One week. Three Appsolute App Disasters
When you work in app development you can’t help but keep an eye on the industry to see what else is happening. Which inevitably means that from time to time you’ll spot a major app FUBAR. Last week it was hard to miss three spectacular app-related disasters.
First there was the coffee promotion that will costa major brand a lot of customers. Then there was the cool estate agent tour app that turned out to be a goldmine for identity theft and cyber crime. And finally there was the “I told you so” moment when the NHS Covid app was rejected by both the Apple and Google Play stores.
That moment when you spot an app trending in the news is often a strange one. I go through a rollercoaster of emotions.
Relief: Thank fu*k that’s not one of my apps
Pride: We’d never build an app that shoddy…right!?
Fear: Oh sh*t — could that happen with one of our apps?
Curiosity: Why did the app go wrong, how quickly was it fixed and was something overlooked in the development process?
Humility: What can I learn from this and how will it change our development process in the future?
Once I get past the panic and fear that my team could find themselves in this situation I always look to unpick what we can learn from the situation. I know the products my team build are not infallible. We’re only human. We make mistakes. My job is to make sure that those mistakes are few and far between.
Here is my take on the three recent app issues, and what we’ve learned…
Costa App crashes during 50p drink promotion
As the country eased out of lockdown the Costa marketing department clearly had a bright idea. They wanted to celebrate 50 years of Costa with an unbeatable promotion. Their entire hot drink menu reduced to just 50p per drink.
As a top-level concept it’s a great idea. Their customers have been languishing at home and over the last year have probably managed to work out how to make a pretty decent cup of coffee. And that even if you buy really deluxe beans, grind them yourself and invest in all the kit needed to make an epic coffee it’s probably still going to work out cheaper than heading to your local coffee shop. So entice those customers back in with an incredible offer. It’ll possibly get all those coffee addicts back into their routine of grabbing a cup of joe on the way to the office/train station/salt mines.
From a purely marketing POV this probably isn’t even that pricey a campaign. A few years back it was estimated that the average cost of producing a cappuccino was just 20p. The packaging for a takeaway cup brings the total up to 40p. Rates, rent, staff costs and tax account for the bulk of the total cost, with Costa taking approximately 30p profit per coffee. So you’re looking at a total cost of say £1.50 per coffee to Costa. Possibly less given the fact that rates, rent, tax and to an extent staff costs are being mitigated by government lockdown support or eased rental agreements during the pandemic. Let’s round it down to £1. Costa will probably only need those new (or returning) customers to buy 3 coffees over the next couple of months to recoup those costs.
And that’s excluding all the free press, publicity and social media coverage the offer generated for the brand.
If Costa had just left it at that they’d have probably been smelling of roses. Their marketing team would be celebrating with coffee martinis. But they decided to push a bit further and integrate their loyalty app into the promotion. To get the cheap coffee you had to have the app downloaded on your phone. And that’s where things went sideways. Because the Costa app couldn’t cope. It kept crashing. Social media locked up with complaints. The press who had only hours earlier been extensively promoting the offer were now flipping to covering stories of frustrated customers unable to cash in.
I like coffee. And with a toddler knocking around I tend to find myself seeking out caffeine injections on a regular basis. There are a lot of Costa Coffee outlets round the Apptaura HQ, so over the years I’ve been a frequent visitor. And I’m a member of their loyalty program. For years however I resisted downloading their app. The loyalty card worked perfectly well. In the midst of the pandemic I finally relented and went for the touch free option of the app. And it worked ok. It didn’t really do much more than the original loyalty card, but I did quite enjoy the marketing Costa sent my way.
But, like thousands of other customers, when I tried to claim my cheap drink the app failed.
So what happened? Did Costa simply not plan for the level of attention the campaign received? Where their app systems not built to be sufficiently scalable to cope with increased demand? Or were they throttling the app on purpose to reduce the ability of customers to claim the promotion — a theory that grew like wildfire on social media.
We can strike one of those off immediately. This isn’t like the Hoover Free Flights to New York promotion. Costa were largely still honouring the offer. I just had to show that I had the app installed on my phone and I got my discount.
I’d wager that it wasn’t even necessarily a volume of customers issue that triggered the problems. It was more likely that it was the different behaviours being exhibited by those customers. New users registering. Old users trying to log back in, failing to remember their password and asking for a reset. Throw in the new functionality built in during the pandemic that allows customers to pre-order and pay for their drinks remotely and you’ve almost got the perfect storm. That’s what will have triggered initial problems. And that tends to be where the snowball effect emerges. Because as customers experience problems their behaviour changes again. They quit and reboot the app. They refresh. They repeat actions over and over again. Suddenly to the app the load of one customer starts to feel like three or four customers. It’s like that phantom traffic jam on motorways simulation. One car brakes causing another to brake harder, another to slow down even more until every car has stopped.
