Describe the impact this engagement has had on your business.
I went through social media marketing, network marketing, and seminars, and I acquired a lot of users within three months of going live. However, my application was later completely hacked. There was an intrusion in the database, and I immediately got in touch with AWS to understand what had happened.
After the audit done by a couple of consultants I contracted—along with the AWS consultants—it appeared that the application hadn’t been properly deployed to the servers. Their report noted that there’s an instance in AWS that should’ve been used to protect and back up the database. The Yudiz engineer who deployed the application didn’t deploy the database, so it wasn’t sitting in the instance of AWS. For this reason, I lost all my users and my application.
It had a huge impact on my business. I lost all the users I’d acquired over time. Yudiz deployed the application, but they didn’t close the port, so everyone could access the database through FTP. That was indicated by AWS, which sent me a couple of emails. Yudiz didn’t deploy the database into the Relational Database Service (RDS) instance of AWS. They kept the database on their servers, but without backup.
The application is completely buggy, and I’ve closed it on the app stores. All the effort I spent over 18 months in order to get this business started is gone. This was because of a simple mistake that could’ve been prevented if Yudiz had deployed the application jointly, in a secure RDS instance, and had closed the port. I’m very frustrated. I’ve lost my business.
I spoke to an agent of a privacy office, and I got in touch with all the users I could, which has been time-consuming for me. I shared the code with two auditors, and they told me it was buggy. It’s difficult to ask a company to jump in and work on the code from another developer. Every company I approached proposed starting from scratch, which may also be because they wanted a larger contract. I’ve already spent around £35,000 on this project, not only for Yudiz’s work, but for everything around it, from the website to marketing, the AWS infrastructure, and all the privacy office fees I had to pay.
How did Yudiz respond to any issues that arose?
I forwarded the emails I received from AWS to the CEO of Yudiz, and he told me it wasn’t their responsibility. I tried to communicate with them so they could repair my issue. It was difficult to make Yudiz understand what was happening, so they just pushed back, saying they weren’t responsible for third-party components.
I wasn’t asking them to take responsibility on that, but they made a mistake deploying the mobile app securely to AWS without considering the guidance and instructions given by AWS for deploying the app, specifically on making sure it isn’t made open to the public.
How was project management handled?
The fixed-price contract they signed with me included a project manager, but there wasn’t one assigned. There were only a couple of developers working offshore, and I wasn’t talking to them. The communication was very difficult, as everyone was working over Skype and the connectivity was quite poor. Because there was no project manager assigned, I had to manage the developers. I didn’t even see a project management plan.
We had a very difficult relationship, they didn’t deliver up to standards, and I was coming across multiple instances of requirements taking multiple iterations to complete. It took about a year to complete a mobile app that should’ve been done in six months.
I had communication issues with their team, and the developer wasn’t very competent. My database was hacked, and I didn’t even have access to the database, which was on their servers.
Is there anything that the vendor did well or that you would consider a strength?
No, I can’t think of anything.
Have they taken any steps to resolve the situation?
They told me I needed to pay them more money for them to resolve the situation. I wasn’t asking them to take on the responsibilities of AWS, but AWS isn’t responsible for databases that aren’t stored in an RDS instance.
When I approached them and asked whether they had any backups, they told me they didn’t, but that they could deploy the release they’d deployed one year ago. I told them to go ahead and do it but, when they did, there were no users anymore. It didn’t make sense to have a mobile application with zero users after 18 months, where I’d had 10,000 users before.
This company is based in India and I’m based in London, so it’s very difficult to start a legal process. I don’t want this to be repeated with other customers. It may not be a problem with Yudiz as a whole, but with one of their employees who did this incorrectly. I’m completely dissatisfied, and I don’t understand how their founder isn’t willing to come to a compromise. I’ve been completely penalized. I paid Yudiz for nothing.
What advice do you have for clients with similar needs to yours?
I wanted to share this information because it’s important for future clients to know that they should look at the deployment package before sending it to their hosting service. The solution went live, and we encountered several issues after that, which they tried to remediate. That was going on live, while I was acquiring users through marketing. The success of a mobile app is based on the volume of people we’re attracting.
If the client is looking to work in a fixed-price manner with an offshore team, they have to make sure there’s a collaboration platform available to exchange documents. Secondly, they should be aware of the fact that there’s a lot of handholding involved. When we’re not in direct touch with people, the communication has to be very clear, and there needs to be a real project manager involved, who’s able to monitor the activity and serve as the single point of contact for the client.
Another important aspect is to have an AWS consultant involved from day one, who can monitor what’s being done on the servers and ensure that the guidance given by AWS is respected when touching servers or changing instances.
Lastly, it’s important for clients to perform a quality check of the work before paying.