Badly- and inconsiderately-built native apps are increasingly attracting criticism for draining battery life, sapping too much of the user’s data allowance and clogging operators’ networks. Enthusiastic amateur developers with little or no mobile experience are often blamed, but ignorance is only part of the story. The big boys are starting to feel the heat too – most recently, the new Facebook Home app was criticized for depleting battery life; and the US mobile operator Verizon has started publishing a List of high-risk apps among the most downloaded.
So how do you know if your swanky app is a data or battery hog? Well, that’s easy – you can test it (then ask your developers/agency why they didn’t). But this blog post hopes to also explain: a) what constitutes a bad app – whether that’s down to ignorant, inconsiderate, unethical or malicious development practices; b) why it matters; c) why you need to do something about it before you are rumbled (it’s just a matter of time); and d) how you can establish if you have put your name to a bad app.
But first, let’s start with the video that inspired this article. Meet the Application Resource Optimizer (ARO) from AT&T Labs. It’s not going to be the only tool for testing your mobile app, but ARO just picked up the Smartphone Application Challenge Award at the GSMA Global Mobile Awards, which is a pretty good endorsement. ARO has also been included in the App Quality Alliance (AQuA)’s latest update of its Best Practice Guidelines. Plus, ARO is now open source, so you don’t need to be a member of the US mobile operator’s developer program to use it. Here’s a video introduction:
So what constitutes a badly-built app?
Verizon recently started rating apps on three key criteria: battery consumption, data usage and security risks. For now it is only concentrating on the Top 50 Android apps, but the guide provides useful insight into what Verizon considers best-practice standards for the key criteria.
mobiThinking acknowledges there are more key criteria to creating a quality app, in terms of usability, device compatibility, stability etc – and that’s true – but arguably, problems with battery consumption, data usage and security risks are some of the most important of all quality assurance (QA) criteria because: a) they are mostly hidden from consumers; b) they are more easily overlooked by developers; c) the consequences are far reaching. Bad apps affect the performance of the device, battery and network; inflate the phone bill; and most consumers blame the device, operator… anyone except the real culprits. If the user interface (UI) is rubbish or the app keeps crashing, there’s little doubt the app is to blame and users will happily broadcast their verdict in their app reviews.
1) Battery consumption
Some mobile applications use a lot of energy, causing unnecessary drain on the (already heavily taxed) device battery. There are numerous reasons why this occurs and, where it is caused by bad, ignorant or devious development practices, it can and should be rectified. Causes of battery depletion include:
• Apps that run without the user’s permission. Some applications start automatically when the handset is powered on or don’t go to sleep when the user stop using them. See the video review of Wakelock Detector below for examples of apps that started by themselves. Multitasking takes a lot of energy – the more apps that are in use at any one time, the more battery consumed.
Question for developers: If your app isn’t performing a critical role, why is it running?
• Excessive use of power-hungry device functions, such as GPS, camera, accelerometer and other sensors, or because apps fail to turn off functions when they are no longer required. Research by Purdue University into energy consumption by apps (March 2012) found that some apps only devote a small proportion of energy used to their core function. The paper states: “Free apps like Free Chess and Angry Birds spend under 25-35 percent of their energy on game play, but over 65-75 percent on user tracking, uploading user information and downloading ads.” The research also found that only 25 percent of the energy consumed by The New York Times app was devoted to downloading and displaying news, though it was unclear what the app was doing the rest of the time except advertising. Both the Angry Birds and New York Times apps both use Flurry advertising network, which serves rich-media ads.
Question for developers: Can you justify the energy you are using?
• Apps that keep waking the smartphone from sleep mode or prevent the smartphone going into sleep mode, drain the battery. Handsets go into deep sleep when inactive to conserve battery life, but can be woken – in Android this is called a wakelock – by tasks that need to perform essential tasks. (For a deeper technical understanding of how this activity saps energy, see this AT&T Labs paper). Apps abuse this by regularly waking the smartphone to check the server for updates, new content, mail and messages, or to report back on user activity or location.
Question for developers: Is checking for that update essential (i.e. more important to the user than battery life) and is it done efficiently?
A common problem with bad apps is the so-called “no-sleep energy bug” – this is a condition where at least one component of the phone is woken up by an app and not put back to sleep due to a programming error so causing severe battery drain. Research from Purdue University into no-sleep energy bugs found that 23 percent of apps using wakelock contained bugs that could drain the battery of an inactive handset in as little as five hours. The researchers found no-sleep energy bugs in Google Maps, Facebook and k9mail, among popular apps.
