Insights

In our increasingly digital world, Australian government agencies and departments are recognising the importance of providing efficient and accessible services to citizens through mobile applications. Designing and building a government mobile app presents a unique set of challenges and opportunities, as it requires balancing user experience, security, and regulatory compliance. In this article, we’ll delve into the intricacies of creating a government mobile app, exploring the key considerations you’ll need for ensuring a seamless user experience while upholding government standards and protocols.

From streamlining administrative processes to enhancing citizen engagement, government mobile apps have the potential to revolutionise the way public services are delivered. However, achieving success in this endeavour requires careful planning, robust design principles, and adherence to strict security protocols. Join us as we discuss how to meet the accessibility guidelines and legislation, how to meet data sovereignty and security expectations, and how to prepare for future political change.

Meeting the Accessibility Guidelines

Every Australian citizen is a unique and special individual. While it is easy to design to the abilities of the majority, development teams must design and develop mobile apps to be accessible and usable by those who are less able.

In Australia, we’re lucky that the Federal and State governments don’t just recommend a level of digital accessibility; they legally require it! As part of the [Disability Discrimination Act 1992](https://www.dta.gov.au/help-and-advice/digital-service-standard/digital-service-standard-criteria/9-make-it-accessible), Australian Government agencies are required to meet the Web Content Accessibility Guidelines (WCAG) Level 2.1. Each of the State Governments typically also have policies that require a similar accessibility standard for any new or significantly updated applications.

It’s also worth remembering that accessibility doesn’t just cover physical and mental ability. Accessibility ensures that:

• Your application can be easily translated into additional languages, if required.
• Your application’s content is written in language that is easily understandable at a very low literacy level.
• The user experience (UX) does not require the user to have a high digital literacy. All buttons and controls should be quick to interpret and perform the action their icon represents.

Once you’ve followed those steps, it’s a great idea to have some knowledgeable users or agencies perform a periodic review of your app for accessibility. By fixing up any problems from the review, you can rest easy knowing that you’ve created an accessible app.

Services Used Must be Located in Australia

When building a mobile app and its surrounding architecture, one of the earliest and largest problems you’ll face with a Government IT project is data sovereignty. The Digital Transformation Agency’s whole-of-government Hosting Strategy enforces that Australian data must be stored on Australian soil. 

What does this mean for you?

• Your cloud platform’s region(s) must be in Australia (i.e. Azure Australian East).
• Your application cannot send telemetry information to a service that stores their data outside of Australia.
• Any testing tools, source code repositories, static code analysis tools and all other services your team needs to develop also need to have Australian servers.

Be prepared that you may need to lower your software standards and use a tool with lesser features just so that you can meet this requirement.

Secure Usage and Storage of Data

These days, most people expect that when they download an app, their data will be immediately passed on to or sold to third parties. But when it comes to Government apps, people expect that their data will never leave the end system, and never passed to an unknown third party. In one of the government apps we created, the Privacy Statement was by far the most clicked link in the app, showing that users were incredibly interested in what data was sent, and where it was sent to.

With people caring so much, it’s important to ensure that the data that you obtain is sent, stored, and managed correctly and securely. If your solution needs to retrieve or obtain user data and store it locally, you should be encrypting and storing it using iOS’ Secure Storage, or Android’s Keystore system.

If your app provides authentication, consider using password-less authentication, or Proof Key for Code Exchange (PKCE) authentication with OAuth 2.0.

If your app passes Personally Identifiable Information (PII) like a name, email address, phone number, or a health care identifier to an API, your solution should be encrypting the data at rest, and ensuring that your backend API only accepts authorised and validated requests from your application. If you’d like to truly ensure that only your mobile application can access your API, consider looking for a Mobile App Attestation product or service: they’ll ensure that only a known and untouched production release can communicate with your API.

Prepare For a Change in Government

You’re about to make a brand new app! Why are we thinking about its demise?

Every four or so years, there could be a change in Government. When this change occurs, there are a few directions that can happen for any tech solution:

• The app continues with the same funding
• The app continues with no new funding
• The app’s development is stalled, and the app is removed from the stores
• The app and its infrastructure are shifted to a new or different department/agency

Knowing that these results could occur from a change in Government, it’s worthwhile being proactive when deciding on your solution design and architecture. The following questions will help you to handle the above cases:

1. Are your users storing or adding any data? If your app is removed, how will they get this data? Can they move it to another app? Download it?
2. Can the app’s infrastructure be easily shifted or redeployed into a new tenancy? 
3. If the infrastructure is shifted to a new tenancy, how will the app know that the infrastructure has moved (and point to the new address)?
4. How will users be alerted? Is there any in-app notification system that can be utilised?

Above, we’ve discussed the concepts and problems you may face when developing or designing a mobile application for an Australian Government department or agency, and how to plan for and work with them. While the policies we’ve discussed can make your solution more complex or convoluted, just remember that they’re there to make your life better too!

Here at Chamonix, we’ve had a lot of experience in creating mobile apps for government departments and agencies. If you need help in getting yours off the ground, contact us today!