Is My App Really Mine? Five tips for avoiding developer hijacking
Most people get a little nervous when we ask them if their app or web product is 100% theirs before taking over the work. People often realize they are too dependent on their current developer when it’s already too late or looking for a new team.
Before taking on a new project, my job typically involves quite a lot of coaching, be it on how to build an MVP, leverage UX User Studies or Design Thinking, what third-party tools offer scalable solutions, etc. But I also emphasize ownership, IP, and necessary access information, especially when a previous development team has been involved in the project.
In this article, I want to focus on making sure that your app or web product is genuinely yours from the beginning. We will cover
- Intellectual Property (IP)
- Source Code
- App Stores
- 3rd Party Accounts
Working with a professional development team is usually a pretty seamless experience. Seasoned developers will have a straightforward process that is typically secure, honest, and transparent. However, there are instances where a developer might hold an app or website hostage. Whether it’s because they do not want to lose the work, they are not a trustworthy team, or because there are disagreements during the project, developers could hold onto your app for numerous reasons.
If and when this happens, it can be disastrous. If a developer has the sole access to your app, it’s not just about not being able to make changes or updates, but you can lose money, customers, or even your entire business. Under another scenario, they could charge your exorbitant fees for providing access or making needed adjustments.
Thankfully, there are steps to take to avoid this situation. You want to make sure from the beginning that you are in total control of your app. So when you begin working with a developer, here are five crucial points to keep in mind.
1. Make sure all intellectual property is legally yours
Before working with a development company, ensure that all intellectual property (IP) will be legally yours, including source code. You will want to have legal documentation of all patents, trademarks, copyrights, and then decide which IP you will disclose to the developers.
Along with ensuring proper legal documentation of all IP, the development team should sign a non-disclosure agreement (NDA) and a software development contract. Often, IP is tied to payment. A developer will need to protect themselves from clients who do not want to pay, so a fair agreement is payment in exchange for intellectual property. The agreement should explicitly outline ownership over all intellectual property created during the project, along with requirements from both parties. By putting these measures in place before the project begins, you can ensure legal ownership of all intellectual property created during the contract.
2. Have admin access to your code
Just like having legal ownership of your IP, it’s essential to have admin access to a repository with the updated version of your code. Different repository permission levels give access to features and tasks, and the Admin level allows you to manage the individual team and team access. If the developer only gives you “Read” access, it means you can only view the site (and this is the lowest level of access). The developer may not give you access at all or remove you from the repository in case they want to hold the code away from you.
Before beginning your project or at whatever point you may be, insist on Admin access. GitHub explains more about each level of access and recommendations for who needs what permissions.
3. Own app store access and certificates
It’s important to start with the app store credentials as yours. Doing so can avoid future problems of transferring ownership. If the developer used their accounts to upload the app, it is still possible to transfer the app to you by following these instructions for the Apple app store and these instructions for the Google Play store. And no matter what a developer tells you, it is possible to transfer ownership of an app without losing any features or reviews.
On a related note, don’t forget about app store certificates. These certificates are used for distribution and submission to the app store, so they are sensitive information related to your product. It’s crucial to have Admin access to these certificates to avoid any problems in the future.
4. Maintain a list of all relevant accounts
If a developer is working on your app, it might be easy just to let them do their work and not pay attention to other relevant accounts. However, to avoid any future problems, keep track of all accounts such as Amazon Web Services or other cloud hosting services. Don’t forget about any database management services and third-party services — including anything you use for push notifications, Firebase, Twilio, all analytics, and more. Keep a running list of accounts, passwords, and access information, so you are not locked out of anything.
5. Store any relevant documentation
The developer will likely create a roadmap or guide in the app creation and deployment steps across different environments. Keep all of that information secured internally, especially for when another developer needs to take over the project. Always ask the developer for this information along the way, so you are not left without proper documentation if the relationship sours.
Keeping your app safe
Before beginning a project with a new developer, always research the company or individual thoroughly. Ask for references and speak with past customers to get a good sense of the developer’s communication preferences, past work, and attitude towards clients. It’s essential to choose the right developer who does not have a history of hijacking apps or negative feedback from past clients.
A final tip: it can be helpful to look at developer ratings in industry sites such as Clutch.co to get a better understanding of the experience and past work. Learn why December Labs ranks as a top developing firm.
If you have any further questions about this topic, feel free to reach out at firstname.lastname@example.org.