Why Mobile Is Such a Big Deal for Big Data

Few things are as personal as a mobile phone. In fact, it’s something that most people have with them every waking moment -- and often while they’re asleep.

Consumer behavior like this makes mobile phones an opportunity to collect information about users throughout the day rather than just when they’re at a computer. In fact, for some people, the mobile phone is the primary way they go online, making that device the most effective way for everyone from advertisers to app developers to understand and reach their target markets.

Big data involves aggregating information from potentially disparate sources with the goal of drawing meaningful conclusions about what a person or group might be most interested in. Data mining has been around since the 1970s, but as mobile penetration has skyrocketed, so has the opportunity to gain even more insights into how consumers spend their time and money.

The information flows in both directions: Mobile apps are sources of information for big data analytics companies such as Google, but developers can also pull information from those digital warehouses.

“What we’re all trying to do is [figure out] how to get more of that person’s time,” says Mike Wehrs, president and CEO of Scanbuy, whose ScanLife QR code reader app has been downloaded more than 6 million times. “How do I continue to add value and remain relevant to their life? Big data is a means to that end.”

Do You Know Where Your Customers Are?
About a decade ago, regulators such as the FCC began requiring all new mobile phones to have built-in location technology such as GPS to help find emergency callers. Those mandates were a milestone in big data history because they changed the nature of the information that can be captured and mined compared with desktops and laptops.

“The big difference is that desktops are stationary and laptops do not in general have GPS sensors, so there is a location awareness in the data that can be captured and mined from a mobile device,” says Andrew Purtell, principal architect at Intel. [Disclosure: Intel is the sponsor of this content.]

“Location awareness is a gateway into a new way of interacting with services,” says Purtell. “For example, on services such as Twitter or Foursquare, users can publish their location to trusted members of their social network. We know these services then mine this location and activity trace for sale to advertisers and commercial concerns in general, producing new business models.”

A straightforward example is pushing ads and e-coupons to mobile users based solely on their location. Depending on the app, there are additional opportunities for developers, advertisers and others to interact with users.

“Increasingly, people live within the virtual world presented by their mobile devices as they move through the physical world,” Purtell says. “Location-aware games overlay a virtual world over the physical. For example, the Niantic Project plays out in physical space around the players, in which they interact with a virtual world overlaid onto their local neighborhood, blending the imaginary with the real.

“Retailers can publish special offers to potential customers who are physically near their location, injecting suggestions into the stream of consciousness, facilitating impulse shopping in a way previously not possible. Responses to location-specific offers can be mined for refinement of future offers.”

Providing Relevance, Not Annoyance
Location-specific offers also show how big data can be both a challenge and an opportunity for developers and the companies they work with. Big data is a chance to push a promo to customers when they’re literally in the right place to take advantage of it.

For example, a person whose social network interactions frequently revolve around coffee seems like an ideal candidate for an e-coupon when she’s passing by a café. Developers can get information about those kinds of interests by buying it from, or partnering with, big data providers.

The challenge is that she might not be interested in coffee at that moment. If that’s the case, the promo comes across as spam, and if it happens often enough, she might shut off that feature or uninstall the app. Either way, that marketing and revenue opportunity is now lost.

Developers can avoid that problem by giving users a way to indicate that they’re interested in receiving promos, such as by having the café put a QR code or NFC tag in its window. 

“That’s an expression of interest,” Wehrs says. “Now I’m initiating, and if I get an offer, I’m happy about it. It helps you provide a less-invasive experience for your end consumer.

“The whole promise of big data is that you’ll never perceive that you’re getting spam again. [You’ll never receive an] offer that isn’t for you because there will be so much intelligence in the system.”

So while data mining on computers has been around for decades, the big data trend on mobile devices holds a stronger promise: Developers and companies collect valuable information about consumers and, in turn, pass that value back to them by better meeting their needs. 

Harnessing WinRT APIs

Developers are gaining experience with Windows Runtime (WinRT), an API set that provides a framework for Windows 8 and Windows RT applications.

Microsoft provides the WinRT APIs for building Windows Store apps. Those apps differ from traditional desktop apps in a couple of ways. For instance, Windows Store apps incorporate a set of default styles that aim to make user interface components work well in touch scenarios, according to Microsoft. Supported languages include C++, C#, JavaScript and Visual Basic.

