the change processes is handled by Smartface as much as possible. In case of changes that will affect the projects, the developers are informed with the release notes. (e.g. deprecated features)

Smartface closely tracks upcoming iOS and Android operating system updates and plans the major releases based on the release timings of GM or public release of new operating system versions.

For developers, it is sufficient to update their projects to the latest version of Smartface for their apps to support the latest operating system versions, reducing the operational costs required for operating system version migration.

 

  1. How do you support new operating system versions?

As soon as a new iOS or Android release is open for testing, Smartface updates the framework in accordance with these new releases. As one of the benefits of the Smartface enterprise license, Smartface beta releases are instantly accessible by Smartface enterprise customers.

When the new iOS or Android version is released publicly, new version of Smartface is released to the community in parallel.

 

  1. How does Smartface work? Could you provide more information on the architecture of Smartface? Is Smartface open source?

Smartface is an interpreter framework. The objects developed in design time are optimized and converted into native components during runtime. You can refer to the Smartface architecture document for more information.

Enterprises can request access to Smartface source code with specific agreements. With special training and agreements, enterprises can also develop native C++ plugins in our core.

 

  1. Since Smartface is an interpreter framework, would it be possible to update the source code of the application on the fly by downloading it from an external source during runtime?

As an interpreter framework, Smartface processes the code during runtime; therefore, it is not necessary to include all JavaScript codes in the project. Even the full native app can be downloaded from a server, which is something that cannot be done with the platform-based native frameworks (Obj-C, Java).

Technically, there is no limitation on this way of working and for B2B apps that are distributed with enterprise distribution, it is preferred. However due to App Store restrictions, the critical path of a B2C app must be coded inside the app and code updates are recommended to be done only up to a certain extent.

 

  1. Are there any performance differences between apps developed with Smartface and apps developed with Objective-C/Swift/Java?

Smartface core is developed in C++ for iOS and Android and the architecture is designed to minimize the performance loss. There might be an insignificant performance difference. However, this performance difference is not noticeable unless milliseconds are critical for an app such as a live stock exchange application.

 

  1. Are there any app size differences between apps developed with Smartface and apps developed with Objective-C/Swift/Java?

The framework Smartface uses during runtime has a fixed overhead. Therefore, even if in a “Hello World” application, the app size cannot be smaller than the framework size. As the number of screens in an app does increase, with 20 screens or more, this difference is negligible; or with 40 screen or more, it uses less size compared to native apps, depending on the implementation.

 

  1. What if a device/OS feature is not available in Smartface?

Smartface supports most of the functionalities available in iOS and Android operating systems. If there is a specific functionality you would specifically like to check before starting your project, you can search it in the API docs or ask Smartface community on Stack Overflow.

If a feature is not yet available, you can check our roadmap for more information if it will be implemented. Regardless of the roadmap, enterprise customers can request additional features, which they can get as plugins or patches.

For the community developers, the recommended solution is to implement additional features as plugins. Any objective-C or Java code can be added as a plugin to Smartface and can be mapped to JavaScript commands to be used in your projects.

 

  1. Can I use different JavaScript libraries in Smartface?

Smartface supports JavaScript fully, however it is a native framework and it does not have DOM support. Therefore, any JavaScript library that does not contain a DOM implementation can be used within Smartface directly.

 

  1. Smartface is native but can it do everything a hybrid platform is capable of?

Although we recommend you to take advantage of quick and easy native development with Smartface; Smartface offers the flexibility of developing apps in a hybrid structure with the WebView component. You can refer to the WebView guide for more information and the differences between native Smartface and hybrid platforms.

 

  1. There are many open-source resources for platform-based development. Is it possible to use these in Smartface?

With the plugin support, any objective-C or Java code can be used in Smartface, but we recommend checking the Smartface API docs first. Among the hundreds of apps developed with Smartface, it is highly likely that a similar implementation has already been done.

You can also ask the Smartface community on Stack Overflow for detailed use cases. Moreover, Smartface plugin market will open soon, allowing developers to share their work.

 

  1. How secure is an application developed with Smartface?

We take security concerns seriously and implemented measures to protect the code as well as the application data with built-in security features. As a result, financial institutions feel comfortable in using our solution for developing apps like mobile banking and mobile authentication.

Core of the app is written in C++ and it cannot be decompiled and for JavaScript, code obfuscation is used to protect from decompiling. For advanced security features, Smartface supports Kobil and Vasco solutions out of the box. You may refer to our security guide for securing your app in Smartface.

