What are the key steps to conducting a mobile app code review?

A mobile app code review is a process of examining and evaluating the source code of a mobile application to identify and fix errors, vulnerabilities, and inefficiencies. A code review can improve the quality, security, and performance of a mobile app, as well as enhance the skills and collaboration of the developers. In this article, you will learn the key steps to conducting a mobile app code review, from planning and preparation to feedback and follow-up.

Вносите свой вклад в коллективные статьи, чтобы получить в профиле признание за ваше профессиональное мнение. Подробнее

Guiding innovations in healthcare to empower humanity and unlock limitless potential for a fulfilling future

1 Define the scope and goals

The first step to conducting a mobile app code review is to define the scope and goals of the review. The scope determines which parts of the code are subject to review, such as specific features, modules, or functions. The goals specify what the review aims to achieve, such as detecting bugs, improving readability, or enforcing coding standards. The scope and goals should be clear, realistic, and aligned with the project requirements and expectations.

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

Any action item starts by defining the goals and objectives. In the same way for the code review, we have to define the scope. Which modules, features, and files we are going to cover for the reviews? Your feedback might be with different priorities like Logical bugs, Functional bugs, Not following the Code standards, Not optimal, Security Standards, and Others. A goal helps to review your good efficiently and effectively.

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

Besides defining the scope and goals of a code review, it is very important the author of the pull/merge request has a good description for his/her/their code changes. It needs to be clearly stated if a new feature is being added, or a bug is being fixed, or it is a refactoring of existing feature/code, etc. Each reviewer usually has their own steps of reviewing, depending on familiarity with the feature, some reviewers only check the code styling, readability and complexity, while others can have input on whether the newly added logic works as expected.

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

Prioritize code review goals like security, performance optimization, and code quality. Assemble a skilled team familiar with the technology stack and domain. Ensure reviewers understand coding standards. Clearly define review scope, encompassing files, components, comments, and documentation. Update project documentation, incorporating lessons learned from the review process.

Guiding innovations in healthcare to empower humanity and unlock limitless potential for a fulfilling future

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

Setting SMART goals within the defined scope can provide a roadmap for the review process. This approach encourages a culture of continuous improvement and knowledge sharing among the development team, which can significantly contribute to the overall quality and success of the mobile application. In my previous experiences, we set a goal to reduce the app's load time by identifying and optimizing high-latency functions within a 2-week review period. This goal was specific (optimize high-latency functions), measurable (reduce load time), achievable (targeted optimizations based on profiling), relevant (directly impacting user satisfaction), and time-bound (within 2 weeks).

Founder & Director @ Wiriya Technology Pvt Ltd. | ICT Consultant | Adobe Certified Professional - Adobe Commerce Business Practitioner | PRINCE 2® Practitioner & ITIL-F Certified

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

Understand the goals and objectives of the code review, such as ensuring security, optimizing performance, or maintaining code quality. Choose experienced team members with knowledge of the technology stack and domain to review the code. Ensure that reviewers have a good understanding of the coding standards and guidelines. Clearly define the scope of the code review, specifying which files or components should be reviewed. Scope should include code comments, documentation, and inline explanations that help developers understand the code's purpose and logic. Update project documentation, such as design documents, coding standards, and coding guidelines based on lessons learned from the code review.

2 Choose the tools and methods

The second step to conducting a mobile app code review is to choose the tools and methods that will facilitate the review process. The tools are the software or platforms that help automate, manage, or document the code review, such as code analysis tools, version control systems, or code review platforms. The methods are the approaches or techniques that guide the review process, such as peer review, pair programming, or checklist-based review. The tools and methods should be suitable, reliable, and consistent for the mobile app project and the review team.

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

Leverage version control systems like Git, Mercurial, or SVN for efficient codebase management. These systems form the basis for streamlined code reviews. Employ static code analysis tools such as ESLint, Checkstyle, or SwiftLint to automate the identification of coding standard violations and potential issues. Utilize integrated code review features in IDEs or integrate with code review platforms for convenient evaluation during development.