The energy-profiling tool, eprof, used by the researchers at Purdue University, to evaluate the apps does not appear to publicly available, which is a shame as it would be useful to developers of mobile apps or the companies that are interested in monitoring them: app stores, operators, reviewers. However, there are an increasing number of tools appearing in app stores that (claim to) enable consumers save on battery life by vetting the energy consumption or monitor any unusual activity of apps on their handsets. More on these later… but one relevant tool, at this point is Wakelock Detector. This identifies all apps on the device that, with or without permission, override the sleep function. Some reviewers report that turning of location sharing with Google Maps saved battery life. This video review of Wakelock Detector is interesting; note the contributor’s surprise as he discovers apps that started without his knowledge:
Verizon calculates app battery consumption by comparing battery drain on two devices, both in sleep mode, one phone has the app installed, the other doesn’t. (Verizon doesn’t state how long the app was tested for.) If the device consumes less than 30 minutes of battery time, then it gets five stars (which sounds quite generous).
• 5 stars: current drain less than or equal to 5mA; up to 30 minutes battery life lost.
• 4 stars: current drain 5-10mA; 30 minutes to 1 hour battery life lost.
• 3 stars: current drain 10-15mA; 1-1.5 hours battery life lost.
• 2 stars: current drain 15-20mA; 1.5-2 hours battery life lost.
• 1 star: current drain over 20mA; over 2 hours battery life lost.
Of the top 50 apps rated by Verizon (March 2013), 14 fell short on battery life. Note: that battery drain is measured when the app is on, but not actually being used!
• Apps that drained the battery by more than 5mA or 30 minutes: Instagram; Pinterest; Smart Tools; Tango; The Weather Channel.
• Apps that drained the battery by more than 20mA; or 2 hours of battery life: Candy Crush Saga; Draw Something; Fruit Ninja Free; Fun run – Multiplayer Race; Grand Theft Auto III; Hill Climb Racing; Need For Speed: Most Wanted; Plants vs. Zombies; Skype.
Question for developers: Why is your game consuming so much data when it isn’t being played?
While some native apps, such as single-player games, should require little Internet connectivity, many apps require regular updates or interactivity to perform their core role and other functions such as serving advertising. News, weather, social networking, messaging and retail/auction sites need to sync with Web sites to download/update news articles, images, messages, offers, catalogues, prices, advertisements etc, so they are available locally on the device if the user requires/views them, often accompanied by pointless push notifications/alerts. In addition, the app will send data from the handset to the Website, as the user interacts, sends a message, updates their status, adds a photo, checks product availability, performs a search and so on; as well as the more covert activities such as tracking and reporting back on the user’s activity, location etc. Some apps keep updates to a minimum, using personalization and transferring data in an efficient manner and/or only syncing on demand, thus keeping network traffic to a minimum and using up as little of the users data allowance as possible… other apps don’t.
Apps that don’t behave will end up consuming the data allowance, potentially leading to costly bills, when the user reach the data limit/cap, and particularly when the user is roaming.
Question for developers: How much is your app going to cost the user in roaming fees when they go overseas? Did you consider the impact, while developing?
Research by Actix (a mobile network analytics company), March 2013, highlights the extent to which apps are taking control of people’s handsets. Using data from eight network operators, Actix found that only 30 percent of data sessions on mobile networks are initiated by the user, the majority are initiated by apps. Smartphones are making up to 10 automated connections an hour as so called “chatty apps”, such as Facebook, Twitter, email and messaging apps, constantly check for updates.
Alcatel-Lucent research into the new Facebook app found that following the release of the new Facebook app in November 2012, mobile networks saw a 60 percent increase in signaling load and a 25 percent increase in airtime consumed by Facebook app users (despite only a 4 percent increase in subscribers). Signaling occurs where apps request updates from the server; it’s a bit like making a phone call, except by machines. These calls might be short, but cause network congestion (which Facebook may not care about), but also all add up in terms of both data consumption and battery power (which Facebook should care about).
The dramatic effect of advertising on battery life was noted in the previous section, but the Purdue University research did not show the impact this downloading of ads had on the customer’s data allowance. Citrix ByteMobile research into mobile advertising (February 2013) found that ads consume 1 percent of a smartphone user’s data plan, but this is set increase, as mobile advertising increases and as rich-media ads proliferate. Take note publishers: ads containing video generate 10 times more data than those without video. Worryingly a parallel survey into consumer perceptions by Citrix ByteMobile found that 61 percent of smartphone/tablet owners incorrectly believe that mobile ads don’t count against their monthly data limit. Now that’s a recipe for bill shock.
Question for developers: Do really think customers are going appreciate your rich media ads, when they find out how much it is costing them in data?
