These days, everyone has a best friend: Their smartphone.

“On the Web, personalization is a constant struggle, whereas on mobile it’s pretty accurate,” said Nancy Hua, cofounder and CEO of Apptimize, a mobile A/B testing platform. “You know everything they’ve ever done. You also know their context at that moment: Are they on the go? Are they inside or outside? Who are they with? The time-of-day effects are pretty big. Context lets you deliver an experience that’s a lot more magical.”

A “magical” experience molds itself to the user’s preferences as well as observed consumer behaviors. Hua notes that people tend to browse shopping sites in the morning, “so you might optimize for adding things to wish lists,” while in the evening, shopping happens, so making the “buy” button more visible makes sense.

(Related: Mobile’s reach keeps growing)

And increasingly, magic is necessary. Mobile users are impatient with apps they download through stores. Battery life, storage limitations, privacy lapses, security nightmares and competing interests all make going mobile a great money-losing opportunity. Beyond that, “We look at retention, engagement, revenue, virality, funnel and flow through the app,” said Hua. “The ones who have biggest gains are the ones who test and make changes all the time.”

That said, there is no denying that mobile apps are no longer optional. Where options abound, however, are in the architectural, contextual and application life-cycle models to choose from. Mobile has grown past the dichotomy of Web view vs. native apps, ad hoc vs. cumbersome app store updates, viral vs. instant failure. Enterprise adoption is a huge force pushing for mobile app development maturity. As devices proliferate and unprecedented consumer options abound, Gartner predicts that enterprise software is poised to be the next mass mobile adoption.

Progressive Web apps and the ServiceWorker spec
The way apps are developed, delivered and maintained is poised for a massive shakeup as the market moves past viral consumer apps to encompass mission-critical functionality.

“The big news moving into 2016 is progressive Web apps,” said Karolyn Hart, COO of InspireHUB, a mobile charity engagement software vendor in Richardson, Texas. “Google’s announcements in early, mid and late 2015 have sent leading-edge developers on the hunt for the next big thing. Progressive Web apps take on a number of issues currently facing native apps, including extending battery life, universal mobile access, and less space on the user’s phone. Issues with mobile browsers not being as responsive are already being dealt with, plus customers benefit from not having to make evergreen updates every time there is a change to the phone OS.”

Positioning itself to enable enterprise software to make the leap from the cloud to employees’ handheld devices in 2016, Microsoft recently acquired Xamarin, the cross-platform .NET development environment. But most agree that cross-platform mobile frameworks like Xamarin, React Native, AngularJS, Cordova/PhoneGap and the like—while they have their fans—are an incomplete answer to the mobile imperative.

According to a seminal June 2015 blog by Google developer Alex Russell, “Many platforms have attempted to make it possible to gain access to ‘exotic’ capabilities while still allowing developers to build with the client-side technology of the Web. In doing so, they usually jettison one or more aspects of the shared value system. They aren’t bad—many are technically brilliant—but they aren’t of the Web.”

According to Russell, the alternative is a new class of applications that:

  • responds to form factor
  • can work offline
  • have app-like interactions
  • refresh in the background
  • are secure via Transport Layer Security
  • use W3C manifests to be discoverable as apps
  • use push notifications
  • are installable to the home screen, and
  • are linkable, because “The social power of URLs matters.”

Why “progressive”? According to Russell’s blog, “Sites that want to send you notifications or be on your home screen have to earn that right over time as you use them more and more. They progressively become ‘apps.’”

Certainly no one will miss the plaintive request to install a website’s native app for a mobile experience. Much of the magic of progressive Web apps comes from the new ServiceWorker specification, a JavaScript-based replacement for the arcane Application Cache. ServiceWorker lets apps use persistent background processing, intercepting network requests so that the sites that have been visited at least once before can function while offline. Push notifications, background sync and adding to the home screen are also features of ServiceWorker, which is primarily a Google/Chrome project and is under consideration by Apple (though simple progressive Web apps can be implemented for Safari, according to Buenos Aires-based JavaScript consultant Nicolás Bevacqua). Meanwhile, Mozilla Firefox and Opera are already on board (see Jake Archibald’s dashboard for ServiceWorker implementation status on all browsers).

JavaScript exceeds expectations in mobile
Even without progressive Web apps, JavaScript is enjoying new prominence as a mobile enabler for companies providing Web services.

“Software developers have long sought a way to create a portable logic engine where business logic can be written once and then run across multiple platforms,” said Alex Balazs, vice president and fellow architect for Intuit, makers of TurboTax. “Attempts using C++, Java and Flash came close, but never quite solved the problem for Web, desktop and mobile. With the prevalence of Web browsers on all platforms, JavaScript has reemerged as a means to build a truly portable business logic engine.”

