1. Simplito
  2. blog
  3. please stop building apps on a napkin sketch

Please Stop Building Apps on a Napkin Sketch

It’s 2025, and we’re somehow still building apps like it’s 2013... and in some areas even as in 2003. Quick ideas scribbled on whiteboards are turned into code within hours (also thanks to AI helpers), launched within weeks, and riddled with problems for years. I get it, speed wins. But speed without structure?

blazej.jpg

Błażej Zyglarski

July 3, 2025 4 minutes read

post-cover 02.jpg

That’s how we get apps leaking passwords in plaintext, databases exposed to the public, and backends that collapse under their users pressure. Let’s talk about why it’s getting worse, and how we can make it better.

Juniors, AI, and the Lost Art of Thinking

The tech industry is in a weird spot. Over the last decade, a flood of junior developers, many from bootcamps or non-traditional paths, joined the workforce. That’s not a bad thing - everyone needs to start somehow and there are brilliant ones among them. But here’s the problem: too many of them never had the chance to learn real algorithmic and architectural thinking. They often build by assembling (previously from stack overflow, today with usage of Copilots and ChatGTPs), not by designing. And the need of the market was such big, that many of them dropped studies to start their career in commercial companies.

Especially now we can see AI-generated code powering production systems. Sounds "future", right? Except that research (like Apple’s research on reasoning models) shows these models don’t really "reason." They mimic patterns. They copy. On challenging (non-standard) problems, their accuracy collapses significantly. Essentially, if your app can be constructed from hundreds of lines of code that were scrapped from thousands of projects, it will work. However, if it require additional “magic,” it will not. Imagine attempting to explain your ingenious idea for a novel type of UI or algorithm to an AI assistant. Are you daring enough to try?

So now we’ve got juniors pasting in code they don’t fully understand, some of it generated by AIs that don’t understand it either.

The Startup Trap: Speed Kills (Your Architecture)

Every founder is chasing the "next big thing." Investors want traction, fast. AI has only turned up the heat. Everyone’s building faster, and faster means skipping steps.

We see this all the time:

  • Security? "We’ll add it later."
  • Architecture? "Let’s just get the MVP out."
  • Code quality? "We’ll rewrite it when we raise."

Spoiler: Later rarely comes, and when it does, it is accompanied by pain and tears.

Instead, teams end up with brutal backends, unscalable APIs, and cauliflower infrastructure held together by duct tape. When you build fast and dirty, you pay the price eventually, in downtime, lost trust, and data breaches.

When Quick-and-Dirty Turns Into Danger

Let’s look at a few real-world examples:

  • Yoojo: A European gig platform accidentally exposed 14.5 million files, including passports and personal data, via a misconfigured cloud bucket. Just a simple setting forgotten in the rush.
  • Meta: Yes, that Meta. For years, they stored user passwords in plaintext, visible to thousands of internal engineers. It wasn’t a hack. Just bad internal practices that nobody questioned for years.
  • Uber, Capital One, Equifax... pick your favorite breach. Most weren’t caused by advanced hackers, but by sloppy design choices: unpatched libraries, hardcoded credentials, missing firewall rules.

This isn’t rare. It’s more common than You think. With AI accelerating code production, we’re generating more code, but not necessarily of higher quality. This leads to the repetition of functionality, duplication of code, inconsistent architecture, chaotic data flows, and unsupervised dependencies.

So... What’s the Fix?

The great news is that this can all be avoided. And no, the answer isn’t “slow down.” It’s start smarter. Trust me, this will save you a lot of time. I mean, A LOT.

1. Design Before You Build

Map out what the app needs to do. Identify sensitive data flows. Think about users, permissions, and worst-case scenarios. A little time in Figma, Miro, or even on paper can save months of rework later. Use good design patterns and think before writing code.

2. Build With Security in Mind

Security isn’t something you add at the end. It should be built into your system from the start. Use end-to-end encryption, role-based access, and secure defaults. If you’re working with sensitive data, frameworks like our PrivMX platform make privacy-by-design easier.

3. Don’t Blindly Trust AI

AI tools like Copilot or ChatGPT can speed things up, but they also make mistakes, sometimes dangerous ones. One study found 40% of Copilot’s code suggestions contained vulnerabilities. Use AI as an assistant, not an authority.

4. Choose Smart Foundations

Don’t reinvent the wheel. Use frameworks and platforms that prioritize compliance, scalability, and security. If you’re integrating AI into your app, check out tools like DeepFellow, which help you build AI features which works responsibly and transparently.

5. Refactor as a Habit

Treat technical debt like financial debt: manageable in small amounts, deadly when ignored. Set aside time each sprint for cleanup. Document decisions. Keep your stack healthy.

Summary

Building fast isn’t bad. Building thoughtlessly is. We need to stop treating app development like a weekend hackathon and start acting like it matters, because it does.

Data breaches aren’t just bad PR. They’re business killers. And the best way to prevent them isn’t a better firewall, it’s a better plan.

Think. Plan. Design. Secure. Build. Then ship.

Please, no more apps on napkins.

Author

blazej.jpg

Błażej Zyglarski

With more than 20 years of professional experience as an academic lecturer, fullstack/mobile developer and founder of IT companies and foundations operating in the EU market, Błażej has always put data protection, encryption and security first. In his private time, Bałżej is passionate about smart home systems, 3D printing and board games.

Simplito sp. z o.o.

1-3 Grudziądzka

87-100 Toruń, Poland

KRS 0000305883

VAT EU: PL9562217643

Share Capital: 336 100 PLN

Copyright © 2025 All rights reserved. Simplito sp. z o. o.