In the rapidly evolving world of .NET development, the emergence of Minimal APIs has generated significant excitement — and a hint of apprehension. This streamlined approach to building HTTP APIs promises a leaner, more performant experience, but it also challenges the familiar controller-based patterns that many developers have relied on for years. In this article, we’ll delve into the world of .NET Minimal APIs, exploring their benefits, addressing common concerns, and demonstrating why they might be the perfect tool for your next project.

Authors: Esmaeil Abedi, Aidin Azimi, Rolf Kluge, Christian German

Why Minimal APIs? The Shift from Controllers to Minimal APIs

Minimal APIs offer a compelling alternative to traditional controller-based approaches, bringing several advantages to the table:

• Reduced Boilerplate Code: Say goodbye to the clutter of controllers, actions, and attributes. Minimal APIs allow you to define endpoints and their logic with remarkable conciseness.
• Enhanced Performance: By minimizing layers and abstractions involved in handling requests, Minimal APIs can provide a performance boost — especially in high-traffic scenarios.
• Simplified Learning Curve: The minimalist syntax and structure make Minimal APIs relatively easy to grasp, even for developers new to .NET.

Addressing Developer Apprehensions

While the benefits of Minimal APIs are clear, some developers may hesitate to embrace this new paradigm due to:

• Fear of the Unknown: Departing from familiar patterns can be daunting. Minimal APIs introduce a new way of thinking about API development, which may require some adjustment.
• Concerns About Scalability: For large and complex APIs, questions might arise about how well Minimal APIs can handle the intricate routing and logic that controllers often manage.
• Evolving Tooling and Support: Compared to the mature ecosystem surrounding controllers, the tooling and community support for Minimal APIs are still developing.

In this article, we’ll address these concerns head-on by providing practical examples, best practices, and insights to help you confidently navigate the transition to .NET Minimal APIs.

Understanding .NET Minimal APIs

.NET Minimal API is a lightweight framework within ASP.NET Core that offers a streamlined way to create HTTP APIs. Designed to reduce boilerplate code, simplify development, and improve performance, it stands out by allowing developers to define endpoints directly. Unlike traditional ASP.NET Web API, which relies on controllers and action methods, Minimal APIs focus on minimalism and directness, making them ideal for building microservices and small-scale APIs.

While .NET Minimal APIs provide a simplified approach, it’s essential to maintain a well-structured and organized codebase to avoid complexity and ensure long-term maintainability — especially as your API grows in size and functionality. By grouping related code into logical units and using appropriate naming conventions, you can enhance readability, reduce cognitive load, and make your API easier to understand, modify, and extend. This practice is crucial for any project, regardless of its size or complexity.

#NewIsBeautiful

Structure the code

To enhance code structure and maintainability in .NET Minimal API, consider the usage of extension methods and organizing your endpoints into folders. Here’s an example of how you can implement this approach:

1. Create the Endpoints folder:

Within your project, create a new folder named `Endpoints.

2. Create the Todo folder:

• Inside the `Endpoints folder, create a subfolder named `Todo.

3. Create the `TodoEndpoints.cs file:

• In the `Todo folder, create a static class named `TodoEndpoints.
• This class will contain the metadata for each endpoint group.

4. Define the endpoint configuration:

• Within `TodoEndpoints.cs, use extension methods to define the endpoint configurations. Here’s an example:

public static class TodoEndpoints
{
    public static void MapTodoEndpoints(this WebApplication app)
    {
      var todos = app.MapGroup("/todo");
      
        todo.MapGet("/list", TodoModules.GetTodoList)
         .RequireAuthorization()
         .Produces<TodoDto>(StatusCodes.Status200OK);
    }
}

• The `MapGet method defines a GET endpoint for the `/list path.
• The `RequireAuthorization method adds authorization requirements to the endpoint.
• The `Produces method specifies that the endpoint will return a `TodoDto object with a status code of 200 OK.

5. Create the `TodoModules.cs file:

• In the `Todo folder, create a class named `TodoModules.
• This class will contain the implementation logic for the endpoint.

6. Implement the endpoint logic:

Within `TodoModules.cs, implement the logic for the `/list endpoint. For example:

public class TodoModules
{
    public static async Task<IResult> GetTodoList(ITodoRepository todoRepository)
    {
        // Logic to retrieve todo items
        var todoItems = await todoRepository.GetAllAsync();
        return TypedResults.Ok(todoRepository);
    }
}

7. Register the endpoints:

• In your `Program.cs file, register the endpoint configurations:

var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();

app.MapTodoEndpoints();

app.Run();

By using this approach, you can effectively organize your endpoints, improve code readability, and enhance maintainability. You can extend this structure to accommodate more complex endpoints and API features.

Middleware

Middleware is a component that can be added to the request/response pipeline in .NET Minimal API to modify or intercept requests and responses. It provides a flexible way to implement cross-cutting concerns like authentication, authorization, logging, and exception handling.

public class CustomLoggingMiddleware
{
    private readonly RequestDelegate _next;

    public CustomLoggingMiddleware(RequestDelegate next)
    {
        _next = next;
    }

    public async Task InvokeAsync(HttpContext context)
    {
        var startTime = DateTime.UtcNow;

        try
        {
            await _next(context);
        }
        finally
        {
            var endTime = DateTime.UtcNow;
            var elapsedTime = endTime - startTime;

            // Log the request and response details
            Console.WriteLine($"Request: {context.Request.Path} - Response: {context.Response.StatusCode} - Elapsed time: {elapsedTime.TotalMilliseconds} ms");
        }
    }
}

This middleware logs the request path, response status code, and elapsed time for each request. It can be added to the pipeline in your `Program.cs file:

app.UseMiddleware<CustomLoggingMiddleware>();

Swagger

Swagger is a popular API documentation tool that generates human-readable and machine-readable specifications for REST APIs. By integrating Swagger with your .NET Minimal API application, you can provide clear and concise documentation for your endpoints, making it easier for developers to understand and interact with your API.

1. Install the Swagger packages:

dotnet add package Swashbuckle.AspNetCore

2. Configure Swagger in your `Program.cs file:

var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();

app.MapTodoEndpoints();

app.UseSwagger();
app.UseSwaggerUI(c =>
{
    c.SwaggerEndpoint("/swagger/v1/swagger.json", "Todo API");
});

app.Run();

3. Generate Swagger documentation:

The `UseSwagger and `UseSwaggerUI middleware will automatically generate Swagger documentation and a user-friendly UI for exploring your API. You can access the Swagger UI by navigating to `/swagger/v1/swagger.json in your browser.

4. Enhance Swagger documentation:

To provide more detailed information about your endpoints, you can use attributes to annotate your endpoints. For example:

todo.MapGet("/list", TodoModules.GetTodoList)
 .WithOpenApi(operation =>
 {
     operation.Summary = "Gets a list of todos.";
     operation.Description = "Retrieves a list of todo items.";
     operation.Tags = new[] { "Todo" };
 });

By integrating Swagger with your .NET Minimal API application, you can improve the developer experience and make your API more accessible and usable.

Exception handlers

The `IExceptionHandler interface in .NET Minimal API provides a way to customize how exceptions are handled within your application. By implementing this interface, you can intercept exceptions, log them, and return appropriate responses to the client.

Creating a Custom Exception Handler:

public class GlobalExceptionHandler : IExceptionHandler
{
    public async ValueTask<bool> TryHandleAsync(HttpContext httpContext, Exception exception, CancellationToken cancellationToken)
    {
        var problemDetail = new
        {
            Status = StatusCodes.Status500InternalServerError,
            Title = "Server Error",
            Type = "<https://datatracker.ietf.org/doc/html/rfc7231#section-6.6.1>"
        };

        httpContext.Response.StatusCode = StatusCodes.Status500InternalServerError;
        await httpContext.Response.WriteAsJsonAsync(problemDetail, cancellationToken);

        return true; // If handle the exception successfully.
    }
}

Registering the Exception Handler:

To use your custom exception handler, register it in your `Program.cs file:

var builder = WebApplication.CreateBuilder(args);

builder.Services
 .AddExceptionHandler<GlobalExceptionHandler>()
 .AddProblemDetails();

var app = builder.Build();
...
app.Run();

By implementing custom exception handlers, you can provide more informative error messages to clients and improve the overall robustness of your .NET Minimal API application.

