Native apps account for slightly more than half the mobile conversion

Retailers focusing solely on mobile web may be missing half their customers.

I’ve been looking at conversion across Kony customers and I’m seeing a pattern that is counter to the assumptions of conventional wisdom: about half the visits are from native applications and the other half come from mobile web.

More importantly for retailers: half the conversion is coming from native apps in addition to half the visits.

This means transactional native applications cannot be overlooked as a part of your mobile strategy.

I haven’t seen any other studies to compare this observation. I was speaking with Forrester analyst Sucharita Mulpuru Wednesday and asked her if she had seen any other data along these lines and she said she also hadn’t seen any studies looking at conversion between mobile web and native channels. I suspect that Kony has a unique perspective since Kony customers tend to cover three, four, five or more channels.

Transactional native applications cannot be overlooked as a part of your mobile strategy.

iPhone conversion is 30% higher than mobile web

I think retailers have created a self-fulfilling prophesy: mobile web dominates retailing because retailers generally haven’t done the heavy lifting of offering fully-transactional native applications. Let’s face it, retailers are comfortable with web development, but native development is less familiar. There are multiple SDKs, languages, and development environments to learn. Traditional web analytics, reporting, and checkout APIs are more difficult to implement from native applications. Frequent updates are also difficult from native apps – especially with the multiple environments to support.

However, we’re seeing what bankers have seen to be true for a while now – you can’t pick and choose channels to support. Some customers want to use native apps and some customers want to use mobile web. It depends upon the person, the phone, their relationship to you, what they’re trying to do, and when they’re trying to do it.

You need to be there when the customer is ready.

Furthermore, we’re seeing over 30% higher conversion for iPhone native app customers vs. mobile web customers. Therefore it’s imperative to have a well-designed, transactional app for those customers that want to use it. It also makes sense to drive users to that app to try to increase conversion overall.

The ROI is pretty easy to calculate. Offering both mobile web and native applications significantly increases the number of visits and the number of purchases and significantly increases the conversion rate for a significant subset of native customers.

Why would you want to miss half your customers – especially the ones that are more likely to purchase?

There are two things I believe very strongly about the future of mobile commerce:

• • Mobile commerce is here to stay
• • Mobile platform fragmentation will remain a serious challenge throughout the foreseeable future

Since mid-2009 we’ve built a very successful business helping nearly twenty name-brand clients in banking, retail, insurance, fast food and other verticals wrestle with these issues.

We’ve seen the questions change from “WAP vs. App” to bewilderment at the challenge of managing an exploding number mobile product lines while simultaneously managing a flood of customer adoption and increased competition.

The mobile challenge is to develop a roadmap of continual product improvements without knowing the exact technology mix that will be in users’ hands.

Fragmentation persists because of creative destruction. The iPhone created the industry. Then, Google eclipsed the iPhone with Android devices from a variety of OEM manufacturers. Apple did it again with the iPad. Now tablet salvos from Dell, RIM, Samsung, and others are incoming. Arguably, we’ve also already seen the rise and fall of many technologies like WAP, Palm, J2ME, Blackberry, and Symbian, just to name a few.

Organizations must support the mobile devices their customers have. As customers flock to the next great innovation, companies must reach their customers on the device they have right now — and in the way that works best for them.

The days are long gone where IT picks the technologies they’ll allow their customers to use. So, the mobile challenge is to develop a roadmap of continual product improvements without knowing the exact technology mix in users’ hands at rollout, versions 1.2, 1.3, and beyond.

Companies are burning resources porting to new platforms instead of innovating and staying ahead of the competition

Most companies are rolling out their first mobile product and in some cases extending variations to other platforms. Few companies have had to manage complex product lifecycles for the mobile channel. As new platforms are emerging, companies are burning resources porting to new platforms instead of innovating and staying ahead of the competition.

Few companies have the resources to manually manage multiyear product lines across a number of platforms including product management, revision control and infrastructure, quality assurance, and development.

