Mobile apps for federal workforces.

Federal mobile is its own discipline

A federal mobile app is not a consumer app with a different logo. It ships through an MDM. It runs on a device the user does not own. It authenticates against a PIV or derived credential. It operates where connectivity drops out — border station, VA clinic basement, wildfire perimeter, inspection site, forward base. It hits an API inside a FedRAMP boundary. It has to pass Section 508 on the first audit, not after a remediation contract. Federal mobile development is the discipline of building apps that behave correctly inside that envelope, and it is noticeably different from building a direct-to-consumer mobile product.

Precision Federal builds iOS and Android apps for federal missions: employee productivity apps, field inspection apps, evidence collection apps, clinician-facing apps, responder apps, and public-facing agency apps. We ship native where the device capabilities matter (camera pipelines, ML on device, biometrics), cross-platform where time-to-users matters more (Kotlin Multiplatform, React Native, Flutter), and PWAs where the app needs to live across desktop, tablet, and mobile without three codebases.

Why this matters federally: mobile is the front door to most modernization initiatives — TSA PreCheck, VA Health and Benefits, myUSCIS, USDA inspection tools, CBP One. The agencies with the best mobile experiences see real adoption and real mission impact; the ones with 2.1-star App Store reviews see neither.

The federal mobile stack we use

• iOS native: Swift 5.9+, SwiftUI for new surfaces, UIKit where the existing estate lives. Combine or async/await for concurrency. Core Data or SwiftData for local persistence. SwiftPM for dependencies.
• Android native: Kotlin, Jetpack Compose for new UI, classic XML + ViewModel for inherited code, Room for local DB, Hilt for DI, WorkManager for background sync, DataStore for preferences.
• Cross-platform: Kotlin Multiplatform (shared business logic + platform-native UI), React Native (New Architecture, Hermes), Flutter 3.x where UX parity across platforms is the priority.
• MDM integration: Microsoft Intune App SDK, IBM MaaS360 SDK, VMware Workspace ONE SDK, BlackBerry Dynamics. App protection policies (APP), conditional access, and compliance attestation.
• Authentication: PIV-D (derived credential) via Entrust or Intercede, YubiKey USB-C/NFC for hardware-backed MFA, FaceID/TouchID and Android BiometricPrompt for step-up, federated SSO via Okta or Azure AD Gov.
• Offline and sync: SQLite (Room, Core Data, GRDB), WatermelonDB, Realm. Delta sync with optimistic UI; server-authoritative conflict resolution; signed local caches with device-bound keys.
• Accessibility: VoiceOver, TalkBack, Dynamic Type, Large Text, high-contrast modes tested in CI and manually. UX/UI design partners on every build.
• Delivery: Fastlane, Xcode Cloud, GitHub Actions, Bitrise. Automated device-farm testing via BrowserStack or AWS Device Farm. Signed builds deployed to Apple Business Manager and Google Managed Play.
• PWA: service workers with Workbox, IndexedDB via Dexie, background sync, installability via Web App Manifest. USWDS components where applicable.

Security and compliance on the device

Federal mobile apps carry controls that consumer apps ignore: jailbreak/root detection, certificate pinning, secure enclave-backed key storage (iOS Secure Enclave, Android Keystore with StrongBox), app-level encryption in addition to the OS data protection, screenshot and screen recording prevention for sensitive screens, copy-paste restriction via APP policy, tamper detection, anti-reverse-engineering hardening, and crash reporting that strips PII before transmission. We build with these on from the first commit.

Federal deployment considerations

• App authorization: the mobile app is usually one component inside a larger system's ATO boundary. We document the client's data flows, local storage, and auth boundaries for inclusion in the SSP. See ATO engineering.
• MDM posture: agencies standardize on Intune (most civilian), MaaS360 (DoD), or Workspace ONE. We test against the agency's specific MDM profile early to catch restrictions that break features.
• Section 508: accessibility is a launch gate, not a fix-it-later item. WCAG 2.1 AA as the baseline, with agency-specific guidance layered on.
• Store submission: Apple and Google review add weeks to any public launch. Internal/enterprise distribution bypasses this but still requires agency security review.
• Privacy and data minimization: PIA, SORN, and privacy threshold analyses get drafted with the mission owner. Only necessary PII is collected; only necessary permissions are requested.

Where this fits in Precision Federal engagements

Mobile development pairs with backend development and API design for the server side, UX/UI design for the interface, and identity and access management for PIV/derived-credential flows. Typical engagements: build an iOS app for a federal inspection workforce, modernize an Android app inherited from another vendor, add offline mode and biometric auth to an existing federal employee app, or deliver a PWA that hits every platform a federal workforce uses.