Verizon rates data usage by studying how much data the app sends and receives when the app is open and running, but is not actually being used:
• 5 stars: Data consumed under 10MB; Less than 1 percent of 1 GB plan.
• 4 stars: Data consumed 10-25MB; 1-2.5 percent of 1 GB plan.
• 3 stars: Data consumed 25-50MB; 2.5-5 percent of 1 GB plan.
• 2 stars: Data consumed 50-100MB; 5-10 percent of 1 GB plan.
• 1 star: Data consumed greater than 100MB; 10 percent or more of 1 GB plan.
Of the top 50 apps rated by Verizon (March 2013), eight fell short on data usage:
• Apps that use more than 10MB or 1 percent of 1 GB plan: Draw Something; Facebook; Facebook Messenger; Skype; TuneIn Radio Pro.
• Apps that use more than more than 25MB or 2.5 percent of 1 GB plan: Fruit Ninja Paid; Grand Theft Auto III.
• Apps that use more than 100MB or 10 percent or more of 1 GB plan: Hill Climb Racing.
3. Security risks
The security of native mobile apps is a vast topic and not one that we could hope to do justice to here. Essentially mobile users are downloading a computer program to their device (which are often unsecured), often from publishers they have never heard of, and usually via a third-party website (app store), rather than directly from the publisher. The system relies on considerable trust from the downloader that the publisher and app store are honest, responsible and fit-for-purpose, and that the app could not be compromised by a crook during development, on the app store or once downloaded. The threat isn’t just from malware (viruses, trojans etc), but also from unlawful/unethical tracking/monitoring of users and collection and distribution of their personal data.
There are regular mobile app horror stories in the press – for example, in April, 2013, we heard about BadNews for Android apps (which could effect 2-9 million people, apparently), and in March a report found that (contrary to popular belief) Apple’s iOS apps are greater security risk than Android. Even the FBI’s Internet Crime Complaint Center (IC3), has issued warning and safety tips. But still consumers continue to take a laissez faire attitude to smartphone security and downloading apps. Consequently mobile malware is on the rise. There are lots of IT security firms charting this rise, e.g. HP 2012 Cyber Security Risk Report, which reports a 787 percent increase in mobile application vulnerability disclosures in five years. Interestingly HP Fortify offers a free online service that allows companies to test (their own or third-party) apps for security issues, called Fortify On Demand – it’s a basic version of a paid-for-service, but surely it has to be worth running a quick test on your applications.
Verizon rates security risks of mobile apps as follows. Each app it tests is scanned to identify if the app can perform harmful activities or read private information without permission, looking for known malicious software including viruses, Trojan horses, boots and spyware.
• 5 stars: No known security threat has been identified.
• 4 stars: Minor security threat has been detected. Example: Non-sensitive user data captured from device without user notification.
• 3 stars: Major security threat has been detected. Examples: App can be used to gain limited control of user’s device without user knowledge; or app captures user data, such as messages and location, without notification to user.
• 2 stars: Significant security threat has been detected. This includes: app can be used to gain full control of user’s device without user knowledge; app captures confidential user data such as user IDs, location, contact list, browsing history, without notification to user.
• 1 star: Critical security threat to user. Harmful impact to device performance and content. App will cause irreparable damage to the device.
Of the top 50 apps rated by Verizon (March 2013), no apps failed the security test.
So why should you care if you have a badly-built app?
If you are asking someone to download your app to their mobile device – especially if you are charging them for it, then your app has to be beneficial, not detrimental. Your customers are placing their trust in you, so don’t abuse their trust. Ignorance is no defense – it’s your obligation to test your apps properly before making them available. The company that fails to test properly is no less negligent than the company that couldn’t care less.
You’re not going to get away with it
a) Consumers vote with delete
Consumers are wising up to how bad apps are wrecking their battery life and wasting their data allowance. All sections of the media are beginning to pick up on it: e.g. Bloomberg Business Week/GigaOM; HowStuffWorks; PC World. Then there are plenty of articles alerting them to the tools that will help them locate battery and data hogs and curb their misdemeanors, for example see: All Things Digital; Android Authority; The Next Web or countless other articles on conserving smartphone battery life.