“There are several things that are significant for WinRT API,” says Ilya Kretov, delivery manager and Microsoft Certified Professional Developer at DataArt, a custom software development company.

For one, WinRT API provides the means to easily develop all the features the Windows 8 application needs to have, Kretov says. In addition, the API set is integrated into the operating system and provides a convenient and effective way of working with resources, he adds. “It is possible to develop fast native applications,” he says.

Kretov also notes that WinRT development has much in common with Windows Presentation Foundation (WPF) and Silverlight. That commonality makes it easy for any developer familiar with those technologies to master Microsoft’s newer offering, he says.

Michael Lake, vice president of engineering at WillowTree Apps Inc., a developer in Charlottesville, Va., suggests that making WinRT easy to pick up will be important for Microsoft in convincing developers to adopt its technology. “They really need to…make use of developers’ existing know-how,” he says. “Any time you ask developers to familiarize themselves with something new, that is going to mean more time, and more time means more money.”

WinRT Pluses
Brian Lagunas, product manager at Infragistics, a company that providers design and development tools and related services, says he has gained familiarity with the WinRT APIs and likes to use them on WPF applications.

“It is so much easier to access devices like webcams and audio devices” using WinRT versus Windows COM Interop, Lagunas says. Accomplishing tasks also requires less code when using WinRT APIs, he adds.

In a recent presentation at the 2013 Intel International Sales and Marketing Conference in Las Vegas, Eric Sardella, senior software engineer in Intel’s Software and Services Group, cited WinRT for its “rich set of multimedia high-level APIs available for Media Apps.” Sardella noted that the APIs capture audio and video from live sources, process image files, play/preview audio and video, and transcode video files. He says a WMV-to- MP4 transcoder involves just a few lines of code. [Disclosure: Intel is the sponsor of this content.]

Using WinRT to Exploit Sensors
Developers can also use WinRT to tap the numerous sensors built into Ultrabooks and other mobile platforms.

“WinRT makes the work with sensors more convenient than before,” Kretov says. “Previously, the only way to work with sensors was using the vendor’s API. This way is, obviously, device specific and in some cases it could be rather difficult to obtain all the necessary information. So, the sensor-related functionality should have been rewritten for different vendors' API during development and verified in course of configuration testing.”

DataArt has gained some experience with WinRT APIs. The company has been using them since July 2011, soon after the Windows 8 developer preview was released. “Since then, we have been following the evolution of the system and have already completed several projects,” Kretov says.

Sensor-related classes are available in the Windows devices. Sensors namespace include: Accelerometer, Compass, Gyrometer, Inclinometer, LightSensor and OrientationSensor.

Lagunas points out that, in order for WinRT to access those sensors, a sensor’s driver must be marked as PC-integrated.

Overall, mobile developers seem to view WinRT as a tool to make their jobs easier. Kretov says the fact that WinRT contains standard APIs for sensors, geolocation and multitouch makes life simpler for software developers. He emphasizes that the potential use of the WinRT APIs isn’t limited to sensor APIs, however. The scope, he says, also includes “other cool features of Windows 8 apps like contracts, background services, multitouch, multiple orientations and resolutions.”

The Mobile App Security Mantra: Don’t Trust, But Verify

Although the technological designs of mobile devices have much in common with non-mobile computer systems, there are substantial differences that need to be understood. Here’s what mobile app developers should consider about the threat vectors they need to protect against.

Security on Computer vs. Mobile Ecosystems
Smartphone hardware and software technologies are radically different from that of computers. In terms of communication, on a computer you have one external communication channel -- whereas on a smartphone you have IP connectivity, Bluetooth connectivity, Cellular Data connectivity, NFC connectivity and so on. In terms of an operating system, mobile OSs are substantially more “closed” than desktop, laptop and enterprise OSs.

While at first glance this might make a mobile OS appear more secure, it’s truly a double-edged sword when -- not if -- threats manage to penetrate the OS defenses. As Luis Blando, vice president of engineering at McAfee, explains, “once the mobile OS is penetrated, the products and systems that would otherwise be able to protect the device (such as those made by security ISVs) would be limited in the protective actions they can take within the OS guardrails, and that can prevent quarantining, pre-emption or even detection.”

