App Procurement Standard Questions

(updated June 2020)

What app development projects have you completed in the last 12 months?

It’s worth noting that the majority of our clients have been with us for at least 3 years and in a few cases since we started building mobile apps in 2013.

Our biggest new app

The biggest project for us of the last 12 months has been the redevelopment and launch of the Waterstones app.

Waterstones’s goal was to replace their commercial Android and iOS apps completely, adding e-commerce capabilities as well as bringing the branding up to date.

We started the project last summer with a tight time frame of launching for the Christmas season. We met that goal and launched a great first version of the app.

Since then, we have been building out further features of the application as it’s user base continues to rocket. Over the last 3 months, the benefit of this platform has shown with a dramatic increase in revenue. That’s because we’ve listened to users and iterated upon a great foundation.

Other projects:

LifeSight - LifeSight is a Master Trust Pension from Willis Towers Watson. We have been working with Willis Towers Watson since 2013 on over 8 different products. Their vision is to create the best pension tracking app in the UK, and so they have partnered with us to deliver on those aspirations. We have built and developed a best-in-class application for them using the very best practices, including regular user testing and automated testing strategies to ensure critical data is secure. We’re excited to see this app develop with us over the next few years.

Ongoing projects

We love getting to work on projects over the long term. We’re confident that we are probably the most experienced app development agency in the UK at the moment. Many of our clients have been building on their mobile offerings with us for many many years.

Ziffit - Ziffit is the incoming stock arm of the UK’s largest second hand bookseller, World of Books. Their app boasts a huge and loyal user base. In the last 12 months, we have helped the team launch their offering into new territories, including the US and Ireland. We’ve helped them create a new checkout flow that is entirely reliant on dynamic API’s and can change for any territory.

TrainSplit - We have been working with TrainSplit over the last few years to create an industry-disrupting offering. Over the previous 12 months, we have delivered a whole new e-ticketing system that allows customers to take advantage of the latest technologies available to them and reduce the need for paper tickets.

Other notable clients who have had work completed for ongoing projects:

Legal and General



What is the largest number recorded of concurrent users actively using an app you have developed and deployed?

Although trackable, concurrent users are rarely an issue for our work as applications are installed and hosted on individuals devices. Of more interest to us is the size of the user base as this impacts our decision making on accessibility, translations and the demographics we need for UX research and User Testing.

We have worked on several large user base apps, including the Google Playbook with over 1million users.

At the time of writing this (June 2020), both Waterstones and Ziffit have 28day active user bases of 70-150k.

What is the development process?

We understand that some parts of our process need to adapt for every client, but that other components need to stay consistent.

We will design a process that suits you perfectly, but it will usually consist of 3 main areas:


This phase is about understanding your business objectives and the needs of your users. It's also the opportunity to examine technical feasibility and design the technical architecture of the product. There's a lot that can go into this phase, including user testing, design sprints and prototyping. But the main thing is we want to end with a clear plan, roadmap and a good headstart on the rest of the development.

Design and Development

This is where your product begins to come to life.

We create a set of designs for your features, continually referring to what we've learnt in the discovery phase. We'll work hard, with you, to find the perfect balance between visual aesthetics and usability.

This includes designing for all eventualities:

  • What if the user is offline?
  • What about different devices?
  • What happens when the content is loading?

Our developers use these designs to build a fully functioning app, written with the future in mind and championing best practices. We make the best use of the latest techniques, such as automated testing to produce robust, intuitive work. We also make the best use of being a team by peer-reviewing our work as we go along, checking our progress is consistently strong.

UAT and Beta Testing

Before we release the app to a broader audience, we need to make sure it's ready. This phase is all about testing the product 'as a whole'.

We want you to be completely satisfied that the app meets your business objectives and represents your brand perfectly.

We'll encourage you to release the app to a beta community so that you can gather rapid feedback in case any changes are warranted.

What development tools do you use?

Our standard development tools are Xcode for iOS apps and Android Studio for Android apps. We also take advantage of lots of complementary tooling such as Reveal, Charles and Postman. We have taken care to ensure efficient design to development handover utilising tools such as Abstract and Zeplin.

Which programming language do your developers use to build mobile apps?

We develop most of our mobile app natively, which means that we use the programming languages provided by the platforms.

Android - Kotlin and XML

iOS - Swift

We do, however, take advantage of a newer framework called Kotlin Multiplatform that allows us to build the business logic for both platforms and deploy it to both code bases. This method reduces cost by only having to make a component once, but more importantly, it ensures that both platforms are aligned in their interpretation of the incoming data.

What product management and project management tools do you use?

We typically adopt a Kanban or Agile approach, depending on the client's needs. We want our clients to feel part of the process, so we regularly meet with them to show progress and discuss what exciting feature we are building next.

For Project Management, we typically use JIRA or Trello to aid process. However, we have also used many other systems, depending on client needs. Alongside regular functional meetings and demonstrations, we produce automated reporting for our clients so that they can feel confident they have a transparent view of progress.

For Product Management, we ensure that all of our designs are Git versioned within Abstract and also use Zeplin as a handover tool to provide a single source of truth between development, design and stakeholders. For user testing, we typically use Invision to test prototypes.

What disaster recovery do you have in place?

DRP is a high priority to Brightec as such; we operate a very 'light' IT infrastructure.

