• Read more about Lessons from Building Mission-Critical Government Apps

The headlines were unanimous: The mobile app used for tallying results during the Iowa Democratic Caucus was an unmitigated failure. Not only did it delay the outcome of the vote count, it cast a shadow on the integrity of the voting process.

What went wrong? Could it be, as opined by Vox, that “using an app to tally election results wasn’t such a good idea”?

Or was this simply a case of great idea, poor execution?

In this piece, we’ll examine what went wrong with the Iowa Democratic Party’s app, what a good app would have looked like, and how government agencies, political bodies, and other high-pressure groups can avoid the same mistakes.

How Not to Develop and Deploy an App

The problem surfaced hours after the caucuses ended. The Iowa Democratic Party had not reported results, citing inconsistencies in the reporting data. Officials were quick to say the delay was not caused by a hack or intrusion.

Still, speculation surfaced about possible security problems with technology. On Twitter, stories raising concerns about the caucus app’s vulnerabilities resurfaced. One of the top concerns cited in those pieces centered on the plan for caucus volunteers to download the app directly to their phones, which made it difficult to ensure the safety of the devices.

As the hours ticked by, chaos ensued, with the campaigns of two candidates claiming victory as the field headed east for the New Hampshire Democratic Primary on February 11.

What went wrong? As it turns out, quite a lot:

• Caucus field staff claimed the app wasn’t working properly. Some could not download the app. Others couldn’t sign into it, and still others complained that the backup method, reporting by phone, wasn’t letting their calls through.
• Cybersecurity experts and academics said the app was not tested at statewide scale or vetted by the Department of Homeland Security’s cybersecurity agency.
• And even if the app was working, reports suggest, the roll out of the tool was so badly botched that those responsible for reporting via the app weren’t trained on how to use it.
• The app was not deployed through traditional app stores or even sideloaded using an enterprise certificate. Instead, it was distributed through mobile testing platforms, including Apple’s TestFlight and a similar platform that services both iOS and Android called TestFairy. App developers and large software makers typically use testing platforms for mobile apps that are still in beta (i.e., not quite finalized). Developers can use the testing platforms to distribute the beta version of the software without having to go through the rigorous App Store and Play Store review processes.
• The app was distributed using the TestFairy platform’s free tier and not its enterprise one. Developers didn’t even pay for the TestFairy plan that comes with single sign-on authentication, unlimited data retention, and end-to-end encryption. Instead, they used the version of TestFairy anyone can try for free. It deletes any app data after 30 days and limits the number of test users that can access the app to 200.

In short, it appears that the app was rushed into use long before the necessary testing, training, and due diligence had taken place.

Rules of the App Development Road

Hindsight being what it is, it’s easy for observers to shake their heads and say, “We would never do that.”

But, how can they make sure? The key is to know what is required to develop an app the right way:

1. A rigorous, formal authorization process
2. A formal risk model
3. A formal threat model for the application

For example, developers working on federal websites must go through the security authority within their respective agency. That person confirms the application has gone through the FedRAMP certification process for cloud-hosted environments. The process confirms whether apps meet a standard set of 350-450 controls.

Some would argue there ought to be a similar formal process in place when software designed for government or public use is developed by external vendors. Unfortunately, the added work involved in meeting such standards would also add considerable cost to every project.

Fortunately, many developers still use those federal standards to establish clear frameworks while designing and testing their project. Working from the outside in, these developers consider such questions as “What boundary protections does this software need?” and “How does this software interface with other systems?”

Ready to Launch

State primaries and caucuses call for an app that is both secure and able to withstand rigorous load testing (i.e., the process of putting demands on a system and measuring its response). The app may work beautifully during standard testing but collapse completely once thousands of people start to use it.

As an example, Mobomo’s own load-testing procedures proved invaluable during the NASA.gov webcast of the “Great American Eclipse” in 2017. The NASA site typically has 10,000 - 50,000 simultaneous viewers. But on the day of the eclipse, NASA streamed the all-day event, which generated five to six times the streaming traffic of that year’s Super Bowl.

The NASA site performed superbly even under these conditions in part because it was designed to meet the FedRAMP continuity operation planning controls. These controls ensure that if one aspect of the software goes down, backup systems bypass the problem and the software continues to function with minimal interruption to the user.

And that’s the whole point of developing an app for a high-volume, high-pressure task like reporting data from caucus sites or primary voting stations: Using the best technology, the best processes, and the highest levels of expertise to make an app that works so smoothly and accurately, one would never realize the level of complexity and rigor that goes into developing it.

