Why Mobile Is Such a Big Deal for Big Data

Few things are as personal as a mobile phone. In fact, it’s something that most people have with them every waking moment -- and often while they’re asleep.

Consumer behavior like this makes mobile phones an opportunity to collect information about users throughout the day rather than just when they’re at a computer. In fact, for some people, the mobile phone is the primary way they go online, making that device the most effective way for everyone from advertisers to app developers to understand and reach their target markets.

Big data involves aggregating information from potentially disparate sources with the goal of drawing meaningful conclusions about what a person or group might be most interested in. Data mining has been around since the 1970s, but as mobile penetration has skyrocketed, so has the opportunity to gain even more insights into how consumers spend their time and money.

The information flows in both directions: Mobile apps are sources of information for big data analytics companies such as Google, but developers can also pull information from those digital warehouses.

“What we’re all trying to do is [figure out] how to get more of that person’s time,” says Mike Wehrs, president and CEO of Scanbuy, whose ScanLife QR code reader app has been downloaded more than 6 million times. “How do I continue to add value and remain relevant to their life? Big data is a means to that end.”

Do You Know Where Your Customers Are?
About a decade ago, regulators such as the FCC began requiring all new mobile phones to have built-in location technology such as GPS to help find emergency callers. Those mandates were a milestone in big data history because they changed the nature of the information that can be captured and mined compared with desktops and laptops.

“The big difference is that desktops are stationary and laptops do not in general have GPS sensors, so there is a location awareness in the data that can be captured and mined from a mobile device,” says Andrew Purtell, principal architect at Intel. [Disclosure: Intel is the sponsor of this content.]

“Location awareness is a gateway into a new way of interacting with services,” says Purtell. “For example, on services such as Twitter or Foursquare, users can publish their location to trusted members of their social network. We know these services then mine this location and activity trace for sale to advertisers and commercial concerns in general, producing new business models.”

A straightforward example is pushing ads and e-coupons to mobile users based solely on their location. Depending on the app, there are additional opportunities for developers, advertisers and others to interact with users.

“Increasingly, people live within the virtual world presented by their mobile devices as they move through the physical world,” Purtell says. “Location-aware games overlay a virtual world over the physical. For example, the Niantic Project plays out in physical space around the players, in which they interact with a virtual world overlaid onto their local neighborhood, blending the imaginary with the real.

“Retailers can publish special offers to potential customers who are physically near their location, injecting suggestions into the stream of consciousness, facilitating impulse shopping in a way previously not possible. Responses to location-specific offers can be mined for refinement of future offers.”

Providing Relevance, Not Annoyance
Location-specific offers also show how big data can be both a challenge and an opportunity for developers and the companies they work with. Big data is a chance to push a promo to customers when they’re literally in the right place to take advantage of it.

For example, a person whose social network interactions frequently revolve around coffee seems like an ideal candidate for an e-coupon when she’s passing by a café. Developers can get information about those kinds of interests by buying it from, or partnering with, big data providers.

The challenge is that she might not be interested in coffee at that moment. If that’s the case, the promo comes across as spam, and if it happens often enough, she might shut off that feature or uninstall the app. Either way, that marketing and revenue opportunity is now lost.

Developers can avoid that problem by giving users a way to indicate that they’re interested in receiving promos, such as by having the café put a QR code or NFC tag in its window. 

“That’s an expression of interest,” Wehrs says. “Now I’m initiating, and if I get an offer, I’m happy about it. It helps you provide a less-invasive experience for your end consumer.

“The whole promise of big data is that you’ll never perceive that you’re getting spam again. [You’ll never receive an] offer that isn’t for you because there will be so much intelligence in the system.”

So while data mining on computers has been around for decades, the big data trend on mobile devices holds a stronger promise: Developers and companies collect valuable information about consumers and, in turn, pass that value back to them by better meeting their needs. 

