Mobile application development — architecture, integrations and technical execution

Mobile applications today are not merely an additional communication channel but a key element of digital transformation and business efficiency. Their role extends far beyond informing users — they automate processes, increase engagement, provide direct access to services and deliver insight into the real needs of the market. Companies that invest in mobile application development build competitive advantage through innovation, faster response to change and stronger connectivity with users, partners and employees.

Prolink develops mobile applications for Android and iOS platforms using the Ionic framework as the primary technological foundation. Years of experience developing applications for clients in the public sector, tourism, logistics, hospitality and finance enables a deep understanding of the specific technical and business requirements that differ from project to project.

Ionic as the technological foundation of hybrid development

Ionic is an open-source framework for developing hybrid mobile applications that uses web technologies — HTML, CSS, TypeScript and Angular or React as frontend frameworks — to build applications that run on Android and iOS platforms from a single codebase. Instead of platform-specific native code, Ionic applications use a WebView component that renders the interface inside a native container, while access to device functions is achieved through the Capacitor layer that bridges JavaScript and the native APIs of each platform.

Capacitor, which replaced the older Cordova approach, provides direct access to native functions such as the camera, geolocation, push notifications, Bluetooth, biometric authentication, the file system and device sensors. For cases that require deeper native integrations, custom Capacitor plugins can be developed in Swift for iOS or Kotlin for Android. This architectural approach retains the advantages of a shared codebase while not restricting access to platform-specific capabilities when the project demands them.

The key business advantage of the Ionic approach is the ability of a single development team to maintain one codebase for both platforms, which reduces development costs and shortens delivery time. In addition, web developers with experience in TypeScript and modern JavaScript frameworks can quickly contribute to mobile application development without requiring specialist training in Swift or Kotlin.

Application architecture and state management

The architecture of an Ionic application is based on a component structure where each screen or functional block represents a separate component with a clearly defined interface to the rest of the system. Application state management relies on reactive patterns — RxJS observables for managing asynchronous data streams and NgRx or similar store libraries for centralised management of global application state.

The separation of business logic from the presentation layer is implemented through service classes that encapsulate communication with the API, local storage and external systems. This approach simplifies testing because each component can be tested in isolation, and business logic independently of the UI layer. Lazy loading of modules reduces the initial load time of the application because the code for individual sections is loaded only when the user navigates to them.

For applications with more complex offline requirements, local storage is implemented through SQLite or Ionic Storage which abstracts platform differences, along with data synchronisation strategies that execute when the application regains a network connection. This architecture was critical in the development of the Autoškola Rusan application where test content must be available without a network connection, and in the Skipper4you employee application where field work involves intermittent connectivity.

API integrations and backend communication

Communication between the mobile application and backend systems takes place primarily through a REST API returning JSON data, which is the most common model due to its simplicity of implementation and broad support. For projects that require complex queries across multiple relational entities and wish to reduce the number of round-trip requests to the server, GraphQL is used — it gives the client control over precisely which data needs to be fetched. The SOAP protocol is applied in integrations with legacy enterprise systems that do not support a more modern API design.

Authentication is implemented through the OAuth2 protocol, which separates the authorisation server from resources and enables secure delegation of access without sharing user credentials. JWT tokens are used for stateless authentication sessions — the token is signed on the server, and the client attaches it to every request, eliminating the need for session state on the server and facilitating horizontal scaling. The refresh token mechanism ensures that users do not need to re-enter login credentials, while the short lifespan of the access token limits exposure in the event of a compromise.

For applications with real-time requirements — such as the taxi application developed for Cammeo where vehicle location tracking is a critical function — WebSocket connections or Firebase Realtime Database are used, enabling server-to-client data push without the need for polling mechanisms.

Application security and data protection

The security of a mobile application spans several layers that together form a defensive system. At the transport layer, all communications take place exclusively through TLS 1.2 or newer, and certificate pinning prevents man-in-the-middle attacks even when an attacker controls the network infrastructure. At the storage layer, sensitive data — tokens, keys, user credentials — is stored in the iOS Keychain or Android Keystore, which are encrypted and isolated from other applications on the device.

Biometric authentication is integrated through Capacitor Face ID and Touch ID plugins that use the native security enclaves of the device without biometric data ever leaving the device. Multi-factor authentication is implemented for applications with elevated security requirements, such as the application for the Croatian National Bank where strict standards for the protection of financial and regulatory data were applied.

GDPR compliance is ensured through the implementation of consent management mechanisms, anonymisation of user data in analytics systems and the ability to fully delete user data on request. Security audits and penetration testing are carried out before the release of applications that process sensitive personal or financial data.

Testing and quality assurance

Testing of mobile applications is carried out at multiple levels that complement each other. Unit tests cover isolated functions and classes, integration tests verify the correctness of communication between components and external services, while end-to-end tests simulate real user scenarios at the level of the entire application. Automated tests are integrated into the development pipeline and executed at every commit, reducing the risk of regression errors during updates.

Testing on real devices is carried out on a representative set of Android devices from different manufacturers and operating system versions in order to capture behavioural differences that emulators cannot reproduce. For iOS testing, TestFlight is used, enabling distribution of beta versions to test users before release in the App Store. Performance testing measures application startup time, animation rendering and memory consumption to ensure a smooth experience even on older devices.

