See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/271460333

Risk Analysis in Mobile Application Development

Conference Paper · January 2013

DOI: 10.1049/cp.2013.2351

CITATIONS READS

9 40,100

3 authors, including:

Misha Kakkar
Amity University
19 PUBLICATIONS   163 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Software Defect Prediction View project

All content following this page was uploaded by Misha Kakkar on 03 November 2016.

The user has requested enhancement of the downloaded file.

 Risk Analysis in Mobile Application Development
Kushagr Kakkar1, Raj Shah2, Misha Kakkar3
1,2
Software Engineers SNMC, India
3
Assistant Professor, Amity School of Engineering &Technology, Amity University
ABSTRACT
With constantly evolving mobile platforms & associated
opportunities, numerous developers have entered the
domain of mobile application development, leading to
spaghetti code and various defects. This paper focuses on
evolving area of risk analysis w.r.t. software engineering,
provides insight in development of applications for mobile
devices, and deals with issues related to associated risks.
The paper also describes the different environments in
which a mobile application operates, factors which affect
its performance and best practices for mobile application
development
KEYWORDS
Mobile application development, Software Development
Toolkit, Risk analysis, Risk Classification.
1. INTRODUCTION
The world of Mobile Application has amazed one and all.
Be it a favorite mobile game or a business tablet utility
applications, Applications today have become a necessity
in the ever growing market of Smart phones. A brief flash
on the current statistics (Fig 1) [1] on mobile time spend by
mobile phone user shows that 80 % time is spend on
application such as games, entertainment, social
networking, etc.
Fig. 1. Mobile phone usage Statistics
With only half a dozen mobile operating system (OS)
platforms, the success or failure of an application has been
put in the hands of the developer community. There has
Ƈ 429 Ƈ
been an exponential growth in mobile application
development since the launch of iPhone Appstore followed
by Android, BlackBerry, NokiaOvi and Windows phones.
Market estimations suggest that there are more than 2,
50,000 applications available for various purposes.
Recently, a small survey [2], using available mobile
developer forums, was conducted of mobile developers.
The main aim of the survey was to gain a better
understanding of development practices of mobile
applications. The survey allows us to conclude that:
• Most mobile applications have source code of several
thousand lines with code written by 1-2 developers.
• There is a huge difference between native applications,
which run on the mobile device, and web based
applications, which run on remote server.
• Most of the applications are based on recommended
standard rules for coding.
Nowadays, Powerful application tools are available in the
industry such as Apple’s iOSDevCenter , ADT plugins for
Android, and so on. Similar application development tools
for Blackberry, Symbian and other platforms are also
available. In addition the advancements in the development
of cross platform development tools such as RhoMobile’s.
Rhodes and other open source Phone Gap have created
native applications on various smart phones.
The above mentioned application development tools and
frameworks ease the task of the developer, however there
still are different risks are associated with each application.
Mobile apps have moved beyond inexpensive recreational
applications to more business oriented features and hence it
has become a necessity to ensure the development of
secure, high quality mobile applications. In this paper we
identify and provide insights of the risks associated with
the mobile application development.
The paper is divided into different sections, wherein
Section 2 provides an overview on previous work in the
field of risk analysis and mobile application development.
In Section 3 the risks have been identified and categorized
into different categories to provide a proper insight and
understanding. Section 4 gives the conclusion of the
research.
2. BACKGROUND AND RELATED WORK
Risk identification & analysis are the foundation of risk
management in software project development. The
complex nature of software development process makes the
risk analysis a difficult process, which needs detailed and
thorough assessment. Ying Qu et al [3] used interpretative
structural model for this purpose. They studied and
classified 26 risk factors into 7 categories and provided a
risk management framework. Xiangnan Lu and Yali Ge [4]
studied project management for IT enterprises of China. A
two view aspect study was conducted one for project
development team and other for end users i.e for the team
that is going to use the software product. The above paper
identified risks for both type of user with AHP method.
Khatavakhotan et al [5] proposed verifier core technique
that is embedded in the software development life cycle
and that identifies the deviations in the process, hence
