Build a Confidential Jewelry Catalogue App (Android & iOS first, Desktop phase 2)
Worldwide
# Mobile + Desktop Developer Needed — Confidential Jewelry Catalogue App (Android & iOS first, Desktop phase 2) ## Project summary Shree Jee Manufactures (SJM), a 22-karat gold jewelry manufacturer in Mumbai, needs a **private, access-controlled catalogue app** for showing our jewelry photo renders to buyers and showroom staff. This is **not a public app** — it's an internal sales tool with three core security requirements: 1. **OTP-gated access** — viewers can't just log in; they request access, we approve it, they get a one-time code via SMS. 2. **Time-limited sessions** — access auto-expires after a custom duration we set (2 hours / 6 hours / 1 day / 3 days). No standing logins. 3. **Screenshot/recording protection** — our designs are commercially sensitive. Screenshots and screen recordings must be blocked where the OS allows it, and any attempt must be detected and reported to us. **A complete, high-fidelity design package is attached** — including a clickable HTML prototype, exact screen-by-screen specs, full data model, recommended architecture, API surface, and a dedicated document on exactly how to implement the screenshot blocking per platform. This is a from-scratch native build using that design as the source of truth — not a from-scratch design job. --- ## Scope — Phase 1 (this engagement) **Platforms:** iOS + Android (native or shared cross-platform codebase — see stack note below) **Backend:** Full backend build included in this scope (this is not a frontend-only job) ### Must-have features **Access & auth** - Landing screen: "I have an OTP" / "Request access" - Request-access form (name, phone, requested duration) → goes to admin - Admin approves (sets duration → triggers OTP via SMS) or denies - 6-digit OTP entry → verified server-side → time-boxed session created - Live "time remaining" indicator in-app; access auto-expires server-side (not just hidden client-side) - Admin can revoke an active session early **Catalogue browsing** - Home: 6 top-level collections (sections), each with sub-categories and design counts - Design grid (render thumbnail, design number, weight) → design detail (full render, specs list) - Search by design number - Full category taxonomy and field structure is defined in the attached data model — please follow it exactly (it includes the design-numbering scheme). **Admin (same app, admin role)** - Add new design (image upload, category, sub-category, design number, weight) - Edit design (number, weight, and arbitrary spec fields — e.g. Stone Type, No. of Stones, Stone Weight, Gold Purity — schema-less key/value, not fixed columns) - Dashboard: pending access requests, active sessions (live countdown, revoke button), security alerts feed **Security (the hard requirement — read the attached `SECURITY_screenshot_blocking.md` before quoting)** - Android: hard-block screenshots and screen recording on protected screens (`FLAG_SECURE` or framework equivalent) - iOS: detect screenshot attempts (can't be blocked — OS limitation) and redact the screen live during recording/mirroring; report both to admin - Every capture attempt logged with user, design, timestamp, and pushed to the admin alerts feed - Images served via short-lived signed URLs only — never public URLs, never cached to disk in plaintext ### Out of scope for Phase 1 - Desktop app (macOS/Windows) — planned as a follow-on phase once Phase 1 is live and proven, reusing the same backend - Public app store marketing/ASO — this will likely be privately distributed (Apple Business Manager / Android managed Play or MDM), not a public listing --- ## Recommended technical approach The attached `ARCHITECTURE.md` lays out two acceptable stacks — please pick one and justify it in your proposal: - **Flutter** (iOS + Android, with a clean path to Desktop later from the same codebase) — generally the better fit if Desktop is coming in Phase 2. - **React Native** (+ Expo) — fine if that's your stronger stack; Desktop would later be a separate Electron app sharing components. **Backend:** REST API (Node/NestJS, Django, or similar — your choice), PostgreSQL, object storage (S3-compatible) with signed URLs, SMS OTP via Twilio or MSG91, push notifications via FCM/APNs for admin alerts. Full suggested API surface is in the architecture doc — please follow it or propose changes with reasoning. **Not acceptable:** a Capacitor/Cordova webview wrapper as the primary approach — screenshot blocking in webviews is unreliable, especially on iOS, and defeats the purpose of this app. --- ## What's provided to you - Complete design handoff package: `README.md`, `ARCHITECTURE.md`, `SCREENS.md`, `DATA_MODEL.md`, `DESIGN_TOKENS.md`, `SECURITY_screenshot_blocking.md` - Clickable HTML prototype showing every screen and interaction - Captioned screenshots of all 12 screens - SJM logo + one sample jewelry render (production renders to follow; placeholder/reused image acceptable for development) These docs are written to be self-sufficient — please read all of them before quoting, especially the security doc, since it directly affects your estimate. --- ## Budget & engagement - **Budget band:** ₹25,000 for Phase 1 (Android + iOS + backend + admin panel), fixed-price preferred with milestones, or hourly with a not-to-exceed cap. - Please quote against the **suggested build order in `README.md` §7** (backend + auth first, screenshot blocking proven on one platform early, then catalogue, then admin, then polish) — I want to see security de-risked early, not left to the end. - Milestone-based payment preferred: e.g. (1) backend + auth/OTP flow working, (2) Android screenshot blocking proven + catalogue browse, (3) iOS parity + admin panel, (4) full QA + store/MDM submission prep. ## What to include in your proposal 1. Which stack (Flutter vs React Native) and why, given Desktop is coming later 2. Your approach to the iOS screenshot limitation specifically — confirm you understand it can only be detected, not blocked 3. A rough hour/cost breakdown against the 4 milestones above 4. Two or three examples of apps you've shipped with OTP auth and/or screen-capture protection 5. Confirmation you can do SMS OTP integration (Twilio/MSG91) and signed-URL image delivery --- *Attach the full `SJM_Jewelry_Photo_Catalogue_Developer_Files.zip` design package when posting this job.*
$250.00
Fixed-price- IntermediateExperience Level
- Remote Job
- Complex projectProject Type
Skills and Expertise
Activity on this job
- Proposals:5 to 10
- Last viewed by client:2 days ago
- Interviewing:5
- Invites sent:3
- Unanswered invites:1
About the client
- India8:11 PM
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by