Authentication and authorization

JWT (JSON Web Token) is a popular standard for securely transmitting information between parties. In .NET Minimal API, you can use JWT for authentication and authorization.

1. Install the required packages:

dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer
dotnet add package Microsoft.AspNetCore.Authorization

2. Configure JWT authentication in your `Program.cs file:

var builder = WebApplication.CreateBuilder(args);

builder.Services
    .AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
    })
    .AddJwtBearer(o =>
    {
        o.TokenValidationParameters = new TokenValidationParameters
        {
            ValidIssuer = builder.Configuration["Jwt:Issuer"],
            ValidAudience = builder.Configuration["Jwt:Audience"],
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"]!)),
            ValidateIssuer = false,
            ValidateAudience = false,
            ValidateLifetime = false,
            ValidateIssuerSigningKey = false
        };
    });

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();

// Registering Endpoints

app.Run();

3. Protect endpoints with authorization:

Now with `RequireAuthorization method you can protect a Route group. or a specific endpoint.

public static class TodoEndpoints
{
    public static void MapTodoEndpoints(this WebApplication app)
    {
      var todos = app.MapGroup("/todo")
       .RequireAuthorization(); // For the all endpoint inside this group
      
        todo.MapGet("/list", TodoModules.GetTodoList)
         .RequireAuthorization() // OR only for one endpoint
         .Produces<TodoDto>(StatusCodes.Status200OK);
    }
}

And also if you protect a group you can simply using `.AllowAnonymous() method to exclude this endpoint from authentication for the Route group.

Validations

FluentValidation is a popular .NET library for defining validation rules in a fluent interface style. It can be easily integrated with .NET Minimal API to enforce data validation on incoming requests.

1. Install FluentValidation:

public class TodoItemValidator : AbstractValidator<TodoItem>
{
    public TodoItemValidator()
    {
        RuleFor(x => x.Title).NotEmpty().MaximumLength(100);
        RuleFor(x => x.Description).MaximumLength(500);
        RuleFor(x => x.IsComplete).NotNull();
    }
}

This validator defines rules for the `TodoItem class, ensuring that the `Title is not empty and has a maximum length of 100 characters, the `Description has a maximum length of 500 characters, and the `IsComplete property is not null.

3. Register the validator in your Program.cs file:

var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();

app.Services.AddValidatorsFromAssembly(typeof(Program).Assembly);

app.MapTodoEndpoints();

app.MapPost("/todo", async (TodoItem todoItem, IValidator<TodoItem> validator) =>
{

    // Process the valid todo item
});

app.Run();

And inside the `TodoModules.cs file you can inject the Validator instance and do the validation process.

public class TodoModules
{
    public static async Task<IResult> AddTodo(TodoItem todoItem, IValidator<TodoItem> validator)
    {
      var validationResult = await validator.ValidateAsync(todoItem);
      if (!validationResult.IsValid)
      {
      return Results.BadRequest(validationResult.Errors);
      }
      // Process the valid todo item
    }
}

FluentValidation automatically injects the appropriate validator based on the type of the input object.

Endpoint Filters

Endpoint filters provide a mechanism to intercept and modify incoming requests or outgoing responses for specific endpoints. They can be used to implement cross-cutting concerns like logging, caching, or authorization.

1. Create a custom endpoint filter:

public class LoggerEndpointFilter(ILoggerFactory loggerFactory) : IEndpointFilter
{
    private readonly ILogger _logger = loggerFactory.CreateLogger<LoggerEndpointFilter>();

    public async ValueTask<object?> InvokeAsync(EndpointFilterInvocationContext context, EndpointFilterDelegate next)
    {
        _logger.LogInformation("Before next");
        var result = await next(context);
        _logger.LogInformation("After next");
        return result;
    }
}

2. Apply the endpoint filter:

public static class TodoEndpoints
{
    public static void MapTodoEndpoints(this WebApplication app)
    {
      var todos = app.MapGroup("/todo");
      
        todo.MapGet("/list", TodoModules.GetTodoList)
         .AddEndpointFilter<LoggerEndpointFilter>();
         .Produces<TodoDto>(StatusCodes.Status200OK);
    }
}

Conclusion: Embracing the Future of .NET API Development

As we’ve explored throughout this article, .NET Minimal APIs represent a significant step forward in streamlining and optimizing how we build HTTP APIs. Their concise syntax, performance benefits, and ease of learning make them a compelling choice for a wide range of projects.

While the transition from traditional controllers may require some adjustment, the advantages of Minimal APIs are undeniable. At our company, we’ve embraced Minimal APIs wholeheartedly, and the results have been nothing short of remarkable. We’ve witnessed improved development speed, enhanced performance, and a renewed sense of excitement among our development team.

The .NET ecosystem continues to evolve, and Minimal APIs are at the forefront of this evolution. By overcoming initial apprehensions and embracing this new paradigm, you can unlock new levels of efficiency and productivity in your API development journey. So don’t hesitate to take the leap — the future of .NET API development awaits!

Partner with Appsfactory for Expert Implementation

If you’re looking to harness the power of Minimal APIs in your projects, Appsfactory is here to help. With our extensive experience in .NET development and a team of seasoned professionals, we can assist you in designing, developing, and implementing Minimal APIs tailored to your needs. Let us guide you through this transformative journey and help you achieve optimal results in your API development efforts.

Authors: Oliver Hahn, Rolf Kluge, Christian German

In the ever-evolving realm of digital technology, Appsfactory consistently strives for innovation, seeking novel avenues to make technology captivating. Since the Apple Vision Pro’s official launch outside the United States, we have delved into this groundbreaking technology by developing a car configurator. This innovative tool provides a detailed, interactive means to customise and visualise vehicles, leveraging advanced 3D modelling and rendering techniques. In this article, we delve into the technical intricacies and capabilities of this configurator.

Introduction

The Vision Pro Car Configurator empowers users to explore and customise a virtual car in three dimensions. Built upon Apple’s RealityKit, it offers a realistic and engaging method to modify car features such as paint colour and rims, and interact with components like doors and interiors. Given the intricate interplay of components, from models and rendering to coding and network integration, we will delve into some of the challenges and methodologies employed to create this platform. RealityKit supports various display modes: windowed, volumetric, and immersive. The car configurator can seamlessly transition from a windowed mode to an immersive space, providing a detailed and interactive view of the car. Our primary focus was on a fully immersive experience.

3D Model Sourcing and Preparation

Model Sourcing

The project utilises models sourced from online asset libraries. These models often required adjustments to align with the configurator’s specific needs. Key modifications included making doors functional, ensuring the interior was fully detailed, and converting materials to be compatible with RealityKit.

Editing and Conversion

Blender, a versatile 3D modelling tool, was used to edit the models. RealityKit utilises Pixar’s Universal Scene Description (USD) format, specifically USDZ files. Blender was instrumental in exporting these models into the USDZ format, ensuring accurate preservation of textures and scale.

Network Loading

Due to the substantial size of USDZ files, models are stored in the Azure Cloud. This approach ensures efficient loading and updates, with a local cache of models to maintain app responsiveness.

Addressing Common Issues

Display Errors

Models that appeared correct in Blender occasionally encountered errors in RealityKit. Common issues included inverted normals and incorrect textures. These were resolved by recalculating normals and adjusting textures to align with RealityKit’s capabilities.

Texture and Shader Management

A significant portion of the model-related work involves shaders. Blender supports complex node-based shaders for materials like car paint, which are often lost during export. To address this, either substitute shaders need to be created within RealityKit, or the original shaders must be simplified for successful export.

