Google Play will tell Android smartphone users what data apps are collecting from them

Google said it will create a new safety section in its Play mobile-app store that will let Android smartphone users see what data developers collect about them and share, plus give access to additional privacy and security information.

The transparency push echoes rival Apple Inc.’s decision in 2020 to compel app-makers to disclose what information they gather, and what they do with it. Apple’s latest mobile software update, iOS 14.5, includes an App Tracking Transparency feature, which requires users to opt in to being tracked by apps for personalised advertising. Developers expect to lose revenue from this change because most consumers will not agree to have their data collected.

Google, which itself is dependent on advertising revenue, has taken a more measured approach. The internet search giant is discussing how it can limit data collection and cross-app tracking on the Android operating system in a way that is less stringent than Apple’s solution, Bloomberg has reported.

Google Play safety section will also tell users if an app encrypts data, if it follows Google’s policies for families and children, whether users have a choice in sharing information, and whether users can request data deletion if they uninstall an app.

Resource: https://www.scmp.com/author/bloomberg

“Need for speed” heightens expectations (and security risks) for software development

The pandemic has made speed even more paramount as organizations embrace digital transformation and seek greater software agility, innovation and resilience, observed James Brotsos, developer experience evangelist at application security testing provider Checkmarx, which conducted the study in late February.

Considering that developers were already operating at an aggressive pace, with remote work adding another layer of stress, it’s understandable that when asked about the biggest work-related challenge they’ve faced throughout the pandemic, two points topped their lists: Keeping up with increased development speeds and demands (36%) and collaborating with key teams (e.g. dev, ops and security) while remote (36%), Brotsos said.

Additional challenges weighing on their shoulders include increasing security ownership and responsibility (14%) and navigating headcount and resource reductions (11%).

To cope, Checkmarx’s research shows that developers have increased their reliance on a variety of tools and components in the last 12 months to work more efficiently. The top three are open source, automated security testing tools and infrastructure as code, he said.Software developers have flocked to the cloud, but testing lags

While the transition to the cloud has been in the works for quite some time, there’s no debating that it’s been put into hyperdrive by the pandemic. Well over half (59%) of survey respondents said that the amount of application development they’re doing in the cloud now compared to before the pandemic has increased somewhat or significantly.

When asked about the top reason driving this migration, the “need for speed” sentiment emerged again, with 48% of developers saying that working in the cloud enables them to increase development and deployment speed, Brotsos said.

Meanwhile, over one in four (26%) said flexibility with operating systems, languages, and platforms that cloud environments offer has resonated most, while 15% cited improved application security, he said.

However, with all the benefits that the cloud presents come a myriad of security concerns. Cloud applications comprise numerous components–each of which brings a distinct set of risks, and as a result, require specialized testing methodologies.

One of the most worrisome findings was that one in six developers (15%) aren’t performing any security testing at all when building cloud-native applications, Brotsos noted.

“While the percentage may seem minimal at first glance … if you really look at it, this means that one out of every six developers isn’t taking any AST steps in the cloud, which could leave a large portion of apps vulnerable,” he said. “As cloud-native development becomes the gold-standard across the industry, there needs to be a significant shift in this regard.”  

Additionally, when developers were asked when building applications in the cloud, which cloud-native technologies and components they’re performing security tests on, just half said infrastructure as code, while 45% said APIs, followed by 44% who said microservices. Other respondents cited containers (32%) and serverless architectures (28%).

With cloud-native undoubtedly here to stay, Brotsos said, developers and organizations must balance rapid adoption of the technology with doing so in a secure manner.Security is shifting into the hands of developers

With every organization’s attack surface now being larger than ever before due to the rise in decentralized workforces, application security and building secure code must be a priority, he said. While the debate rages on about who should be the primary owner of application security, the Checkmarx survey indicated that over half (55%) of respondents have taken on somewhat or significantly more application security responsibility over the course of the COVID-19 pandemic.