Mobomo develops and deploys secure, high-performance apps and websites for a broad range of civilian federal entities. Want to learn more about our work? Give us a call or contact us today.

• Read more about Mobomo Partnerships Win Silver in W3 Awards

The 13th Annual W³ Awards were just announced and two Mobomo projects were selected by The Academy of Interactive and Visual Arts as Silver winners! We are honored that The USO was selected in the mobile app category and www.NASA.gov was selected as a government winner in the web category. These awards celebrate digital excellence by honoring outstanding Websites, Web Marketing, Video, Mobile Sites/Apps & Social content created by some of the best interactive agencies, designers, and creators worldwide. These awards are also the first major competition that is accessible to companies of all sizes, from Fortune 500 companies to small startups.

The USO

Mobomo was able to recognize the USO and the mobile application that we partnered with them to create. This application fosters greater discoverability of locations where USO provides services and programs offered by the USO through its distributed locations and online. Prior to the discovery phase, USO was seeking to design, develop, and deploy a cross-platform mobile application that introduced an additional channel for the United States military service members and their families to better engage with USO centers and programs. Currently, there are 200+ USO locations that all create their own content. We were able to pull the CMS data and integrate it into the app so that the service member receives the content from the service center that they are physically at or that is most adjacent to them.

NASA

In addition, Mobomo also entered www.NASA.gov under the government category. In 2013, our team migrated www.NASA.gov —a site with over 250,000+ pages, 1.4 million assets, and 3 TBs of data—from a proprietary data center and content management system (CMS) to Amazon Cloud and Drupal 7 without downtime or service interruption. This was a colossal task: Mobomo completed the entire effort in just 13 weeks. The results were so colossal, in fact, that www.NASA.gov has won a multiple, highly coveted Webby Awards. Mobomo has continued to work with NASA in order to create a dynamic, user-centric, mobile-first site that simplifies the experience for every visitor. We can’t wait to see what the future holds for www.NASA.gov!

• Read more about What is your Mobile Strategy?

As the advancements of technology continue to change, communication is always evolving into different platforms. The first cell phone call was made on April 3, 1973, over the course of the past forty years the amount of technological advancements that have been made to improve how we communicate make 1973 feel like the Roman Empire. To put things into perspective, the first mobile phone was sold in the U.S in 1983 for almost $4,000 each.  As history has proven, technological developments have rapidly occurred and it doesn't seem to be slowing down anytime in the near future.

Everyone seems to be on their phone, it is a singular point where everyone can gather information as well as communicate in a more convenient way, who wouldn't use the mobile platform?There is no question that mobile is taking over, people are more likely to use their mobile device first because it has become them most convenient way to communicate and find information. Nowadays who do you know that doesn’t have a mobile device? Statistics show that mobile has outgrown PC usage which shows how quickly the market has changed over the past ten years let alone forty years. I think almost everyone can relate, people use their phones to communicate and it seems like verbal communication is a thing of the past.

Enough about market change through the years. So what does this mean for businesses trying to attract the mobile customer? It means that you have to have a mobile strategy. We will be going over the how’s and why’s as to your mobile strategy this Thursday make sure to RSVP and join us at the following link  Mobile Strategy AddThis Webinar.

• Read more about Ionic Mobile Framework Featured at ModevCon

Modev started in 2008 as a Meetup group and over the years they have led the industry by organized conferences,strategic initiatives and provided executive leadership coaching to ensure those we engage with operate at peak performance.We were thrilled to have the opportunity to speak at the fifth annual Modev Conference on December 10th. Adam presented on the Ionic HTML5 hybrid mobile framework, where he talked about the framework’s background, as well as provided a quick dive into Angular.js, the popular javascript framework it’s built on.  

Be sure to visit http://withinsight.github.io/modev-ionic/ to see the full presentation 

• Read more about User-Centric Design for Federal Websites

For Federal Offices of Communication, the act—and art—of balancing websites that both cater to the public and promote the organizational structure and mission of the organization is always top of mind. Accordingly, those partnering with Federal offices must prioritize meeting both needs when designing and building agency sites. On numerous projects, our team has successfully managed to increase usability and deliver user-centric designs while simultaneously building sites that allow our Federal clients to bolster their brand. A sample of results for some clients:

-a swift 4% increase in first-time visitor overall satisfaction
-76% of all mobile users strongly agreeing that the new site made content easier to find
-88% of frequently visiting teens being satisfied with the new site

Below are some of the tools we’ve implemented to achieve success:

Navigation and Information Architecture

Treejack is a great usability testing tool that development teams can wield to test the information architecture and navigation of the site prior to even beginning a design. It is best used to test the findability of topics in a website using different navigational hierarchies. For one of our projects, both internal and external stakeholders were given 46 tasks to perform using a variety of different navigation hierarchies to find the most optimal site organization for both constituent groups.