The mobile ecosystem is also very different from that of regular desktop computing in the number of viable operating systems, the types of application delivery mechanisms, and established policies for application acceptance. In the desktop world, with a simple visit to a URL, a user can download and install a binary which can very well be infected. In the mobile world, application download and installation is done mostly through approved stores that curate the apps.

That said, these app store checks can create a false sense of protection. “When we recently checked the origin of infected mobile software, as reported by the MMS user base, we discovered that the majority had been downloaded directly from major app stores,” Blando notes. “And, in Asia, the use of specialized app stores, which may or may not have any curation or security checks on their catalog, is widespread. Don’t think that just because you’re using GooglePlay or another major app store that it’s a guarantee of safety.”

Possibly even more significantly, there are vast differences in the usage models for mobile and regular computing devices. Mobile devices are with you all the time, record your every move, log your every communication, and are a treasure trove of both personal and corporate information. Smartphones contain much more information than the average computing device; it’s your phone, calendar, address book, camera, music station, remote control, ATM, shopping assistant, and more. The fact that smartphones are incredibly valuable for information theft pretty much guarantees that the supposedly secure “defenses” built in via technology or ecosystems as explained above will sooner or later be overcome. “Smartphones are simply irresistible as targets,” says Blando.

Despite these huge challenges, “mobile applications are often not tested at all for security, or are not tested in as much detail as traditional web applications,” notes Brian Shura, Vice President at AppSec Consulting. “The security testing toolset that is available for mobile applications is not that mature. A thorough assessment involves a large amount of manual testing combined with some automated tools. Large financial companies have the resources to perform detailed mobile application security assessments, but the majority of applications available from the App Store most likely have never undergone a thorough security assessment.”

Mobile Developers Have to “Think Differently” About Security
Mobile developers need to adopt a mobile security mindset. Although, in many ways, mobile devices are computers and developers need to treat them as such, nothing on a mobile device eliminates the need for secure coding practices. All programs should sanitize input, only request the permissions that are absolutely necessary, and never store passwords or user data in clear text.

That said, mobile software does present new security challenges both from the point of view of secure software but also of protecting the user. Any mobile developer’s first priority should always be to protect the user. One key is to never let the illusion of security or safety suggested by either a closed OS or a single-user device fool you.

Mobile software developers need to keep in mind some new challenges on mobile devices:

•      Network mobility: Mobile devices connect to many networks. Most users will connect to any open WiFi hotspot they can find as a method of reducing cellular data usage. This means that mobile software, even more than desktop software, must never trust that the network is secure. In addition to eavesdropping, mobile software developers should be wary of hostile networks that may attempt to impersonate servers or services. Apps should encrypt all network data and verify servers and services before sending authentication credentials.

•      Device usage: Mobile devices are, well, mobile. Smartphones and other mobile devices go everywhere with their owners. They are also often taken out, used for a short time, and then set down. This means that they are also quite often lost or temporarily available to strangers. This frequent and on-the-go usage means that most mobile devices are not password protected. This is in contrast to laptops that are much more often password protected and are used less often and for longer stretches of time.

Mobile software that handles sensitive data should offer users the ability to separately lock the application or access to the data. Shura explains that’s why “developers need to take this into account and build their applications in a way that a stolen mobile device doesn’t lead to an application user account compromise. For the most part, this means ensuring that sensitive information, such as passwords, are not stored on the mobile device.”

•      Screen size: Smaller screens display less data. Screen size needs to be factored in when presenting the user with secure data or data they need to verify. One example is the URL input and display field in a browser. Most desktop browsers partially rely on the fact that a user can see the entire URL in this field. This is one line of defense against phishing attacks. The URL field on a mobile browser is so small, though, that only a fraction of the URL can be shown. This hides relevant data from the user and creates a new vulnerability. Keep in mind the size of the screen so that verification data displays are short or the most important data are displayed first.

