Mobile apps are a rapidly growing industry, indicated by the fact that they now have higher annual profits than
the entire US Box Office and is expected to overtake the Global box office revenue soon. The demand for
enterprise apps is growing with Gartner predicting that by 2017 demand for enterprise apps will outstrip supply
by a factor of five.
The demand is reinforced by economic drivers which reportedly found that 43% of enterprise app developers
earn $10,000 per month, compared to just 19% of consumer app developers.
“Employees in today’s digital workplace use an average of three different devices in their daily routine, which
will increase to five or six devices as technologies such as wearable devices and the Internet of Things eventually
becomes mainstream”. This increase in demand for enterprise software to be available on mobile and tablet
platforms coincides with the emerging Bring Your Own Device policy movement being adopted by industries.
As mobile usage grows and enterprise apps become the norm, the greater the expectation for mobile access to
enterprise software. This means each enterprise web app that is considered will have to be capable of being
accessed by any device as well as adapting the user interface for ease of use. This major shift has increased the
dominance of hybrid mobile apps over native apps and the July 2016 proposed ATO staff app is a web app49.
made into a downloadable app. These hybrid apps have resulted in more cost efficient solutions, improvements
in mobile hardware to have better web rendering engines and still provides access to users accessing the app via
traditional desktop computers.
Over the next 5 years the ATO should monitor the enterprise application market for improvement opportunities
in areas like Business Intelligence (BI) and Client Relationship Management (CRM).
Rapid changes in the digital space have led to the development of more efficient, easier to use coding tools. The
main two avenues in which the developer tools have been improving is the ability to develop cross-platform
solutions and increasing the efficiency of tools where less work effort is required to produce the same results.
Developers have realised that for them to keep up with demands it is no longer profitable enough to create basic
apps for a single platform only, therefore developers are catering to consumers who are looking for developers
to follow agile development standards with quick turnaround times and to cater to all popular mobile platforms.
The downside to cross-form apps is that they are not capable of taking advantage of specific differences in the
operating platforms, thus creating a less rich app experience. Native Mobile apps can utilise all aspects of that
platforms capabilities like specific hardware and software.
Rapid Mobile App Development (RMAD) tools have greatly increased efficiency in app developing as it utilises
either low-code or code-free programming tools to speed the process of creating apps for mobile platforms.
These RMAD tools can have a variety of functions, including drag-and-drop codeless tools, code generation and
orchestration tools, model-driven development tools, virtualisation tools and form construction tools.
RMAD tools are used for the creation of native mobile apps, however newer technologies are beginning to break
through now that may tear down the barrier developers face with providing either a rich native app solution or a
less complex cross platform solution. React Native is a new (first release on 26th of March 2015) tool developed
by Facebook where a developer could make a native app for multiple platforms (currently iOS and Android only)
that “…it completely reinforces the fact that REACT.js is the right way to build apps. I can write a native app using
the same techniques as I would write Web apps”
The ATO might consider whether investing in some advanced RMAD developer tools would be beneficial in its
software development mix. The ATO should consider leveraging procurement of software particularly in areas of
complexity and cross-platform compatibility.
“The shortage of skilled mobile developers to meet the ever increasing apps demands has led to ‘citizen
developer’ initiatives”. The demand for enterprise mobile app development has continued to rise and
organisations are adopting the paradigm shift to allowing less skilled staff to fill the widening demand gap. The
take up of mobile Rapid App Development tools has enabled ordinary business users to create their own
solutions by embracing low code platforms for citizen development.
Research director at Gartner expects citizen development efforts to expand significantly over the next 5 years. A
key reason for this is the accelerating enterprise use of cloud-based software platforms that allow citizen
developers to access corporate data more easily than data stored on servers in corporate data centres controlled
by the ICT department.
Generally apps that make people’s jobs easier by automating a process are the most suitable for citizen
development. Technology empowers staff to no longer need coding skills and when it is accessible then it has
been theorised that the people closest to the work are the best people to design the solution to a problem. A
potential danger of promoting citizen development is assuming the platform used to create the app has taken
into consideration all regulatory or compliance issues.
Another setback can be the formation of a ‘Shadow ICT’ environment where the ICT department is no longer in
the loop and notified when new solutions are integrated into the work environment. Some citizen developers
can become too eager to streamline their business processes and completely ignore or omit including their ICT
department54. ICT departments are encouraged to educate the wider enterprise on the benefits and risks to try
to curb citizen development behaviour away from shadow IT.
The ATO could leverage staff knowledge of business processes and in a coordinated way provide staff with an
RMAD tool capable of creating solutions. A coordinated approach is likely to reduce the potential formation of a
‘Shadow ICT’ environment.
