Build a Confidential Jewelry Catalogue App (Android & iOS first, Desktop phase 2)

Posted 2 weeks ago

Worldwide

Summary

# Mobile + Desktop Developer Needed — Confidential Jewelry Catalogue App (Android & iOS first, Desktop phase 2) ## Project summary Shree Jee Manufactures (SJM), a 22-karat gold jewelry manufacturer in Mumbai, needs a **private, access-controlled catalogue app** for showing our jewelry photo renders to buyers and showroom staff. This is **not a public app** — it's an internal sales tool with three core security requirements: 1. **OTP-gated access** — viewers can't just log in; they request access, we approve it, they get a one-time code via SMS. 2. **Time-limited sessions** — access auto-expires after a custom duration we set (2 hours / 6 hours / 1 day / 3 days). No standing logins. 3. **Screenshot/recording protection** — our designs are commercially sensitive. Screenshots and screen recordings must be blocked where the OS allows it, and any attempt must be detected and reported to us. **A complete, high-fidelity design package is attached** — including a clickable HTML prototype, exact screen-by-screen specs, full data model, recommended architecture, API surface, and a dedicated document on exactly how to implement the screenshot blocking per platform. This is a from-scratch native build using that design as the source of truth — not a from-scratch design job. --- ## Scope — Phase 1 (this engagement) **Platforms:** iOS + Android (native or shared cross-platform codebase — see stack note below) **Backend:** Full backend build included in this scope (this is not a frontend-only job) ### Must-have features **Access & auth** - Landing screen: "I have an OTP" / "Request access" - Request-access form (name, phone, requested duration) → goes to admin - Admin approves (sets duration → triggers OTP via SMS) or denies - 6-digit OTP entry → verified server-side → time-boxed session created - Live "time remaining" indicator in-app; access auto-expires server-side (not just hidden client-side) - Admin can revoke an active session early **Catalogue browsing** - Home: 6 top-level collections (sections), each with sub-categories and design counts - Design grid (render thumbnail, design number, weight) → design detail (full render, specs list) - Search by design number - Full category taxonomy and field structure is defined in the attached data model — please follow it exactly (it includes the design-numbering scheme). **Admin (same app, admin role)** - Add new design (image upload, category, sub-category, design number, weight) - Edit design (number, weight, and arbitrary spec fields — e.g. Stone Type, No. of Stones, Stone Weight, Gold Purity — schema-less key/value, not fixed columns) - Dashboard: pending access requests, active sessions (live countdown, revoke button), security alerts feed **Security (the hard requirement — read the attached `SECURITY_screenshot_blocking.md` before quoting)** - Android: hard-block screenshots and screen recording on protected screens (`FLAG_SECURE` or framework equivalent) - iOS: detect screenshot attempts (can't be blocked — OS limitation) and redact the screen live during recording/mirroring; report both to admin - Every capture attempt logged with user, design, timestamp, and pushed to the admin alerts feed - Images served via short-lived signed URLs only — never public URLs, never cached to disk in plaintext ### Out of scope for Phase 1 - Desktop app (macOS/Windows) — planned as a follow-on phase once Phase 1 is live and proven, reusing the same backend - Public app store marketing/ASO — this will likely be privately distributed (Apple Business Manager / Android managed Play or MDM), not a public listing --- ## Recommended technical approach The attached `ARCHITECTURE.md` lays out two acceptable stacks — please pick one and justify it in your proposal: - **Flutter** (iOS + Android, with a clean path to Desktop later from the same codebase) — generally the better fit if Desktop is coming in Phase 2. - **React Native** (+ Expo) — fine if that's your stronger stack; Desktop would later be a separate Electron app sharing components. **Backend:** REST API (Node/NestJS, Django, or similar — your choice), PostgreSQL, object storage (S3-compatible) with signed URLs, SMS OTP via Twilio or MSG91, push notifications via FCM/APNs for admin alerts. Full suggested API surface is in the architecture doc — please follow it or propose changes with reasoning. **Not acceptable:** a Capacitor/Cordova webview wrapper as the primary approach — screenshot blocking in webviews is unreliable, especially on iOS, and defeats the purpose of this app. --- ## What's provided to you - Complete design handoff package: `README.md`, `ARCHITECTURE.md`, `SCREENS.md`, `DATA_MODEL.md`, `DESIGN_TOKENS.md`, `SECURITY_screenshot_blocking.md` - Clickable HTML prototype showing every screen and interaction - Captioned screenshots of all 12 screens - SJM logo + one sample jewelry render (production renders to follow; placeholder/reused image acceptable for development) These docs are written to be self-sufficient — please read all of them before quoting, especially the security doc, since it directly affects your estimate. --- ## Budget & engagement - **Budget band:** ₹25,000 for Phase 1 (Android + iOS + backend + admin panel), fixed-price preferred with milestones, or hourly with a not-to-exceed cap. - Please quote against the **suggested build order in `README.md` §7** (backend + auth first, screenshot blocking proven on one platform early, then catalogue, then admin, then polish) — I want to see security de-risked early, not left to the end. - Milestone-based payment preferred: e.g. (1) backend + auth/OTP flow working, (2) Android screenshot blocking proven + catalogue browse, (3) iOS parity + admin panel, (4) full QA + store/MDM submission prep. ## What to include in your proposal 1. Which stack (Flutter vs React Native) and why, given Desktop is coming later 2. Your approach to the iOS screenshot limitation specifically — confirm you understand it can only be detected, not blocked 3. A rough hour/cost breakdown against the 4 milestones above 4. Two or three examples of apps you've shipped with OTP auth and/or screen-capture protection 5. Confirmation you can do SMS OTP integration (Twilio/MSG91) and signed-URL image delivery --- *Attach the full `SJM_Jewelry_Photo_Catalogue_Developer_Files.zip` design package when posting this job.*

  • $250.00

    Fixed-price
  • Intermediate
    Experience Level
  • Remote Job
  • Complex project
    Project Type
Skills and Expertise
Mandatory skills
Android App Development
Activity on this job
  • Proposals:5 to 10
  • Last viewed by client:2 days ago
  • Interviewing:
    5
  • Invites sent:
    3
  • Unanswered invites:
    1
About the client
Member since Feb 3, 2020
  • India
    8:11 PM

Explore similar jobs on Upwork

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo