Trust was the thing we were really optimising for. At the time, the honest read on government apps was that people felt safer when things were actually native on iOS and Android — not one cross-platform UI that looks like neither — so that’s the direction we took.
I sat with the iOS and Android devs and kept each build feeling like it belonged on that platform. Day to day I was mostly in four areas:
Biometrics & permissions
Accessibility (WCAG AA)
Onboarding & UX copy
Design library
Biometrics and permissions. Face ID, Touch ID, Android biometrics — the full sign-in path — with prompts staged so the first open didn’t feel like twenty pop-ups in a row. If biometrics flaked, you could still fall back to a PIN and keep going.
- Flows that look like banking and the OS settings helped with the “is this dodgy?” gut check.
- If a scan failed, you weren’t dumped back to square one.
Accessibility. We hired specialists and ran sessions with people who use assistive tech day to day. I helped frame the research, sat in, then patched the designs from what we heard. WCAG AA behaviour and focus order went into the specs so screen reader paths weren’t an afterthought.
- No mystery meat controls or focus jumping all over the place.
- The a11y bar was in the documentation early, not a panic before launch.
Onboarding and copy. First run was mine end to end: account, email check, PIN, biometrics, first cert. I wrote the validation, hints, and errors for the lot (email, passwords, DOB, PIN mismatch, etc.) so a mistake read as “fix this” instead of “you broke it.”
- You could recover from a typo without rage-quitting setup.
- Copy stayed blunt: what we’re asking, why, what happens next.
Design library. I put in tokens and components — colour, type, 8px grid, SF Symbols, buttons, inputs, lists, the native bits, plus certificate tiles so more than one cert didn’t turn the home screen into a mess.