The Mobile App Security Mantra: Don’t Trust, But Verify

Although the technological designs of mobile devices have much in common with non-mobile computer systems, there are substantial differences that need to be understood. Here’s what mobile app developers should consider about the threat vectors they need to protect against.

Security on Computer vs. Mobile Ecosystems
Smartphone hardware and software technologies are radically different from that of computers. In terms of communication, on a computer you have one external communication channel -- whereas on a smartphone you have IP connectivity, Bluetooth connectivity, Cellular Data connectivity, NFC connectivity and so on. In terms of an operating system, mobile OSs are substantially more “closed” than desktop, laptop and enterprise OSs.

While at first glance this might make a mobile OS appear more secure, it’s truly a double-edged sword when -- not if -- threats manage to penetrate the OS defenses. As Luis Blando, vice president of engineering at McAfee, explains, “once the mobile OS is penetrated, the products and systems that would otherwise be able to protect the device (such as those made by security ISVs) would be limited in the protective actions they can take within the OS guardrails, and that can prevent quarantining, pre-emption or even detection.”

The mobile ecosystem is also very different from that of regular desktop computing in the number of viable operating systems, the types of application delivery mechanisms, and established policies for application acceptance. In the desktop world, with a simple visit to a URL, a user can download and install a binary which can very well be infected. In the mobile world, application download and installation is done mostly through approved stores that curate the apps.

That said, these app store checks can create a false sense of protection. “When we recently checked the origin of infected mobile software, as reported by the MMS user base, we discovered that the majority had been downloaded directly from major app stores,” Blando notes. “And, in Asia, the use of specialized app stores, which may or may not have any curation or security checks on their catalog, is widespread. Don’t think that just because you’re using GooglePlay or another major app store that it’s a guarantee of safety.”

Possibly even more significantly, there are vast differences in the usage models for mobile and regular computing devices. Mobile devices are with you all the time, record your every move, log your every communication, and are a treasure trove of both personal and corporate information. Smartphones contain much more information than the average computing device; it’s your phone, calendar, address book, camera, music station, remote control, ATM, shopping assistant, and more. The fact that smartphones are incredibly valuable for information theft pretty much guarantees that the supposedly secure “defenses” built in via technology or ecosystems as explained above will sooner or later be overcome. “Smartphones are simply irresistible as targets,” says Blando.

Despite these huge challenges, “mobile applications are often not tested at all for security, or are not tested in as much detail as traditional web applications,” notes Brian Shura, Vice President at AppSec Consulting. “The security testing toolset that is available for mobile applications is not that mature. A thorough assessment involves a large amount of manual testing combined with some automated tools. Large financial companies have the resources to perform detailed mobile application security assessments, but the majority of applications available from the App Store most likely have never undergone a thorough security assessment.”

Mobile Developers Have to “Think Differently” About Security
Mobile developers need to adopt a mobile security mindset. Although, in many ways, mobile devices are computers and developers need to treat them as such, nothing on a mobile device eliminates the need for secure coding practices. All programs should sanitize input, only request the permissions that are absolutely necessary, and never store passwords or user data in clear text.

That said, mobile software does present new security challenges both from the point of view of secure software but also of protecting the user. Any mobile developer’s first priority should always be to protect the user. One key is to never let the illusion of security or safety suggested by either a closed OS or a single-user device fool you.

Mobile software developers need to keep in mind some new challenges on mobile devices:

•      Network mobility: Mobile devices connect to many networks. Most users will connect to any open WiFi hotspot they can find as a method of reducing cellular data usage. This means that mobile software, even more than desktop software, must never trust that the network is secure. In addition to eavesdropping, mobile software developers should be wary of hostile networks that may attempt to impersonate servers or services. Apps should encrypt all network data and verify servers and services before sending authentication credentials.

•      Device usage: Mobile devices are, well, mobile. Smartphones and other mobile devices go everywhere with their owners. They are also often taken out, used for a short time, and then set down. This means that they are also quite often lost or temporarily available to strangers. This frequent and on-the-go usage means that most mobile devices are not password protected. This is in contrast to laptops that are much more often password protected and are used less often and for longer stretches of time.