As application security ownership continues its gradual shift from IT to DevOps to developers, securing the development pipeline is a skill they must learn, according to Brotsos. Respondents agreed. When asked about the skills they’ve prioritized learning or improving during the pandemic, their top response was AppSec/secure coding (46%).

The survey further found that developers are determined to increase their proficiency with emerging technologies and methodologies including API development (43%), cloud-native development (40%), IaC configuration (34%) and DevOps (31%).What developers need more than ever to be successful

When asked what the single most impactful thing is their companies could do to make application security easier to manage, developers cited more opportunities for AppSec training (36%). This was followed by integrating security testing directly into their workflows (e.g. SCMs, CI/CDs, and IDEs) (27%), followed by investing more in automated security testing tools (23%) and streamlining collaboration between dev, ops and security teams (11%).

As application security continues to move under developers, Checkmarx advises a number of measures organizations should take:

Provide them with training and education.

 Invest in the right application security testing tools.

Break down silos among software development stakeholders.

Listen to developers and their needs.

The need for breakneck software development is only going to continue, especially as organizations transition full-time to hybrid work environments and continue down the path of DX, Brotsos said.

“As with any job, these expectations are unsustainable long term if change isn’t implemented,” he said. “Organizations must listen to the requests and concerns that developers are voicing and provide them with the proper resources to keep up with this accelerated demand. At the end of the day, it should be a give and take dynamic.”

What is Agile software development? Everything you need to know about delivering better code, faster

Reference: CONSTELLATION BRANDS, INC.

Agile software development is a set of collaborative methods and practices for producing software code faster and more efficiently. In particular, Agile development uses an iterative approach, where teams continually revisit, inspect and adapt their development techniques to deliver applications that meet business requirements flexibly and quickly.

What are the origins of Agile software development?

A group of software developers created a series of lighter techniques in response to what they perceived as the heavyweight methods associated to waterfall development, where projects are broken down into a series of linear sequential stages.

These 17 developers met in Utah in 2001 to discuss these lightweight development methods. They subsequently published the Manifesto for Agile Software Development, which outlines a set of values for developing software in a flexible, iterative manner.

SEE: Guide to Becoming a Digital Transformation Champion (TechRepublic Premium)

These values centre on self-empowerment, collaboration, responsiveness and creating working software solutions – rather than final products – that can be honed over time. The agile manifesto has 12 principles, ranging from continuous delivery of software, trusting individual contributions, and onto reflective team processes.

Is Agile better than waterfall software development?

Just about every conference features a session with tech leaders – whether that’s CIOs, IT directors or IT managers – who expound the benefits of Agile methodology. Sessions on the virtues of traditional waterfall techniques are thinner on the ground these days.

One explanation for the shift is that waterfall development require a tighter focus on stages: testing is undertaken after the build phase is complete. In Agile, testing is an iterative process, where software is developed, used and updated. Many CIOs believe this approach is a good fit for digital transformation, something we’ll return to below.

Yet the rise of Agile methodology doesn’t mean waterfall is dead. Some projects still have clearly defined stages and deliverables. If you know exactly what you need and when, then a waterfall methodology approach might be better. Perhaps the better question to ask isn’t which methodology is best but to instead ask which is better suited to the task at hand.

Why is Agile development so popular for digital transformation projects?

Digital transformation has moved from the periphery to the core of all organisations, as tech leaders have sought to change their business models in response to fast-changing conditions.

Think, for example, of incumbent firms being challenged to respond to disruptive startups. Then think of the impact of the coronavirus pandemic and the rapid shift to remote work, e-commerce and e-learning. Experts suggest Agile methodology is a great fit for companies that want to test and develop new business models and products quickly.

How do companies use Agile software development?

Tech analyst Forrester says Agile delivery is critical to successful digital transformations, yet the best enterprises go even further. The researcher says just 47% of less successful firms have 75% or more of their development teams using Agile software development practices compared to 93% of successful companies.