Enhancing User Interaction

Colouring and Texturing

Altering the paint colour or interior trim can impact multiple properties of the respective shader. For instance, the reflection may change when selecting a semi-matte car paint, or the fabric pattern in the interior might require a different texture. Additionally, the exterior may utilise textures, such as for clear-coated fibre.

Custom Shaders

RealityKit supports custom shaders, enabling advanced visual effects like Fresnel effects. These shaders are created in Reality Composer Pro and can be dynamically adjusted within the app, providing greater realism and allowing for blending between different visual appearances.

Part Replacement

The configurator supports part replacements, such as swapping rims. This involves removing the current part and adding a new one from an additional USDZ file, ensuring correct positioning through predefined anchors.

Creating Animations

Animations enhance the realism of the configurator. They can be defined in code or played directly from the model. For example, animations for opening and closing doors contribute to a more interactive experience.

Lighting and Shadows

Real-time rendering on the Vision Pro involves trade-offs in image quality. Prior to Vision OS 2, only image-based lighting was available. Additionally, physically correct shadows were not supported. To mitigate these limitations, two approaches were employed:

• HDR Image Lighting: By using an HDR image rendered and exported from Blender, multiple light sources could be simulated within the scene.
• Baked Textures: For stationary objects, baked textures were used to pre-calculate shadows and falloffs from light sources, eliminating the need for real-time calculations.

Sound and Perspective

Sound effects enhance the immersive experience, emanating from the direction of the interactive element. Changing perspectives, such as moving from an external view to the driver’s seat, is achieved through translation and rotation of the entire scene.

Final Thoughts

The Vision Pro Car Configurator by Appsfactory showcases the potential of immersive technology for vehicle customization. Crafted using Apple’s RealityKit, it fully leverages the spatial computing capabilities of the mixed reality headset. By combining advanced 3D modelling, interactive elements, and immersive displays, it offers a detailed and engaging method to explore and customise vehicles.

This exploration into the technical aspects and functionalities provides a glimpse into how digital tools can transform user experiences in the digital industry. Whether it’s for a car configurator, furniture display, or real estate, the possibilities are vast.

Disclaimer:

The 3D models and textures used in this article were sourced from BlenderKit, a free marketplace. These assets are either under a Royalty-Free License or a CC0 License, as specified by their creators. According to BlenderKit’s terms, the assets are for use in projects but cannot be redistributed separately. All assets are used in accordance with BlenderKit’s licensing agreements. Appsfactory does not own any of the assets or associated brands. For further details, please review BlenderKit’s terms and conditions. If any concerns arise, please contact us.

About Appsfactory

Appsfactory Group is a leading digital agency for transformation, design, consulting, and applications. With over 800 completed projects, they serve international clients and partners across various industries. Their 14+ years of full-service expertise covers the entire digital product lifecycle.

LinkedIn: https://www.linkedin.com/company/appsfactory

Instagram: https://www.instagram.com/appsfactory.de

GitHub: https://github.com/appsfactorygmbh

Website: www.appsfactory.de/en

Additional resources

A quick introduction to baked textures:

How to Bake textures in Blender under 3 minutes Beginner Tutorial

In-Depth information about the USD File Format:

Introduction — Usd Survival Guide

Extensive link collection:

GitHub — divalue/Awesome-RealityKit: Awesome projects and resources about RealityKit

In-Depth information about shaders in RealityKit:

https://zoewave.medium.com/explore-materialx-b8979808d512

Collection of RealityKit Shader-based Materials:

GitHub — ynagatomo/SGMExamples: A collection of Shader Graph Materials for visionOS.

Authors: Rolf Kluge, Mohamad Ravaei, Aidin Azimi, Christian German

Understanding Pulumi and Terraform

Pulumi is a modern IaC tool that allows developers to define and manage infrastructure using general-purpose-programming languages like TypeScript, Python, Go, and .NET. Being able to use familiar programming environments enhances our development process, makes it more (cost-)efficient and integrates seamlessly within our existing tech-stack. Pulumi was founded in 2017 and has rapidly gained traction for its innovative approach. Companies like Snowflake, Mercedes-Benz, and Tableau are known to use Pulumi.

Terraform, developed by HashiCorp and first released in 2014, provides a declarative approach to infrastructure management. It specifies the desired end state without listing the steps to achieve it, making it particularly effective in environments requiring detailed, predictable setups. Its extensive ecosystem supports a wide range of infrastructure services. This is invaluable for projects that require integration with various systems or specific, repeatable configurations. Companies such as GitHub, Slack, and Starbucks use Terraform to manage their infrastructure.

Both tools play a crucial in Appsfactorys Tech-Stack, enabling our teams to manage complex infrastructure demands efficiently and reliably. They ensure our solutions are agile and robust, meeting diverse client requirements with precision.

Comparing Pulumi and Terraform

Language

Terraform: Uses HCL2 (YAML)

• Pros: Simple syntax is preferred by some DevOps professionals.
• Cons: Lacks the flexibility of full programming languages, which can limit complex logic implementations.

Pulumi: Supports TypeScript, Go, Python, and C#

• Pros: Allows natural logic constructs like loops and if statements, which are more familiar to developers.
• Cons: Can introduce complexity, especially for those without programming backgrounds.

Pulumi wins from a developer’s perspective, but Terraform’s simplicity can be appealing for pure DevOps teams.

Tooling

Terraform: Limited official support

• Pros: Stable with broad community support.
• Cons: Tooling and validation while typing are major downsides.

Pulumi: Best-in-class tooling for each language, and compatible with VS Code, WebStorm, PyCharm, etc

• Pros: Excellent tooling and validation while typing.
• Cons: This may require additional setup and learning for teams using simpler tools.

Pulumi excels in tooling and validation, but Terraform’s simplicity in tooling can be easier for some teams.

Platform Support

Terraform: Extensive support via modules for almost everything

• Pros: Broad platform support.
• Cons: May have slower adoption of new services compared to Pulumi.

Pulumi: Supports major providers (almost 45) and uses Terraform under the hood for many providers

• Pros: Rapid integration of new providers and technologies.
• Cons: Slightly fewer providers but can extend via Terraform Pulumi bridge with Go knowledge.

Terraform has a slight advantage in platform support, but Pulumi’s flexibility and rapid integration are strong points.

Secret/State Management

Terraform: Secrets are stored in plain text in state files

• Pros: Straightforward management.
• Cons: Security risks with secrets management.

Pulumi: Secures secrets via pluggable secret providers (Azure KeyVault, AWS Vault, etc.)

• Pros: Better security practices.
• Cons: Complexity in setup and potential cost for advanced features.

Pulumi has better security practices, but this comes with added complexity.

Extra Features

Terraform: No significant extra features were noted in the free version

• Pros: Focuses on core infrastructure management.
• Cons: Lacks advanced features without additional tools.

Pulumi: Offers Policy as Code (CrossGuard), live in-line updates, and direct deployment of serverless functions

• Pros: Additional innovative features and faster adoption of new technologies.
• Cons: Additional features can add complexity and require learning new paradigms.

Pulumi provides more extra features and innovation, but this can introduce complexity.

Why we prefer Pulumi at Appsfactory

We found Pulumi to be a more efficient and practical choice for Appsfactory. It supports familiar languages like TypeScript and Python, offering the flexibility to handle more complex tasks, such as loops and conditions, which is essential for managing our infrastructure.

While Pulumi may introduce some complexity compared to Terraform, its stronger tooling, enhanced security, and quicker adoption of new technologies provide the agility we need. Overall, Pulumi offers a more tailored and future-ready solution, making it a better fit for our requirements.

Our Custom PowerShell Module for Pulumi

To boost our efficiency with Pulumi, we developed a custom PowerShell module. This module is specifically tailored to enhance our use of Pulumi by automating repetitive tasks and managing project configurations efficiently.