improving the risk management process. They provided a
mechanism through which there can be an interaction
between old and new development teams. Khuankrue et al
[6] researched risk problems for software project in which
team members are of cross culture. Mathematical model
Bayesian belief network was used to predict risk factors for
the project. Language, communication style, attitude and
development techniques were identified as major factors by
the network.
Benaroch et al [7] tried to monetize risk management
process. Their model gave cost drivers for risk factors
based on 2 parameters, i.e., cost per exposed unit and
project sensitivity. The model can be benchmarked with
classic cost estimator models such as Cocomo for real
world applicability. Jiangping Wan et al [8] studied the
cause of project failure. They listed risk factors in the
degree of their effect on the project success and 20 most
critical factors were identified. An interpretive structural
model was applied on these 20 factors to get the root
factors. Lazzerini et al [9] adopted a pessimistic approach
to calculate the overall risk of software project.
They proposed Extended Fuzzy Cognitive Maps to map
relationship relationships between risk factors and risks. As
E-FCMs have nonlinear membership functions, conditional
weights, and time delay weights, they are well suited for
risk analysis as all features of E-FCMs are more
informative and can fit the needs of Risk Analysis.
Lazzerini et al gave a framework to analyze risks using E-
FCMs and extend E-FCMs. D Gupta et al [10] proposed a
Software Risk Assessment and Estimation Model
(SRAEM) predicts the possible results of software projects
with good accuracy. Their model assesses the risk and also
estimates it. They build metric based on mission critical
requirements stability risk metrics (MCRSRM). The
proposed model gives the incremental risk for every phase
and also the total cumulative risk as the software progress
from phase to phase.
Ƈ 430 Ƈ
A lot of research has already been done for software risk
management and many models (such as SPAEM) have
been proposed, but risk analysis in mobile application
development is still an evolving area of research. We
define “mobile application development” as a process by
which an individual or team organizes and manages the
creation of a mobile software-intensive system.
2.1. How do mobile applications differ from traditional
applications?
Development of mobile applications is more or less similar
to the making of softwares for other embedded systems.
The prime issues handled in Mobile application
development are security, performance, reliability and
memory storage. Some of the additional issues that come
along with mobile applications are:
1) Interaction with other applications: Mobile devices have
numerous applications from varied sources with possible
interactions amongst them.
2) Sensor handling: Most of the smart phones have sensors
(such as the accelerometer) that respond to the movements
of the device and the gestures for the touch screen.
3) Native and Hybrid applications: Mobile applications can
be pre-installed in the device or can invoke services from
the internet, affecting the data, the display, or even the
performance of the device.
4) Software and Hardware compatibility: A mobile
application should be written in such a way that it can
support a wide range of operating systems as well as
updates of a particular OS. For example it is important for
Android applications to support different versions of the
OS(JB,ICS,GB).
5) Security: Mobile applications come under the roof of
open software system so it also allows the installation of a
malware that can affect the overall performance of the
device.
6) User interfaces:In a mobile application, the developer
must adhere to the user interface guidelines, many of which
are implemented in the software development kits (SDKs).
7) Complexity of testing: Mobile applications are not easy
to test. They require the mobile environment that is
provided in the emulators.
8) Power Consumption: Applications can affect the power
consumption of the device and hence cause a serious threat
to the device’s battery life.
2.2. Best Practices
With recent development in smart phones, mobile
applications market has become overcrowded and
developers are encouraged to develop new applications.
Plenty of details are available on how to build an
application but lack of documentation makes understanding
and optimization all the more difficult. At the same time,
all but the largest and most complicated software and
system development projects have moved away from a
process-intensive approach towards a more agile approach,
with the Scrum approach [11] and other agile techniques,
e.g., test driven development, finding widespread
acceptance. The above is particularly true for applications
developed for the Web, where the development model
relies on many successive releases of the evolving product.
The Scrum development process is a sequence of short (2-4
weeks) “sprints” where a team addresses a set of tasks as a