Should Costa have seen this coming? Possibly. But it’s difficult to test for this kind of issue. I’d imagine that the total app traffic across the country isn’t actually that much higher than pre-pandemic. It’s just that it is more concentrated and exacerbated by user behaviour.
It’ll have hurt Costa. Tarnished the brand. Turned off some of their potential new customers and hampered what otherwise was a pretty canny campaign. But I got my coffee last week. I visited twice. And bought a bacon roll. Which is exactly what they wanted me to do.
3D VR Real Estate tool is data goldmine
On to the second appocalypse (I’ve got plenty of these…) and this one seems to have largely flown under the radar. Rightmove, the estate agent giant has been reported to the ICO for leaking significant amounts of personal data.
Now, if you know me you’ll know that I’m a stickler for data security. I bang on about it a lot. What really caught my eye though was how this data was actually leaked, because it reflects the greatest weakness in any web or app system. Our own human fallibility.
The leak originated in a high-res 3D rendering of a house for sale in Devon. Navigating through the 3D model you could zoom in on paperwork littered across the study desk, examine personal photographs and check out some payment invoices. If all of this was put together and combined with a bit of extra research a nefarious party could have used the information to clone an identity or attack the home owners.
Now, in all fairness to Rightmove, they do tell homeowners who choose to use the 3D tour to put away private documents, but you’d be surprised what people consider private and what they wouldn’t even think about. For example, the tour showed off named photos of the pets who lived in the house. Most people wouldn’t consider that a security risk… except that the name of your pet is often used as an alternative security question when you forget your password. They are also routinely used as passwords.
Suddenly an innocuously cute photo of Smudge has given a hacker access to your emails.
I remember visiting an elderly family friend and spotting their wifi router propped up on a windowsill. When I asked them what it was doing there they told me how by putting it up in the window they could still access the web on their phone while they were out in the front garden. They didn’t think about the fact that their Wifi network details and password were on a sticker on the back of their router. Which happened to be pointed out the window for anyone walking past to see.
The weakest link in any system are the users. Your app developer could build the most secure app ever, but if the member of staff with admin rights gets phished or your users don’t understand the risks then it might very well not matter.
Which made me realise that it’s been a while since I dropped my clients an email with a scary DONT FORGET ABOUT DATA SECURITY article.
Track and Trace app trips up again
Last but not least another appalling app failure (told you…) this time from the UK Government and their much maligned contact tracing app. The app (rebranded as an NHS product in what one suspects is a cynical act to dodge criticism) has been dogged with issues.
Ghost notifications, issues with exposure alerts, erroneous risk level settings, problems with older phones or phones set up in different languages as well as privacy concerns and reported low take-up have all caused issues with the flagship app.
So I wasn’t all that surprised to see news stories breaking about it again. What did take my breath away was what had happened. Google and Apple had turned down the latest app update for not complying with privacy rules. Privacy rules that Google and Apple had highlighted months ago.
The update was intended to allow people infected with Covid to upload logs of their check-ins to venues if they so wished. But, crucially this was in violation of the rules Google and Apple put in place when the app was forced to switch over to their own contact tracing technology. Both Google and Apple were concerned about the privacy implications of tracking the movements of an entire population and saving them in a centralised location and made it clear that they would not approve any moves in that direction.
It’s frustrating that so many in the tech industry have been pointing out the limitations of the test and trace app. My CTO Tom wrote a couple of articles about it a year ago. And still the developers tried to slip this update through.
BBC Technology correspondent Rory Cellan-Jones summarises it neatly:
“Just a week ago the Department of Health seemed to think this update…would go through without problems.
It’s hard to understand why. After all the rules for using the Apple-Google Exposure Notification System were clear…”
This is an app that has cost an expected £35 million. And it’s not really ever worked. Costa f*cked up. But the worst thing that’s going to happen is that they get a slap on the wrist from their Coca-Cola overlords and lose a few of their customers to Starbucks. Rightmove have dropped a clanger. But they can take down their 3D tours, improve their app and make their instructions clearer to customers.
The NHS app could be saving lives. It could be saving jobs. It isn’t. And I bet it cost a helluva lot more to build than the Costa app did.
Thank f*ck we didn’t build it.
Thom Gibbons is CEO of Apptaura, the app development agency based in Hampshire. His team specialise in building apps for internal business use and niche products.