Usability Testing

For usability testing, our team leverages both Loop11 and Usertesting.com. Using a live, interactive environment, both of these tools allow development teams to gain deep understanding of user behavior by observing users as they complete a series of tasks and questions on the site and/or mobile app in question. Interactions are captured and then analyzed in comprehensive reports. As an added bonus, Usertesting.com provides video footage of the interaction for review:

http://bit.ly/1rRvEAm

In summary, Federal websites and applications are often designed with too much emphasis on organizational hierarchy and goals, and too little focus on meeting end-users’ needs and expectations. User-Centric Design (UCD) tools can help government agencies buck this trend, however, allowing them to create websites and applications that engage users and maximize their interaction. Ultimately, this results in a sure win-win: Federal agencies’ constituents can experience an efficient, satisfying, and user-friendly design, and—with constituents’ increased engagement—organizations can ensure that their missions and information are communicated effectively. Act balanced.

• Read more about Apple Watch: A Look Inside

At the time of this writing (pre-WWDC 2015), there are a number of limitations on what Apple Watch code can do. The primary limitation is that watch apps cannot exist by themselves. It is necessary for the watch app to be a part of a corresponding phone app. Apple has said they will not accept watch apps where the phone app does not do anything itself. Also, watch-only apps (such as watch faces) are not allowed for this same reason—although it’s rumored that this may change after WWDC 2015.

Another Apple Watch limitation is that Core Graphics animations are not supported, but animated GIFs are. Complex layouts (such as overlapping elements) are not allowed. However, elements can be positioned as if they overlap—provided only one element is visible at a time. Using actions such as taps and timers, the visibility of these "overlapping" elements can be changed. This can be implemented to provide a more dynamic interface. Another major limitation (also whispered to change after WWDC 2015) is that watch apps cannot access any of the hardware on the watch including the motion sensor and heart sensor.

Most watch app processing (controller logic) is done on the phone instead of the watch, and some delays are inherent in the Bluetooth communication that transpires between the watch and the phone as the view (on the watch) talks back to the controller (on the phone). This view/controller split is not obvious in the code, but the watch/phone split is obvious in the code, as the watch cannot access anything from the phone, even though the controller logic is running on the phone side—except via a specific watch-to-phone request.

One notable feature is the watch app’s ability to explicitly call the phone app with a dictionary and obtain a dictionary response. This functionality allows the developer to then set up a number of client-server style requests, where the watch is the client, and the phone is the server. For example, the watch can request information from—or record information to—the phone. The phone (which has storage and may have Internet connectivity) can then fulfill the request and provide data in response to the watch. This can drive the phone app's UI to provide near-real-time synchronization of the watch app display, as well as the phone app display.

Custom notifications (both local notifications and push notifications) are supported on the watch. These custom notifications can have a somewhat customized layout as well as having the ability to define a set of custom actions. After performing one of these actions, the watch app is started. Apple mentions not to use notifications as a way to just launch the watch app from the phone app. Apple maintains that the notifications should provide useful information.

One developer test limitation relates to custom watch notifications (for local notifications).  Since watch notifications are only displayed if the phone is asleep, there is no direct way to test custom watch notifications.  Because of this, XCode does provide a mechanism to test push notifications in the simulator (using a JSON file), but there is no similar mechanism to test local notifications. Still, one can certainly test local notifications with the physical device.

• Read more about NASA Uses "Headless" Drupal To Reach New Website Heights

In April 2015, NASA unveiled a brand new look and user experience for NASA.gov. This release revealed a site modernized to 1) work across all devices and screen sizes (responsive web design), 2) eliminate visual clutter, and 3) highlight the continuous flow of news updates, images, and videos.

With its latest site version, NASA—already an established leader in the digital space—has reached even higher heights by being one of the first federal sites to use a “headless” Drupal approach. Though this model was used when the site was initially migrated to Drupal in 2013, this most recent deployment rounded out the endeavor by using the Services module to provide a REST interface, and ember.js for the client-side, front-end framework.

