Mobile App
Audit

When do you need to audit your mobile app?

Most business owners become aware of their audit needs when they already have a serious problem with their current mobile app's performance, security, or usability. There are some most typical scenarios where mobile apps review is needed:

1. When you aren't satisfied with the current state of app development. You either observe the app is working too slowly, bugs are mounting, and the bad reviews start to take over the app rating in AppStore or Google Play. It is a time when you need to search for mobile app testing and auditing companies.

2. When your app development team is changing, and you want to check the status quo to set the expectations for the future roadmap and investigate potential technological debt.

3. When you are buying or simply investing in an existing company with digital assets, and you want to run the due diligence report on the current state of these assets.

4. When you are experiencing organizational difficulties in running the current IT project and want to look for IT Consulting Services to identify more efficient ways to manage that.

5. When you want to transfer your existing applications onto a new tech stack and plan the migration to sustain the current operations and avoid data loss.

6. When you consider moving your native iOS and Android app development to cross-platform solutions and, for example, building a mobile application based on Flutter.

What are the types of mobile app audits?

Depending on the business owner's needs, there are specific types of tests, audits, and mobile app audit tools that could be considered for both native iOS and Android apps and cross-platform React Native and Flutter apps.

They differ in terms of the primary purpose of the audit and allow the testing team to keep the focus on the business priorities. We can distinguish the following types of mobile apps audit and testing techniques:

1. Technical audit – this type of audit is made to assess the overall code quality and system architecture. This type of audit can be performed by an independent team/testing company to reassure that the efforts of the main app development teams are appropriately focused and that no technical debt is incurred.

2. Security testing – this type of audit is often performed before integrating the new solution with existing infrastructure to understand better the risks it can bring to the working product. Mobile app security testing help identify some quick red flags and lists potential threats that need to be addressed and/or monitored after the integration. It would then be subject to the business owner's decision on handling potential leaks and security flaws and how much your mobile application is vulnerable to hacker attacks on different operating systems. What is more, security testing tools are typically advanced and require special experience.

3. Discovery audit – this is a type of audit that allows the business owner to understand what digital asset they possess, what it consists of (native vs. cross platforms), and the overall quality of the mobile application.

4. Migration audit – this type of audit helps analyze the code with a clear target to prepare a better roadmap for product migration into a new platform/language. It is often a case when companies are shifting their mobile applications from an all-native approach focusing on iOS and Android operating systems to using cross-platform solutions like Flutter or React Native. This mobile app audit allows giving recommendations for the specific app migration strategy, possibly including the add-to-app approach, a popular strategy when changing the development platform to Flutter.

The mobile app audit process

1
Technical Interview
2
Agreement
3
IT System Data
4
Mobile App Audit
5
Report
6
Recommendations

How do we handle the mobile app audit process?

It depends on the state of your current application and the type of mobile applications audit, but this is the universal guideline of cooperation that helps us achieve the best results:

1. Technical interview: We need to find out if it is either an already existing mobile application or in the state of development and about the main goals of the audit.

2. Strengthening cooperation: Sign the risk-free agreement to start an advanced audit of your mobile applications so you can get to know the current state of it in detail.

3. Gathering information: The preparation for an audit requires gathering comprehensive information for the mobile app testing company on the IT system and its infrastructure.

4. Conducting a mobile app audit: It takes our development team around 2-3 days to check your mobile application carefully, following the given type of audit method.

5. Preparing the report: Typically, the report is a 12-20 pages long A4 document and gets created within 5 days from signing the audit order and providing the prerequisites. 

6. Proposing the recommendations: After the audit, you know what is necessary to improve. We can guide you through the next steps of implementing our advice or take care of them instead.

leancode-logo

Find with us the best solutions for your mobile app

devices-image

What is taken into account during the app audit process?

During the audit process, the auditing team analyzes the mobile application using the top-to-bottom approach, focusing on areas specified upfront, like technical overview, security, etc., listed above in the audit types.

Mobile app architecture

The first part of an audit is dedicated to the project architecture. During this phase, the audit team specifies high-level elements like:

  1. Language or framework version used to build the app.
  2. Minimally supported Android and iOS versions.
  3. External dependencies.
  4. Main libraries being used in the project and the method they are injected in the project.
  5. State management methods. 
  6. Code structure and any distinctive logical parts.