How did Intuit pivot from Web to mobile? In a word: quickly. Balazs describes how it only took a year to be able to offer the full version of its tax-filing software for 30 million customers.

“We created a development platform for Intuit engineers—codenamed ‘Fuego’—that has played a pivotal role in our mobile transformation,” he said. “Fuego enables the development team to write once and deploy everywhere across the 50,000 screens in TurboTax by delivering user experience as a service.”

Development teams are paired with content teams, and their combined efforts are then sent to renderers that would render correctly for each platform. “The Fuego platform that the team developed for TurboTax is now being adopted as a company-wide standard going forward. It has led to a 10x productivity improvement for developers,” Balazs said.

Node.js, React Native gain fans
Intuit also credits Node.js, the platform built on Chrome’s JavaScript runtime, for platform-agnostic user experience design. “The use of Node.js in enterprises is growing, since it helps large organizations expedite development for multiple platforms by breaking monolithic enterprise architecture into smaller, simpler service components,” said Balazs. “At Intuit, we’re building enterprise-grade services that accelerate innovation without upending the experiences that millions of customers rely on every year. We’re using Node.js as we continue to re-platform to increase speed, flexibility, and deliver new capabilities.”

Another option many are excited about is React Native. According to mobile developer Evan Rose, this hybrid mobile application framework built by Facebook has helped him build applications in nearly half the time it takes to build fully native codebases (with no app performance penalty).

Built on top of the same engine that React is, Rose predicts it will eventually be included as an additional import from React, while being easy to learn for developers familiar with React. “There’s a terrific community behind React Native developing highly useful packages like a camera plug-in, a slack-like drawer view and many other things you don’t get from React Native out of the box,” he said.

“You can check out some of the options at React.parts. These plug-ins are now really easy to link with your project by using rnpm [React Native Package Manager], which does all of the file imports and xCode linking.”

Achieving native iOS or Android performance with React Native apps all depends on how they are written, according to Rose. “Some of React Native’s secret sauce is in the fact that they have two JavaScript threads running: one for UI and then a main app thread. This makes it so that application JavaScript doesn’t block the UI and create jank,” he said.

“Another great thing is the ability to seamlessly utilize native components and APIs. The React Native Bridge is extremely easy to use with minimal Objective C or Java knowledge. In some other hybrid frameworks like Ionic/Cordova, you run into issues with long lists or trying to display a lot of media. You get around that in React Native by using native components, which get much better performance. It’s not an app in a Web view; it’s an actual native application.”

Finally, React Native’s recently added Android support lets you reuse business logic and most of your UI code, Rose notes. “The team is working on creating abstracted components, which can be used in Android or iOS, but there are still some which only work on one platform (i.e. Navigator vs. NavigatorIOS),” he said. “From a UI perspective, Android apps often have different flows and paradigms, so the platform-specific components to match these paradigms makes sense.”

Native apps, or mobile applications that are built in the native language of a particular device’s operating system, continue to be the go-to solution for most app developers. In a June 2015 survey by Statista, 86% of end-users’ time spent on mobile devices was dedicated to native mobile apps. Native apps provide the most customizable, responsive end-user experience because they can tap into a mobile device’s “native” features.

Messaging as orchestration, and microapps as content
Cross-platform frameworks will continue to mature, meeting the needs for many enterprise mobile use cases. But another approach is to choose a pre-built mobile app platform, such as a social network, and run microapps on it.

“Look what Facebook Messenger has done with Uber integration: You can book an Uber cab from within Messenger,” said Praveen Kanyadi, CEO and cofounder of SpotCues, a Mountain View, Calif.-based startup. “That’s a hybrid approach that they’ve taken, and it’s also in some ways a microapp. Look at Kik Messenger, a very popular messaging app. They have a bunch of HTML5 apps that live in the Clay.io marketplace. Messaging apps are moving from pure chat to becoming orchestration platforms. They’re more participatory, with a highly integrated experience.”

His company’s offering is a customizable context and location-based social network that uses Wi-Fi or geofencing to connect people and apps based on a person’s present context. While the app is native, the microapps that a corporate human resources department might install within it are simpler HTML5-based fare, often built from templates provided by SpotCues. The difference between this and other location-based apps like Tinder or Foursquare is that context is layered on top of location for a more compelling user experience. “Spot owners can offer content and features customized for that location, whether it’s a stadium or a multinational corporation,” said Kanyadi.

But if context awareness is mobile magic, data is an important ingredient in the potion.