Implementing a “headless” Drupal approach prepares NASA for the future of content management systems (CMS) by:

1. Leveraging the strength and flexibility of Drupal’s back-end to easily architect content models and ingest content from other sources. As examples:

• Our team created the concept of an “ubernode”, a content type which homogenizes fields across historically varied content types (e.g., features, images, press releases, etc.). Implementing an “ubernode” enables easy integration of content in web services feeds, allowing developers to seamlessly pull multiple content types into a single, “latest news” feed. This approach also provides a foundation for the agency to truly embrace the “Create Once, Publish Everywhere” philosophy of content development and syndication to multiple channels, including mobile applications, GovDelivery, iTunes, and other third party applications.

• Additionally, the team harnessed Drupal’s power to integrate with other content stores and applications, successfully ingesting content from blogs.nasa.gov, svs.gsfc.nasa.gov, earthobservatory.nasa.gov, www.spc.noaa.gov, etc., and aggregating the sourced content for publication.

2. Optimizing the front-end by building with a client-side, front-end framework, as opposed to a theme. For this task, our team chose ember.js, distinguished by both its maturity as a framework and its emphasis of convention over configuration. Ember embraces model-view-controller (MVC), and also excels at performance by batching updates to the document object model (DOM) and bindings.

In another stride toward maximizing “Headless” Drupal’s massive potential, we configured the site so that JSON feed records are published to an Amazon S3 bucket as an origin for a content delivery network (CDN), ultimately allowing for a high-security, high-performance, and highly available site.

Below is an example of how the technology stack which we implemented works:

Using ember.js, the NASA.gov home page requests a list of nodes of the latest content to display. Drupal provides this list as a JSON feed of nodes:

Ember then retrieves specific content for each node. Again, Drupal provides this content as a JSON response stored on Amazon S3:

Finally, Ember distributes these results into the individual items for the home page:

The result? A NASA.gov architected for the future. It is worth noting that upgrading to Drupal 8 can be done without reconfiguring the ember front-end. Further, migrating to another front-end framework (such as Angular or Backbone) does not require modification of the Drupal CMS.

• Read more about Mobomo Announces Management Changes

We are excited to announce expansion and growth of Mobomo's executive team:

Ken Fang, formerly CEO, will now serve as President of the company. Since joining in 2010, Ken has led Mobomo from a small startup to a company with over $5M in annual revenue, a more than tripled staff, consecutively high rankings by Inc. 5000, over 120 product launches, and an increasingly glowing client roster. In Ken's new role, he will be focused on high-level company strategy, corporate partnerships, and sales.

Brian Lacey will be assuming Ken's responsibilities as CEO. Brian joined Mobomo in 2011 as a Project Manager, and because of his passion for UX design, was quickly promoted to Creative Director. Within a short period of time, Brian was soon appointed COO, and under his tenure, Mobomo successfully built out well-defined design, development, and quality assurance capabilities. He also spearheaded the founding of the Buenos Aires office and helped acquire Exceptual Technologies, among other operational expansions.

Jesse Vizcaino will be assuming Brian's responsibilities as COO. In 2012, Jesse launched his Mobomo career as a Project Manager and quickly rose to Director. In his various roles, he has been instrumental in guiding Mobomo’s strategic direction, streamlining operations, and signing flagship customers such as the District of Columbia Retirement Board and the National Library of Medicine.

Please join us in congratulating Ken, Brian, and Jesse: we’re excited to see the great things they’ll accomplish in their new roles, and wish them all the best.

• Read more about NASA Launches Orion On First Step to Mars

At 7:05am EST today, the world watched as NASA released its unmanned spacecraft, Orion, into the ether. With Captain Kirk (in doll form) at the helm, the massive capsule soared from Cape Canaveral with countless hopes attached. This new spaceship was built with one goal in mind: deep space exploration.

Orion’s 4.5 hour flight test was a critical step toward eventual near-Earth asteroid excursions, trips around the moon, and--most significantly--manned missions to Mars. That's right: with the success of Orion's launch would come “the beginning of the Mars era,” as NASA Administrator, Charles Bolden, remarked before blastoff.

And succeed it did! Completing two orbits and going farther than all rockets designed to carry astronauts have in the past four decades, Orion passed with flying colors, and landed in the Pacific Ocean at 11:29 this morning. Our biggest congratulations to NASA on an incredibly successful flight test! Mobomo is proud to be part of the team supporting NASA.gov.

• Read more about The Internet: A Brief History

And, in keeping with his Developer DNA, the history lives on GitHub: to navigate, please use your left and right arrow keys.

Bonus: watch Ryan make a real time web app in his brief intro of AngularJS!