product increment, with each sprint addressing a “backlog”
of requirements.
Above and beyond the process, though, is the systematic
codification of knowledge about the best practices to
follow for application development. The World Wide Web
Consortium has issued a candidate set of recommendations
for mobile web (not native) applications [12]. Apple has
published an iPhone Application Programming Guide [13]
with guidelines for various aspects of iPhone development.
The Developer’s Guide for Android includes a Best
Practices section that addresses application compatibility,
user interface guidelines, and designing for performance
and responsiveness, among other things [14].
In short, with increasing availability of guidance,
developers can program their application easily. Platform
developers have spent years in developing software
engineering knowledge and using it to create architectures
and mobile SDKs that would help developers to interact
with existing resources. However, these technical aspects
don’t address the larger issues that we come across while
developing large-scale mobile application with varied
support.
2.3. Scaling Up
The major long term challenge in mobile application
engineering is “scaling up” i.e, to look for appropriate
techniques for managing complex projects. Complex
projects require attention towards changing requirements,
product architectures and testing.
The specialized qualities of the mobile environment make
it important for us to treat mobile applications development
as an independent task with its own software engineering
process and set of requirements.
3. RISK CLASSIFICATION
Despite of development of 1.5million+ mobile application
[15] on various platforms, there is limited formal research
done for its engineering process or risks that should be
taken care of while developing applications. In this section
we will discuss various the risks associated with
development of mobile application and the scope for
research in software engineering related to mobile
application.
Ƈ 431 Ƈ
3.1. Customer related Risks
Requirement analysis is the most important task in
developing a mobile application because it includes an in
depth market research along with client interaction. Risk
factor is very high if any requirement is misinterpreted by
design team or developer. Below are broad description
related to requirement analysis risk.
Specification related Risks: Customer plays a crucial role
in any software engineering process. Customer
requirements need a proper understanding and
documentation prior to the advent of the project
development. Many times it so happens that the customer
needs are not clearly specified due to lack of technical
knowledge of the customer. There have been cases when
the client needs get misinterpreted and the end product
obtained is not as per the requirements of the customer.
Improper analysis of the customer requirements results into
loss of time and also affects the quality of software
delivered. It has been noticed that frequent changes in the
software design lead to buggy effect. Sometimes the
customer demands are unreasonable (e.g speedy
development to get the first mover advantage in a particular
feature), this might lead to poor quality and cause a risk to
the overall project
3.2. Communication related Risks
There needs to be a streamline communication between the
client and developer to come up with the software product
that meets up all the needs. The developer should have a
clear picture of the end product and his targeted audience
otherwise it would lead to fatal design errors. Design errors
in mobile software often prove to be very risky and
expensive on the long run. To avoid this type of risk we
should invest adequate time in explaining the vision of the
application , leading to greater enthusiasm and greater team
coordination.
3.3. Market Risks
Prior to the implementation of new mobile software, a in-
depth research of the market needs to be carried out. It is
risky to come out with a software product that doesn’t not
cater to the market needs or suffice the customer needs. It’s
also important to come up with something new or
something that would add value to existing available
options.
The research should be based on the following criteria:
• Is there an existing market or new market needs to be
created?
• What are the competitive products present in the
market?
• What is the purchasing power of the customer?
• Any specific issues related to the user interface.
3.4. Resource risks
The dependencies encountered in developing a mobile
application can be of the following types:
• Resource dependency: The mobile application is
sometimes dependent on other shared resources of the
memory, servers and skilled staff. The availability of
those resources only facilitate in proper functioning of
the application.
• Platform dependency: When an application is built, it
is dependent on features provided by the platform and
should not breach platform security. For example
certain features are supported in one platform while
not on another (e.g. music files can’t be shared in iOS