Mobile software that handles sensitive data should offer users the ability to separately lock the application or access to the data. Shura explains that’s why “developers need to take this into account and build their applications in a way that a stolen mobile device doesn’t lead to an application user account compromise. For the most part, this means ensuring that sensitive information, such as passwords, are not stored on the mobile device.”

•      Screen size: Smaller screens display less data. Screen size needs to be factored in when presenting the user with secure data or data they need to verify. One example is the URL input and display field in a browser. Most desktop browsers partially rely on the fact that a user can see the entire URL in this field. This is one line of defense against phishing attacks. The URL field on a mobile browser is so small, though, that only a fraction of the URL can be shown. This hides relevant data from the user and creates a new vulnerability. Keep in mind the size of the screen so that verification data displays are short or the most important data are displayed first.

How Can App Developers Help Users Keep Private Data Safe?
While “in the past, developers of mobile applications did not have many resources to turn to for security guidance, that’s definitely starting to change,” says Shura. “OWASP (Open Web Application Security Project) now has a Mobile Security Project, which includes an OWASP Mobile Top 10 List of common vulnerabilities to avoid, Mobile Cheat Sheets for developers, and lots of testing guidance for people that are performing mobile application security assessments. I encourage mobile application developers to become familiar with the resources that are available on the OWASP website.”

Blando notes that, depending on the OS, there are also some specific issues to be wary of:

On Android:

•      Be careful creating services, as any application on the device may have access to it.

•      Treat incoming intents as hostile input -- sanitize and check the data they provide before acting on it.

•      Make sure files stored on the device are protected both with file system permissions as well as other data protection techniques like obfuscation or encryption.

•      Assume the user already has root access to the device.

On iOS

•      Assume the phone is jail-broken. That's not to rely on jail-broken behaviors, but to write your software as if the user already has full access to the device instead of relying on the OS to provide sandboxing to isolate your data from the user's view.

The Bottom Line: Don’t assume anything. Don’t trust. Verify.

Additional developer guidelines can be found at the U.S. Federal Trade Commission website: Mobile App Developers: Start with Security.

Mobile Technology Solutions for Customer Loyalty Programs

A range of enterprises -- from restaurants to retailers -- use customer loyalty initiatives to encourage repeat business. Customers might receive a free item based on a certain amount of visits and purchases, for example.

Developers now aim to get customer loyalty programs up and running on mobile devices. Many businesses already provide mobile apps to help users locate stores or find particular brands. So the task becomes helping businesses integrate loyalty programs into their existing mobile customer outreach efforts.

Different Approaches to Customer Loyalty
Approaches in this category vary. Punchh, which bills itself as a social loyalty program for restaurants, provides a mobile app version of the familiar loyalty program punch card. It also lets restaurants reward customers for referring friends and family via their social networks.

Sastry Penumarthy, co-founder of the Cupertino-based company, says he sees an enormous opportunity for restaurants and other enterprises to market themselves in a completely different way. “The technologies that allow them to do that are mobile and also social media,” he says.

If a restaurant signs up for the Punchh service, customers may download the mobile app which places a virtual punch card on their device. A customer launches the location-aware app when he or she enters a restaurant and the merchant “punches” the loyalty card when the customer purchases a meal. To validate a punch, the phone can be used to scan a receipt.

Recent Punchh customers include Max’s Restaurant Cuisine of the Philippines, which plans to use the service to reward customers for repeat visits and customer referrals.

To help restaurants dole out those rewards, Punchh taps Facebook to find out who suggested the restaurant to the user and whether the user has referred the restaurant to others. If new customers follow the original customer’s recommendation and eat at the restaurant, the merchant provides additional punches on the card. Penumarthy calls those perks “social rewards.”

In another take on mobile loyalty, PunchTab Inc. provides an on-demand incentive platform. Businesses and brands that subscribe to the platform can build “social and mobile-enabled” loyalty and rewards programs, according to the company. PunchTab’s customers include Atlantic Records, Arby’s and eBay.

