Developing a FinTech app, especially a digital banking solution, presents unique challenges related to data security and cross-platform support for Android and iOS. This case study dives deeper into the technical aspects and provides a brief walkthrough about how we provided solutions to address these challenges effectively.
1. Cross-platform Support for Android and iOS
Considering the interest of the stakeholders on native apps and reducing the development efforts needed, we had to find an optimal solution which should balance maximum code sharing and performance close to native Android & iOS apps. Based on the research and findings we narrowed down to Kotlin multi-platform (KMM). It seamlessly supports both Android and iOS platforms and requires addressing some challenges such as platform-specific differences in architecture, UI/UX guidelines, and native features.
2. Data Security
Next challenge ahead of us was data security. Data security is of utmost importance in financial/banking applications, given the sensitive nature of user information and transactional data.
3. Third-Party Library Compatibility
Integrating third-party libraries and services was challenging during the development phase, as some libraries may not provide direct support for cross-platform development. KMM was in an early stage of release, so the support was limited during our development period. But as of now libraries are available for almost all of the major tasks.
- Shared Codebase: Utilized Kotlin multi platform's shared code capabilities to write the core business logic, including data models, network communication using Ktor client, and business rules, in a platform independent manner. Shared this codebase across Android and iOS projects, reducing duplication and ensuring consistency.
- Platform-Specific UI Components: Leveraged platform-specific UI frameworks, such as Android XML layouts/Jetpack Compose for Android and SwiftUI for iOS, to create native UI components that adhere to each platform's design guidelines. This approach allowed developers to provide a seamless native user experience while still utilizing shared code for business logic.
- Native Feature Integration: Implemented platform-specific code blocks, known as ‘expect’ keyword and actual declarations, to integrate platform-specific features seamlessly. For example, accessing device-specific biometric authentication APIs (e.g: Touch ID for iOS, Biometric API for Android) requires writing platform specific code while still leveraging shared business logic.
- Testing and Quality Assurance: Employed testing frameworks, such as platform-specific testing frameworks (e.g: Espresso and JUnit for Android, XCTest for iOS), to have comprehensive code coverage testing on both Android and iOS platforms, SonarQube for code quality check. Regularly monitor and fix platform-specific bugs or issues to ensure a consistent user experience.
- Encryption and Cryptography: Implemented strong encryption algorithms, such as AES (Advanced Encryption Standard), to encrypt sensitive data both at device storage and during data transfer to server. Also we were utilizing cryptographic libraries and frameworks, like Google Tink and Security Crypto library to ensure secure storage and communication of data. To prevent unauthorized data access device root access checking was also implemented.
- Secure Authentication: Implemented industry standard secure authentication mechanisms such as multi-factor authentication (MFA), biometrics, or token-based authentication to securely authenticate users and authorize access to their financial accounts.
- Secure Backend Infrastructure: Designed and deployed a secure backend infrastructure using best practices, following micro-services architecture for isolating sensitive data, including secure protocols (HTTPS), firewalls, intrusion detection systems (IDS), and web application firewalls (WAF). Regularly perform security audits and vulnerability assessments to identify and mitigate potential threats.
- Compliance with Regulatory Standards: Ensure compliance with relevant data protection regulations, such as GDPR (General Data Protection Regulation) or PCI DSS (Payment Card Industry Data Security Standard). Implement measures like data anonymization, consent management, and secure data storage to meet regulatory requirements.
- Research Library Compatibility: Before integrating a third-party library, we have done some research into its compatibility with Kotlin multi-platform. Looked for libraries that explicitly support cross-platform development or have Kotlin multi-platform wrappers available.
- Write Platform-Specific Wrappers: If a library does not directly support Kotlin multi-platform, we considered writing platform-specific wrappers to expose the library's functionality to the shared codebase. This approach allowed us to leverage the library's capabilities while still maintaining cross-platform support.
Developing a Kotlin multi-platform FinTech app involved overcoming challenges related to data security and cross-platform support. By implementing robust encryption and cryptography techniques, secure authentication mechanisms, and a compliant backend infrastructure, developers could ensure the protection of sensitive user data. Leveraging Kotlin multi-platform's shared code capabilities, along with platform-specific UI frameworks enabled the development of cross-platform applications that provide a native-like experience. Thorough testing and quality assurance procedures helped in delivering a seamless user experience on both Android and iOS platforms. Overcoming these challenges resulted in the creation of secure, efficient, and user-friendly financial applications that catered to a broader user base.