Why flexible data models make sense for mobile
The data requirements of mobile apps are different from legacy enterprise software: They must scale to millions of users, not break despite constant revamps in a competitive world, then gather and use unstructured data. NoSQL data on mobile is a relatively new development, however.

“The biggest thing we saw last year was that we spent a lot of time educating developers who were asking, ‘What is NoSQL?’” said Wayne Carter, chief architect of mobile at Couchbase, a NoSQL document store vendor. “In the client-side mobile world, they didn’t know what it was. NoSQL grew up on server-side, utilized by back-end engineers. We were explaining why data flexibility is important, why bringing data to the app tier allows you to evolve apps faster and be more iterative.”

Further, local databases can enable offline app capabilities. “Offline-first is the hottest trend in mobile-first movement,” said Carter. “That’s about removing the barriers to delivering functionality and features that were bound to the availability of the network or Internet.”

Building an app on top of a local database like Couchbase Lite, which the company claims is the first mobile NoSQL database, lets the app continue to operate offline while the database reconciles any differences that occur between lapses of network connectivity, according to Carter.

But another architectural approach is the headless app, or Data-as-a-Service. “If you take Couchbase Lite out of the picture and just use our stack as a microservices or services stack, you can configure the gateway layer to expose secure REST, stream and batch APIs to the Web,” said Carter. “It means you don’t have to build a middle tier. It’s also called layer consolidation, and it’s gaining popularity. We’re excited to start talking about it this year.”

Always the afterthought: Security
Meanwhile, all that data must be encrypted, both at rest and in transport. Indeed, the very collection of data should be carefully considered, given that keeping precise location information, for example, can put an app developer at legal risk. Just ask any software vendor that stores location data if it’s ever been subpoenaed in a divorce case.

And the problems will only get worse as “data exhaust” from mobile users is hoovered up by government agencies, beneficial programs and attackers alike. That’s why professional security is a mandate.

“First things first: You are probably not a cryptographer. I’m not a cryptographer. It’s easy to think that you understand the subtleties of an encryption algorithm or to copy and paste crypto code from somewhere online, but you will generally mess up if you try to do crypto yourself,” writes David Thiel in his new book, “iOS Application Security: The Definitive Guide for Hackers and Developers.” “That said, you should be aware of the Common Crypto framework, if only so you can tell when other developers are trying to play cryptographer,” he continues, recommending that the only method you should play with is CCCrypt.

Because it supports known bad encryption methods such as Data Encryption Standard, and because it lets the developer switch from the default cipher block chaining to Electronic Code Book mode, the framework is dangerous. According to Thiel, who works as a penetration tester, he still sees this problem frequently.

Three quarters of all mobile security breaches are due to misconfigured apps, Gartner says. In the wake of the FBI’s case against Apple in the matter of cracking Apple’s own file system encryption for counterterrorism purposes, the need for application-level security has never been stronger.

“I think people are watching that case. It will definitely change the way they build apps,” said Couchbase’s Carter. “They’re not going to lean on the device manufacturer to build the security in. In the banking and medical fields that’s already the case: They need data-level encryption.”

What else is new?
With WiFi direct, iBeacons or NFC complicating the wireless communication field, the attack surfaces are only going to expand. But security will always be less exciting than the new ways our devices can anticipate our needs, as well as the proliferating SDKs to help developers achieve them. “Integration of various technologies like camera vision, voice recognition and machine learning will help to improve user experience by allowing the user to perform complex tasks without having to reach out to the device,” said Dhaval Sheth, senior software engineer at Events.com.

As mobile apps become ever more predictive, progressive and responsive, we eagerly wonder: Will we be best friends forever?

Small tweaks make all the difference for mobile success
When it comes to mobile apps, getting the user to not only open the app but use it to its fullest is critical to avoiding abandonment. So how do you increase a push notification opt-in rate from a measly 22% to an industry-leading 62%?

Last Minute Travel did it by removing the push notification prompt that appeared when a user initially opened the app. Omer Chehmer, head of mobile communications, and his team replaced it with multiple touch points along the customer’s journey. By expressing the benefits of push notifications to the user at the appropriate time—including asking the customer permission to send updates on potential flight delays after they booked their trip—Last Minute Travel celebrated a push notification opt-in increase of 182%.

The New York Times, long thought to be marching toward oblivion thanks to Internet news, has finally managed the transition to paid online journalism, and is seeing even more success in mobile thanks to recent usability redesigns. A mid-2015 iPhone homescreen redesign not only increased visit frequency, it resulted in users reading more articles and spending more time on the app. According to the company, six months into the new look, new user retention was 60% higher year over year.

