If you are using the certificate pinning in your Android app, you may have the same troubles as me:

For the first trouble, OkHttp3 provided CertificatePinner to allow us to pin a server certificate with a few lines of code.

val certificatePinner = 
CertificatePinner.Builder()
.add("*.publicobject.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
.build();

Although the implementation is simple, it doesn’t mean we don’t need to validate at all. There was one time in our app…


From Google

Testing on Android is troublesome especially when we need to cover some edge-cases like server returned unexpected data, certificate pining failure, and other network conditions.

Also, there are some common issues when we are conducting automated testing:

All these issues we can resolve together by using MockWebServer, as part of the OkHttp library provided by Square.

This article does not only show the basic usage of MockWebServer, but also shows you how…


This is a common issue if we don’t take care of it in our application, and it is difficult to catch the issue during development. But once our app is deployed to production, sometimes we can see this kind of crash is reported.

This is an example of the crash log:

Simulate the issue

To simulate the issue, I created this simple application.

The application can simulate 2 different scenarios that could cause the crash.

Pop up dialog

In this flow, when the button “SHOW POP UP” is clicked, it simulates an API calling to the backend, the backend…


In some use cases, you need to have an accurate time that is close to your server time as much as possible, it doesn’t have to be very accurate, but it must be close to your server time. For example, some market apps to monitor the stock price and do trading, some shopping app has count down event for flash deals, apps using TOTP algorithm, any app having a short life access token to be refreshed just in time.

When you search online for this issue, a lot of them to point you to one answer, that is using an…


Although there are a number of articles talking about Android memory leak, I still want to discuss it from another perspective.

What is a memory leak

A Memory Leak happens when there are objects present in the heap that is no longer used, but the garbage collector(GC) is unable to remove them from memory. The reason that the garbage collector cannot remove them is that they are still referenced by other used objects, even they are unused already. Improper referencing may cause a memory leak.

Categories of Android memory leak

The reason for memory leaks in Android can be divided into 2 categories. As long as you can take care…


What is Android Keystore

The Android Keystore provides access to special secure hardware for storing cryptographic keys. From Android 6.0, the security of Android Keystore was significantly enhanced, because Android started to support hardware-backed secure storage, then key material may be bound to the secure hardware inside the device, e.g., Trusted Execution Environment (TEE), Secure Element (SE).

Why Android Keystore is not thread-safe

Android provides a set of common APIs and algorithms for applications to use Android Keystore. But these APIs are just a wrapper layer, the actual calculation and storage are done by the secure hardware. There is only one single hardware chip doing all these things, once multiple…


Understanding of Android Fragment lifecycle

Android Fragment has a different lifecycle from Android Activity. It makes fragment more complicated and memory leak prone when we put the fragment into back stack.

When we put a fragment into the back stack, the views of the fragment are destroyed, onDestroyView() is called, the fragment itself is not destroyed,onDestroy() is not called in this case. And when the fragment returns back from the back stack, only onCreateView() is called, onCreate() is not called.

Android Fragment Lifecycle

From here we can see, the lifecycle of the views inside fragment are shorter than the fragment itself.

Butterknife memory leak

Although Bufferknife is deprected, here we still…


My background is a mobile developer, have both Android and iOS experience. In Android development, now it’s popular to use Dependancy Injection(DI) frameworks, like Dagger, Koin or Hilt. The test coverage can be easily increased to 80%, or even 90%+ by using DI framework. But in iOS development, it is still not very common to use any DI framework, and I always find out it’s difficult to increase the test coverage for iOS code. Is it because we are not using DI framework? No, most of the time it’s because our design issue.

This article is trying to dig deeper…


Lock

A lock only allows one thread to enter the part of code inside the locked scope.

For example, in the gym, there is one locker shared by multiple users. If someone has already used it, it will be locked, anyone else can not use it until the previous person unlocks it.

Lock is not shared with any other processes, it can be only used by current process.

Mutex

A mutex (Mutual exclusion) is the same as a lock but it can be system wide (shared by multiple processes). It is used to synchronise access to a resource.

Semaphore

A semaphore restricts the…


Although MVVM architecture was first introduced by Microsoft and widely used in WPF application, now some other applications also can use it, for example, Android application or Angular JS web application.

MVVM becoming more and more popular is because its loose coupling and clear responsibility of View layer and Control layer, comparing with traditional MVC.

Why MVVM architecture is loosely decoupled?

The reason is simple. In MVVM, only View layer is holding the reference of View Model, only View Model is holding the reference of Model layer.

Not like MVC, even Model layer also can hold the reference of View…

Weidian Huang

Android developer likes to dig deeper into the issues

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store