Here’s a video from Mashable, introducing Carat, an app monitoring app, developed by scientists at UC Berkley:
Once your app is exposed, consumers will curb the excessive activities, kill the irritating notifications, or, simply, delete it. No app is indispensible. There are always alternatives, either downloading your competitor’s app or accessing the mobile-friendly site through a browser. Then they will take revenge in the app store reviews.
b) Death by peer review
You might not care about reviews, but consumers do and reviews about draining battery life and zapping data allowances will be kept at the top of review lists as peers rate them helpful. The media also read app reviews – it’s an easy way to source stories, as demonstrated by this damning story, by Design & Trend, April 2013: Facebook Home Google Play App Reducing Battery Life, Downloaded by 0.05 percent of Social Network’s Users (Design & Trend, April 2013). And bad news spreads fast…
c) Named and shamed by operators, reports or journals
The operators are increasingly concerned about the traffic congestion on their networks caused by mobile apps and the impact that badly-built apps have on their customer’s handsets and data allowance. This is the motivation behind Verizon’s ranking of the top 50 apps. Any move that helps to spread awareness of the issues of badly-developed apps is commendable, in mobiThinking’s opinion.
Whether or not you agree with Verizon’s move, do your really want your app on the List of high-risk apps? And what about when your app’s presence on the list is reported in the inevitable press coverage e.g. The New York Times (Note the comments after the article concerning the apps that come pre-installed on Verizon handsets); Computerworld; CIO; FierceMobileContent.
Reports by experts will also cite apps that use excessive battery or data usage. The studies by Purdue University into
energy consumption and No-Sleep Energy Bugs exposed issues with apps such as Angry Birds, Free Chess, The New York Times, Google Maps, Facebook and k9mail. Consumers aren’t likely to read the reports, but they do read the press coverage: e.g. BBC; PC Mag; New Scientist.
d) Blacklisted by app stores
The largest apps stores are run by handset manufacturers (e.g. Apple, Nokia, BlackBerry) or operating system providers (e.g. Google’s Android, Microsoft). It is in their interest to blacklist apps that make their handsets run badly. Apple has a stringent and lengthy review system before apps are allowed onto its App Store, though it is unclear to what extent it tests for drain on battery life or excessive use of data – one would hope this is a priority. Other app stores, including Google, take a more laissez faire attitude to the apps they post – it’s difficult to see Google maintaining this laid-back policy if apps are shown to be responsible for poor battery life on Android handsets.
e) White lists and badges of honor
It’s not all bad news… Verizon’s rating system highlights the apps that score well on battery, data and security as well as those that fall short. But this only applies to the 50 most popular apps. What options are there for the millions of other apps?
The App Quality Alliance (AQuA) has a Quality app directory which lists the apps that pass AQuA’s QA guidelines, either through self-verification of via a testing organization. It is just for Android apps at the moment, but the plan is to expand soon. It’s still quite new, and there’s only 125 apps accredited, so far, but has good potential. The directory might not be the first port of call for a consumer, but it may help you get your app noticed by the member organizations: AT&T, LG, Motorola, Nokia, Oracle, Orange, Samsung and Sony Mobile. As of Feburary 2013, you can also apply for the AQuA App Quality Badge, which all adds credibility to your app.
• Verizon’s app rating criteria.
• AT&T’s Suggested Best Practices for app developers March 2013.
• Smarter Apps for Smarter Phones, (GSMA, April 2012).
• Best Practice Guidelines for producing high quality mobile applications, (AQuA, February 2013).
• Essentials of mobile app testing, (AQuA, April 2013).
• Where is the energy spent inside my app? (Purdue University, March 2012)
• What is keeping my phone awake? Characterizing and Detecting No-Sleep Energy Bugs in Smartphone Apps (Purdue University, 2012)
• Monitor what customers say about your app on the app stores.
• Application Resource Optimizer (ARO), AT&T Labs.
• Onavo; Wakelock Detector; Carat – use the testing tools your customers use – do they recommend killing your app to save battery life?
• Fortify On Demand (HP Fortify security testing tool).
• If you really want to be sure get you app QA tested by an AQuA-approved test house, typical costs: US $40 to $250.
• Employ developers with proven mobile and Web expertise who understand the importance of energy and data conservation. Mobile apps are not cut-down desktop applications, they should be lean, mean and efficient like mobile Web apps.
• Five common compliance and privacy mistakes
• Websites must be mobile-friendly to comply with FTC’s new digital advertising guidelines
• The insiders’ guides to world’s greatest mobile markets • New country guide: Sweden
• Mobile/smartphone sales 2012: the big picture
• Guide to mobile ad networks • Latest ad network profiles: Hands; • Twinpine •
• Guide to mobile agencies • Latest agency profiles: Pontomobi • The Hyperfactory •
• Guide to mobile industry awards • Check out the video case studies: GSMA Global Mobile Awards •
• Mobile events 2013 • best conferences, great discounts and free tickets •
• The big compendium of global mobile stats
• Most popular content on mobiThinking in 2012