Recently, one of our clients approached us about implementing an offline mode for our Smart Time mobile apps (native iOS and Android). They had gotten the request from a few of their attorneys, who wanted to enter time on a plane or some other remote place lacking data or an internet connection.
Smart Time does not have an offline mode—we decided a long time ago that, for security reasons, we would leave no data or configuration files on a device once the session ended. Everyone knows that phones and tablets get lost all the time. There’s no reason in the world compelling enough for us to create software that makes law firms vulnerable.
Nevertheless, the firm pushed us to explore what would be involved to make Smart Time work in offline mode. They were quick to note that one of our competitors had an offline mode. We talked to the attorneys in the firm who made the original request so that we could listen to them and probe further to find out exactly what they needed. (We love listening to our clients.)
We roughed out a game plan on how to attack it. It involved storing a local copy of the data and active time entries on the device. In the end, there is no way around it—it is all there for the hackers.
As a software company, it’s one thing to engineer a solution—it’s another thing altogether to know when not to build it. Technical ability does not take the place of wisdom, and in our many years of experience, leaning on wisdom and setting priorities for our products—so that they are both the best and most secure—is the territory we prefer to inhabit.
As for how the story ends with that client? They decided not to go forward with the offline project. Security won the day, and I’m glad it did. After all, it’s a new world out there, and you really can’t be too careful.