Organizations won’t be successful picking and choosing platforms either. It’s not enough to only support iPhone or Android (or SMS, mobile web, RIM, Windows Phone 7, iPad, etc.). The playing field is changing too dramatically and too often. Companies picking and choosing platforms may find themselves investing in a dead-end product with few customers after a release or two (or even at the first release). Two years ago RIM seemed to rule the world. Five years ago Palm ruled the smartphone world.

Browsers aren’t a panacea either. Major mobile innovation is happening with native and hybrid application technology. HTML5 solves some problems but will not make native applications obsolete. Exposing native resources through the browser create unacceptable security risks in many situations (along the lines of Java applets and Active X). Furthermore, variations in HTML5 implementations likely will continue the testing nightmare that exists with the mobile browser, where tens of thousands of browser permutations exist.

Every company interested in mobile commerce has to face the device fragmentation issue and I don’t see it going away any time soon. In fact, it usually just gets worse. We just have to deal with it.

I’m going to be spending a lot of my time addressing these issues in the future.

Mobile payments could use phones as a PIN authorization pads making transactions easier, cheaper, and more secure. Image credit: GigaOm

Speculation is heating up again about Apple including near-field communication (NFC) mobile payment capability in iPhone 5 next year after reports Monday by TechCruch that both Apple and Google are in talks with mobile payment company Boku.

GigaOm’s Darrell Etherington piled on in an article yesterday. The only new information is that Apple and Google are showing real interest in mobile payments capability.

But, here’s why it matters:

Boku has had decent success, by modest U.S. standards, in billing micropayments to mobile phone carrier bills.

A typical Boku purchase would be a game player wanting to buy a new weapon for 99¢. With Boku, they simply enter their phone number into the game and a text message is sent to their phone. The user responds “Yes” to the text to approve the purchase. The process provides a very frictionless checkout that encourages spur-of-the-moment sales.

One Click Checkout
U.S. carriers limit purchases to small amounts, sometimes as low as $25 per month. U.S. carriers also insist on keeping roughly half the revenue. Therefore bill-to-mobile purchases are often limited to digital goods with no physical cost-of-goods sold — like online game items.

By the carriers’ usurious standards, Apple’s 30% take of App Store revenue looks downright profitable. Apple has 160 million cards on file. That’s just a bit less than the AT&T and Verizon combined subscriber base. There’s no wonder Boku and their retail partners would be interested.

By comparison Amazon has roughly 80 million monthly purchases and owns the patent on one-click checkout. Google also competes with Amazon in the online checkout business.

Apple can take a company like Boku and provide an appealing alternative checkout option that benefits both consumers and retailers. Easier checkout means less frustration for consumers and more sales for retailers.

Plus, checkout continues to be a challenge in mobile commerce. Entering usernames, passwords and credit card numbers are challenging on small screens.

Mobile commerce sales would soar exponentially with a simple iTunes bill-to-mobile checkout option and Apple gets a cut of it all. Mobile commerce executives tell me they already see significantly higher conversion rates for iPhone users over Android and other phone users. An easy-to-use, built-in payments solution encourages even more retailer optimization for Apple products and encourages consumers to choose Apple products over other devices.

NFC Tops it Off

Adding NFC to the iPhone would complete Apple’s access to the entire payments marketplace. NFC enhances the bill-to-mobile capability with the potential to drastically reduce fraud. In theory, Apple bill-t0-mobile on an Apple NFC-enabled phone could be the equivalent to a card present EMV smartcard transaction. (EMV is the smartcard standard adopted almost everywhere but the U.S. which significantly reduces fraud (and transaction costs) using a chip-and-pin system).

Checkout would be super easy for consumers. They enter their phone number on the website, then are prompted for a PIN on their iPhone. The NFC-chip ensures that the phone is indeed the consumer’s phone and the PIN ensures the user is who they say they are and that they authorize the transaction.

This approach would simultaneously reduces merchant transaction costs while increasing sales. (Assuming Apple and merchants can convince the card companies that these more secure transactions warrant a lower interchange rate).

But the real excitement about NFC is paying at physical retail locations. NFC chips on iPhones would instantly let users pay at contactless terminals in retail stores. Terminals exist at many gas stations, fast food retailers, drug stores, and some home improvement stores.