 

  1. How do you provide the native experience with single codebase in Smartface?

The architecture of Smartface ensures the native experience as the objects developed in design time are optimized and converted into native components during runtime with the JavaScript wrappings for native UI and components for each platform. The engine itself uses shared native C++ code for iOS and Android with bridge architecture.

For differentiating features, we check each feature in iOS and Android and when a feature is only available in one platform, it is overridden if it doesn’t fit that platform or it is duplicated with a custom implementation, if it has the potential to affect the experience.

 

  1. How is memory management handled in Smartface?

Memory management and concurrency management is handled at the platform level, so you don’t need to worry about it during development. You can refer to the Memory Management in Smartface and Memory Management with Dynamic Objects articles detailing the memory management in Smartface:

 

If you have another question that is not answered here, you can contact us.

Developer’s Guide to Mobile App Security in 8 Steps

As per popular demand, we are back with yet another article about security. Regardless of which framework, mobile operating system or methodology you use for mobile application development, security is a critical issue.

Like iOS and Android, different mobile platforms may have different tools and solutions for security, but the main questions are the same. Enterpise mobile application development platforms like Smartface also offer additional security functionalities to ease the process of mobile application security.

 

What is app security?

App security is taking enough amount of protection against attacks. There are many vulnerabilities that allow hackers or malicious people to gain access, it is important to identify those vulnerabilities and fix them.

 

How do you identify the vulnerabilities in mobile applications?

There are many ways and many approaches to identify them. The best way to identify them is put the application to a proven Application Security Test (AST). This is a long process and based on the business model and the need, it may cost more time and resources than anticipated. Depending on the mobile security needs need developers may follow some security app development approaches and use third party tools.

 

What is the decision criteria for preventive security measures for mobile apps?

It mostly depends on the available resources. For most of the enterprises, time to market is much more important, so they choose best tools to get the highest security that money can buy.

SMBs prefer to have known protection techniques applied to their product, they avoid higher costs with customized options.

Sometimes security means decreased usability in a mobile application or vice versa. Such as the fingerprint authentication provided nowadays with the flagship devices (such as iPhone 5S, iPhone 6 and Samsung Galaxy S5 and Galaxy S6). Fingerprint authentication is not as secure as it seems and can be easily cracked/spoofed. Some companies may accept related vulnerabilities and may opt in to authenticate their customers through fingerprint.

 

What things are at risk?

Mobile application development is different from server-side programming; on server-side programming, codes are hidden from the user in most cases, and user cannot alter them; however, in mobile applications, there are both client application and server side services. It means that both of these have to be secured. Below are the items to be secured in order to have a complete protection on the client side:

  • Authentication – the way the users log-in
  • Data at rest – stored data on device
  • Data transfer – received and transmitted data
  • Code security – the app code in the client
  • App distribution – having the app distributed from a trusted source
  • Memory integrity & security – debugging the application
  • Application tampering – codes of the app should not be altered
  • Version check – some older versions may cause vulnerabilities

 

How to authenticate mobile applications?

Use two-factor authentication for an optimal level of security. This requires two things in order to authenticate: “what you know” – is the password (needs to be secret) and “what you have” – will be the device after activation, which the activation data should be protected from cloning.

 

How to secure data storage in mobile applications?

The sensitive data on device, regardless of the storage location, has to be encrypted. The encryption key also has to be secured within the code or has to be retrieved from server when app starts. Symmetric or asymmetric encryptions are acceptable; if attacker can guess the data stored then it is prone to known text attacks. In order to harden the security, schema of data also has to be obfuscated.

The temporary data has to be deleted as soon as they are not needed.

If a device is compromised, it is important to wipe the all data based on some local triggers and/or server calls.

 

How to secure data transfer?

Basically it is the communication between server and the client app. Most of the communication flows over web services, which rely on HTTP protocol. Use SSL (https) within the communication.

The certificate store is important, it defines which certificate is to be trusted. It is possible to having the device SSL certificate store to be compromised. In that case, the app is prone to man in the middle attacks or eavesdropping. Embed the public key of the server within the app and do not change it. When the certificate on the server is to be replaced; this means that the mobile app requires an update.

 

How to ensure code is secure?

First of all, it depends on programming language. If the language is a run-time based interpreted language, then the apps written in these languages should be encrypted and stored in this way (such as JavaScript). They are decrypted on the run-time by the app.

Some other languages are to be obfuscated (such as Java).