Code quality

The second phase of the audit focuses on code quality. Depending on the conclusions from the analysis of the architecture, this part can include research on the following items (this is not a complete list):

  1. Usage of Object-Oriented Programming and SOLID principles.
  2. Clear division of responsibilities of separate classes according to the Single Responsibility Principle.
  3. Project Structure in a package-by-feature rather than package-by-type manner.
  4. Relation between the UI and the business logic to avoid tight logical coupling. Examples of such patterns include MVP (Model-View-Presenter) or MVVM (Model-View-ViewModel).
  5. The overall code consistency. It is an issue if several developers have built the application without the clear responsibility for analyzing the pull requests to the master code.
  6. State management.
  7. Existence of any old artifacts, which the application is no longer using.
  8. Performance issue.
  9. Storage management. 
  10. Comments and unresolved issues described by devs in the source code.
  11. Code reuse between different applications without separation into code libraries.
  12. External integrations.

Performance of the mobile apps

This part of the audit focuses on the performance of the mobile applications. At this stage, the attention is focused on:

  1. Framework version and usage of the newest Android and iOS version benefits. It is often the case that projects are upgraded to the latest SDK version without taking advantage of the recent performance improvements.
  2. Reports on crashes and issues from distribution centers and any external tools such as Firebase or Bugfender (issue tracking solutions).
  3. Performance against specified test scenarios and results from automated testing if available.
  4. Hardware-related performance issues like high-level frequency of usage of location-based features. 
  5. API-related performance issues like the uncontrolled loops in the calls to API.
  6. Size of the application and existence of the unutilized resources.

Security analysis in mobile apps

The fourth phase is related to the security analysis and considers any potential risks and threats to both users and the whole application security testing. Some of the typical tests include:

  1. Analysis of the data kept at the SharePreferences packages. It often happens that this space is excessively used to store confidential data leaving room for fraud.
  2. Keychain (iOS) / Keystore (Android) management.
  3. Encryption of data while communicating with server (SSL).
  4. Access to confidential financial data such as credit card numbers. 
  5. Storage and access to health-related data if applicable.

Maintenance of the code

This part helps to answer whether the application development process is professionally structured and if there will be potential problems during further development or takeover process to another development team. During this phase, the audit team pays attention to:

  1. Documentation of the project. Both separate as README files and inline, in the code source stated as comments. 
  2. Testing and the code coverage by unit and UI tests. Although the implementation of the tests adds a burden to the project, this allows developers to gain a huge advantage in the long run by significantly improving the overall code quality. Sometimes lack of Unit and UI tests could be compensated later on. Still, this solution is almost impossible to implement if it is coupled with the lack of separation of the business logic and the interfaces.
  3. Dependencies on external packages and libraries. Here the audit team pays attention to external libraries, updates, regular support, licensing models, and usage within the mobile app. Some packages are no longer supported, which creates a risk for future app development. It is also often the case that specific packages are no longer in use, and the app requires a cleanup.
  4. The CI/CD tools, processes and details of their implementation are in the README file. It is critical for further agile development to build the app after new merges to the master instantly. It improves the efficiency of the testing and allows to release of an application in very short cycles, so demanded by the business. 
Health examination of a mobile phone

What can you expect after a mobile app audit?

The mobile app audit is a very formal process with a clear outcome in the shape of the audit report.

Such a report provides insights into the areas mentioned in this article. It gives an extensive executive summary for the business owners, where they need to implement the most critical issues and recommended solutions. The summary greatly depends on the type of audit, whether this is purely technical, discovery or security, or migration audit.

The report from the mobile app audit can also be used as a justification for further implementation and approval for the development team or as instruction on what should be done to reach better quality standards. Typically the report is a 12-20 pages long A4 document and gets created within 5 days from signing the audit order and providing the prerequisites.

What is the price of the mobile app audit?

Clients are often asking how much does the mobile audit cost? We answer that the price depends on the type of audit, with discovery audits being typically the cheapest and starting from $800 for two days-long processes.

The price for more advanced mobile audits, with complex deliverables like the AddToApp roadmap, can be higher. During the estimations, we need to understand the background and project tech stack (native vs. cross-platform solutions using flutter apps or react native apps).

leancode-logo

Would you like to order a mobile app audit?

devices-image