How Can App Developers Help Users Keep Private Data Safe?
While “in the past, developers of mobile applications did not have many resources to turn to for security guidance, that’s definitely starting to change,” says Shura. “OWASP (Open Web Application Security Project) now has a Mobile Security Project, which includes an OWASP Mobile Top 10 List of common vulnerabilities to avoid, Mobile Cheat Sheets for developers, and lots of testing guidance for people that are performing mobile application security assessments. I encourage mobile application developers to become familiar with the resources that are available on the OWASP website.”

Blando notes that, depending on the OS, there are also some specific issues to be wary of:

On Android:

•      Be careful creating services, as any application on the device may have access to it.

•      Treat incoming intents as hostile input -- sanitize and check the data they provide before acting on it.

•      Make sure files stored on the device are protected both with file system permissions as well as other data protection techniques like obfuscation or encryption.

•      Assume the user already has root access to the device.

On iOS

•      Assume the phone is jail-broken. That's not to rely on jail-broken behaviors, but to write your software as if the user already has full access to the device instead of relying on the OS to provide sandboxing to isolate your data from the user's view.

The Bottom Line: Don’t assume anything. Don’t trust. Verify.

Additional developer guidelines can be found at the U.S. Federal Trade Commission website: Mobile App Developers: Start with Security.

Mobile Device Adoption: Targeting the Next 50 Percent

Fifty-five percent of American mobile users now own a smartphone. That’s about 130 million people, which is a big pool of potential customers for your app. But what if that addressable market doubled?

It won’t happen easily or soon. The low-hanging fruit -- techies, prosumers, business people -- has been picked. Meanwhile, T-Mobile USA is among the mobile operators scrapping the tradition of handset subsidies. If that becomes a trend, then feature phone owners who want to upgrade tomorrow will have to shell out at least twice the amount they would today.

“One way or another, you’re going to have to pay some significant cost at some point, whether it’s up front -- $500 or $600 for the smartphone -- or $200 up front and $20 every month,” says Ramon Llamas, IDC research manager.

That’s one barrier. Another is the cost of a data plan, although that’s becoming less of a hurdle thanks to the growing selection of cut-rate, unlimited-data plans, such as those from Straight Talk and T-Mobile. The roll-out of Long-Term Evolution (LTE) could enable even more aggressive pricing strategies because the technology significantly lowers an operator’s cost of delivering data service.

“Carriers are interested in smartphone growth since they can compensate drops in voice and SMS revenue with data flat rates,” says Brent McMicking, who manages Intel’s phone launches worldwide. [Disclosure: Intel is the sponsor of this content.]

Who’s Using -- and Not Using -- Smartphones
The analyst firm iGR recently asked over 1,000 U.S. consumers about their plans to buy a phone in the next 30 days.

“The majority of those who were likely to buy [a phone] say they would probably buy a smartphone,” says Matthew Vartabedian, iGR vice president. “Not surprising. What I did find interesting was that older respondents (35+) with feature phones were about 10 to 20 percent more likely to buy a smartphone than younger respondents. Younger respondents (18-34) were more likely to buy multiple smartphones (two or more), which is also interesting. The survey data suggests that older consumers are already choosing smartphones.”

The catch is that not every first-time smartphone owner uses many -- or any -- apps. “[After] six months, my father-in-law has yet to use his iPhone 4 for anything except voice and text,” Vartabedian says. “He uses the preloaded weather and stock apps, but that's it. Maybe some Web browsing. I think he generates about 20 MB of 3G data in a month. I don't think he's even opened the App Store.” 

Smartphones Take Off in Developing Markets
There are a couple of reasons why it’s worth looking at smartphone adoption outside of the U.S. The first is that there are big potential markets, at least for those developers willing to localize their apps, such as in terms of language.

The second is because the strategies that vendors are using to upsell foreign consumers could be applied in the U.S., too. One example is the Yolo smartphone, which Intel and Safaricom recently launched in Kenya. It’s noteworthy because it’s the first smartphone to feature a processor and reference design created to reduce manufacturing costs without cutting corners such as performance. For example, the Yolo smartphone has 1.2 GHz processor, a 5 megapixel camera and support for 21 Mbps HSPA+ service.