Here are some examples of digital leaders who have embraced Agile development as a way to help their organisations transform:

What are the main features of Agile software development?

An agile team is defined by its collaborative approach and some of the main frameworks associated to the methodology include, but are not limited to:Lean – Empowered teams that work quickly to eliminate waste. Lean itself originated from lean manufacturing processes, which were pioneered by Toyota and the ‘just-in-time’ production cycles of the twentieth century.Kanban – A lean method for managing work where items, such as features, user stories and deliverables, are visualised on a board.Scrum – Agile framework for small teams of 10 or fewer, who break work into time-constrained chunks, known as sprints, where progress is reviewed in scrum sessions.

Notable Agile development practices include: backlog, which is a breakdown of work that needs to be completed; standup, which is a daily meeting to communicate issues; and retrospective, which is held at the end of each iteration to consider lessons learnt.

What’s the difference between DevOps and Agile software development?

DevOps is a combination of software development and IT operations. By using continuous delivery and constant iterations, DevOps aims to create higher quality software. Many of the key practices of DevOps can be traced to Agile software development.

While the Agile method focuses on sprints that can last weeks or months, DevOps is centred on hyper-quick releases that take days or even hours. Both DevOps and Agile can be used in tandem as they complement each other.

What about the rise of Agile leadership techniques?

The coronavirus pandemic has in many ways been a beta test for the widescale rollout of Agile development. Self-empowered employees simply had to work in a socially distanced manner to complete projects and develop products as quickly as possible.

Many CIOs report that Agile has been a great fit for the new working normal – and they’ve adopted leadership approaches to support this shift. This flexible form of leadership – known as either agile project management or agile leadership – involves the application of the principles of Agile software development to management tasks, relies on decentralised decision-making.

Agile management produces benefits in two key ways: it gives workers the empowerment that research suggests they crave, and it frees up leaders to focus on higher-level tasks, such as refining strategy and developing new business models.

What are the downsides of Agile development?

Amazon’s Jeff Bezos believes every internal team should be small enough that it can be fed with two pizzas. Various other experts suggest Agile works best in small groups, yet there’s a danger that, as Agile shifts from the IT department to the wider business, it becomes applied too broadly and its benefits are watered down.

Executives, who are fed up with the process-driven lethargy that undermines many big enterprises, often like the sound of self-empowered teams. But what they can get – if they don’t apply Agile carefully – is chaos. Analyst Gartner refers to the danger of corruption, where the core values of agile are debased by misunderstanding.

Even in the IT department, not everything is rosy. The collaborative nature of the methodology means face-to-face interaction is often essential, something that has been impossible recently. In many ways, we’re not seeing true Agile in full effect.

“The thing I miss the most is creativity; being able to stand in a room with a brown bit of paper and a load of sticky notes and argue and debate until you’ve got the solution to a problem,” says Boots CIO Richard Corbridge, who is a big advocate of Agile techniques.

What are the long-term prospects for Agile development?

As companies emerge into the post-COVID age, it will be interesting to see what business leaders think of the products that the Agile software development team has created.

Will they reflect on the rapid digital transformation process of 2020 and conclude that Agile simply helped the business work effectively at a very complex time? Or will the shift to Agile – both inside the IT department and out across the wider business – become a permanent transition?

Evidence so far suggests CIOs and their teams have gained a lot through the shift to Agile and that the technique will be well-suited to the hybrid mix of office and home working that is likely to define the post-COVID age.

Johnson Matthey CIO Paul Coby says CIOs have been talking about the importance of Agile methodologies for the best part of 15 years. But in a competitive post-COVID age, he says agility will be crucial to supporting the business’ almost-continual transformation: “They need agile IT, in the best sense of the word, to support that.”

Think of software as your company’s DNA

“The best part of building software is the job is never done. Since starting Box, I don’t think I’ve ever left a customer conversation where this [sic] isn’t something new left to go do. Build the future, listen to your customers, repeat.” Those words come from Aaron Levie, the CEO of Box (via Twitter).