Key Features of the PowerShell Module

• Automated Environment Setup: Our PowerShell module automates the creation of basic resources needed for Pulumi to operate, such as Azure Resource Groups, Storage Accounts, and Key Vaults. This automation prevents security risks associated with manual setups and centralises resource management.
• Seamless Project Switching: With the Import-AfPulumiEnvironment command, developers can easily switch their working environment to match different projects without manually adjusting environment variables. This feature is vital for maintaining productivity when managing multiple client projects.
• Initial Resource Provisioning: The New-AfPulumiResources command initializes required resources and settings for a new Pulumi project. This includes setting up the necessary permissions and environment variables, ensuring projects start on a solid foundation.

Impression So Far

For developers, Pulumi scales much better: it allows the use of familiar tooling with code completion and the ability to extend typing (e.g., non-mistakable region strings). Pulumi provides strong Kubernetes support making it a forward-looking tool that embraces the future of infrastructure management.

Delivering Value to Our Clients

Pulumi and Terraform allow us to offer quicker deployments and more reliable infrastructures. Our clients benefit from faster time-to-market and reduced issue potential, which are crucial in today’s fast-paced business environment. Moreover, our ability in automating and managing infrastructures through code ensures scalability and adaptability as our clients’ needs evolve.

Conclusion

At Appsfactory GmbH, we are committed to adopting advanced technology solutions. For Infrastructure as Code (IaC) we like the options Pulumi and Terraform provide. Leveraging our expertise we can stay ahead in the competitive landscape of software development. Whether through speeding up deployments or ensuring stable and scalable infrastructure setups, our focus is on delivering the best results for our clients. While both tools described here have their strengths, Pulumi’s developer-friendly approach and innovative features make it our preferred choice for most projects. Terraform offers unique benefits as well, and its implementation is more use-case specific. We are fully aware of the complexities and prepared to manage the unique project-specific challenges that come with choosing either of these platforms.

About Appsfactory

Appsfactory Group is a leading digital agency for transformation, design, consulting, and applications. With over 800 completed projects, they serve international clients and partners across various industries. Their 14+ years of full-service expertise covers the entire digital product lifecycle.

LinkedIn: https://www.linkedin.com/company/appsfactory

Instagram: https://www.instagram.com/appsfactory.de

GitHub: https://github.com/appsfactorygmbh

Website: www.appsfactory.de/en

In today’s digital landscape, protecting your business with robust information security practices is no longer a luxury — it’s a critical necessity when choosing a software agency. Businesses of all sizes entrust these agencies with sensitive data, including intellectual property, prototypes, and confidential client information. Partnering with a software agency that prioritizes information security is essential to safeguard your competitive edge and minimize risk. Remember, information security is a collaborative effort where everyone involved plays a vital role.

Authors: Mathias Strziga, Christian German

Appsfactory understands the importance of information security. That’s why we’ve implemented a robust, triple-certified Information Security Management System (ISMS) meeting ISO 27001, ISO 9001, and TISAX standards. This comprehensive framework allows us to systematically manage and mitigate information risks for you and your users, guaranteeing the confidentiality, integrity, and availability of everything critical to your success.

“In today’s digital world, technology and digitization are at the core of every business. Safeguarding them is synonymous with safeguarding the company’s success and progress. This makes information security not just a boardroom concern, but a crucial element of every innovation and development process within any modern organization.”

Mathias Strziga — Information Security Officer | Director of Quality Assurance

Why Appsfactory Should Be Your Secure Software Development Partner

Appsfactory prioritizes information security, making them a trustworthy choice for your software development needs. We are certified according to ISO 27001, ISO 9001, and TISAX. Let’s take a closer look on what these certifications mean and how they contribute to a robust information security posture:

• ISO 27001: This internationally recognized gold standard ensures Appsfactory has a robust framework to identify, assess, and mitigate information security risks. Your data is protected by globally recognized best practices.
• TISAX: Building on ISO 27001, TISAX adds specific requirements for supply chain security. This certification signifies Appsfactory’s ability to handle highly sensitive information, especially crucial for automotive companies or those with clients in the industry.
• ISO 9001: While not directly focused on security, ISO 9001 guarantees Appsfactory has a well-defined development process, leading to fewer errors and a reduced risk of security vulnerabilities. Quality equals security.

Why Choosing an Information Security-Conscious Partner Matters

Here’s why partnering with a software agency prioritizing information security is essential:

• Protection of Intellectual Property: Your ideas and inventions are what give your business a competitive edge. Appsfactory’s ISMS ensures that your intellectual property is safeguarded throughout the development process. We do this by training all our staff, ensuring the use of safe software and regularly audited suppliers
• Confidentiality of Client Data: Data privacy regulations are becoming increasingly strict. By choosing Appsfactory, you can be confident that your client data is handled according to the highest security standards.
• Mitigating Risk: Data breaches can be costly and reputation-damaging. Appsfactory’s ISMS helps to minimize the risk of such incidents by proactively identifying and addressing vulnerabilities.
• Focus on Your Business, We’ll Handle Security: Appsfactory prioritizes information security, giving you peace of mind to focus on core business activities. Trust us to deliver high-quality software without compromising security.

The Appsfactory Difference: A Commitment to Security

At Appsfactory, our ISMS certifications symbolize more than just accolades; they underscore our unwavering dedication to information security. Our ISMS is not a static document but a dynamic framework, continuously reviewed and enhanced. This ongoing vigilance ensures your data remains secure amid the ever-evolving security landscape.

Choosing a software agency that prioritizes information security is essential. Appsfactory’s ISMS certifications and steadfast commitment to data protection make us a reliable partner for any business serious about data privacy. With Appsfactory, you can trust that your intellectual property, prototypes, and client data are secure.

About Appsfactory

Appsfactory Group is a leading digital agency for transformation, design, consulting, and applications. With over 800 completed projects, they serve international clients and partners across various industries. Their 14+ years of full-service expertise covers the entire digital product lifecycle.

LinkedIn: https://www.linkedin.com/company/appsfactory

Instagram: https://www.instagram.com/appsfactory.de

GitHub: https://github.com/appsfactorygmbh

Website: www.appsfactory.de/en

Authors: Rolf Kluge, Aidin Azimi, Alina Drahozhylova, Frank Wockenfuß

Name? ASEL. Mission? Workload reduction.

In 2021, we started a project to develop a speech-to-text solution that would make the work of authorities much more efficient and thus reduce the workload, while complying with data protection regulations. The solution we came up with is called ASEL (literally: Automatische Spracherkennungs Lösung) and is now used by the Polizeiverwaltungsamt Sachsen (police administration of Saxony)via web portal, with the dictation features also being available in the mobile app. It will probably become the standard for all 16 federal states as well as the Federal Police, the Federal Criminal Police Office, the Customs Criminal Police Office, and the Police at the German Bundestag. ASEL provides transcription and translation of audio, video and text files using a microservices approach including a wide range of AI services. As a result, users do not need to manually transcribe or translate their files. This enables them time to focus on their most important topic: The people behind the cases.

Distributed Services offer high agility for quick updates without disrupting the entire system. Such a ‘plug-and-play’ solution also provides the flexibility of using the ideal service combination for each specific use case.

By combining up to four different AI engines we ensure sufficient capabilities in addressing a wide range of processes. Because each engine has its own service, the models behind them can be easily replaced to continuously ensure the best results. Such versatility empowers users to leverage the existing AI engines for their specific requirements and to take advantage of the latest improvements and trends in the fast-paced development in AI. Different AI models play a critical role in the success of our solution. Features such as keyword extraction and speaker recognition provide strategic advantages by helping to enrich content and associate text with specific speakers. Additionally, the Vocabulary Adaptation feature ensures contextually relevant results by optimizing the text output to include industry-specific language nuances. To help drive the project forward, user feedback is being continuously evaluated and integrated into the system. Incorporating this user feedback, gathered by our UX Research department, has led to an ideal adaptation to the specific needs of the users interacting with our solution on a day-to-day basis.