while in other platform this can be done). To avoid this
we should focus on developing applications in which
the GUI is separate from the core logic, so that we
need only change the GUI part for different OS and the
logic parts remains the same.
• Stakeholders Investment: The development and launch
of a mobile application largely depends upon the
support gathered from the stakeholders. Stakeholders
play a crucial role in finance and the budgeting and
promotion of the product. The amount invested and the
policies used for campaigning of the mobile
application are of prime importance.
3.5. Financial Risks
Budget and cost estimation plays a vital role in the
development of any mobile software application. It should
be made clear with the clients before taking over the
project about the estimated expenses and other costs that
can be incurred in the manufacturing of the software.
Buffer amount is always appreciated as it would decrease
risk of financial crisis during multiple stages of the project
and ultimately increases profit at the end.
3.6. Technical Risks
A correct application design is half the work done. But a
faulty application design consumes a lot of time and money
and often proves to be risky in the long run. Application
design includes the following:
• Algorithm: The algorithm used for the application
should be cost optimal as well as space optimal. The
application should not occupy a lot of memory in the
system.
• Platform: The platform on which the application is
going to run should be feasible in nature and should be
one that is relatively stable and secure. The most
popular mobile software application platforms are
Android, iOS and Windows.
• Graphical User Interface (GUI): The application GUI
proves to be major factor in attracting more audience
Ƈ 432 Ƈ
for a mobile application. A complex unappealing GUI
can be risky as it fails in providing ease of usage to the
customers. The application GUI should be user
friendly along with certain enhanced features which
make it stand apart from the rest of the applications
already available in the market.
• Testing Strategies: There are various testing strategies
that are available to test the proper functioning of
mobile software. To be on safe side and as a
precaution different testing strategies should be
employed. The faults encountered in mobile software
after the device is launched in the market are difficult
and expensive to tackle. In general test cases should be
prepared for essential functionality. The application
should be tested on various available models so proper
functioning is done on all models as same platform has
various independent models (i.e. various dimensions a
particular application should be able to work on
devices with varied screen size and resolution as well
as varied vendors). Network related testing should also
be done as all network have some change in their
protocols. For example an application might give
unsatisfactory behavior on slow speeds (2G).
In order to stay safely away from such risks it is suggested
to carry out testing on field testing on field includes giving
the beta version of the application to the clients for usage
for a pre-determined time period and taking their reviews
of the product. The suggestions and feedbacks of the users
should be carefully noted down and taken into
consideration.
Another way of testing is to perform Stress and Load
testing, these help us to avoid DOS attacks (due to
excessive loads), some crashes that occur in unthought-of
of scenarios, and also help us to point out whether there is
any memory leak or any performances issue causing the
device to slow up or hang.
3.7. Managerial Risk
In this highly competitive software evolving market first
mover always has extra benefits. Every organization wishes
to release their product first in market so they can attract
customers easily and acquire market share from very
beginning. Even there are deadlines to be followed for
projects. Mobile platform updates are rolled out rapidly,
mobile applications should be updated simultaneously to
improve efficiency and proper utilization of platform
features. Due to pressure, various scenarios are not
considered and software is exposed to instability and
security risks.
3.8. Performance Risks
A good application is one which is capable of dealing with
the security attacks from the external environment. High
risks are involved in running insecure mobile software and
should be handled with top most priority. Different
platforms such as
Android, iOS, RIM, etc have their own ways on keeping a
check on the software vulnerability and methodologies to
deal with external threats.
Enhanced security check algorithms must be employed
within the software application to keep an eye on the
security attacks. Proper validation and authentication of the
users’ credentials along with sound encryption decryption
algorithms can be proved helpful in securing a system.
Stability measures: There are some requirements that
depend on platform and development process and that are
not properly stated by the customer. They are highly
