Skip to content

Creating a new web app: the first steps you should take

I have a new idea that I’m going to turn into a web app, and this is the first post that documents the process I’ll be taking. You can expect more updates as I complete each step, and in a couple of months the app itself will be live!

When it comes to my web apps, I’ve been feeling a bit restless as of late; I’d like to create a web app that involves slightly more than adding to social media. So, I went through my ideas file (note: keep a stream-of-consciousness file on your computer where you record any and every idea that pops into your head), and started to map out what I want to get developed for the rest of the year.

One freshly-added idea came from reading My Email Canary on John Graham-Cumming’s blog, and the subsequent discussion on Hacker News. These posts talk about how to find out if an unauthorised person is reading your email, albeit tailored somewhat towards GMail. I read that it might be possible to write a gadget that sends out notifications when suspicious activity is detected. I like this idea – it sounds interesting to investigate at least – and there’s a chance people might like to pay for the service.

The Idea

I think it would be cool if there was a simple way to monitor whether someone is logging in to my GMail account and reading my emails. By logging in, I mean using the web front-end, not hardcore hacking (and for 90% of the world, the moment you mention something such as IMAP, you’re talking hardcore hacking ;)).

Target Market

Aside from those suffering severe paranoia, people who have a reason to fear their email is being checked by the technologically unsophisticated. About to divorce your husband? At college and wondering why your roommate’s papers share more than a passing similarity to yours? This service is for you.

Ideal Features At Time of Launch

Most importantly, the app must be zombie-brain simple to use. A little video that shows how to install a gadget into the user’s GMail account, along with a nice text-and-images install guide.

Intrusion detection alerts will be sent to users’ phones via Twilio.

But what precisely will we be detecting? I have a few basic ideass:

1) Check IP addresses accessing the account. If a different IP address accesses the account, send an alert.

2) Do something clever with IP addresses to identify if they’re on the same ISP. Only send an alert for different ISPs.

3) Offer the above, but put in some controls for time of day. So, during the hours of 08:30 and 18:00, I’ll be at the office; no-one should be accessing my account from my home IP address at that time.

4) Check whether an email from a particular person, or with a specific subject or phrase in its body has been opened.

Is It Possible?

I think so, but am not 100% right now. There’s one problem I’m trying to solve: the user will be given a URL that they paste into a box in GMail which adds the monitoring gadget. I need some way either of identifying who’s calling the gadget, or alternatively I can provide a unique URL for each user. The downside of the latter is how to detect if the user is using that unique URL across multiple accounts.

To be honest though, I’m tempted to say “Sod it” and leave that problem for another day – after I have paying customers.

Is Anyone Else Doing This?

I need to do some research and see what else is out there. Hopefully, someone is making money from a similar service; competition is good, it means that there’s money in this niche. It’s also good for working out differentiating factors: reasons why customers should go with my solution.

Is There Room for Expansion?

Another suggestion I read was about supporting multiple services, not necessarily email. For example, I would want to know in a microsecond if someone accessed my Amazon Web Services account. In fact, I’d love it if I could receive an SMS every time this happens, regardless of whether it’s me logging in or someone else. If there is a possibility to somehow track basic-level intrusion across multiple websites, at some point it would become a no-brainer to sign up.

What Will the Marketing Look Like?

Ah yes, marketing; never my strong point. Honestly, I have no idea. Right now, I need to decide on a domain name, and set up a basic beta-invite page, using MailChimp to handle the hard work of list management and sending the emails.

If you have any suggestions, please let me know :-)

What Next?

This is the rough plan of what I’m going to be doing, and in what order:

1) I need to get rid of any lingering doubts about what’s technically possible. Build a very basic proof-of-concept for the bits I’m not sure about.

2) Investigate the competition, and see if it’s a market worth getting into.

3) Work out a rough marketing plan. It’s pointless to create something if I don’t have any idea how or where to promote and sell it.

4) Sit down and work out the technical details of how the system will work.

5) Choose the website design. I find it much easier to code the front-end when I have a few guides. I’m thinking about using FreshServe for the marketing site, and White Label for the tool itself.

6) Work out some social media promotions. Perhaps give free months of usage for each friend (with a paid subscription) a user refers. Also offer 1-time free trial extensions for inviting friends, or something like that. At the same time, I don’t want users to spam relentlessly. I’m open to ideas on this one.

7) Code, code, code!

8 ) Spend more time than usual writing the marketing site. Put together a basic video showing how easy it is to get started. Start pricing at $19.99/month and see what happens.

9) Launch!

10) Promote, promote, promote!


This is my very, very rough plan of how I want to proceed. The app itself isn’t hugely complex, and I think its success will hinge on how intuitive the user interface is.

I’ll keep writing updates as I complete the steps outlined above. As a (very) rough guide, and given how busy I am at present, I’m giving myself a very generous timeline of 2 months to get this live and ready for launch.

Wish me luck… 😉

Written by Tom

Are you looking for web development or just someone who will work with your business needs and not against them? Get in touch with me here, or take a look at my consultancy’s website: Moo Unlimited. I’m confident I can help you.

Published inWeb Apps


  1. I’m very interested to see how this would work technically, without some kind of special access provided to gmail’s systems. Good luck and please keep us posted!

    • Tom Tom

      This is what I have to investigate, but I believe it should be possible using Google gadgets. Or rather… I hope so 😉

      • Ben Forrest Ben Forrest

        I’ve been wanting something like this and conceptualised something similar a while ago the issue I had though was that its possible to disable gadgets (e.g. turn off gadgets from loading) by applying a special url (its meant to ensure people doing gmail lab stuff can always get into their email)

        if you do find a way i’ll buy it!

  2. Juan Juan

    Tom, the post is very helpful and the idea looks very promissory (I’m gmail owner and absolutely I would like to have this feature). My main concern is about what is google lab doing in this direction. You can be out of the market very easy, at least you add another nice features over the original idea. Good luck!

    • Tom Tom

      Great! I’m really pleased that you’re interested – would you like me to let you know when I have a beta version you could test? :-)

  3. Luca Luca

    Facebook do something similar, so I can only imagine it is a matter of time before this is implemented first-party. However….rather than going towards consumers, go towards the companies; why not provide a service so that I can plug my web app into this?

    • Tom Tom

      Facebook *do* have a similar feature, but it’s pretty basic; they send you an email any time you log in from a computer which doesn’t have a special cookie set.

      However, you raise a great point – whilst I don’t believe it’s in Google’s business plan to create something as comprehensive as what I plan, it wouldn’t take much for this web app to be destroyed overnight.

      Excellent idea about selling to companies though, I’m going to have another think about what can be done, thanks! :-)

Leave a Reply

Your email address will not be published. Required fields are marked *