A larger focus on mobile app security is expected in 2016 and beyond, coinciding with increased demand for
enterprise apps. Gartner predicted that more than 75% of mobile apps failed basic security tests in 2015.
Enterprises that have adopted the BYOD policy are generally more vulnerable to security breaches unless
thorough mobile security testing is undertaken.
Common combatants to this security shortfall include the use of Static Application Security Testing (SAST) and
Dynamic Application Security Testing (DAST). SAST provides a security scanning of the apps source code or
binary, which is the bottom level language or foundation of the apps. SAST is considered a useful comprehensive
and efficient approach however where SAST falls short is a high number of false positives and an inability to test
apps in their real environment. This is the security void where DAST bridges the gap, testing apps externally
whilst the app is running. The DAST also has its own limitations including false-negatives (missed vulnerabilities).
Interactive Application Security Testing (IAST) is generally considered the more reliable testing method by
attempting to leverage the advantages of both SAST and DAST. From a practical view the implementation of an
IAST solution is not an easy task, having being compared to crossing a hedgehog with a snake56. IAST engines
cover more code, produce more accurate results and verify a broader range of security rules than either SAST or
DAST tools do individually, however developers are still looking for a more accurate, comprehensive and efficient
testing tool and the general lack of app security scrutiny has led to an underdeveloped market segment
(enterprise apps) whereby security is more paramount of a concern.
Both Apple and Android have been hard at work patching and upgrading their mobile operating system’s
security and they’re urging app developers to do the same. Experts have stated it is unlikely a whole industry of
app security experts will emerge, however app developers will likely invest more into security measures going
The ATO is understandably vigilant on the security of apps that use our clients’ data. The ATO may wish to closely
monitor app security advancements to see if the Software industry manages to provide satisfactory security
Use of APIs
Application Programming Interfaces (APIs) are defined as a set of functions and procedures that allow the
creation of apps which access the features or data of an operating system, app, or other service. It is a rapidly
growing market segment with most API businesses starting within the last 5 years and heavily invested in
providing mobile API support. It is predicted that the API management solutions market will quadruple by
The biggest drivers for APIs are the growing demand in the Mobile market as well as the rise of IoT, which
coincides with government BYOD policies. Enterprise integration and digital security are smaller drivers that are
expected to dramatically gain mainstream attention and become more important in the API economy. DevOps
has been widely adopted by API producing entities and government agencies may benefit in its dealings with
Software developers by embracing DevOps.
APIs are one of the building blocks that will give rise to the success of the IoT as an organisations core assets can
be used, shared and monetised through APIs that can extend the reach of existing services through concepts of
openness, agility, flexibility and scalability. These concepts are moving from luxuries to necessities, and the
culture and institutional inertia may be hurdles for the API economy. The State of API Report 2016 is a
comprehensive view of the current API environment, stemming from developers opinions from around the
Nexus is the company that is facilitating the improvement to the New Zealand Government’s discovery,
processing and information base of APIs by cataloguing all of the government’s APIs. Agencies do not currently
have a channel for companies to request API information from government agencies and Nexus stated that the
main challenge identified preventing progression around APIs is the culture within agencies.
Nexus hopes to tackle the culture hindrance by way of increasing discovery of government APIs, the
implementation of a process to manage the request of APIs and an increase in agencies access to information,
via APIs, to instil trust in decision making. This presentation was the product of the New Zealand Government
Better for Business program which was mentioned in an Australian Government report.
The report for the Australian Government was produced by the National ICT Australia Limited Company and
outlined a number of recommendations for the Australian Public sector to enable business to government digital
interactions. One of their recommendations states that the Australian Government’s operations and agility
would be greatly enhanced through the adoption of APIs as the preferred method for exchange of information
both between government agencies and all external organisations. Telstra appointed API Evangelist Frank Arrigo
stated in a 2015 article that “In five years’ time, I believe every organisation will have an API. It’s an inevitable
outcome, but I don’t think Australian businesses realise that yet.”
The United Kingdom is beginning to implement changes for the impending API market segment flourishing,
where some government agencies are using data.gov.uk to publicly share APIs, so far with Health and Transport
sectors currently online. The UK has also developed some guidance around building, consuming and using APIs
on their government website.
The ATO already releases the API for developers impacted by the SBR project, however not publicly. The ATO
might consider releasing it publicly and foster an environment of citizen development for software to specifically
interact with the government’s SBR system. The ATO should encourage Gov.au to share API’s in a similar way to
Other digital services
In the United States Accenture did a survey resulting in 92% of citizens stating that improved digital services
would positively impact their view of the government, and 72% stated expanded digital services would both
increase their overall satisfaction with the government and increase their willingness to engage. Countries are
progressing at different rates when it comes to digital services.