vulnerable and if not taken into consideration would lead to
serious flaws when end product is released.
3.9. Maintenance Risks
The job of a developer does not get over with just the
launch of the application in the market. Providing support
after release is most important thing for product success.
Regular updates in platforms are rolled out so application
should adopt new changes in platform and provide support
for that.
There are risks associated after the launch that have to be
dealt on timely basis. The features of the software need to
be updated regularly. Clients more often than not have
customized needs requiring constant updates and needful
attention.
3.10. External Risks
Many applications in the market need certain requirements
to be met for their proper functioning. Certain applications
use GPS services while most of them require internet
facility for their running. Proper testing should be done in
all types of environment. For example, if an application is
internet dependent, then we should test it on slow as well as
fast connections to ensure that the application does not
either hang / crash or cause any unwarranted behavior in
any situation. Also we should take into account what would
happen if the data connection drops all of a sudden and the
amount of battery usage under the above mentioned
conditions.
The above stated situations are just some scenarios in
which one should test and minimize the risk factor for
application.
4. CONCLUSION
From analysis of this paper it can be found that mobile
application development is a complex process that has
many risks different from traditional software projects.
Ƈ 433 Ƈ
These risks can be classified among customer related risks,
communication related risks, financial risks, market risks,
external risks, to name a few. The implication of these risks
can vary from low to very high depending on various
factor’s, hence it is imperative for any organization/
individual to take into account these risks while developing
any new mobile application. Lot of research is still required
in the field in how these risks can be assessed, quantified
and mitigated.
5. REFERENCES
[1] (2013) The mobile war is over and the app has won
80% of mobile time spent in application [Online].
Available: http://venturebeat.com/2013/04/03/the-
mobile-war-is-over- and-the-app-has-won-80-of-
mobile-time-spent-in-apps
[2] Agrawal, S. and A.I. Wasserman, "Mobile Application
Development: A Developer Survey", submitted for
publication, 2010
[3] Ying Qu; Meng-Jia Yuan; Feng Liu, "The risk factor
analysis for software project based on the
interpretative structural modelling method," Machine
Learning and Cybernetics (ICMLC), 2012
International Conference on , vol.3, no., pp.1019,1024,
15-17 July 2012
[4] Xiangnan Lu; Yali Ge, "Risk analysis in project of
software development," Engineering Management
Conference, 2003. IEMC '03. Managing
Technologically Driven Organizations: The Human
Side of Innovation and Change , vol., no., pp.72,75, 2-
4 Nov. 2003
[5] Khatavakhotan, A.S.; Siew Hock Ow, "Improving IT
Risk Management Process by an Embedded Dynamic
Verifier Core: Towards Reducing IT Projects Failure,"
Intelligent Systems, Modelling and Simulation
(ISMS), 2012 Third International Conference on , vol.,
no., pp.684,687, 8-10 Feb. 2012
[6] Khuankrue, I.; Rivepiboon, W., "Model of cross-
culture risk prediction base on Bayesian belief
networks for software project," Innovation
Management and Technology Research (ICIMTR),
2012 International Conference on , vol., no.,
pp.560,565, 21-22 May 2012
[7] Benaroch, M.; Appari, A., "Financial Pricing of
Software Development Risk Factors," Software, IEEE,
vol.27, no.5, pp.65,73, Sept.-Oct. 2010
[8] Jiangping Wan; Shiqing Zhu; Yunfeng Wang,
"Empirical Analysis on Risk Factors of IT Service
Management Project Implementation," Wireless
Communications, Networking and Mobile Computing,
2008. WiCOM '08. 4th International Conference on ,
vol., no., pp.1,4, 12-14 Oct. 2008
[9] Lazzerini, B.; Mkrtchyan, L., "Analyzing Risk Impact
Factors Using Extended Fuzzy Cognitive Maps,"
 Systems Journal, IEEE , vol.5, no.2, pp.288,297, June July 2010. [Online]. Available: http://
2011 www.w3.org/TR/mwabp/
[10] Gupta, D.; Sadiq, M., "Software Risk Assessment and [13] (2013 )Apple. iPhone Application Programming
Estimation Model," Computer Science and Guide. [Online]. Available:
Information Technology, 2008. ICCSIT '08. https://developer.apple.com/ library /ios/navigation/
International Conference on , vol., no., pp.963,967, [14] (2013) Android Developers. The Developer’s Guide.
Aug. 29 2008-Sept. 2 2008 [Online]. Available: http://developer.
[11] Schwaber, K. 2004. Agile Project Management with android.com/guide /components/ index.html
Scrum.Microsoft Press. [15] (2013)Mobile app [Online]. Available: http://en.
[12] (2013) World Wide Web Consortium, Mobile Web wikipedia.org/ wiki/Mobile_app
Application Best Practices W3C Working Draft, 13 [16] Roger S Pressman, Software Engineering: A
Practitioner's Approach, 6th , McGraw-Hill

Ƈ 434 Ƈ

View publication stats