How to perform Code Audit for Mobile App and make sure the Quality of the App.

Usually, when any development team goes under the CODE AUDIT process they get into panic :D of getting bad feedback of there code architecture and quality. This is because many companies don’t follow the code audit process or underestimate the value of a code audit, reason end up getting a bad quality product, and lose the business and network traffic. Very few companies have adopted this culture. A code audit should be started at least after the first MVP product rolled out.

Why we need a code Audit?

Follow me -> to know different factors an organization should consider during the code audit process and related tool!!!!

Static Code Inspection: Development team should make sure the code compiles and passes static analysis without warnings. As it’s time-consuming developers should estimate and give extra time during StoryPoint.

Unit Test Case Script: This is the most important and must have self-audit a development team should do by writing a Unit test case script for code. There is a native tool available for iOS (XCTestFramework) and Android (mockito). For React native we can use Jest and Enzyme. There are third-party tools like Appium or Detox work for all platforms.

UITest Case script: UI test script is usually avoided by any organization or most of them not aware of the same. iOS Provide XCUITest and Android have AndroidX tool to automate the UI test. Third-party Tool like Appium and Detox help you to make it fast with extra features like better reports.

Security Scan: It’s an architect and a developer's responsibility to implement all the necessary aspects of the Mobile App. ( Follow my this article for more detail on Security implementation in mobile app https://medium.com/@krishnarai1985/5-ways-to-provide-super-security-to-your-mobile-app-8a74246a62b )

It’s An organization and the QA team's responsibility to must scan the app for a security breach and generate a report before each release. A third-party tool like MobSF, ImmuniWeb, and Quixxi Security helps to achieve that with better reports.

Coding Standard document: A development team must have a coding standard document that needs to be followed by each developer. ( Follow my this article for more detail for sample coding standard document https://medium.com/@krishnarai1985/coding-standards-and-good-practice-for-react-native-apps-c8401e87f2d)

Technical Architecture document: In an automation script world, it says if you feel tough to write a test script means you have the bad architecture of the app.

It's the responsibility of the team architect to create a Technical Architecture document. This really helps to showcase the technical design to the client, stack holder and it provides the smooth KT process by saving a lot of time. This document intended to change as per architecture change. Below are the point need to consider while making this document,

• A technical architecture design
• A key decision was taken while making architecture.
• Re-Useable Component.
• Assumptions are taken while making architecture.
• What are the Constraints?
• What is Risk?
• How we are improving app Performance.
• Error Handling is done or not.
• The strength of Architecture.
• The weakness of Architecture.

Design Principle: Th team should be aware of the design principle (SOLID ) while working on architecture and code. How many principles we are following out of five, where, why, and why not? Make a document for further updates and references for others.

Project and Code Management: Create a document for doing Version control, Git working, and build process and deployment process following by all team members.

Crash Report: This is the must-have library to be used in every mobile app to get the crash report before the end-user gets frustrated and uninstall the app. This helps the developer figure out a crash that happened at the end-user side. A library like google firebase crashlytics is free and very simple to be useful.

Peer to Peer Review: This culture need to be implemented within a team for peer to peer code review to improve the code quality. We need to make sure that review should come as a suggestion, not as alligations. This is tough to adopt.

Code Cleanup: Remove unwanted code, log, file, debug code, framework, and library. Double-checked for spelling mistakes.

Code Comment and indentation: Every Algorithm, business logic, method, hacks must be well Commented and indented. Even A lame developer should also understand the purpose of reading the comment :D.

Other Factors:

Bug finding Summary and Report: Summary should include bug finding by number, by risk level, by priority, by category and origin of bugs and responsible side may be mobile or server. The report should include the previous 5 sprint status and Post Release staus to compare. This helps to figure out code audit maturity and give confidence to both the development team and client for the Quality of software with the statistics.

Cross-functional Activity status Report: Any activity modified from any team (Database, MiddleWare, or Mobile team ) related to a project that should be notified immediately and in advance for all teams and stakeholders to adopt the recent changes. The client and other stakeholders should be aware of all known issues before build release with a release note.

NOTE: For all organizations- Code Audit is expensive to process and takes extra time and effort. So while estimating projects also keep Code Audit expense separate and assume developer will take extra development effort to satisfy all the code Audit parameter. The organization should enforce this at least after the first MVP released.

This article has been written according to my expertise and research in the Mobile Platform. if you have any suggestions and questions you’re free to ask and suggest.

Have a great day guys :D.