HTML5 is widely expected to become the technology of choice for future mobile application development, as mobile platforms become increasingly fragmented, but the technology is not a panacea, according to David Akka, UK managing director of Magic Software.

HTML5 is the latest iteration of the HTML standard, used for building and deploying web content. While previous versions of HTML were designed primarily for marking up text-based content, HTML5 is much more interactive, allowing web developers to take advantage of new capabilities such as 3D graphics rendering and gesture control without the need for plug-ins.

Most smartphones and tablets now come with built-in browsers, allowing developers to create sophisticated HTML5 applications that can be deployed on multiple platforms, rather than having to build separate versions for iOS, Android, Windows Phone, BlackBerry and so on. HTML5 can also be used to build hybrid applications, which behave like native apps but have HTML5 inside.

The drive toward HTML5 application development comes from the right place, according to Akka. Developing for multiple mobile platforms means learning the native language of different vendors, each of whom has a completely different stack, different testing, different development paradigms and processes; so the cost of developing multiple platforms natively is substantial.

However, this does not mean the technology is ready for every implementation and, in particular, issues around security, synchronicity and the fact that it is an evolving standard can make it an unsuitable option for enterprises, said Akka.

“In the last 8 months, there has been a huge hype around HTML5 – this is now the secret ingredient for every successful mobile implementation,” he said. “Although we believe there is a lot of good stuff coming out of HTML5, we feel the need for caution.”

HTML5 has its own pitfalls

Akka said that the real issue with HTML5 is that it is still HTML. This means that it is open to many of the same security vulnerabilities as previous iterations of the standard, including SQL injection, which is the number one risk to web applications, according to Trustwave's latest Global Security report.

“At the end of the day this technology was not built to take data from an enterprise and try to use that on the go. It was more about content display, it was more about the viewing of pages, an organisational portal and things like that. Not really designed well for a transaction-based area,” said Akka.

Furthermore, it needs a large amount of bandwidth in order to synchronise the downloading and refreshing of different objects. If bandwidth is constrained – as is often the case when using 3G networks during peak hours or when signal is week – objects can become misaligned. For example, a Facebook tag of a friend might appear on the wrong photo.

The implications of this are particularly worrying in a business context, according to Akka. For example, if a business manager using a purchase order approval app on a mobile device receives the request to approve or reject a PO before the cost breakdown comes through, he could end up approving it without full knowledge of the facts.

“You think that there is obviously a bug in the software. You start looking into the code and you do testing and everything seems right, and then you start applying patches. Eventually you end up putting bandaid on top of a bandaid on top of another bandaid,” said Akka.

“This is very much the same as the situation 10 years ago when e-commerce came out. You used to shop, shop, shop, and put it all into your basket, but it would never get to the basket. This is a characteristic of HTML's infrastructure.”

Akka said that the synchronisation problem would probably disappear with the advent of 4G technology in the UK, but warned that companies need to be cautious about using HTML5 in the meantime.