Levie’s words resonate strongly with me. For some years now, I’ve posited that every company must think like a software company. It’s what I have described as Leading with Code. Over that time, it has become increasingly clear that for all firms, more and more value creating opportunities derive from own-account software, or the software that a company builds for itself. Executives at firms that lead with code–both incumbents and startups—view software as a source of economic value creation and the differentiating asset that it is. Many others, even those that have recognized the strategic importance of software, still have a very different mindset.

What hasn’t been totally clear is what it really means to think like a software business. I recently conducted research with executives at both established companies and younger tech firms operating in physical world businesses—so as to maintain a level of equivalence—in order to learn more. These companies were in a wide range of industry sectors, including consumer packaged goods, financial services, insurance, manufacturing, medical devices, pharmaceuticals, restaurants, retail, technology services, and transportation and travel.

Here’s the key takeaways for companies who want to make the leap to truly thinking like software businesses:

1.    Assemble and develop in-house talent

Companies that lead with code, whether startups or long-established businesses, all rely on in-house and highly capable talent to build distinctive software. They don’t routinely consider hiring external services firms to build key software. They see software developers as creators and problem solvers, not just coders. Their developers engage in important open-source communities, learning continually about the latest developments in software products and practices.

2.    Implement a modular architecture

Leading companies feature software stacks that are modular, facilitating rapid innovation. Their developers frequently build in-house software products or platforms by leveraging free, but valuable, open-source software, as well as licensed components for routine functionality. This allows them to create applications faster. One executive stressed the importance of designing components with change in mind, because reconfiguring is always better than rewriting code. Another executive told me that every line of code within this decentralized architecture has a clear owner so that there is specific responsibility for each and every software component. To be clear, commercial solutions have an important role to play and should be a part of the software stack. But it’s the own-account software that matters most.

3.    Embrace experimental innovation

Once you have plenty of in-house talent, new pathways to superior software products become available. A popular traditional approach is to license commercial packages with wide scope, and then to configure or customize them for your company. In contrast, firms that lead with code typically begin by aiming to solve a focused business problem. They build and iterate on new features and products. Executives at these firms told me that until you try something out and see how your customers, suppliers, or employees react, and whether your business improves as a result, you can’t be sure of what to build. The learning must influence what you choose to do next.

4.    Start small, then build scope and scale

One consequence of experimental innovation is a willingness to build systems that aren’t initially always highly accurate or resilient. One leader I spoke with shared how they are observing the rollout of a new machine learning-based system and quickly reverting back to a default and tested algorithm if the new predictions seem unreliable. They build for scalability and resilience only after they have figured out the algorithmic logic and the functionality. As machine learning applications account for a growing share of software applications, with knowhow from the learning systems incorporated into run-time systems, this is even more relevant. While this tenet is important, a caveat is also in order. There are many environments in which reliability and resilience are paramount and approaches will differ in these.

5.    Balance the risk of error against its benefits

CIOs, for obvious reasons, are generally risk averse when it comes to software development. But a greater willingness to accept initial errors can reap significant dividends in terms of increased efficiencies. For example, one of the companies I interviewed had a leased strategic application that was not only expensive, but unsuited to its business model, often recommending inefficient solutions. The company assigned a couple of talented developers to build an “adequate” working replacement quickly.

Executives recognized that the system would make mistakes and they would have to reimburse customers when things went wrong. However, they were willing to take the risk because the savings in license fees gave them a margin for error. In time, they iterated and continually enhanced the system, ultimately getting them to a solution that was distinctive.

In a digital world, distinctiveness often results from codifying unique knowhow, something a firm knows how to do better than its competitors, in software and applying it at scale. Fundamentally, it’s about continually offering a superior value proposition and doing so more productively than before.

It’s particularly important to keep in mind that as digital technologies keep evolving, the ability to continue to enhance your products, services, and operations is unending. And as Box’s Levie points out, the journey is never done.