How was mDevCamp 2024?

Here are some notes and observations that I find interesting. It is worth mentioning, that the program was running in parallel on three stages, so of course my notes do not cover everything.  

I do not have the exact number, but my estimation is, that there were about 300 attendees. The event was in Prague, Czech Republic, but the official language used was of course English. The organizers chose the online service slido.com, so that questions could be asked to the speaker. Questions were highlighted by voting and then sorted, so the most wanted ones were answered first.   

I assume, based on the discussions and attendance to each talk, that most of the colleagues are focused on native mobile app development. Less on multiplatform development. But Microsoft MAUI, Google’s Flutter and Java based Kotlin were also discussed in the presentations.  

Here are notes to the individual speeches I attended, sorted in chronological order.

Our Architecture Journey at ČSOB

Jan Mašek, ČSOB

‍

Jan Mašek, an iOS developer of ČSOB, one of the largest Czech banks, was talking about their software architecture journey within ČSOB Smartbanking app. One of most widely used mobile banking app in the Czech Republic. 

‍

The ČSOB development team put constraints on architecture to bring scalability, testability, and management ability. Be aware of not told implicit requirements, expected by the customer, but never mentioned. Analytics must ask for them explicitly. Tools used were text description, UML, draw.io and pen and paper of course. With the help of Enterprise Architect.  

He ended with the conclusion, that the best architecture is the one that matches the requirements by considering scale of the app, crucial is communication in the team. Refactor as much as possible during development.  

ČSOB Smartbanking – some interesting facts:

• About 1 milion users, started in 2019, now 48 features.
• Parallel development of all features.  
• Flows approach is used, each flow has its router (WindowFlow, TabBarFlow, and more). It is interesting to incorporate suffixes like "UseCase" in class names.

They originally used the MVP pattern (Model-view-presenter), but with Swift UI introduced in iOS 14, they were forced to change it to the MVVM pattern (Model-view-viewmodel). Swift UI does not support MVP. The team was forced to abandon MVP, simplify the Domain and use Kits and UseCases. Now each Feature has its own Flow, and each Flow has FeatureWrapper.

‍

Building a Secure Fintech App

Petr Dvořák, Wultra

‍

Petr Dvořák held an interesting talk about fintech apps. There is a lack of them worldwide, so the market is open for new ones. We classify 'fintech apps' as applications that provide services such as budget management, investment assistance, money transfers, and stock-related functionalities.

‍

‍

Petr nicely revealed three main topics, which kill a lot of fintech apps worldwide. Usually, it is not due to lack of good architecture or useful features.  

The main killers of such apps are:

• UX workflows
• Security
• Legal aspects  

If your fintech app has not a state-of-art UX, users abandon it quickly. Security is paramount, as once your app attracts tens of thousands of users, it becomes a prime target for hackers and illicit activities. It does not matter how secure the app is from a technical point of view if it can be used by criminals to convince users to share their access. For example, by acting like they are from user’s bank helping with bank account access / prevent hacking, etc.

Surprising is the elevated success rate of the attacks highlighted in the presentation, as well as the substantial sum of money stolen. A considerable proportion of these attacks result in success, with an average of 10,000 EUR being pilfered ☹.

Adding a twist to our narrative, it appears that users across all age brackets require additional information. This represents a pressing issue in today's digital era.

Luckily, the European Union is working on a digital ID, which should greatly simplify setting up accounts in fintech applications and validating them in digital services. It should arrive in 2025-2026.

 Important outcomes:

• Your fintech app must actively prevent the phishing.  
• The app code is fragile and may be decompiled and tampered with corrupt content.
• The code must be obfuscated, encryption must be used.
• Malware on Android is a very common thing.
• In Asia, server-side biometrics is widely used and required, face recognition is also used.

eDoklady – Creating the (Inter)NationalDigital Identity App

Igor Rosocha, Ackee

‍

The rollout of a national, digital identity application in the Czech Republic provides users with a digital representation of their personal ID, facilitating verification to officials such as the police. It's important to note that this application isn't designed to function as an identity provider in the digital realm.

