How to Secure Ownership Rights for Your App’s Code
Topic: Guides
September 6, 2024
Recently, we once again heard from a client that their previous team is refusing to provide access to the code they paid for, and they are now having to take legal action.
So, today I’ve decided to set aside my other tasks and create a guide for app owners on how to safeguard themselves against this type of outrageous incident.
It goes without saying that this vendor's behavior violates every possible IT industry service standard, as well as the ethical norms of the profession. The commonly accepted norm is as follows.
In any reputable development company, this principle is embedded in all procedures, starting from contract templates to the way any project info is stored. But how can you be sure that the vendor you've chosen operates this way?
✔️ I’ll provide you with a simple checklist with key points to verify at the start of a collaboration and project launch.
But first, let me share the client story I mentioned to illustrate what the problem looks like once you're already caught in it.
Scenario That It’s Best to Avoid
I will change some details for confidentiality reasons, but overall, this is a very typical story.
Real-Life Story
A client from Italy hired an outsourcing company to develop a mobile app. The project progressed to the stage of an MVP - the first version of the app with basic functionality, ready for user release.
At this point, the client decided to pause in order to conduct additional research. A few months later, when they tried to contact their team, they discovered that the vendor company no longer existed, and the project had been transferred to an affiliated legal entity in another country.
That team immediately demanded a threefold increase in the hourly rate to resume the project and refused to grant access to the app's code to the client or any other developers.
Outcome
The client is engaged in a legal proceeding with a non-existent company in another country, with unclear prospects ahead. Time and funds have been wasted, the release won't happen on time, and they may need to just accept the situation and start from scratch.
Steps to Ensure This Never Happens
Is there a way to give you peace of mind and ensure that you’ll always have full control over the code and the app, no matter what might happen? Absolutely!
Let me stress again that most development companies are dependable partners, and such concerns are inconceivable to them or won't impact their obligations to their clients.
However, since even a minimal risk of such an outcome remains, you should be prepared and protected from the start. Plus, it's quite simple, and I’ll explain how right now.
Step #1. Source Code Repository: Always Use Your Personal Account
The code repository stores the complete codebase of an application along with project-related data like documentation, tests, scripts, and changelogs. Popular repository examples: GitHub, GitLab, Bitbucket.
Needs to Be Done
It's essential for the client to open their own account in the code repository and connect it to their own email. In Cyfrania, our developers guide every customer through the steps.
As a result, regardless of the circumstances, you will always retain access to the code. Moreover, you'll have the power to grant or deny developers the ability to contribute to your project.
Bad Idea
The worst thing you can do is let everything run its course and allow your codebase to be tied to a developer's account, leaving you fully dependent on their willingness to grant access.
Without codebase access, you won’t be able to enhance or support the app using a new team of developers, even if you are managing the current live app version.
Step #2. Databases: You Must Know the Access Credentials
All the data your app operates with, such as your inventory, product catalog, supplier, or customer database, etc., is stored in one or multiple databases.
Needs to Be Done
You must know where your databases are hosted and all access credentials - usernames and passwords. In Cyfrania, we store this data in the project folder, which is accessible only to the client and the directly involved developers.
Bad Idea
Neglecting to understand these details and confirm the credentials with your developers could result in losing access to a crucial business asset: your painstakingly built user base and other essential data.
Step #3. Third-Party Services: You Must Know the Access Credentials
Typically, an app relies on external services to perform certain functions. For example, a website may connect to Google Analytics for traffic reports, to payment gateways like Stripe for purchases, or to Shopify if it manages your inventory.
Needs to Be Done
You need to know the access credentials for all third-party services linked to your app. At Cyfrania, we always use the client's email as the login, provide the client with the password, and store all this information in a password-protected project folder.
Bad Idea
If you haven't ensured that you always have a copy of the file with all current credentials and your app loses access to third-party services crucial for your users, it can have a severe impact on your business. For example, imagine customers on your website being unable to complete their purchases.
Step #4. App Hosting: You Must Know the Access Credentials
The app’s backend runs either on-premise or on cloud hosting platforms, such as Firebase, DigitalOcean, or AWS. This hosting location may or may not coincide with the location of your databases. Sometimes, the app is hosted across several different platforms simultaneously.
Needs to Be Done
Make sure you have the access credentials for every platform hosting your app. At Cyfrania, we store all app-related credentials in a password-protected project folder, forever. Even years later, we help clients recover access if they need it.
Bad Idea
If you don't know this data, you won't be able to manage your app - edit your website content, monitor load and performance, and so on.
What About the Vendor Contract?
Of course, the vendor contract must contain a clause clearly declaring that the ownership of the code, as well as any other results of the service, like prototypes, design mockups, etc., is assigned to the client.
Here's how it appears in Cyfrania's contract template.
This ensures that you can protect your rights in court if unfavorable circumstances arise. However, it's clear that by this stage, the client has already endured substantial damage, including lost time and budget on dishonest developers, plus the upcoming court costs.
Therefore, we highly advise that you follow the preventive measures described above in addition to signing the contract.
This ensures that you won’t rely on the vendor's goodwill and will maintain full control over the codebase and all application components, no matter how your relationship evolves.
Done! Let’s Just Wrap It Up Into a Concise Checklist
You can download this checklist in either DOC or PDF format.
I genuinely hope you make the most of these tips, with full support from your development team which is committed to the highest professional and ethical standards.
Just like we do at Cyfrania! If you are still looking for developers or need guidance or support, we are always available to help.