As ASEL is specifically designed for dictation in the context of initial police action at the scene, video interrogations — data security is a top priority. Advanced data security measures are built into the solution to ensure the confidentiality and integrity of sensitive information throughout the transcription and translation process. The solution can be provided as a SaaS on cloud (in the secure police cloud) and completely on-premise, meaning that no third parties have access to sensitive information and it is 100% data protection compliant.

UI as flexible as your Work

We have already noted that ASEL is designed to adapt to ever-changing situations, and the user interface should not be neglected here. Our solution offers a fusion of an editor and a player for advanced word or text processing and is packed with a large number of features, such as formatting, commenting, export etc. Text is also enriched with valuable information from the transcription services to help with analyzing and proofreading the output. From seamless editing tools to robust transcription and translation capabilities, the UI offers a user-friendly experience that allows people to interact with text effortlessly and efficiently.

How We Made It Happen

As mentioned above, this project is still ongoing and set up to be a long term success story. The numerous technologies and solutions are already impressive and show versatility and strength, but it gets even more impressive when you look at the details. For example, one of our complex solutions boasts 145 projects, compared to the average of about 50 projects.. We used a mix of technologies, including distributed services, actor systems, live streaming, transcription and async communication using a queueing system. Additionally, we have implemented comprehensive monitoring using ELK (Elasticsearch, Logstash, Kibana) and Matomo to provide real-time dashboards with insights into system performance and user behavior. With this diverse toolkit, we exceed our customer’s expectations by delivering unparalleled value. All of this is made possible by a dedicated team of approximately 20 #Appsfactorians ranging from development, design, project management to quality assurance.

About Appsfactory

Appsfactory Group is a leading digital agency for transformation, design, consulting, and applications. With over 800 completed projects, they serve international clients and partners across various industries. Their 14+ years of full-service expertise covers the entire digital product lifecycle.

LinkedIn: https://www.linkedin.com/company/appsfactory

Instagram: https://www.instagram.com/appsfactory.de

GitHub: https://github.com/appsfactorygmbh

Website: www.appsfactory.de/en

Authors: Dr. Rolf Kluge, Christian Amrell (CA), Jakob Ulbrich

The development of Kotlin Multiplatform (KMP) began in 2017. With the release of the stable version in November 2023, the starting signal was given for us to roll out KMP in our projects. Since then KMP has gained a lot of traction and Android and iOS developers are of course excited to steadily adopt it.

Now that the Android and iOS departments are moving closer together, we at Appsfactory have worked on reshaping our ticket workflows and processes to work hand in hand, strengthening our skills in Kotlin and Swift, increasing our knowledge of Kotlin Multiplatform and pushing it to its limits.

KMP Explained: Sharing Logic, Maintaining Native Performance

Kotlin Multiplatform might seem like a true cross-platform solution, but it actually works a little differently. Instead of writing one codebase for all platforms, KMP allows developers to choose which parts of the code can be shared and which need to stay platform-specific.

Since the ability to implement UI with Compose Multiplatform for both platforms is still in an early development stage and recently just left the Alpha state, we decided to go with the “Share logic and keep the UI native”-approach.

While the UI remains native, for Android with Jetpack Compose and for iOS with SwiftUI, KMP excels at sharing the application logic written in Kotlin. This logic resides in a shared Gradle module, essentially a folder containing reusable code.

This shared code is further organized into source sets. Each source set focuses on a specific target platform (e.g., Android or iOS) and compilation type (main or test). This allows developers to include platform-specific functionalities within the shared code when needed, using APIs or dependencies available only on that platform.

KMP leverages Kotlin’s ability to be translated into native code for each platform. This means there’s no additional runtime needed, keeping things efficient. Because a direct Swift export is not yet available, currently the code for iOS is still translated into Objective-C which has some limitations compared to Kotlin & Swift.

Talking of Limitations — What to look out for?

While Kotlin Multiplatform (KMP) offers many advantages, there are some limitations to consider when sharing code across platforms, mostly due to Objective-C limitations:

1. Generic Types: Objective-C protocols don’t support Kotlin’s generic types, leading to loss of type information.
2. Generic Types and Nullability: Nullability is not defined in Objective-C generics, making functions and properties nullable in Swift.
3. Kotlin Value Classes: Value classes lose their type safety magic in Objective-C/Swift. They unbox to primitives and lose specific type details.
4. Kotlin Sealed Types: Sealed types become regular class/interface hierarchies in Objective-C/Swift, losing their “sealed” nature.

These limitations can be addressed through workarounds like using classes instead of interfaces for generics and explicitly handling nullability in code. Additionally, libraries like SKIE (which provides Swift support for sealed types) and NativeCoroutines (which extends coroutines to native platforms) can help mitigate some of these issues.

Additionally, Swift export is planned for the Kotlin Roadmap this year, which will hopefully make most limitations obsolete.

The Power of KMP

KMP (Kotlin Multiplatform Mobile) offers a compelling solution for building high-performance, cross-platform mobile applications. Here’s why it is our top choice:

1. Superior Quality

• Native Performance: No compromises in UI performance, because we can fully rely on the native frameworks Jetpack Compose and SwiftUI. Logic resides in shared KMP code, which is translated to native code.
• Reduced Errors: Shared code means fewer bugs — you write the logic once and benefit from a single codebase.
• Seamless Development: Leverage the familiar and robust developer tools you already know, including Android Studio and Xcode.

2. Enhanced Efficiency

• Streamlined Development: Develop and maintain your app more efficiently, leading to significant cost savings.
• Native Power: Access native platform APIs for optimal performance and functionality.
• Leverage Expertise: Apply your existing development knowledge to different platforms.

3. Future-Proof Your App

• Evolving Technology: KMP is actively supported by JetBrains and benefits from continuous development. Google’s involvement ensures ongoing innovation and a bright future and announced at I/O this year that they are officially supporting KMP for Android to share business logic.
• Modern Approach: Embrace a modern development paradigm that streamlines mobile app creation.
• Platform Flexibility: Develop for Android with a near-native experience, while maintaining the option to seamlessly switch to fully native iOS development if needed.

Kotlin Multiplatform — The Future of Mobile App Development at Appsfactory?

We at Appsfactory are actively embracing KMP and integrating it into our projects. The benefits are undeniable: reduced development time, improved code quality, and a more streamlined workflow for our developers. While some limitations exist, particularly when dealing with generics and Kotlin-specific features, the workarounds are manageable.

KMP has high potential to be a game-changer in mobile app development. By enabling us to share core application logic while maintaining native UI experiences on Android and iOS, KMP offers the best of both worlds: efficiency, performance, and a future-proof approach.

And there is even more to come, KMP’s active development ensures a bright future. A direct Swift export, instead of Objective C, is already on the roadmap for 2024. Which would reduce most of the current limitations regarding types, generics, etc. And then there is Compose Multiplatform, which is already in Beta and will enable developers to go even further and implement UI for both platforms in KMP.

Looking ahead, we are confident that KMP will play a pivotal role in our ability to deliver high-quality, cross-platform mobile apps for our clients.

About Appsfactory

Appsfactory Group is a leading digital agency for transformation, design, consulting, and applications. With over 800 completed projects, they serve international clients and partners across various industries. Their 14+ years of full-service expertise covers the entire digital product lifecycle.

LinkedIn: https://www.linkedin.com/company/appsfactory

Instagram: https://www.instagram.com/appsfactory.de

GitHub: https://github.com/appsfactorygmbh

Website: www.appsfactory.de/en

Authors: Michael Abey, Doğa Barış Çakmak, Mario Streubel

Taming the CAP Theorem

Azure Cosmos DB supports all operational data models and is globally distributed, making it the perfect database for any application that processes, reads, and writes large amounts of data. Despite the global distribution it offers, it is possible to keep the latency to a minimum thanks to the consistency levels. One of its advantages is the customizable consistency that perfectly matches the purpose of the application. The consistency options offered by Azure Cosmos DB are tackling the Brewer’s Theorem, also known as the CAP Theorem. C stands for consistency, A for availability, and P for partition tolerance. The theorem states that in the event of a total network failure, either consistency or availability can be provided. These two attributes are interdependent; a strong consistency is connected to a lower availability and vice versa. Meanwhile Azure Cosmos DB enables choosing intermediate levels between those extremes.