Mehdi Ait Oufkir, founder of Palo Alto-based PunchTab, says he has seen solid traction for mobile-enabled incentive programs on the enterprise side. While some companies seek to cultivate customers, others use rewards programs to engage their own employees.

Oufkir cites the example of one customer who wanted to build a mobile app-based points program to encourage employees to attend training sessions. In another case, a company is using an incentive program to encourage employees to submit their billable hours via mobile phone. Oufkir says the company’s employees found their in-house reporting system difficult to use and, as a consequence, failed to submit all of their billable hours. In contrast, he says, employees find the mobile approach easier and more fun to use.

Beyond the Punch Card
Punch cards are the centerpiece of many a loyalty program. However, Steve Schroeder, chief executive officer at AppGage LLC, a mobile loyalty company based in Ann Arbor, Mich., says he believes mobile loyalty programs should push beyond the punch card.

“We take punch cards and stick it on the phone and call it a loyalty program,” he says of the industry in general. “Loyalty has nothing to do with digital punch cards.”

Instead, Schroeder says loyalty stems from understanding people and learning about their behavior. To accomplish that, loyalty programs need to harness a mobile phone’s sensors to gain insight into customer behavior and then feed that knowledge into an analytics engine to suss out the customer’s needs, he says.

AppGage’s AppGagement Loyalty Framework provides such a platform, according to Schroeder. The company’s first framework-based app, a project for Get Healthy Michigan, a statewide health program that aims to encourage health and wellness, is scheduled to launch in April.

There's a Map for That

Mobile’s value proposition is ultimately convenience: anytime, anywhere access to people and information. Hence the value of adding maps and other navigation features to apps.

For mobile app developers, there’s no shortage of map solutions. One factor to consider is the app’s target platform and what it natively includes.

“Google Maps is superior in terms of coverage and precision, especially in remote areas,” says Mette Lykke, co-founder of Endomondo, whose apps combine fitness with social networking. “Until recently this was the natural choice for apps on Android and iOS. It still is for Android.”

Apple’s dumping of Google Maps might be the best-known example of how the field of mapping options isn’t static, but it’s not the only major change in the past year. In June, Microsoft announced that Nokia Maps would replace Bing Maps in Windows Phone. And in November, Nokia announced HERE, a multi-device and -OS solution that will expand to Android in early 2013.

Map Features: Web-Based or Native?
When comparing options, one factor for mobile app developers is whether to use a native map library or a Java Script API (JSAPI) Web-based map. Each option has its pros and cons. For example, one consideration is whether the app needs to target multiple platforms, such as Android and iOS.

“The Web-based map enables cross-platform support, which will save the developer the effort in writing a separate mapping code for each platform,” says Oded Nevo, platform product manager at Telmap, an Intel-owned company that specializes in location services. [Disclosure: Intel is the sponsor of this content.]

“However, choosing the Web-based map will mean in many cases that developers will need to slightly compromise the map performance,” he continues. “Choosing to use a native library will mean coding the map section per each platform. However, you will get a slicker map behavior.”

Factors to Consider in Choosing a Map Feature for Your Mobile App
In addition to the Web-based versus native consideration, it’s also important to research the APIs available in a mapping library. Focus on things such as the ease of implementation and whether the map feature supports all of the functions that are key for making your mobile app stand out in the market.

“Last but not least is pricing,” Nevo says. “Most of the big brands in the mapping APIs arena will offer a free quota that many developers will probably never exceed, especially if they are at the initial stages of building/developing a product.

“For more mature products which generate a large amount of traffic, developers should seek getting an SLA with the chosen mapping solution provider. This is called in many cases the ‘professional’ plan/track. Developers also need to bear in mind that there are several types of applications that are automatically being categorized under the professional plan/track license scheme. These are usually paid applications, enterprise applications or applications around asset management and tracking.”

