cloud phone vendor selection checklist 2026
cloud phone vendor selection checklist 2026
a cloud phone vendor checklist in 2026 should cut a long list to a short list in one afternoon. ten candidates in, three out. that is the job. anything more elaborate belongs in the RFP or the POC. this checklist is the ruthless first pass that saves you from wasting weeks on vendors that were never going to make it through procurement.
40 yes/no items across eight buckets. score per vendor. anyone scoring under 28 is out. anyone scoring 28-34 goes to the deeper RFP. anyone above 34 goes straight to POC.
how to run the checklist
block 3 hours. open 10 vendor websites in tabs. fill the checklist for each. send a quick email to anyone you cannot answer from the public site. score Monday morning. by Tuesday lunch you have a shortlist.
print it as a one-page sheet, columns for each vendor.
section 1: company viability (5 items)
- [ ] vendor has been operating at least 24 months
- [ ] public LinkedIn shows 10+ engineers
- [ ] at least one named customer in your industry on the homepage
- [ ] status page exists with at least 90 days of incident history
- [ ] funding or revenue disclosed publicly (any signal of survival)
section 2: device fleet (5 items)
- [ ] real devices, not emulators (or both with clear separation)
- [ ] device count published or available on request (>500 minimum for serious vendors)
- [ ] multiple Android OEMs supported (at least Samsung + Pixel, ideally also Xiaomi/Oppo)
- [ ] device OS version range published (covers Android 11 through current)
- [ ] manufacturer year range disclosed (no “we have S22s” when they actually mean S5s)
section 3: geographic coverage (5 items)
- [ ] devices in your primary user region
- [ ] devices in at least one secondary region (DR or expansion)
- [ ] mobile network operator listed per region (carrier matters for telco apps)
- [ ] residential or 4G/5G IP egress option (if your apps need non-datacenter IP)
- [ ] data residency commitment per region (no random failovers to other countries)
section 4: technical access (5 items)
- [ ] ADB-over-network supported
- [ ] REST API documented publicly
- [ ] webhooks supported for device events
- [ ] CLI tool published
- [ ] official client libraries in at least 2 languages (Python, Node, Go, Java)
section 5: security and compliance (5 items)
- [ ] SOC 2 Type II report available under NDA
- [ ] ISO 27001 or regional equivalent
- [ ] SSO via SAML or OIDC supported
- [ ] RBAC with custom roles supported
- [ ] immutable audit log accessible to admin
section 6: pricing transparency (5 items)
- [ ] pricing page exists publicly (not “contact sales for everything”)
- [ ] at least one entry-level tier <$100/month
- [ ] no required onboarding fee
- [ ] no required multi-year contract on entry tier
- [ ] free trial available without credit card OR with clear cancellation path
section 7: support and SLA (5 items)
- [ ] uptime SLA published (not just “we aim for 99.9%”)
- [ ] support response time published per severity
- [ ] business-hours chat support minimum, 24x7 ideal
- [ ] dedicated CSM available at higher tiers
- [ ] community channel exists (Discord, Slack, or forum) for self-help
section 8: exit and ownership (5 items)
- [ ] data export documented
- [ ] off-boarding window in MSA at least 30 days
- [ ] no contractual non-poaching clause
- [ ] standard liability cap (12 months of fees, not lower)
- [ ] customer owns their data, fingerprints, recordings (per public docs)
scoring sheet
40 boxes. each is 1 point.
| score | verdict |
|---|---|
| 35-40 | shortlist for POC |
| 28-34 | shortlist for RFP |
| 20-27 | borderline, ask 3 clarification questions before deciding |
| < 20 | no, move on |
most healthy 2026 cloud phone vendors land 28-36. true enterprise-ready vendors hit 35+. the gap below 28 is usually either an early-stage startup (worth watching but not buying) or a low-cost reseller without underlying infrastructure (usually a hard pass for production).
what each item really tests
the items above are not arbitrary. each one maps to a real failure mode I have seen kill a cloud phone deployment.
- company viability: vendor closing means scrambling for migration in 30 days
- device fleet: emulator-only vendors fail on banking, payments, and any app with hardware attestation
- geographic coverage: missing the region you need means buying a second vendor on day one
- technical access: no API means you cannot automate, and a manual fleet of 50 phones is a full-time job
- security: no SOC 2 means your security team blocks production rollout
- pricing: no public pricing means lock-in pricing on renewal
- support: bad SLA means production outages with no recourse
- exit: bad MSA means three years of overpaying because switching costs are punitive
the three checks that matter most
if you only have 30 minutes, run these three.
- device count and ADB-over-network. these two prove the vendor actually has the infrastructure they claim.
- public pricing page. vendors who hide pricing tend to negotiate punitively at renewal.
- MSA exit clause. ask for a sample MSA. if they refuse, walk. if they share and the exit clause looks fair, that signals confidence in the product.
a vendor who clears these three is rarely a disaster. one who fails any of them often is.
sample shortlist worksheet
| vendor | section 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | total |
|---|---|---|---|---|---|---|---|---|---|
| vendor A | 5 | 4 | 5 | 5 | 4 | 5 | 4 | 4 | 36 |
| vendor B | 4 | 5 | 4 | 5 | 5 | 3 | 4 | 5 | 35 |
| vendor C | 3 | 3 | 4 | 4 | 3 | 4 | 3 | 4 | 28 |
| vendor D | 5 | 4 | 3 | 3 | 5 | 4 | 5 | 5 | 34 |
vendors A and B go to POC. vendor D goes to RFP for sharper questions on coverage and access. vendor C is borderline; ask three clarifications before deciding.
frequently asked questions
should I share this checklist with vendors during evaluation?
no. they will optimize answers to score well. use it internally. share the eventual RFP, which is more open-ended.
what if a vendor disagrees with my scoring?
invite them to send written rebuttal with evidence. if their evidence flips one or two boxes, update the score. if they flood you with marketing material, ignore.
how often should I re-run the checklist on my current vendor?
annually before contract renewal. vendors degrade and improve. last year’s 36 might be this year’s 30.
can I use this checklist for emulator-only vendors?
yes, but adjust section 2 to score on emulator count, OS coverage, and concurrency limits instead of physical fleet specifics.
is 40 questions too many for a first pass?
it sounds like a lot but each item is a yes/no off the public website or a 30-second email. a vendor scan averages 20 minutes. 10 vendors fit in one afternoon.
ready to short-circuit the procurement spiral? start a cloudf.one trial, score it against the checklist as your benchmark, then run the same scan on the rest of the field.