With that in mind, let us take a look at the five options Azure Cosmos DB offers, as well as their pros, cons, and use cases.

Developers, choose wisely!

As the name suggests, Strong Consistency provides high consistency, resulting in low availability and latency. It offers guaranteed reads to the most recently committed version of the item. The client will not receive an uncommitted write or a partial write from a replica. Strong consistency is suitable for applications that cannot tolerate data loss due to downtime, such as financial applications, inventory or scheduling applications.

Using Bounded Staleness Consistency means that data is replicated from the primary region to all secondary regions. The latencies caused by this update method have defined maximum values, one value is set in seconds and the other in operations. So basically the data will be synchronized after X number of seconds or X number of operations, whichever comes first. The Bounded Staleness Consistency model is suitable for globally distributed applications that require low write latencies with a total global order guarantee, such as stock tickers, group collaboration, publish-subscribe, or queuing.

Session Consistency provides a consistent view of data within a single session. The guarantee is that as long as you are in the same session, the data you read is the data you wrote. Note that this guarantee assumes a single “writer” session or the sharing of the session token for multiple writers. This type of consistency is best used for social media, e-commerce applications, virtual shopping carts or fitness applications.

If you look at Consistent Prefix Consistency, you will see that this level guarantees that reads will never see out-of-order writes. This results in data that is not always current, but high availability. It is suitable for models that can afford the delay, but need high availability with low latency. Examples for the usage of this consistency include comments, likes or applications with updates like scores (and rankings).

Finally, Eventual Consistency does not guarantee the order of the data. It also does not guarantee how long the data can take to replicate. As its name suggests, it provides eventual consistent reads. In short, it provides high availability with low latency and high throughput. This consistency is useful for counting retweets, likes, or unthreaded comments.

Stay Tuned!

You have gotten a good overview of the pros and cons of the Azure Cosmos DB, but there is still one more topic to cover: Practical Design Patterns. They play a critical role in building robust applications and effectively modeling data. They provide structured solutions to common challenges and offer numerous benefits that contribute to the success of your projects. But that is a topic for another time, so stay tuned for the next article on Azure Cosmos DB.

About Appsfactory

Appsfactory Group is a leading digital agency for transformation, design, consulting, and applications. With over 800 completed projects, they serve international clients and partners across various industries. Their 14+ years of full-service expertise covers the entire digital product lifecycle.

LinkedIn: https://www.linkedin.com/company/appsfactory

Instagram: https://www.instagram.com/appsfactory.de

GitHub: https://github.com/appsfactorygmbh

Website: www.appsfactory.de/en

Authors: Dr. Rolf Kluge, Michael Abey, Dana Amiri, Mike Borodin, André Karge, Henry Kursawe, Vijaykumar Patel, Raimar Tasche, Oliver Weiß

Recap of last year’s Tech Strategy

Last year, Appsfactory’s Tech Strategy concentrated on alignment, focus and direction and enabling autonomy and distributed decision-making. This approach led to several successful initiatives, including adopting Jetpack Compose and SwiftUI for all projects, enhancing app security through workshops, selecting Flutter as another primary development platform, embracing a multi-cloud strategy with leading providers, and even integrating cutting-edge generative AI for text-to-speech and speech recognition functionality.

How to leverage our achievements to create a positive impact in 2024

Appsfactory’s Tech Strategy 2024 builds on last year’s successes and strives for continuous improvement. It prioritizes three key areas: Efficiency, Flexibility, and Internationalization.

Let’s have a look at the significance of the individual components this year:

Efficiency: This combined effort will allow us to develop applications faster.

• Cross-Platform Domination: We’ll extend our capabilities in cross-platform development, allowing us to create apps for multiple platforms using a single codebase. This is even more time efficient.
• KMP Integration: We’ll leverage Kotlin Multiplatform Mobile (KMP) to enhance native development. KMP allows sharing code between Android, iOS, and even web platforms, further boosting efficiency.
• AI Coding Assistant: We’ll explore and implement AI-powered coding assistance tools. This can automate repetitive tasks and suggest code improvements, streamlining development processes.
• Narrow the gap between design and coding: Bridging the gap between design and development, we’ll integrate Figma’s Dev Mode, allowing developers to interact directly with design elements, reducing rework and ensuring seamless collaboration.

Flexibility: We will be able to fulfill clients and users needs in an even more sophisticated way.

• Cross-Device Expansion: Building on our existing cross-platform expertise, we’ll further extend our portfolio to encompass a wider range of devices, such as spatial reality devices, SmartTV, and Watches, and meet the different needs of users.
• AI Mastery: We’ll focus on mastering large language models and AI services. This includes exploring how to run AI functionalities directly on mobile devices and training our engineers to adapt and implement new AI models quickly.
• Expanding Consulting Services: We’ll broaden our service offerings to include consulting in areas such as cloud-native development and IT auditing. This allows us to provide our clients with a more comprehensive range of solutions.

Internationalization: Not only in relation to our 40 nationalities teams, but also to new locations and global customers.

• Global Team, Global Reach: Leveraging our existing international team, we’ll further solidify our position as a global player.
• US and Moldova Expansion: Opening new offices in the US and Moldova gives us the opportunity to better serve international clients and enhance our ability to operate in different time zones.

Check out the video where Rolf gives an introduction about the Tech Strategy 2024.

How will these components be integrated into the respective platform teams?

Let’s explore the specific initiatives each tech department will undertake in 2024:

AI Tech Strategy 2024

The AI department focuses on pre-trained large language models. They will also improve code quality through static code analysis tools and a refined testing strategy. Additionally, the team will create a platform, Excite.AI, to showcase their AI demos and manage access costs.

Large Language Model Zoo: The AI team will create a comprehensive collection of pre-trained large language models, including property models like ChatGPT4 and various models available on Hugging Face.This approach ensures faster delivery and a more customized solution for each client. The team will actively research open-source models, identifying opportunities to incorporate them into client solutions and maximizing value.

Code Standard Improvement: To ensure code quality and maintainability, the AI team will adopt static code analysis tools like SonarCloud. Additionally, they will refine their testing strategy with PyTests and integrate it into build pipelines for all current and future projects.

Exait.AI Web Presence: Exait.AI will be established to exhibit all AI demos for easy client access. To manage costs associated with large language models, the platform will implement authentication and potentially quota systems.

Have a look at the video where André gives insights about last year’s achievements and this year’s goals.

Android Tech Strategy 2024

The Android development team plans to improve efficiency by sharing code between mobile platforms and showcasing their expertise in car infotainment systems. They will also evaluate an AI coding assistant to improve development speed and quality.

KMP in action: Leveraging Kotlin Multiplatform Mobile (KMP), the team aims to streamline development by sharing code between Android and iOS for core functionalities while maintaining native UIs. This initiative will include further refining KMP guidelines and pushing boundaries for integration with existing projects.

Android Automotive Expertise: To enhance awareness and knowledge sharing, the Android team will showcase their capabilities in adapting infotainment systems for various automotive platforms. Exploring the challenges and limitations of these systems will contribute to pushing the boundaries of mobile-car integration.

AI Coding Assistant Integration: The team will evaluate an AI coding assistant that supports during and after development. This tool could suggest code for common use cases, assist with unit testing, and offer feedback on code quality and documentation. A crucial focus will be ensuring data privacy compliance and overall usability within the development workflow.

Check out this video featuring Henry. He shares highlights from the past year and the team’s goals for the future.

iOS Tech Strategy 2024

Similar to the Android team, the iOS department focuses on Kotlin Multiplatform and integrating a native AI coding assistant. They’re also looking forward to exploring the possibilities of the new VR/AR device Vision Pro and integrating it with existing apps.

