Why HTML5 is not the choice for enterprise mobility
27th Feb 2012 | 15:00
David Akka, UK MD of Magic Software, explores the buzz around HTML5 and why it may not yet be the right choice for enterprise developers
HTML5 is being hailed as the programming language that will not only enable developers to achieve multi-purpose web application development, but ultimately solve many issues facing mobile development.
As a result, the buzz around the technology is intensifying, further proof of which came from a recent survey of 1,200 developers, which found that 75 per cent are using, or plan to use, HTML5 for app development. Perhaps this is partly due to recent accolades, such as Adobe’s public denouncement of Flex in favour of HTML5, hailing it as the best technology for creating and deploying rich content to the browser across mobile platforms.
HTML5 offers some real advantages in the consumer space and for tools such as social media and video. However, the reality is that it’s not mature enough as a tool for business applications. Issues such as security, synchronicity and the very fact that it’s an evolving standard make it an unreliable option for enterprises. Consideration of these pain points offers a reminder that, while the future may be an HTML5 one, right now it’s not the panacea for mobile development. Moreover, for those looking to mobilise their enterprise applications, the priority is that sensitive data is kept safe, and applications perform as they should.
The security of data is a key concern, and the vulnerabilities that we associate with HTML applications – phishing, malware and denial of service attacks – still apply. In its new 2012 Security Threat Report, Sophos cites that HTML5 offers cyber criminals “new ways to trick people into passing on potentially sensitive data or installing malware”, and that “the sophisticated presentation layers that can be created using HTML5 ‘blur the lines’ between what's running on the device and what's on the internet”.
A common example is when using a Facebook iPhone application and receiving a notification that a ‘friend’ has tagged a photo of you. Since the 3G coverage in your area is weak, you might not recognise yourself in the picture, or else the tag has come through before the picture. A comparable business context could be using a PO approval app on a mobile device that runs on HTML5, and receiving a request to approve or reject it before the cost breakdown comes through. This would effectively mean approving without knowledge of the full facts. While for social media apps there may be less severe consequences, in the enterprise there is far more sensitive data at stake and huge implications for the business if things go wrong.
The very fact that HTML5 is an evolving standard means it's not a ‘model de facto’, but a technology that is still in its infancy stages. The World Wide Web Consortium (W3C) will not finalise the definition of the HTML5 standard for several more years, which poses significant levels of uncertainty around its validity and reliability. For example, given the issue with synchronisation between objects, developers will find they constantly have to patch problems when HTML5 doesn’t perform as it should, which will cost money and time. Unfortunately, when working with an immature technology, an entire code can very quickly become unmanageable. Certainly when 4G arrives in the next four to five years, many of these concerns will evaporate, but until then we have to consider HTML5 in the context of 3G, and therefore not a foolproof technology.
In four to five years time, when 4G will be widely available, HTML5 might well have matured enough to be seriously considered for a range of different development purposes, including as a tool for business applications. Until then, in order to successfully develop for enterprises, it's more sensible to opt for something that can run natively. This means applications can be optimised to the programming interface that a specific device platform offers. Mobile application platforms are built on the same premise as HTML5 – develop once, deploy anywhere – but they have none of the above mentioned issues around security and synchronicity, and so offer a much safer option until HTML5 technology matures.