Bootstrapping mobile applications, or how to save a little on the development and publication

Token2.com provides a two-factor authentication service (2fa as a service) and initially it was planned to use SMS as the main delivery method of one-time passwords (OTP) for the second factor. Everything was tied to the SMS, and the technology itself and even monetization - the service itself is provided completely free of charge, the user only pays for the SMS package. At the moment, it is planned to collect the user base and install a hardware gateway for SMS - after that, the cost will decrease, and it will be possible to reduce prices for users and start making profits from the project.

However, in the process of testing, it turned out that the reliability of SMS leaves much to be desired: the percentage of successful delivery for many operators in the CIS countries does not exceed 90% (tested with both Internet gateways and hardware). The solution to this problem is obvious - authorization using mobile applications, however, no budget for this was intended, and there was no team of people with experience in developing mobile platforms. At the same time, I didn’t want to suggest using other applications (for example, Google Authenticator), but I just wanted my mobile application, with functionality not worse, but ideally, even better than existing analogues.

In this article I will briefly describe how we solved this problem with a minimum of costs and without the involvement of third-party developers.

')

Development

It is clear that bothering with native development is long and dreary, therefore, having a little googling, we decided to use Cordova / PhoneGap, since we already have a front-end developer in the team. HTML5 / Javascript prototype was made quickly, using Twitter bootstrap as an interface template.
By the way, the application itself consists not only of the interface (see the description of the application ), access to the camera and the buffer was needed, so I had to connect plug-ins for the phonegap. Both plug-ins were found in the directory on build.phonegap in free access and connected with a couple of lines in config.xml. Cross-platform is also ideal, only css for Windows Phone was finished, there it was necessary to slightly increase the size of some elements.

Everything worked well in the emulator, they immediately started testing on Android devices, since the build.phonegap service generates apk on the fly which can be immediately installed on real devices. It turned out that on some devices the interface noticeably slows down. By typing it was determined that the problem is in the animation effects prescribed in the css standard bootstrap template. By removing all the lines with animation in all styles, we got a more nimble interface and decided to publish the application.

Instruments

No special IDE was used in the development (only the usual text editor), only NodeJS and the phonegap package were installed on the system. Chrome was used to debug the interface, the Bluestacks App Player emulator was perfect for testing plug-ins on Android, and other devices used physical devices.

Publication

Windows phone

The easiest way to publish an application for free is for Windows Phone. We used the dreamspark program for students . To do this, you need to either contact customer support and send them a scan of a student card, or use an email address on the school's domain (.edu / .ac.uk, etc.) when creating an account. We had such an address (there was a student of a British university in the team), but even if you are not a student, there is still a chance to use this program (read points 1 and 2 in this article ). As part of the Dreaspark Student developer account is provided for free for 2 years.

Android

On Google Play, no discounts for students or anyone else have been found, which is not so terrible, because a one-time fee of only $ 25 will be charged upon registration.

iOS

For the Apple App store, we first tried to use the program iOS Developer University Program. For this mail on the university domain is not enough, you need an official letter from the faculty. After talking with fellow students, we found out that the process can take up to six months, so we had to pay 99USD for the year of subscription.

Total

Our budget for creating and publishing a mobile application on three platforms (iOS, Android, Windows Phone) was only $ 124 .
The result was a fairly smart application that fully satisfies all our requirements.
In addition to the Token2 service, the application can also be used for other systems: the functionality is even slightly better than that of Google Authenticator, since it is possible to protect totp profiles with a pin code.
There is also support for the Mobile-OT P standard, plus a modified Mobile-OTP with the ability to create profiles by scanning QR images .

We will not argue that the application turned out to be perfect, so we have plans to replace phonegap applications with native ones for each platform. However, since at this stage we needed a rather prototype, we are satisfied with the result.