App Marketing: How to Gain Traction in the App Store

Developing a mobile application is tough enough, but then comes the real challenge: getting noticed on a major app distribution platform.

Apple’s App Store and Google Play each topped the 700,000 application mark last year. An app maker won’t be competing with all of them, but each app, regardless of genre, may well face hundreds if not thousands of rivals. Climbing to the top of that pile using app marketing -- a task marketers call “gaining traction” -- is far from easy.

“If the volume of apps approaches anything like Android and Apple, the biggest problem everyone has is discovery,” says Chris Skaggs, founder of game development company Soma Games.

According to Skaggs, some independent developers have taken the “field of dreams attitude” -- if they build a fun game, people will find it on their own. That approach may have worked in the early days of app stores, when a developer could launch an original, quirky game and expect to grab some attention. But “that is just not the case anymore,” says Skaggs. “It was always going to be a closing window. We all understand that marketing is part of the deal.”

“The problem is, sometimes nobody is watching when you’re coloring outside the lines,” adds Scott Steinberg, a strategic innovation consultant.

Creating App Marketing Approaches
Deborah Tillett, president and executive director of Baltimore’s Emerging Technology Center, which houses AccelerateBaltimore, says technology developers tend to think of app marketing as an afterthought. Part of her organization’s mission is to get entrepreneurs to think about their points of differentiation and how to articulate them. “Can you convey concisely what it is you do?” Tillett asks young companies.

Steinberg agrees that developers should think about the audience and ways to reach potential customers from the very beginning. “Before you make the app, understand...who the customers are and how you are going to reach them,” he says.

The “how” of app marketing could include a mix of website marketing, search engine optimization and social media outreach, among other measures. As for social media, Steinberg recommends engaging influencers of all types: reviewers, high-profile members of a given community, and Facebook followers among others. “It’s an all-of-the-above strategy,” he says.

Skaggs, meanwhile, advises app makers to develop products for multiple platforms so they can tap multiple distribution channels. “Our position is that you don’t ever want to say, ‘I am making an Ultrabook game,’ if that means to the exclusion of other things,” he says. “To leave off Apple and Android and Steam is just a bad idea.”

Focusing on one platform and one online store ignores a lot of eyeballs and could leave a lot of money on the table, Skaggs notes. Soma Games’ Wind Up Robots title, for example, is available in the Intel AppUp center as well as Android and Apple online outlets. 

Best Practices of App Marketing: Aligning with Stores and Hardware Makers
Learning an online store’s hot buttons and aligning with them can also boost developer’s prospects of app marketing. This tactic depends on the ability to develop contacts at the app stores, which requires some degree of persistence and luck.

“If you are able to talk with a representative from the distribution portal, you may be able to tie in with marketing programs or content initiatives they are pushing or create apps to showcase features they are looking to promote,” Steinberg says. “Any given distribution portal will have its own strategic objectives.”

Hardware manufactures also offer partnering potential. Skaggs says those companies are looking for apps that will make their hardware shine. “The hardware people are really driving a lot of the conversation,” he notes. “If you can make their technology look good, you have a good chance of getting their attention.”

In a recent case in point, Soma Games’ Wind Up Football was built as part of Intel’s Ultimate Coder: Ultrabook Challenge. The challenge tasked developers with creating apps that harness Ultrabook device features such as graphics, touch and sensor technology capabilities. [Disclosure: Intel is the sponsor of this content].

“Showcasing hardware features is a great tie-in to a store, but it’s also important to help ensure the app description and submission clearly state the benefits,” says Alexis Crowell, product marketing manager for the Intel Digital Stores. “Given the volume of apps being submitted into any given store, we suggest making it as easy as possible for the editorial team to know the key differentiators. Clear descriptions are as important as eye-catching visuals and graphics that capture consumers’ attention.”

Riding the promotional strength of a major manufacturer can attract more attention in online stores. “Align with distributors and manufacturers,” Steinberg says. “No one can open more doors of opportunity than they do.”