Back to Blog

Your App Works Great! (Until It Doesn't)

Why the best product teams design for failure before they design for success

By Mike Kilinc
a group of figures frustrated in an office

Most teams design for success.

They build the feature. They test the ideal flow. They watch it work perfectly in a demo environment with fast WiFi and predictable inputs. They ship it, close the ticket, and move on to the next thing in the backlog.

Then a real user shows up.

And real users don't live in demo environments.

The Real World Is Hostile to Software

Real users are on spotty airport WiFi. They're in their kitchen where the signal drops every time the microwave runs. They're on a crowded train going in and out of tunnels.

Real users hit the back button three times in a row because the page didn't load fast enough. They paste an emoji into a phone number field. They enter their birthday as "13/25/1990" because they're not paying attention. They copy and paste text from a PDF and accidentally include invisible unicode characters that break your parser.

Real users walk away mid-checkout because their kid started screaming. They come back tomorrow and expect everything to still be there. They close the app mid-upload and assume it saved. They switch between tabs and lose their session.

And your beautiful, well-tested feature? It breaks. Or worse, it fails silently. The data corrupts. The upload vanishes. The user doesn't even know something went wrong until they come back later and their work is gone.

This is what happens when you only design for success.

What "Designing for Failure" Actually Means

Designing for failure doesn't mean assuming your users are stupid or careless. It doesn't mean being pessimistic about your product.

It means assuming the world is chaotic, unpredictable, and full of interruptions. Because it is. Networks fail. Attention wanders. Inputs get weird. Devices run out of battery. Sessions expire. APIs time out.

Your app has to survive in that environment. Not just work in it, but also survive gracefully.

The goal isn't to prevent every possible failure. That's impossible. The goal is to handle failure in a way that doesn't punish the user or lose their data.

The Questions That Matter

Before we write a single line of code on any feature, we ask a specific set of questions:

What happens if the network drops mid-request? Does the action fail silently? Does the user see an error? Can they retry? Is there data loss? If someone is uploading something important and their connection hiccups at 80%, what's their experience?

What if the user enters something we didn't expect? Not malicious input - just weird input. An extra space. A special character. A number that's technically valid but way outside normal range. What does the system do? Does it reject it helpfully or blow up?

What if they do things out of order? What if they skip a step? What if they go back and change something? What if they refresh the page in the middle of a multi-step flow?

What if they get interrupted and come back later? An hour later. A day later. Is their progress saved? Can they pick up where they left off? Do they have to start over?

What exactly do they see when something goes wrong? Is there an error message? Is it helpful? Does it tell them what happened and what to do next? Or does it just say "Something went wrong. Please try again."?

If we can't answer these questions clearly, we're not ready to build. The feature isn't designed yet - only the happy path is designed.

The Cost of the Happy Path

When you only design for the happy path, you're not building a product. You're building a demo.

Demos work great when everything goes right. Products have to work when things go wrong.

Here's what happens when failure scenarios get ignored in the design phase:

Edge cases become support tickets. Every weird scenario you didn't think about becomes someone else's problem - usually your support team, your ops team, or your users themselves.

Missing error states become 1-star reviews. "I lost all my data." "The app just crashed." "I don't know what happened." These aren't bugs in the traditional sense. They're design gaps. And users don't distinguish between the two when they're leaving reviews.

"Weird bugs nobody can reproduce" become silent churn. The user hits a failure state. They don't report it. They just leave. You never even know what happened.

And here's the thing: fixing this stuff in production is always more expensive than handling it in the design phase. Always. You're paying for the initial development, then paying again for the debugging, then paying again for the fix, then paying again to re-test, then paying again to deploy.

Or you could just think about it upfront.

How We Approach It

This isn't about being paranoid. It's about being systematic. Here's how we build failure-first thinking into our process:

Error states are first-class designs, not afterthoughts.

Every screen gets an error state designed before we build the success state. What does this screen look like when the data fails to load? When the action fails to complete? When the user doesn't have permission? These aren't edge cases - they're required designs.

Input validation is part of the spec from day one.

We don't wait until development to figure out what valid input looks like. The spec defines it. What's the minimum? Maximum? What characters are allowed? What happens when validation fails? The designer and developer should be aligned on this before any code gets written.

Every failure scenario has a clear recovery path.

It's not enough to show an error message. The user needs to know what to do next. Retry? Go back? Contact support? Start over? The recovery path is part of the design, not something we figure out later.

Offline and degraded-network behavior is defined before development starts.

Even if the app requires internet to function, what does graceful degradation look like? What gets cached? What gets queued? What happens when they come back online? We answer these questions in the design phase.

We stress-test the flow before we build it.

Not load testing - scenario testing. What if they do this, then this, then this? What if they do it twice? What if they stop halfway through? We walk through the weird paths in design reviews, not just the golden path.

The Mindset Shift

This comes down to a fundamental shift in how you think about building software.

Most teams treat the happy path as the product and failure scenarios as edge cases to handle later. That's backwards.

The happy path is the easy part. Anyone can build software that works when everything goes right. The hard part - the part that separates polished products from fragile ones - is what happens when things go wrong.

The best apps don't just work when everything goes right. They handle chaos gracefully. They recover from errors without losing user data. They tell people what went wrong in plain language. They offer a clear next step. They don't make users feel stupid for encountering a problem.

That's the difference between software that feels polished and software that feels fragile. Between software people trust and software people tolerate.

Users notice. They might not articulate it, but they feel it. They feel the difference between an app that fights them and an app that has their back.

The Bottom Line

Design for failure.

Not because you're pessimistic. Not because you think your users are incompetent. But because the world is messy and unpredictable - and your users are living in it.

The happy path is a lie. Or at least, it's an incomplete truth. It's the best-case scenario that only happens when everything goes perfectly.

Your users deserve software that works in the real world. That means designing for the chaos, not just the demo.

Your App Works Great! (Until It Doesn't) | Ephesus Gates Blog