Apple would instantly make a market for contactless payments by including NFC on the iPhone. Competitors would jump in just like we’ve seen with tablets, and additional POS terminals would be added as NFC became commonplace by the millions of iPhone users.

The technology exists, is thoroughly tested, is proven to work, and users like it. And if you’re going to get all these benefits from NFC, why not also use it in ingenious ways like logging in and storing preferences? See the Cult of Mac reports.

NFC is just waiting for a catalyst like iPhone 5.

[The following article is running on Mobile Commerce Daily today 10/11/2010.]

Mobile Commerce should get used to security breaches.  They’re a sign of mobile going mainstream. The mobile ecosystem needs to develop security strategies like the computing industry did in response to viruses and phishing.

Recently the U.S. Federal Government declared phone jailbreaking legal. Jailbreaking is the process for unlocking phones, like the iPhone, to do things Apple and the carriers restrict, such as changing to a different carrier or turning an iPhone into a WiFi hotspot.

While jailbreaking unlocks exciting additional functionality, it also increases the risk of a malicious attack. iPhone jailbreaking has become so mature that it now only requires the swipe of a finger after browsing to a particular website (http://www.jailbreakme.com).

Fortunately the iPhone Dev Team, the de facto jailbreak providers, seem to be using their skills for Good rather than Evil. However, the simplicity of the current process exposes an extremely dangerous vulnerability in the iPhone and, by extension, mobile commerce.

Mobile is growing rapidly. My firm, Mobile Strategy Partners LLC, has seen mobile banking adoption across the industry grow 20% per quarter over the last year. However, improving consumer perception of mobile security will drive future adoption.

“Respondents consistently cite security concerns a key reason for not choosing to use mobile technology,” says Tom Wills of Javelin Strategy & Research. “Studies over the last two years have held steady at about 42% to 43% citing security concerns as reasons for not using mobile.”

The latest jailbreak process opens up the possibility that bad guys could jailbreak and infect victims’ phones by simply visiting a web site. Once infected, the bad guys could potentially have ongoing access to confidential information on the phone, including how to access financial accounts.

Highly publicized damage from such an attack could stall mobile adoption across the industry in addition to inflicting significant financial losses.

Viruses, phishing attacks, and fraud in general, arose as computers and the Internet went mainstream. Now that mobile phones increasingly have our attention, fraudsters see the same economics as mobile marketers, and have turned their attention to mobile devices.

Like many readers here, my livelihood depends upon the success of mobile commerce. My firm works exclusively with mobile technology to help companies like banks, retailers, and insurance companies develop and execute their mobile strategy – especially as it relates to their customer facing mobile strategy.

I have a vested interest in the continued success of mobile commerce. Therefore, I also have a vested interest in mobile security.

The entire mobile community has a responsibility to educate customers on safe practices and keep mobile security one step ahead of the bad guys. Attacks will evolve continuously. Companies will face difficult challenges to protect themselves and customers. Security best practices developed from ecommerce experiences must be adapted for mobile, and organizations must stay vigilant for emerging threats unique to mobile.

Platform developers like Apple, Google, and the carriers, also have responsibilities to stay on top of the latest exploits and provide a malware protection framework for mobile commerce.

With the current system, application providers can’t protect themselves because platforms like the iPhone lack – and in some cases actively restrict – methods to detect and fix malware infections.

For example, there is no way to run virus protection on an unjailbroken iPhone, but the very risk to users is that a hacker could trigger the jailbreak at seemingly any time. Users need the ability to determine whether their phone has been compromised.

Similarly, the Google Android application developer identity verification lacks the strength of the Apple App process. Android needs a strong trusted identity authorization and validation system to make it more difficult for criminals to masquerade as legitimate businesses – and malware to masquerade as legitimate applications.

Strong security will ensure mobile thrives. As mobile commerce goes mainstream it becomes simply commerce. It’s already unthinkable to abandon using applications with sensitive information on our phones. We can’t go back to not using mobile banking, mobile shopping, or even viewing confidential email on our phones.

Mobile commerce must be secured.  Mobile platform vendors need to help companies protect themselves and their common customer.