That feature set is a break from tradition: In both developed and developing markets, affordable has been synonymous with pokey processors, limited memory and other shortcomings. Those undermine the app user experience.

“In India, Indonesia and China, they’re cutting corners left and right,” Llamas says. The device build [quality] is rather cheap, so people are replacing their phones every six to eight months.”

The Yolo smartphone sold out within two weeks of its debut. That suggests that a lot of people in developing countries who don't own a smartphone already understand the benefits of owning one, such as the selection of apps. Translation: There’s pent-up demand not only for smartphones, but also for apps.

“In emerging markets, smartphones will be the first computer device for many people and provide a deeper Internet experience versus feature phones,” McMicking says. “Pent-up demand for smartphones is a function of perceived value and the overall experience, of which apps are a part. The opportunity for developers is to reach a new set of customers.”

Mobile Technology Solutions for Customer Loyalty Programs

A range of enterprises -- from restaurants to retailers -- use customer loyalty initiatives to encourage repeat business. Customers might receive a free item based on a certain amount of visits and purchases, for example.

Developers now aim to get customer loyalty programs up and running on mobile devices. Many businesses already provide mobile apps to help users locate stores or find particular brands. So the task becomes helping businesses integrate loyalty programs into their existing mobile customer outreach efforts.

Different Approaches to Customer Loyalty
Approaches in this category vary. Punchh, which bills itself as a social loyalty program for restaurants, provides a mobile app version of the familiar loyalty program punch card. It also lets restaurants reward customers for referring friends and family via their social networks.

Sastry Penumarthy, co-founder of the Cupertino-based company, says he sees an enormous opportunity for restaurants and other enterprises to market themselves in a completely different way. “The technologies that allow them to do that are mobile and also social media,” he says.

If a restaurant signs up for the Punchh service, customers may download the mobile app which places a virtual punch card on their device. A customer launches the location-aware app when he or she enters a restaurant and the merchant “punches” the loyalty card when the customer purchases a meal. To validate a punch, the phone can be used to scan a receipt.

Recent Punchh customers include Max’s Restaurant Cuisine of the Philippines, which plans to use the service to reward customers for repeat visits and customer referrals.

To help restaurants dole out those rewards, Punchh taps Facebook to find out who suggested the restaurant to the user and whether the user has referred the restaurant to others. If new customers follow the original customer’s recommendation and eat at the restaurant, the merchant provides additional punches on the card. Penumarthy calls those perks “social rewards.”

In another take on mobile loyalty, PunchTab Inc. provides an on-demand incentive platform. Businesses and brands that subscribe to the platform can build “social and mobile-enabled” loyalty and rewards programs, according to the company. PunchTab’s customers include Atlantic Records, Arby’s and eBay.

Mehdi Ait Oufkir, founder of Palo Alto-based PunchTab, says he has seen solid traction for mobile-enabled incentive programs on the enterprise side. While some companies seek to cultivate customers, others use rewards programs to engage their own employees.

Oufkir cites the example of one customer who wanted to build a mobile app-based points program to encourage employees to attend training sessions. In another case, a company is using an incentive program to encourage employees to submit their billable hours via mobile phone. Oufkir says the company’s employees found their in-house reporting system difficult to use and, as a consequence, failed to submit all of their billable hours. In contrast, he says, employees find the mobile approach easier and more fun to use.

Beyond the Punch Card
Punch cards are the centerpiece of many a loyalty program. However, Steve Schroeder, chief executive officer at AppGage LLC, a mobile loyalty company based in Ann Arbor, Mich., says he believes mobile loyalty programs should push beyond the punch card.

“We take punch cards and stick it on the phone and call it a loyalty program,” he says of the industry in general. “Loyalty has nothing to do with digital punch cards.”

Instead, Schroeder says loyalty stems from understanding people and learning about their behavior. To accomplish that, loyalty programs need to harness a mobile phone’s sensors to gain insight into customer behavior and then feed that knowledge into an analytics engine to suss out the customer’s needs, he says.

AppGage’s AppGagement Loyalty Framework provides such a platform, according to Schroeder. The company’s first framework-based app, a project for Get Healthy Michigan, a statewide health program that aims to encourage health and wellness, is scheduled to launch in April.