In the last two parts, we looked at the idea of the app, its appearance and how we want to earn money with it. Today we're looking at the topic of authentication, which plays a central role in most solutions. We will also be looking for suitable developers.
5. Authentication and legal aspects
Does your application require a login? Should user-dependent information be processed? Then you cannot avoid authenticating the user or users. But the whole thing has a trail of consequences: there are many authentication methods, personal data has to be stored and then we come to data protection. What happens if a user forgets their password, etc.? In my experience, we use these things on a daily basis and most of the time they work quite reliably, but we don't think about the fact that there has to be quite a complex mechanism behind them for everything to work so smoothly. Fortunately, there are ready-made tools that do a lot of the work for developers. It is not advisable to develop this yourself with your hand on your arm.
5.1. Authentication methods
Think about which authentication methods your app should offer:
- Options: These include Apple, Google, email, MagicLink, Passkeys and many others. Consider how simple or complex you want the login process to be for the user. Complicated authentication can put users off. The system must also be fault-tolerant, e.g. if the user has forgotten their password.
- Legal requirements: Consider legal aspects such as the GDPR to protect user privacy. Ensure that all data collected is stored and processed securely and in accordance with the applicable data protection regulations. In this context, remember to extend the data protection agreement accordingly. Tools such as erecht24.de can be used to do this quite well. It should also be noted that an order processing contract (AV contract) is concluded with every provider whose tool you use. That sounds worse than it is. The vast majority of providers have these contracts available to download directly from their website.
- Use ready-made tools: As described above, ready-made tools such as Firebase from Google should be used for authentication. For e-mail traffic, e.g. when a user automatically requests a new password, tools such as Resend.com can be used. These tools are usually free of charge up to a certain limit. It is generally advisable to keep the maintainable code to an absolute minimum, as it needs to be maintained. Using ready-made tools has the advantage that people are busy keeping their part running. And of course, where there is light, there is also shadow. You have to get to grips with the functions of the chosen tool and ultimately be satisfied with it.
6. Searching for a suitable developer
6.1. Selection of the developer
Choosing the right developer is crucial:
- Chemistry: Make sure that the client and developer work well together and that communication is clear and structured, ideally via a project management tool such as Jira, Asana, Trello, Polarion or one of the many other tools on the market. It is also important that the developer understands the vision of the project and identifies with the goals.
- Location and costs: Note that costs may vary depending on the location of the developer. Be aware of cultural and language differences when working with developers in remote regions. Also consider the advantages and disadvantages of in-house development versus outsourcing.
- Persevere: You probably know the Pareto principle: 80% of the work in 20% of the time and then the last 20% of the work costs the remaining 80% of the time. In other words, it is essential that the client and contractor have staying power. Especially towards the end of the project, when the tests are running and new errors and inconsistencies keep cropping up, efficient and consistent processing (see above: project management tool) is essential. Even here, a project can still fail if one party loses interest or there is a dispute about the costs because it was not clearly defined in the contract negotiations (see below) who would bear the costs.
6.2. Contractual agreements and IP protection
Make sure that all legal aspects are clearly regulated:
- Confidentiality agreement: A formal non-disclosure agreement (NDA) is important to protect the interests of both parties. This agreement should also clearly define the responsibilities of both parties.
- IP rights: Clarify who owns the product and the source code and ensure that the product is free from third-party rights. Make sure that the developer has all the necessary licenses and rights to carry out the project.
- Source code management: The source code should be managed in a GitHub or GitLab account created by the customer. Make sure that the developer does not retain any rights to the sources and clarify whether the code or parts of it may be used elsewhere. Also consider how future developers can gain access to the source code if the original development team is no longer available.
So, that's done too, now we can finally start with the actual implementation in part 4 and take care of the project completion. As you can see, it's a long way until we finally get started - but it's worth it.
About the Author