C/C++ code does not require obfuscation or encryption; it is directly compiled to assembly, reverse engineering/decompiling mobile applications written in Objective-C or C++ does not provide proper information to extract.

 

How to distribute apps?

In the current app distribution methods, the apps does not always keep the information where it has been downloaded.

Rather than coding, it is about teaching the customers to install their apps only from designated app stores. It is especially important for Android users to avoid pirated/cracked apk files as they may contain malicious code.

If a user downloads and installs the fake or modified app and uses it (such as trying to login), this means attackers gain may gain access to sensitive information (the user name and password).

 

How to ensure data in memory is secure?

It is possible to attach a debugger to app and listen & modify the values in memory. It can make the app login without password (modify data or alter the program flow) or collect sensitive information.

Do not keep sensitive data in memory more than needed, delete or change it after it was used.

The best protection would be using anti-debugger tools for mobile apps to prevent any debugger to connect the app.

 

How to ensure app is not tampered?

Tampering can be done on two things: app code or app data. It is similar to memory integrity & security issue; main difference is that this type of attack is not done during run-time. Attacker may change the installation package, insert its own code/data or alter the code/data.

An integrity check has to be made for the app package, the best way would be an online check made by some privileged user.

 

How to make a version check?

Version check on app startup should be made in order to ensure user is using a valid version of the client app. Updates should be classified as “optional” or “mandatory”. If there is a newer version of the app, client app displays a dialog for updating.

Optional updates can be dismissed and user can continue, however in mandatory updates, the app must be updated before use. If an issue (such as flows or logic in business model) in older version may lead to security vulnerability, it has to be a mandatory update.

 

What are the best practices?

First determine how much of security is enough for the app. Use known brand tools to provide the necessary amount of security within the app. If not, there is always the possibility to miss things during development. Using the tools, with their requirement of coding they put the flow to secure way.

Most of the security flaws are introduced with business flows rather than coding. if proper methods are used. It’s better to make security reviews when the code is being reviewed for functionality.

For the sensitivity of the data, you may refer to the following chart to determine how to secure it:

mobile app security

Smartface has built-in enterprise-grade security features and takes care of most security concerns for you. With Smartface, you don’t need to worry about mobile application security.

Download Smartface now and secure your applications easily.

30 Highlights and Takeaways from Mobile World Congress 2015

Last week, we were at Mobile World Congress 2015 in Barcelona and we would like to share with you the highlights and the key takeaways of this year’s show for both our individual mobile developers and our enterprise customers. We walked more than 12 miles (20 km) every day to scour the every corner of the exhibition to see how our community can benefit from what the industry has to offer.

Unlike previous years, phones were not the main hype this year, actually there was not something specific to be hyped about, but there were new developments in all parts of the mobile landscape. Let’s see them in different categories:

 

Android Phones and Tablets

  • The biggest announcement was the Samsung’s flagship Galaxy S6. Even though the hardware specs and the design is much more impressive than its previous iterations, the main focus was the Galaxy S6 Edge.
  • Edges look stunning and they may be useful, but as a feature that is likely to appear only on a couple of high end phones, time will tell how many third party apps will be developed for Samsung Edge. Please drop us a message if you are interested in having Samsung Edge support in Smartface.
Samsung S6 Edge

Samsung S6 Edge

  • LG unveiled the next generation of its curved phone, the LG G Flex 2. The device keeps its signature features with high-end hardware.
  • HTC announced the next generation HTC One M9 and there was almost nothing else in the HTC booth. The hardware is impressive but there are only major impressive improvements in design. It should be specifically noted that HTC no longer uses the “ultrapixel” camera in this model and instead uses a regular 20MP camera.
  • Asus showcased the successor of its highly popular Zenfone, the Zenfone 2. Carrying a 64-bit Intel CPU with high-end hardware, it is expected to be popular with a good price point below handsets with similar specs. (Thanks to Intel subsidies.) We would like to remind that Smartface supports Intel architecture natively and you can develop both ARM and Intel compatible apps without any performance problems.
    Asus Zenfone 2

    Asus Zenfone 2


  • Sony did not announce a flagship this year; instead, they released the sleek and high performance Xperia Z4 tablet and the M4 Aqua phone for those who want an inexpensive, durable and waterproof phone.
  • Chinese manufacturers are also becoming more than just private label producers. ZTE, Huawei, Xiaomi, Hisense, Gionee all had high-end phones with competitive specs and design. Similarly, we see players from other countries such as Alcatel or Vestel battling to earn a name in the market.
  • For smaller Chinese manufacturers, this year’s trend was “getting inspiration” from iPhone 6. Most phones either looked like an iPhone 6 or had a generic design that is indistinguishable from one another.