Small user experience changes that are A/B tested on customers are critical for mobile success during the initial launch period when the vast majority of new users abandon the app, according to Apptimize, a mobile-first testing startup.

“Retention curve: I think that’s the first thing you should think about,” said Nancy Hua, Apptimize’s cofounder and CEO. “When we first started the company, we put a lot of focus on user acquisition. But if you don’t have good retention, you’re pouring money into a leaky bucket.”

Using her tool, you can not only scientifically test theories about usability and flow, you can also hotfix copy and other minor changes, bypassing the app store review process. Of course, A/B testing (indeed, testing of any sort) still seems aspirational for many mobile efforts. Clearly it shouldn’t be, especially with so many options for mobile testing around. Testing also becomes critical in the highly competitive world of mobile apps.

“Successful apps are cloned pretty rapidly. Every random utility app is cloned soon after launch,” said Hua. The answer is to keep testing new features—and never assume the app has finished evolving.

Mobile Continuous Delivery
Patrick Debois hopes you don’t think of him as a DevOps one-trick pony. At least, that’s what he said in his 2015 O’Reilly Velocity Conference talk, “Mobile Continuous Delivery—with a DevOps mindset.” During the presentation, he listed a vast array of open-source and commercial tools his team uses to build mobile apps that report real-time results to a live television show.

These include:

  • Hosted Continuous Integration options for mobile, such as Hosted CI (for iOS and Mac), Circle CI and Travis CI
  • Mobile security testing with dexter.dexlabs.org
  • App metrics with Fabric
  • Flight recording with Flight Recorder
  • Scenario testing with Appium
  • A/B testing and retention rates with Apptimize
  • Ranking with App Annie

Tools for making your own hybrid apps
In one case, going hybrid means attempting to use the pros of native apps (such as native device features) while utilizing Web apps for the general content of the app. In this hybrid situation, we look to create a native app that provides a shell such as app navigation and general chrome, while using a WebView control for the app content. The WebView may then load a general Web app or a PWA to provide the content, data or functionality of the app itself.

Another way of going hybrid is to use a framework shell that may be tailored to each device. Through the use of a common language such as JavaScript, C# or others to communicate with this shell, we can seek a solution to the idea of write once, use everywhere. The hybrid app world continues to be where mobile app development is headed at the moment. A solid number of frameworks, open-source toolsets and platforms are gaining sizable user bases to create mobile apps.

Apache Cordova: Introduced in 2012, Apache Cordova (formerly PhoneGap) is an open-source framework that provides a mobile development framework using HTML5, CSS and JavaScript. Cordova allows for cross-platform development without regards to each platform’s native language. Custom applications execute with a wrapper, provided by Cordova, tailored to each device. Using API bindings, the wrapper can communicate with a device’s features while the apps then communicate with the wrapper.

Ionic: Ionic is an open-source framework built on top of Cordova that uses AngularJS to provide a native look and feel for apps. These apps use Web technologies such as HTML/CSS/JavaScript while also being cross-device ready and available in an app store.

Xamarin: Xamarin, created in 2011 and recently purchased by Microsoft, provides a platform to build and design native mobile apps for different device types with ease while only having to maintain one codebase. Xamarin uses C# as the common language, thus it is great for .NET developers, yet can then be used to publish native apps for iOS, Android and Windows. Write once, use anywhere for sure, when Xamarin also allows for a WebView that can then be combined with PWAs to leverage their appeal as well.

React Native: React Native, an open-source project maintained by Facebook, is similar to Xamarin in that it provides a platform to build cross-device applications with one toolset. Based on JavaScript and React, React Native is used to create a truly native app (it’s not just JavaScript/HTML running in a WebView). “React Native helps developers reuse code across the Web and on mobile. Engineers won’t have to build the same app for iOS and for Android from scratch, reusing the code across each operating system,” wrote Margi Murphy for Techworld.

Trigger.io: Trigger.io is a platform like Cordova and Xamarin that provides cross-device development for iOS and Android. The primary cross-platform language in this case is JavaScript, but Trigger.io offers a more feature-rich API (including UI modules) than many of their competitors.

Pros: Hybrid apps allow for rapid development, while still encasing desired functionality and design. Hybrid apps can access native features because they are hosted within a native app. While the base of the Hybrid app is native, the content is built from coding used for the Web, thus most changes won’t have to go through the app store, saving both time and money.

Cons: Hybrid apps are still not as tailored as native apps. They will always lose to native apps in terms of speed and responsiveness. While Hybrid apps do offer a native feel, they are never truly native. Like native apps they must be downloaded to your device, sometimes an unappealing feature that pushes others to go the more progressive route. In addition, WebView requires Internet access unless you are using HTML5/service worker/caching.