KMP Collaboration: The iOS team will work closely with their Android colleagues on KMP implementation. This includes workshops to familiarize iOS developers with Kotlin and foster a deeper understanding of both Android and iOS development.

Vision Pro Innovation: Capitalizing on the potential of Vision Pro, a device combining VR and AR, the team will explore new use cases and integrate it with existing applications for an enhanced user experience.

AI Coding Assistant Expansion: The team will investigate integrating a native AI coding assistant potentially scheduled for release this year.

In this video, Raimar discusses the team’s accomplishments from 2023 and their objectives for 2024.

Flutter Tech Strategy 2024

Our growing Flutter team will be expanding their expertise in integrating hardware features and exploring cutting-edge login methods to deliver the most valuable user experiences.

Team and Expertise Growth: To accommodate increasing demand, the Flutter team will focus on scaling their team size and best practices.

Bluetooth with Flutter: The department enhances their expertise in integrating various hardware functionalities like Bluetooth and platform-specific features, leading to more value-driven user experiences.

Alternative Login Methods: Researching emerging technologies like passwordless login will keep Appsfactory at the forefront of app development trends.

Get the inside scoop on the Flutter team! Mike shares a video recap of their accomplishments and future aspirations.

Fullstack .NET Tech Strategy 2024

Our .NET department is streamlining infrastructure management with reusable Pulumi components and pre-configured scripts for developers. They will also be implementing standardized monitoring practices across our projects. Additionally, containerized deployments will be the norm for their .NET applications to ensure efficiency and cost savings.

AF Pulumi Modules: The department creates reusable infrastructure components using Pulumi, their open-source infrastructure management tool. This simplifies infrastructure management and promotes code sharing across teams. Additionally, pre-configured scripts will streamline project switching for developers.

Unified Monitoring: Recognizing the importance of monitoring in complex systems, the team will establish standardized monitoring practices for different project types. This will provide developers with a clear roadmap for implementing logging, auditing, tracing, and metrics across various platforms and languages.

Containerized and distributed solutions: The .NET department favors containerized deployments due to their efficiency and cost-effectiveness. This will become the standard approach unless a specific situation requires a different solution.

Want to learn more about the .NET team? Watch this video where VJ discusses their past achievements and upcoming plans for 2024.

Fullstack Java Tech Strategy 2024

The Java team plans to focus on cloud-optimized solutions for Java applications. Additionally, they’ll be expanding their expertise to include Kotlin.

Cloud-Optimized Development: The team will focus on implementing cloud-native solutions and best practices. This includes reducing application size and startup times, leading to faster deployment and quicker time-to-market for Java applications.

Expanding with Kotlin: In addition to Java, the department will introduce support for Kotlin, a modern programming language gaining popularity. This provides clients with greater flexibility in choosing the language that best suits their needs.

What’s next for Java? Find out in this video featuring Dana who shares a glimpse into their past successes and future plans.

Fullstack Javascript Tech Strategy 2024

The JavaScript department is embracing the future by exploring VR/AR for web experiences and using AI to enhance development and user experience. They’re also adapting to new regulations by focusing on accessibility.

Rise of Spatial Computing: Apple’s Vision Pro headset reignites interest in VR/AR. Appsfactory sees this as a potential game-changer and wants to explore its possibilities for web experiences.

AI Integration for Enhanced Web Experiences: We believe in reducing user friction and see AI as a way to improve user experience, content management, and development itself. We’ll explore AI in areas like personalization, search accuracy, accessibility features, and even content creation.

Adapting to New Regulations: New EU regulations present exciting challenges for web developers. The ability to use alternative browser engines on iOS fosters competition and requires adjusting compatibility testing approaches. Additionally, with the European Accessibility Act approaching, we prioritize web accessibility through measures like utilizing screen readers and automated user-centric testing.

In this video, Oliver dives into the team’s successes from last year and their exciting goals for the future.

What’s the goal and what’s next?

By pursuing these departmental initiatives, we at Appsfactory want to strengthen our position in efficiency, flexibility, and internationalization within the tech industry. This comprehensive strategy ensures us to a broader range of client needs, to attract new talent, and to stay ahead of the curve in a dynamic technological landscape. In regular meetings with our Tech Leads, CTO and Director of Engineering, the individual platform topics are addressed and continuously processed to ensure a successful implementation.

About Appsfactory

Appsfactory Group is a leading digital agency for transformation, design, consulting, and applications. With over 800 completed projects, they serve international clients and partners across various industries. Their 14+ years of full-service expertise covers the entire digital product lifecycle.

LinkedIn: https://www.linkedin.com/company/appsfactory

Instagram: https://www.instagram.com/appsfactory.de

GitHub: https://github.com/appsfactorygmbh

Website: www.appsfactory.de/en

Authors: Dr. Rolf Kluge, Christian Amrell, Jakob Ulbrich

The onion approach and things to consider

While securing your app, think of it as an onion. It should have layers to make access to unauthorized third parties as hard as possible and thus protect the intellectual property of the company or developer. At least as important as that is protecting the user’s data, which could be especially sensitive if we are talking about banking apps or apps containing medical information. However, there will never be a 100% guarantee that the application is secure, as your solutions and methods could be bypassed by more advanced attackers. Also worth mentioning is the fact that most applications are backend-driven, so do not forget to properly secure the backend and API to avoid exposing sensitive and critical information related to it. This article encompasses protecting the app backend, obfuscating your source code and securing app user data.

These protective layers have your back(end)

Two-factor authentication (2FA for short) is widely known and used. It adds another layer of protection to logins and works by sending a PIN code or password from the backend to the user. The user receives the password or PIN code via email or SMS, an external device, or an authenticator application such as Google Authenticator. The user must then enter the PIN code or password, usually within a certain time frame, and send it back to the backend to verify the login and grant access to the account.

Another authentication method is Passkeys. This is a relatively new technology, but according to Apple it is the “next generation of account security”. They provide strong credentials and are considered safe from server leaks and phishing. Passkeys offer one-step account creation and password-free login using biometrics, such as Apple’s Face ID. There is no need to create or manage passwords. Passkeys are later shared between devices, for example via iCloud Keychain, and can also be shared with trusted contacts.

Regarding securing the traffic between the App and the Backend SSL pinning is worth mentioning. This method actively prevents third-party man-in-the-middle attacks. This ensures that the user is communicating through the app with the intended server by being pinned to a specific type of certificate. If there is a mismatch, the communication and therefore the connection will be interrupted. Since certificates expire at some point, maintenance must be planned and scheduled properly. Unplanned certificate changes in the backend will break the client.

If you want to learn more about maintenance and support and which services we at Appsfactory offer, check out our article here.

Furthermore, let us talk about “App Attestation”, an Apple framework which ensures that requests your server receives, come from legitimate instances of your app. The application creates a public and private key and provides an attestation object to the backend. This mechanism can be used to verify the identity of the client, whether it is a device or an app, and as a result detect modified or retired apps. However, app attestation is not suitable for all types of requests because it can slow down network calls. Also, the backend needs to adapt to the verification handling. The Google equivalent of App Attestation is called “Google Play Integrity API” and is working in a similar manner.

Finally, we want to acknowledge the blocking mechanisms because they add a layer of protection to prevent attacks on the backend. After multiple failed login attempts the user gets blocked from logging in for a specific period or has to unlock their account by email or SMS.

Fortress code: defend your work

Now that we have established ways to secure the backend, let us take a look at how to secure your code.

Jailbroken or rooted devices pose a security threat because they can bypass system restrictions. One way to mitigate the risk would be to automatically disable features in the app when a modified device is detected. You can also force the application to close and notify the user of the security implications and resulting functionality issues. Keep in mind that this may be annoying to the user, and that a modified device that receives regular updates may be more secure than a device that no longer receives security patches.