[Editor's Note: The following is a guest blog by John Britton an engineer at Good Technology and formerly at mFoundry. The following is John's personal commentary and does not represent the opinion of any organization or individual]

Last week the U.S. Federal government blessed mobile phone jailbreaking as legal — that is, unlocking a phone without carrier and/or manufacturer approval.  Everyone that has ever jailbroke their iPhone said “Thank you.”

Earlier this week the Unofficial iPhone Dev Team, the de facto iPhone jailbreak providers, released a new method for jailbreaking iPhones. The simplicity of their last jailbreak set off proverbial alarms across the mobile security and risk management community.

Previous jailbreak methods were cumbersome and idiosyncratic. Previously, users wanting to jailbreak their phone would have to download a file, jump through some hoops and 30-40 minutes later their Phone would be free. Unfortunately, after the jailbreak, all of their applications were gone and they would have to reinstall everything from scratch. Each upgrade required repeating the entire painful process.

The old process worked by bypassing Apple’s signing process. It was not something my mom would have ever attempted to try on her own.

The new jailbreak method exploits a vulnerability in Safari and is super simple. You can now jailbreak your phone by simply connecting to a website and swiping your finger. (If you want to see it, the site is: http://www.jailbreakme.com)

The whole process takes about 3 minutes and leaves all of your applications in place. It is a no fuss no muss approach and something my mom could do to be one of the cool kids.

To the credit of the jailbreak team they also included a patch to warn jailbreakers that encounter this exploit in the future.

Apple has currently released a rather vague statement about the approach:

“We’re aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update.”

The exploit is huge. It is only a matter of time before someone with sinister motives decides to exploit the issue for their own gain.  These bad guys could simply trick iPhone users onto navigating to their site or attaching a file to an email that once opened, quietly jailbreaks their phone.

Once the process is complete the phone would look and feel just like nothing happened at all. Except now, maybe the iPhone secretly has key logger software installed that steals usernames and passwords from mobile banking. Or maybe the hacker can hijack a browser session to go where they want it to go and not where users expect to go. Usernames, passwords, financial information including balances and name of banks can all be siphoned off to someone who wants to take money. The bad guy could even look at your anti-phishing site keys.

I hate to state the obvious but this is really, really bad.

Banks and software vendors can do little in their applications to prevent these types of attacks, but they are left to foot the bill for the attack. The bad guy would look and act just like the authentic user.

This problem isn’t just with native iPhone applications.  It also affects browser-based banking on the iPhone. The really advanced bad guy will also find ways to manipulate some of the more advanced SMS based banking.

I have now stopped mobile banking from my iPhone.

Bankers and consumers need to let Apple know that mobile banking and mobile payments need secure platforms. Apple wants to take advantage of mobile payments on their devices. They want to provide the next generation tools for all of us. Apple needs to provide strong protection for the sensitive data passing through iPhones around the world.

Without Apple-provided protection, the only recourse would be to remove their iPhone apps from the App Store and demand that Apple use the kill switch to remotely remove mobile bank apps from end user iPhones. Banks would also need to block all iPhone based browser traffic.

Of course, this is impossible. Mobile banking has already gone mainstream. Mobile commerce has as well. Furthermore iPhones are used by key executives with sensitive information throughout the world’s businesses.

The only true fix to this problem must come from Apple.  They need to patch the exploit quickly.  Apple needs to work with the banks and the security industry to vigilantly protect and continue to grow the opportunities that are in front of us all.

David Eads mentioned previously on this blog that code reviews for mobile applications should be standard fare.  Financial institutions must be vigilant in teaching their customers and members about staying current with software updates.  A couple of steps that you can take to protect yourself and you customers is to encouraged your customers to upgrade to the latest iPhone OS when Apple releases it.  You can also modify your terms of service to require that fraud protection is only valid if their mobile banking devices have the latest versions of the vendors operating systems and are using it in accordance with the hardware and carrier provisions.

Send David questions about this and I will be back next week to answer your questions on mobile security.

Written from my newly jailbroken iPhone 3GS with mobile banking applications uninstalled.