We use enterprise-grade cloud solutions such as Google Drive and Github to store and access our data instead of having our own servers. Each staff member uses these and other technologies for continuous backup to the cloud.

We regularly work remotely, with each staff member using laptops to access company data stored in the cloud. We don't require a physical office space, which means we are highly flexible, and this supports business continuity.

All source code is committed to the cloud daily. Meaning we can quickly recover it at any point.

Laptops are backed up daily and can be recovered within hours.

How do you deal with hosting?

We usually do not take on any major hosting work as most of our work is on front-end client applications. There have, however, been several times that we have needed to create a middleware to ensure business resilience when changing data providers or systems. For this, we have used cloud solutions. For Legal and General, we used AWS, and for KitchenCraft, we used GCP. Both of these options are class-leading hosting solutions with high uptimes and concurrent user handling.

We have also often used Firebase to host smaller subsets of data, including user data. This system is built upon Google Cloud Platform and specially created to support apps at any scale

What usage metrics and reporting do the tools you provide?

We will want to work with you to design the apps reporting to measure against your business objectives.

We typically integrate Firebase analytics and crashlytics.

Firebase Analytics can be configured to provide a wide variety of metrics and integrated into other Google services.

What methods and tools do you use for testing?

Automated testing is the backbone of our robust applications.

We utilise standard platform tools like JUnit, Espresso and XCTest to provide a comprehensive suite of automated tests. These range from testing small pieces of code to entire screens and UI.

These tests are run both automatically on commits and nightly builds and also manually whenever required. This regular testing throughout our development cycle ensures our code remains high quality.

Do you test against actual devices or an emulator?

On Android, we utilise Firebase Test Lab which can be configured to run against emulators or real devices, depending on the client’s requirements.

On iOS we use the XCode simulators during development as well as test labs.

During QA we use real devices and have a large collection of test devices available for this process.

What is your quality assurance process?

We have 3 steps to ensure our apps are production-ready.

  1. To ensure our code meets our high standards, we integrate a variety of automated checks which are run regularly throughout our development cycles.
  2. All of our code is peer-reviewed within the team to ensure we find optimal ways of solving problems.
  3. Once the app is built, we operate a manual QA process to ensure that the apps meet our specifications and perform well on real devices.

For some of our clients, we also work with outside testing teams. We are always happy about this option on top of our standard processes.

What is your UX process?

Two principles underpin our UX process. One a deep understanding of the platforms we are building for and two the belief that we should validate continuously.

We have been designing apps over so many years that we are experts in Android and iOS design. Our website has a huge number of blog posts and videos that are our way of trying to disseminate some of that knowledge to others. All of our designers and developers keep the user in mind at all times. They are always learning and questioning to better the user's experience.

We validate our UX work continuously by user testing our designs before development. This testing varies in scale, but it means that we get to make changes at the earliest and cheapest opportunity. The added benefit is that this is also where we discover a lot of new features ideas through user engagement.

Our process usually looks like:

  • Stakeholder interviews
  • User interviews
  • Initial UX directions
  • User and stakeholder validation
  • Feature design
  • Feature user and stakeholder validation

Is UX done in house or outsourced?

We complete all of our work in-house. One of the biggest reasons to use our agency over a larger outfit is that our client's value being able to work directly with the designers and developers making their projects a reality.

How quickly are new devices or new OS releases supported for mobile apps you deliver where you are responsible for business as usual (BAU) maintenance and support?

Typically new OS releases don't break backwards compatible support and operate an opt-in system. On the rare occasion these changes are critical, we begin work quickly to deploy any changes to the store swiftly. Otherwise, these updates would be integrated within our regular ongoing workflow.

More commonly, new OS releases provide new and exciting functionality, which we are always looking to find delightful and helpful use cases within our apps.

What is your approach and methodology for prioritizing feature enhancements?

We continually review feature ideas and road maps with you to ensure that they reflect current business objectives and user needs.

We then validate that priority through multiple channels including, user testing, stakeholder interviews and any available analytics.

What is the average lead time needed to introduce new services and upgraded features?

Brightec typically operates in calendar quarterly cycles, contacting each of our clients in advance to understand their expectations and requirements for the upcoming quarter. This allows us to efficiently plan our schedule and meet any client deadlines that we are made aware of. In addition to this if requested we can agree a monthly retainer model to cover more ad hoc support (see below) but to also include more regular large features updates/additions. Finally when required we can move more nimbly to move the diary around to respond to an urgent client request.

What process is in place to protect a client's intellectual property?

Our standard contract protects your Client Material IPR and warrants we will not infringe any third party intellectual property rights. Our standard contract can be shared upon request.

Are you GDPR compliant?

Yes, we are GDPR compliant as a Data Processor. As such we take the responsibility of data transport security extremely seriously but do not hold any data on behalf of our clients. We would be happy to provide a copy of our GDPR policy for review.

How do you respond to Subject Access Requests?

Brightec acts as a Data Processor as defined by the ICO. As such we are not required to action any SARs.

What is your approach to tech security?

Typically we do not provide servers ourselves, and therefore our technical security focus is within our native apps development.

We work with large financial institutions who require strict security audits of our apps. To meet these requirements, we research and implement a variety of security measures, including database encryption, SSL certificate pinning, root device detection and screenshot prevention.

The audits we are subjected to are from third-party partners, and we have always passed them due to our ongoing understanding and learning of best practices.