One of the most important and simplest steps is to handle secrets and keys properly to avoid exposing sensitive data and unauthorized use of keys. Keep sensitive data out of the repository as much as possible by storing and sharing keys only between developers, e.g. in .env files, or injecting keys as environment variables into CI/CD pipelines. Adding key obfuscation to the compiled binary is also helpful.

This brings us to the next point: code obfuscation. This solution is used to protect the code itself by using specific algorithms to transform the code in a way that preserves its functionality while obscuring its logic and structure, thus preventing reverse engineering and unauthorized modification. While Swift already creates compiled binaries, Apple currently lacks an official solution for additional code obfuscation. For Android, obfuscation can be integrated into the build toolchain but still requires configuration and setup.

Sensitive data needs some extra care

Finally, we want to talk about sensitive data, such as your bank account or medical information. When you use an app and switch between different apps, the system takes a snapshot of it and displays it in the app switcher. Obviously you want to avoid this with sensitive data. When working on iOS versions, clean up or replace your visible UI when the app goes into the background using delegate methods. And when working on Android versions, you can do the same, but you can also mark content as “secure”, which might mean that screenshots are prohibited. Screenshots and screen recordings can also be a threat, especially if they are taken accidentally or as part of an attack. The file could be accessible to other applications or shared with third parties. Usually, the recording of paid content is also prevented, e.g. streaming services do not want their content to be pirated. When an iOS user takes a screenshot, the system notifies the user. This feature can be stored in code and is available through common libraries for Swift. Screen capture detection can also be done in code, and while capturing, the visible UI is hidden. As mentioned above, Android offers the option to mark the content as “secure”, which prevents screen capturing altogether. Please note that on lower versions of Android there are no reliable mechanisms to detect screen captures.

In conclusion, there is no such thing as ultimate security, but the solutions and methods mentioned above give you a good idea of how developers try to secure your data as much as possible. As a user, make sure to keep your operating system and apps always up to data to benefit from this continuous effort. Further, especially in the ever-changing world of technology, it is crucial to stay informed — regardless of whether you are a developer or a user.

About Appsfactory

Appsfactory Group is a leading digital agency for transformation, design, consulting, and applications. With over 800 completed projects, they serve international clients and partners across various industries. Their 14+ years of full-service expertise covers the entire digital product lifecycle.

LinkedIn: https://www.linkedin.com/company/appsfactory

Instagram: https://www.instagram.com/appsfactory.de

GitHub: https://github.com/appsfactorygmbh

Website: www.appsfactory.de/en

Ignoring the importance of app store management will prevent your app from outshining the competition and cost you users. So get ready to step into the spotlight with these game-changing strategies curated by Appsfactory.

Authors: Dr. Alexander Trommen, Caine Eschberger

The What, The Why and The How

Where is the first place to go for apps? — Right: the app store of your choice. To attract new users and boost downloads, your app store presence must be top-notch. If you look at the marketing strategy for apps, you will see that it is made up of several components: digital marketing, social media marketing, event marketing, etc. While some may not be appropriate for your cause, such as guerrilla marketing, others are necessary to catapult your app to the top. One of the most important aspects of this mix is Mobile App Marketing, which is generally divided into App Store Optimization (ASO) and paid marketing.

No-one can beat ASO

Advertisements are ubiquitous, even in app stores. While investing in promoting your app within these platforms may seem advantageous initially, it incurs ongoing expenses and lacks the authenticity of organic growth. In contrast, App Store Optimization emphasizes presenting your app effectively through design, keywords, descriptions, and reviews, fostering organic visibility. Although paid marketing can yield short-term benefits, neglecting ASO may lead to a decline in user engagement over time. ASO is the cornerstone of sustainable app success.

First impressions matter

ASO is in general an interplay of these four main pillars: keyword research, text optimization, screenshot optimization and review management.

Keyword research

First, you need to categorize your app and think of appropriate keywords; for example, if you publish a cooking app, keywords like “cooking,” “recipes,” and “vegetables” are popular. It is also helpful to check the keywords used by your competitors. Another effective method for discovering new keywords is to enter a relevant industry term into the search field within the app store and take note of the suggested search queries that appear as auto-completions or search suggestions. Then use analytics tools that rank your keywords based on difficulty and search volume. To establish a valid comparison it is typical to identify at least 100–200 keywords. At the same time, think about the strategy you want to implement. A good strategy would be to use 70% of high volume, high difficulty keywords and 30% of moderate search volume, low difficulty keywords. Find your niche keywords, but do not stray too far from common ones.

Text Optimization

The steps for text optimization vary depending on the app store. Let us focus on the two largest — Apple App Store and Google Play Store.

Apple allows you to set a title of up to 30 characters and keywords of up to 100 characters. It is important to understand that the title can be different from the one that will be visible once the user has downloaded the app, which means that you can already embed keywords to help your ranking in search results. Your main focus will be on the keywords: by separating them with commas, you save space and can include more keywords.

In addition, it’s important to prioritize the use of keywords with high difficulty and search volume in the title. These keywords carry more weight in the search algorithms and can significantly improve your app’s visibility in the Apple App Store.

Like Apple, Google lets you set a title of up to 30 characters, which can be filled with keywords that are not visible once the app is downloaded. But Google puts the emphasis on the description. You have the option to display a short description with a maximum of 80 characters and the option to present your app in the best possible way with a long description with up to 3385 characters. Use your keywords within the description and aesthetically please the eyes of the users with emoticons.

Screenshot Optimization

Now you have your keywords and texts ready to go, but we are still missing one of the key pieces to success: Screenshot Optimization.

Optimizing your screenshots, images and videos used in the app store is crucial, especially for the Apple App Store, because they are already visible in the search results and not only on the app’s own page. Research has shown that optimizing your screenshots will increase your downloads by 98% (source: appmasters, 2023), so treat this space like an advertising space. These screenshots should showcase the most important features of the app, but more importantly, grab the attention of potential users. Also, this is the perfect space to include slogans and relevant branding assets without keywords. Furthermore, short videos can also be utilized for optimization purposes. While they may require more effort in production, incorporating moving images can significantly enhance visibility and engagement, thereby complementing the overall optimization strategy.

Review Management

Last but not least, we need to have a look at reviews. They are a crucial part of growing your user base organically and will make or break your app. The majority of people rely on reviews when deciding for or against something, but only a small percentage actually leave reviews. Embedding prompts while using the app will increase that percentage, and if you reward the user afterwards, it will increase it even more. Get a coupon or feature that is usually behind a paywall for writing a review? Consider it done! If you have people reviewing your app, you will inevitably get bad reviews. This is where in-app-prompts come in handy. Instead of immediately sending the user to the app store, divide the responses into two categories. The easiest way to do this is to create a page with thumbs up and thumbs down emoticons. If the user clicks or taps the thumbs up emoji, they will be redirected to the app store to leave their (possibly good) review. If they click or tap the thumbs down, however, they are prompted to send their feedback directly to a managed email address or form so that the issue can be addressed at its source. This way, users are heard and are more likely to leave a good review. Encouraging users to leave reviews is just one side of the coin, the other is managing their reviews in the app store. As mentioned above, their voices are heard and it is easier for the development team to respond by implementing new features or fixing bugs. It also shows potential users that feedback is valued and cared about.

And in the realm of app optimization, there’s no guarantee for a top spot, but the organic approach and the outlined steps bring you closer to your goal: outshining your competitors. Generating downloads organically is cost-effective and efficient, especially since 70% of Apple App Store users utilize search to find apps (source: Apple, 2024). However, the optimal strategy is a blend of paid marketing and App Store Optimization (ASO) to achieve long-term success in app downloads.

About Appsfactory

Appsfactory Group is a leading digital agency for transformation, design, consulting, and applications. With over 800 completed projects, they serve international clients and partners across various industries. Their 14+ years of full-service expertise covers the entire digital product lifecycle.

LinkedIn: https://www.linkedin.com/company/appsfactory

Instagram: https://www.instagram.com/appsfactory.de

GitHub: https://github.com/appsfactorygmbh

Website: www.appsfactory.de/en