The app's AppComponent class. The @Singleton annotation here creates an instance of all classes within the component and "kicks off" the Dagger2 dependency injection.

Dagger2 is an dependency injection framework. What that means is that it uses annotations to create instances of classes and can pass around these instances as dependencies so that every injected class is always synchronized.

If you've never worked with this before it can be hard to understand. I have had an introduction to dependency injection in semester 5 of my Fontys HBO career but I've never used it much for Android before, especially not by myself. So a proof of concept was in order.

The idea was to structure a two-page app with an MVP architecture. The program would then inject a navigator in the first screen so that it can go to the second page. If the app navigates, the dependency injection worked. If not, it would be back to the drawing board.

There was also a presenter present that would also be provided. Every view has its own module that gets provided to the app's root. This is to start Dagger2 and make it create instances of to-be-injected classes.

Let's walk through how it works in steps:

1. The app creates a singleton instance of all the classes that need to be injected. In our case that's the "MainMenuNavigator" and "MainMenuPresenter" classes.
2. The app opens and the user clicks a button to navigate
3. The main menu activity will call on its injected navigator to prepare to switch views.
4. The navigator calls on a public method for the product info activity to grab an intent. It then returns it to the calling class.
5. The main menu now has the intent and will use it to start an activity.

This same sequence is used if a calls on the presenter or even the activity itself. The beauty of this approach is that injected classes are globally shared so there can be no more issues with different instances of a certain class being desynchronized.

The security threat SonarQube found. This was duplicated 7 times.

SonarLint and Qube were used to maintain code quality.

Originally the code had a few bugs and a lot of vulnerabilities. It also had 941 code smells. Something else that's notable is the test coverage. It says 0% and that's mostly true. In the chapter below you can read why there were little to no tests made. Furthermore, the amount of code duplication was rather high as well. This actually normal for an app using the MVP structure. The reason for this is the fact that every single activity package contains at least three standard classes namely:

• The presenter
• The contract
• The activity module
• Optionally a navigator

These classes are often very similar to each other and that gets picked up by SonarLint as a code duplication. Another reason for the duplication were the GSON models that were made. For Retrofit to play nice, a complete copy of the to-be-received models from an API is required. This meant that I had to make a lot of GSON models and often times they contain child models that are a 90%+ match with other GSON models.

The amount of functional lines of code that were duplicated are actually quite low.

After seeing the first scan I was pleasantly surprised at the fact that there were only 2 bugs in the whole project. This is especially nice since the project contains 16.000 lines of code. Nevertheless, all the bugs needed to be solved. The same went for the vulnerabilities and also as many code smells as possible. The result of my code cleanup can be seen in the next image.

As you can see, all the bugs and vulnerabilities are taken care of. There were actually some notable bugs that I will discuss in my bugs article. In addition to the bugs and vulnerabilities, 145 code smells were removed. The security threats still stand however.

I looked into what the security concern were and found that they were talking about broadcast receivers that I had registered. After looking at Google's specifications I realized that there are no risks in the way I implemented the receiver. According to Google, you need to register the receiver in the "onResume" method and unregister it in the "onPause" method. I was already doing this. As long as you do that there should be no leak possible. The code noted in the snippet in the next image was actually copied from DataWedge's own example project so I doubt there is anything else wrong with that either.

Since the app has such a large scale and it also uses dependency injection it is really hard to test. In favor of feature development, little to no unit tests were made and instead the app was tested by users to see if they can find any problems with it. This is also how Brickx usually handles its testing.

Design-wise, paper prototypes were made. Some of them can be seen in the UI segment of this blog. In general the response to the new design was good. Stakeholders liked how the app looked relatively simple yet elegant. This was achieved by the use of material design and card views. Navigation was clear to them as well. Compared to the old app the new app uses different header sizes and colors for text to further improve its clarity.

Usability testing

To make sure the app's design is suitable for the end user I did some usability tests with various people. You can read about the specific test in the document on the left.

One thing to note that wasn't part of the usability test was a complaint that I heard afterwards. A user thought the menu buttons might be a bit too small. They were far bigger in the old app but I made them smaller so that more of them could fit on the screen and minimal scrolling would be required. I'll need to see if other people share this complaint before I change the sizes though.