Application release and distribution

Preparing an application for release in the Google Play Store and Apple App Store involves signing the application package with certificates, configuring the permissions the application requests from the user, preparing the store listing with descriptions in all required languages, icons, screenshots and promotional materials. The Apple App Store requires manual validation of each application version, introducing a period of one to several days between submission and release, while the Google Play Store uses a combination of automated checks and occasional manual reviews with a shorter cycle.

A staged rollout strategy enables the gradual release of a new version to a percentage of the user base — for example 5%, then 20%, then 100% — limiting the impact of potential issues on the overall user base and giving the development team time to respond if analytics reveal anomalies.

Integration with business systems

Mobile applications rarely function as isolated systems — they are most commonly part of a broader digital ecosystem that includes CRM, ERP, billing systems, warehouse management systems and cloud services. Integration with these systems takes place through API layers that the backend service exposes to the mobile application, isolating the complexity of business logic from the mobile client.

For the courier service application, integration covered a delivery management system, mapping services for route optimisation and a payment system, while the Mativa Group internal resource management application required two-way synchronisation with the HR system and resource inventory. The BV Product time tracking application is integrated with an administrative interface that gives managers a real-time overview of attendance and generates reports for payroll processing. Such integrations are designed with clearly defined API contracts and error handling strategies that ensure application stability even when external systems are temporarily unavailable.

Maintenance and long-term support

Every new version of Android and iOS brings changes to APIs, security requirements and system behaviour that require application adjustments. Apple regularly introduces obligations to migrate to newer SDK versions with clearly defined deadlines, and the Google Play Store periodically increases minimum target API level requirements. Prolink's approach to maintenance includes monitoring platform roadmaps and proactively preparing compatibility updates before older versions cease to be accepted for distribution.

Analytics of user behaviour, crash report monitoring through tools such as Firebase Crashlytics and Sentry, and API performance monitoring provide visibility into the real-world operation of the application and enable the prioritisation of improvements based on actual data. The long-term sustainability of an application depends on the quality of the initial architecture — modular and well-documented code reduces the cost of every subsequent update and simplifies the onboarding of new team members.

References from practice

Prolink has developed mobile applications for clients across various sectors, each representing a specific set of technical and integration challenges. For Autoškola Rusan, an interactive application for learning traffic regulations was developed with offline support and a testing system. The taxi application for Cammeo includes real-time vehicle location tracking, an order system and payment integration. The Smart Home application implements IoT device management through secure protocols with support for Bluetooth and Wi-Fi communication. The application for the Ministry of the Interior is a multilingual information platform with a complex content structure. For the Croatian Red Cross of Zagreb County, an application was developed for organising and managing volunteers with scheduling and communication modules. The Croatian National Bank uses an application for distributing regulatory and informational content under strict security requirements. The Croatian Law Centre received an application for distributing legal information with multilingual support. For BV Product, a time tracking application was developed with a real-time administrative interface. The Mativa Group application centralises the management of internal company resources and processes. The Museum of the City of Ilok uses an AR application that enriches the museum experience for visitors through augmented reality.

Frequently asked questions about mobile application development

What is the difference between a hybrid and a native mobile application?
A native application is developed separately for each platform — Swift or Objective-C for iOS, Kotlin or Java for Android — and has direct access to all operating system capabilities with maximum performance. A hybrid application, such as those Prolink develops through the Ionic framework, uses a single codebase that is compiled for both platforms. For the vast majority of business applications, the hybrid approach provides sufficient performance with significantly lower development and maintenance costs, while native development has advantages for applications that require intensive graphics processing or deep integration with device hardware.

Can a hybrid application access the camera, geolocation and push notifications?

Yes — the Capacitor layer that Ionic uses provides access to all major device capabilities, including the camera, gallery, geolocation, push notifications, Bluetooth, biometric authentication, the file system, contacts and sensors. For specific cases not covered by existing plugins, a custom plugin can be developed in native code.

How long does mobile application development take?

Duration depends on the complexity of the functionality, the number of integrations and the scope of testing. A simpler application with informational content and a basic user module can be ready for release in four to six weeks. Complex applications with multiple integrations, real-time functionality and high security requirements take three to six months or more. The precise timeframe is defined after requirements analysis and the preparation of a technical specification.

What does application maintenance after release include?

Maintenance covers compatibility updates for new versions of Android and iOS, security patches, crash report and performance monitoring, and the implementation of new functionality. Without regular maintenance, an application may cease to function correctly on newer devices or be removed from app stores due to non-compliance with current platform requirements.

Is it possible to upgrade an existing application built in a different technology?

Depending on the state of the existing codebase, this may involve iterative refactoring or a complete redevelopment. Prolink conducts a technical analysis of the existing solution and proposes an optimal approach that balances the cost of refactoring against the long-term maintainability of the new solution.

Mobile application development as a technological investment

A well-developed mobile application is not a one-off solution but a long-term digital asset that continuously delivers business value. A properly planned architecture, modular code and documented API contracts reduce the cost of every subsequent update and extend the lifespan of the application without the need for costly redevelopment. Prolink approaches mobile application development as a collaborative process that begins with an understanding of business objectives and continues through every phase — from architectural planning to long-term technical support. For a consultation and preparation of a technical specification, contact the Prolink team.