‍

‍

There are two workflows - proximity flow over BLE and remote flow over HTTPS, by scanning QR codes at the other side’s app. The app incorporates standard mDL (mobiledevice license) ISO/IEC 18013-5 for proximity flow, which will make it compliant with future EU wide digital wallet. Remote flow is based on the OpenID4VP protocol.

Hence, while numerous mobile apps are presently being developed or utilized across the EU in various countries, it is essential that all of them remain compatible with the forthcoming EU-wide digital wallet. The eDoklady app is ready for it.

The app is written in React Native. And communicates with two backend servers – one as identity provider and the second for business logic. Secure storage / Keychain is used. Mdoc authentication. 90 percent test coverage of the code.

‍

Building Native & Hybrid Apps with .NET MAUI & Blazor 

James Montemagno, Microsoft

‍

Despite the fact, that mDevCamp is mostly attended by native developers focused on either Android or iOS platform, Microsoft was represented here with its multiplatform framework .NET MAUI, which is also widely used by SABO Mobile IT, and we recommend it for all mobile projects.

‍

The famous James Montemagno, in the position of principal lead program manager for .NET community at Microsoft arrived in Prague to present .NET MAUI apps. Not only can the code be shared between both mobile platforms (Android, iOS), but by using Blazor components, the code can be shared also with web applications.  

In general, .NET can be used for writing mobile applications by using the strongly typed object-oriented programming language C#. The user interface, written just once in XAML format, is shared between Android and iOS platforms by using MAUI framework.

The architecture of .NET MAUI mobile app allows us to build SOLID and effective code, covered by unit tests. Keeping the app open for future development and enhancements. 

By adding Blazor components to the mix, Microsoft offers an even more efficient way to write wide, multiplatform projects in an exciting and easy way.  

Developers may use both Visual Studio and Visual Studio Code for working on .NET MAUI apps.

‍

 Two Platforms, SameBuilding Blocks

Petr Zvoníček, Spotify

‍

Since everybody knows Spotify, the music app available on all platforms around the world, the presentation by Petr Zvoníček, senior architect at Spotify, was one of the highlights of the event.  

‍

‍

Despite Android and iOS clients of Spotify are developed separately in native programing languages (Kotlin on Android, and Swift on iOS), the overall architecture is kept just once - as a platform - agnostic. It uses declarative API with a high level of abstraction, declaring four main building blocks of the app.

1. State management
   ‍They built a new framework Mobius. Model can be modified only from Domain logic by Update function and is immutable. UI triggers the Update function and is bound to Model. Mobius is a runtime, which Spotify made opensource and is available on GitHub with documentation.
   ‍
2. Page Loading
   ‍Each page has similar state machine – with states error, mot found, loaded.
   ‍
3. Page Representation
   ‍Spotify contains hundreds of pages, and most of them with the same structure. The Spotify team unified the page architecture, so each page contains the same structure - parameters, dependencies, properties, navigation, content factory. Page is high level building block. Properties are templated into catalogue, which can be plugged into a page.
   ‍
4. Smart UI Component
   ‍An additional component on top of Page. Each smart UI component offers more standalone functionality, independent on the underlaying Page. For example, the Play button is Smart UI component. It offers standardized way how to build them, so it can be shared across teams. Have the same structure - State, Behavior, UI, Properties. Properties may be imported and changed only from outside. Its isolation and definition and boundaries / constraints make them well usable by all teams working on Spotify.
   ‍

Lessons learned on working on building blocks:

Perform research before starting your work. Semantics is everything (proper naming things). You won’t nail it on the first go. Focus on the developer experience.

How We Build Design System at Škoda Auto

Michal Mátl, Green:Code

"The last presentation I have visited during the event, was by Michal Matl on building the design system for Škoda Auto. They created Škoda Flow, the design system for all Škoda digital products. It is focused on components and consistency across all CI products. Mobile apps, webapps, infotainment in cars, etc. It freely offers the Flow Library in Figma for developers and Škoda co-operators at web flow.skoda-brand.com.

 Conclusion

There were a lot of inspiring talks and speakers, a friendly environment, and great catering. Many thanks to the organizers of https://mdevcamp.eu/ for making mDevCamp 2024 a great event!

‍

Luboš Brát

Senior .NET and mobile app developer

‍

‍