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

You can pick up the manual process when the project is small but you must follow the automation process for the medium and big projects where multiple PR will be done and review must required. Go with the static code analysis to standardize the code. Prepare an organization-level checklist as per the standard practice in the industry and follow the steps for code review. Prepare a separate branch for the sonar fixes where your PR merges in that to do the latest code scan and get the latest code from it after your fixes. That would be less coupling code and will not create dependency in deployment. The tools and methods should be suitable, reliable, and consistent for the mobile app project and the review team.

Founder & Director @ Wiriya Technology Pvt Ltd. | ICT Consultant | Adobe Certified Professional - Adobe Commerce Business Practitioner | PRINCE 2® Practitioner & ITIL-F Certified

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

Use of version control systems like Git, Mercurial, or SVN to manage the codebase. These systems provide a foundation for code reviews. Use static code analysis tools like ESLint (for JavaScript), Checkstyle (for Java), or SwiftLint (for Swift) to automate the detection of coding standard violations and potential issues. Many IDEs offer built-in code review features or integrations with code review platforms, making it convenient to review code while developing.

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

Choose appropriate tools and technologies to assist in the code review process. Version control systems like Git, code review tools like Gerrit or Crucible, and static code analysis tools such as SonarQube or Checkmarx can be helpful.

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

In my experience, A team should have a set of rules and tools to perform code reviews. A static tool like SwiftLint for Swift helps to maintain the code standard and allows the team to follow the same code pattern. A version control system like Git helps to compare your changes nicely by creating pull requests. It allows code reviewers to write their comments at the right place of error in pull requests. So It helps to understand the issue, fix potential bugs, improve the logic, and avoid conflicts before pushing the final changes.

3 Review the code

The third step to conducting a mobile app code review is to review the code according to the scope, goals, tools, and methods defined in the previous steps. The reviewers should examine the code for various aspects, such as functionality, logic, security, performance, readability, maintainability, and compliance with coding standards and best practices. The reviewers should also document their findings, comments, suggestions, and questions in a clear, constructive, and respectful manner.

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

Prioritize identifying security vulnerabilities and risks in the codebase. Focus on common issues like insecure data storage, inadequate authentication mechanisms, and absence of input validation.

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

After defining the goal and choosing the right tool with a sanity checklist it's time to do a code review. Every line of code is important to review to avoid gaps. Your sanity checklist should have different aspects to cover the code coverage i.e. functionality, logic, security, performance, readability, maintainability, and compliance with coding standards, best practices, duplication, unused. You can also mark the priority for each to fix in which order as critical, high, medium, low along with type as bug or suggestion. Your feedback should be clear, constructive, and respectful manner so the developer team should be easy to understand and fix with the right approach.

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

Pay special attention to security vulnerabilities and potential risks in the codebase. Look for common security issues such as insecure data storage, improper authentication mechanisms, and lack of input validation.

4 Communicate the feedback

The fourth step to conducting a mobile app code review is to communicate the feedback from the reviewers to the developers who wrote the code. The feedback should be timely, relevant, and actionable, meaning that it should be delivered as soon as possible, address the specific issues or improvements, and provide clear guidance on how to fix or enhance the code. The communication should be respectful, collaborative, and constructive, meaning that it should acknowledge the strengths and weaknesses of the code, foster dialogue and learning, and focus on solving problems and improving quality.

• Копировать ссылку на вклад
• Пожаловаться на вклад Спасибо за уведомление! Вы больше не увидите этот вклад.

After providing the code review feedback it's more important to get feedback from the developer. Do they agree? do they understand? Define the timeline to fix it. Is there any dependency from other stakeholders to fix the bug first and then the concern team approaches it afterwards? If the developer is not clear with understanding they can ask for help. address the specific issues or improvements, and provide clear guidance on how to fix or enhance the code. The code review thread should be live and must required before the alpha release with QA. The communication should be respectful, collaborative, and constructive, meaning that it should acknowledge the strengths and weaknesses of the code focus on solving problems and improving quality.