All posts by Rachid Siallioui

Keeping up-to-date: Mobile security & Native UI

To catch-up on the latest mobile security and native UI trends, the Uniface mobile development team recently attended the appDevcon conference. A conference by app developers, for app developers. An event which targets developers for Apple iOS and Google Android, Windows, Web, TV and IoT devices in multiple tracks.

In advance, we were especially interested in two main topics: smartphone security and sharing code between web and native apps.

Mobile security

The mobile security presentations were given by Daniel Zucker, a software engineer manager at Google, and Jan-Felix Schmakeit, an Android engineer also at Google. In their – in my view – impressive presentation, they confirmed what I already thought: securing mobile phones is not something which you do after you have designed and developed your apps. It is a key area of app development to consider in advance.

Securing mobile phones starts with a good understanding of the architecture of at least the Android and iOS platforms. How is it built up? For example, as Android is based on the Linux kernel, you get all the Linux security artefacts, like Process isolation, SELinux, verified boot and cryptography. While some security services provided to mobile apps have a platform specific nature, others are platform independent.  An example of the first one is the new Android Permissions, which have now become more transparent to users, as they now get permission requests ‘in context’. An example of the platform independent security artefacts is the certificate validation, which done in an incorrect way, would still make your app vulnerable.


Native UI

Sharing code between native and web apps promised to be an interesting session. Some context: mobile users tend to spend significant more time on native UI enriched apps than on web apps, while web apps are attracting more unique visitors than native apps, as web apps are more widely approachable using different devices.

The best way to share code between native and web apps is simply by writing them as much as possible in the same code. Of course! But how do you do that? In this session the solution was to write fully native apps using a mix of NativeScript (an open-source framework to develop apps on iOS and Android platforms) and AngularJS (JavaScript-based open-source front-end web application framework). These native apps are built using platform agnostic programming languages such as JavaScript or TypeScript. They result in fully native Apps, which use the same APIs as if they were developed in Xcode or Android Studio. That is quite interesting! So using JavaScript you can develop fully native apps. That sounds like music to my ears.

Looking at this trend, it promises a lot. The mobile community seems to put a lot of effort in trying to simplify the creation of fully native enriched apps using plain JavaScript and HTML5 functionalities. Until now, we support our users in creating native/hybrid apps with fully native functionality with our Dynamic Server Page (DSP) technology. As we are looking into ways to enrich this technology further, we will follow the developments on this trend as it is fully in-line with our philosophy to share code between applications (client-server, web and mobile apps) and to support rapid application development, which saves our users time and resources in developing and maintaining fully enriched and cool applications. 

 

Attending a cloud infrastructure training – A truly AWSome Day in Amsterdam

Last week I attended, along with a few other Uniface software engineers, the AWSome Day Amsterdam event, organized by Amazon Web Services (AWS) – the world’s largest provider of cloud infrastructure services (IaaS). The event was a one-day training in Amsterdam delivered by AWS technical instructors. More than 300 (maybe even 400) people attended the event. It was very crowded, but a very well-organized event.

From Uniface, a few people from the cloud, mobile and security teams attended the event, each with their own project in mind.

The interactive training provided us with a lot of information about cloud deployment, security and usage for the web and mobile environments. The focus was on AWS as a provider of cloud infrastructure services. In a nutshell, technical instructors elaborated on the following:

AWS infrastructure with information about the three main services they offer:

  1. Amazon Simple Storage Service (S3) to store objects up to 5 terabyte in multiple buckets. This service includes advanced lifecycle management tools for your files.
  2. Amazon Elastic Cloud Compute (EC2) which offers virtual servers as you need. EC2 has advanced security and networking options and tools to manage storage. Also very interesting, you can write your own algorithm to scale up or down to handle changes in requirements or spikes in popularity, to reduce costs and improve your efficiency.
  3. Amazon Elastic Block Store (EBS) which provides persistent block-level storage volumes that you can attach to a single EC2 instance. Interesting is that EBS volumes persist independently from running life of an EC2 instance. You can use EBS volumes as primary storage for especially data that requires frequent updates and for throughput-intensive applications that perform continuous disk scans. EBS is flexible, in the sense that you can easily grow volumes.

 AWS Event

During the event we discussed extensively the security risks, identity management and access functionalities. But also the usage of different databases (SQL vs NoSQL) together with the cloud services. Interesting topics discussed at the event were concepts such as Auto scaling of EC2 instances, Load Balancing, and management tools such as CloudWatch and AWS Trusted Advisor, which seems to be very useful to track security and costs issues.

Uniface Attending AWS Event

In general, the event has broadened my view on cloud deployment using AWS, but also using other cloud infrastructure services as the same concepts can be applied to other cloud providers. 

It was truly an AWSome Day in Amsterdam!

Polymer: Getting a closer look

Last week, a few of us from the mobile scrum team attended the first ever Polymer summit organized by Google. Amsterdam was chosen as the perfect location for the international conference, since it is has an “incredibly strong developer community in Europe”. 

20150915_090354

The event is fully devoted to Polymer: a new web library fully developed by Google and widely supported by the WebKit-based browsers (i.e. Chrome, Opera) and Microsoft Edge. With Polymer, users can create composable and modularized web applications that make use of a new web standard, called web components. Web Components are currently being produced by Google engineers as a W3C standard. They are built on four basic foundations: (1) native client-side templating; (2) shadow DOM scoping and composition; (3) custom elements to create your own HTML DOM elements; and (4) HTML imports to load web components.

20150915_172332

Polymer web components architecture is already used by many companies and users. One user was quoted at the event: “We no longer build applications. We have and are enriching, a module market sourced from industry and the ING global community. Modules are assembled into applications as the business requires,” ING – one of the first users of web components – quoted in one of the presentations.

20150914_180650

I also speak on behalf of my colleagues who also attended, when I say it was an interesting and well organized event full of useful information and examples of what is coming our way regarding web and mobile development. In case you are interested, the whole event was recorded and can be viewed on their YouTube page.