 

Wearables and gadgets

Wearables are commonplace this year and with a bit of exaggeration, it is even possible to say that there were as many wearables on display as phones. Most of the wearables were Smartwatches running on Google Wear platform. Device design and the materials were the main differentiation point between these watches, but they look more “wearable” compared to their first generation counterparts. In our opinion, there is still time for smartwatches to be matured, so unless you opt-in for inexpensive alternatives like the classic Pebble, it’s better to wait for the next generation of smartwatches. Below are some notable ones from the current generation along with other interesting wearables:

  • LG Watch Urbane LTE and LG Watch Urbane LTE: LG had two watches on display, former one being an Android Wear smartwatch, resembling a standard watch in design and the latter one was a webOS smartwatch with LTE connectivity, so it is possible to use it for phone calls with any need to connect to a phone. However, it was excessively big for most wrists.
  • Huawei Watch: With its design and customizability, this smartwatch stands among the crowd and at this price point, it is compared to Apple Watch. Huawei also had TalkBand as a more affordable wearable.
Huawei Watch

Huawei Watch


  • MediaTek 361 GPS shoe: This “wearable” allows you to track your kid’s location and it is charged wirelessly with a pad. Use of such a gadget may be a bit controversial but nonetheless, it is an innovative and more useful wearable among the loads and loads of watches.
    MediaTek 361 GPS Shoe

    MediaTek 361 GPS Shoe


  • Sony SmartEyeGlass Attach: Instead of full glasses, this is a device to be attached any glasses, mainly marketed to be used during sports activities. There is still time for this to be a consumer product, but considering the fact that Google Glass was pulled back, Sony’s Glass may get some more attention.
  • HTC RE Vive: Even virtual reality is not a novel thing any more and there was already Oculus Rifts and Galaxy Gear VRs (which is also an Oculus) around for various demonstrations. Now, HTC joins the bandwagon with Vive. Developed with cooperation with Valve, it shows promise and initial receptions are highly positive.
    HTC Re Vive VR Headset

    HTC Re Vive VR Headset


Other platforms

  • Firefox OS now runs on a wide range of phones starting from a $25 phone to a high-end “transparent” phone from LG. Moreover, it is expanding its reach to TVs and wearables. Basically, the OS itself is one big web browser, all apps being web apps. The main problem is that most of them are just mobile websites, so the performance burden lies on the network, not on the device itself. This approach may work well in emerging markets with inexpensive phones, but it is doubtful if Firefox phones can compete with iOS and Android in mature markets.
    $25 Firefox OS Phone from Cherry Mobile

    $25 Firefox OS Phone from Cherry Mobile


  • Tizen’s offering and approach is also very similar to Firefox, but just with a single phone launched by Samsung and a couple of wearables, gaining traction in the mobile space will be even more difficult than Firefox OS. It is unlikely that we see a Tizen Edge anytime soon.
  • Ubuntu and Jolla were also present at MWC. Both are Linux-based OSes trying to compete in mobile space and they aim to cover the points like security and stability where Android may fall a bit short, but unless they are fully compatible with Android and/or desktop apps, they will have a hard time convincing developers to develop Qt-based apps just for these platforms.
  • Microsoft’s focus was mainly on Windows 10 use cases and Lumia phones. We saw Windows 10 in action, but they were very secretive about the cross-architecture development opportunities in Windows 10. We need to wait until Microsoft’s own event to get a developer’s glimpse at Windows 10.

 

Mobile world

  • Until now, Internet of Things was mostly a buzzword just with a couple of smart appliances that can connect to the internet, but this year there were many practical applications of it in both consumer and enterprise settings. As network providers emphasize, it is more about the “internet” of things, not the “things themselves.
  • Google is planning to provide its own mobile network, but it is not certain if it is just an experiment or a trial for something much bigger.
  • Yo! also showed that it’s more than a simple messaging app. They have an ambition to bring a new way of connecting to places where internet connectivity is limited, especially in developing countries.
  • Intel is pushing from all fronts to establish a strong presence in the mobile space. With products in cloud computing, security and mobile network hardware, Intel is trying to be at everywhere. The most important part for the consumers is that new mobile chipsets were announced: x3, x5 and x7, which are also SOC (system on chip); therefore, Intel aims to cover all mobile functionalities with less cost as well as to create an ecosystem. In the second half of the year, we will see Intel hardware on more phones, including low-end devices.
  • 4G is something commonplace now; technology and hardware providers are fully capable about it.
  • 5G is slowly emerging from Korea and Japan. There are no established standards yet, but if it can deliver the speeds promised, the way we consume content in mobile would significantly change. It will be even more critical for Internet of Things, especially in cases where network latency cannot be tolerated such as self-driving cars or wearable-assisted medical operations.
    5G demo (Yes, it is 7.55 Gbps!)

    5G demo (Yes, it is 7.55 Gbps!)

 

Enterprise mobility

As we see from the sheer size of the booths of enterprise solution providers such as IBM, Oracle or Airwatch, enterprise mobility is getting more and more importance. Below are some general and some company-specific highlights:

  • Mobile payments: Competition in mobile payments are getting hotter. Samsung and Google are now in play with new announcements regarding mobile payments. They are now competing more seriously with Apple Pay. It is highly likely that mobile payments will finally be commonplace this year, but due to the dependency on hardware, its volume may still be limited.
  • Mobile advertising: It is not just plain advertising anymore, it is “publishing” with “publisher networks” and “monetization platforms”. Both in terms of technical issues and content, mobile advertising landscape is much more mature and offers sophisticated solutions for different usage scenarios. With the upcoming plug-in support in Smartface, you will soon have the opportunity to use any publishing SDK you want for monetizing your apps.
  • Internet of things and wearables: IoT and M2M (machine-to-machine) were ambiguous concepts for enterprises until recently, but now, enterprises are expected to take advantage of the latest technology for better control over processes with increased productivity. We advise enterprises to include IoT in their enterprise mobility strategies.
  • SAP: After many acquisitions, SAP finally streamlined its mobile offering to SAP Mobile Platform. This platform is much more open to community and provides flexibility to integrate mobile apps easily with SAP backends. SAP is much more mobile oriented now and catching up fast, but their own solution in terms of mobile frontend is not native, whereas Smartface supports developing native apps integrated with SAP. You don’t need separate mobile application development platforms in your company for different enterprise solutions.
    SAP Booth at MWC 2015

    SAP Booth at MWC 2015


  • Airwatch: There are many players in the mobile device management (MDM) space and Airwatch is trying to be one step ahead of the competition with advanced management features and a solution ecosystem. Airwatch’s efforts are impressive, but with competition from the likes of Samsung and Intel who have the advantage of being built-in to the hardware as well as with the inclination of enterprises to mobile application management (MAM) instead of MDM, things will not be easy for Airwatch.

 

Bonus sights

    • We are happy to have had the chance to see the strange and cute LG AKA phones with “personalities”, as we are not very hopeful about their release in the west.
      LG AKA Phones

      LG AKA Phones

 

  • In an attempt to sugarcoat the Android fragmentation, Android brings back the pin collection frenzy with the slogan “Be together. Not the same.” Even though there is no need to worry about Android fragmentation with Smartface, we still struggled to collect them all and succeeded to collect 112 of 124 pins 🙂
Collection of Android Pins at MWC 2015

Collection of Android Pins at MWC 2015

 

There are still more to be told, so just send us a tweet @smartface_io if you would like us to cover some more specific stuff from MWC.

See you next year at Barcelona!

Smartface App Studio 4.3 Released

In our major release of Smartface App Studio 4.3, we are announcing a great deal of new features for you to keep up with the fast changing world of mobility.

We listen to our community and besides releasing highly requested new features, we streamlined the installation process, especially for external components. (.NET Framework, iTunes, JDK 7, Android SDK and Node.js)

Below are the major updates with links to the API docs:

  • SliderDrawer object is added. You can now create native sliding menus with a few lines of code.
  • SearchBar object is added. Add a native search bar anywhere with just one click.
  • JIT (Just in Time) compiler support for iOS for improved performance.
  • RichText support is added for Label object. Visual design gets even easier.
  • BLOB (Binary Large Object) features are added. You get more options for binary file operations.
  • Full Support for iOS 64-bit. (Don’t forget that you need to update your applications to 64-bit until June and it is mandatory to submit new apps  as 64-bit.)
  • Enhanced Script Editor and IDE features. (The beginning of the upcoming visual revamp.)

You can view our release notes for full changes in this release and our roadmap for information about upcoming features. If you have any questions or if you need support, you can visit the developer center.

If you are not a Smartface developer yet, register and Download Smartface App Studio now.

If you are already registered, you can download the latest version from My Account page.