Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Practical Network for Android Developers

Practical Network for Android Developers

In this talk we are gonna be talking about the Network data layer with a different vision that usually is addressed, cause networking on Android is difficult to work with, with multiples carriers, streaming different and rich contents, and all of this should arrive at our users without missing a single detail.

We will cover the next couple of topics:

Part 1 — HTTP and Network Layer
Part 2 — TLS, Certificates, and Pinning
Part 3 — Authenticators and Interceptors
Part 4 — Performance, Redundancy, and Concurrency
Part 5 — Testing and Integration

Dinorah Tovar

March 31, 2021
Tweet

More Decks by Dinorah Tovar

Other Decks in Technology

Transcript

  1. Practical Network for
    Android Developers
    Dinorah Tova
    r

    Google Developer Expert

    Platform Mobile Engineer

    @ konfío.mx
    @ddinorahtovar
    @ddinorahtovar

    View Slide

  2. Network is
    important!

    View Slide

  3. Network means a lot of things
    @ddinorahtovar

    Data Layer
    Network

    Presentation Layer
    UI
    Models


    Entities
    Domain Layer

    View Slide

  4. Network means a lot of things
    @ddinorahtovar
    •Concurrency
    •Clients
    •Connections (WIFI, Cell)
    •Http versions and frames

    View Slide

  5. Network means a lot of things
    @ddinorahtovar
    Request
    Response
    Click Origin Server

    View Slide

  6. Network means a lot of things
    @ddinorahtovar
    •Request — Make an HTTP request to an URL
    •Response — Will return an error or success
    •Data that can be parsed — Parsing of a String as
    response to a Data Class

    View Slide

  7. Network means a lot of things
    @ddinorahtovar
    Uniform Resource Locator
    Headers
    Body

    View Slide

  8. Network Errors are for surviving
    @ddinorahtovar
    •1xx — Everything is cool, just wait a little bit
    •2xx — Everything is fine, fully successful
    •3xx —The response is somewhere else

    View Slide

  9. Network Errors are for surviving
    @ddinorahtovar
    •4xx— The request by the client is poorly
    fulfilled, so this is an error from the mobile
    side
    •5xx — The server failed to fulfill a correct
    request, so this is an error from the backend
    side

    View Slide

  10. Http and Network Clients

    View Slide

  11. Http Methods
    @ddinorahtovar
    GET
    PATCH
    DELETE
    POST
    PUT

    View Slide

  12. Http Methods
    @ddinorahtovar
    GET
    PATCH
    DELETE
    POST
    PUT
    •GET — Push data from server
    •POST — Create new resources
    •PUT — Update resources
    •PATCH — Update specific resources
    •DELETE — Delete resources

    View Slide

  13. HttpClient
    @ddinorahtovar
    •HttpClient are clases to handle Http connection,
    methods and frames of data

    View Slide

  14. Cache
    @ddinorahtovar
    •Database Catching — Database provide an
    impactful factor of your app performance.
    •CDN — Global network of edge locations to
    deliver a cached copy of your APIs content
    •DNS — Every domain request made on the internet
    essentially queries DNS cache servers in order to
    resolve the IP address

    View Slide

  15. Cache policies
    @ddinorahtovar
    •Designed for non suffering and be aware that not
    everything change in a second
    •File allocation
    •max-age [Max time available]
    •Size space

    View Slide

  16. Cache policies
    @ddinorahtovar
    •Cache file and policies

    View Slide

  17. Cache
    @ddinorahtovar
    •To force a full refresh, add the noCache()

    View Slide

  18. TSL, Certificates and
    Pinning

    View Slide

  19. Transport Layer Security (TLS)
    @ddinorahtovar
    •Transport Layer Security (TLS) is the successor
    protocol to SSL. TLS is an improved version of
    SSL.
    •Depends on HTTP and the multiple flavors
    available

    View Slide

  20. TSL depends of HTTPs
    @ddinorahtovar
    Version Content
    Http/1.1

    with TLS
    Http/2

    with TLS
    TLS streams, TCP streams & Packages
    Frames division
    UDP packages + QUIC streams
    Http/3

    with TLS

    View Slide

  21. TSL depends of HTTPs
    @ddinorahtovar
    HTTP/1.1

    TCP streams and
    packets
    HTTP/2

    Frames division
    HTTP/3

    QUIC streams

    View Slide

  22. TSL
    @ddinorahtovar
    •Using HTTPS in our servers is enough?
    •Want to be safe? Then, lets talk about
    encryption
    •Short Answer: No

    View Slide

  23. Your App

    TSL
    @ddinorahtovar
    Origin Server

    Encrypted Certificates

    TSL/SSL

    View Slide

  24. TSL in your HTTP client
    @ddinorahtovar

    View Slide

  25. TSL
    @ddinorahtovar
    •What is a cipherSuite?
    val cipher = Cipher.getInstance("AES/CBC/PKCS5Padding")
    Schema
    Model
    Padding

    View Slide

  26. TSL
    @ddinorahtovar
    •What is a cipherSuite?
    .cipherSuites(

    CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,

    CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256

    )
    TLS Bulk
    encryption
    Key exchange
    and
    signature
    Message auth

    View Slide

  27. Certificates
    @ddinorahtovar
    •In a typical SSL usage scenario, a server is
    configured with a certificate containing a public
    key as well as a matching private key. As part of
    the handshake between an SSL client and server,
    the server proves it has the private key by
    signing its certificate with public-key
    cryptography

    View Slide

  28. Certificates
    @ddinorahtovar
    CER (.CRT
    )

    PFX

    View Slide

  29. Certificates
    @ddinorahtovar

    View Slide

  30. Security is important
    @ddinorahtovar
    •You can check “Modern security for Android
    developers”

    View Slide

  31. Authenticators &
    Interceptors

    View Slide

  32. Interceptors are amazing!
    @ddinorahtovar
    Your App
    OkHttp

    Core
    Internet
    Loggin
    Interceptor
    Network
    Interceptor

    View Slide

  33. Loggin interceptors
    @ddinorahtovar
    •They give us information about the Headers or
    Body levels of the request and response
    •Only Debug
    •They can leak information

    View Slide

  34. Loggin interceptors
    @ddinorahtovar

    View Slide

  35. Network interceptors
    @ddinorahtovar
    •They give us the chance to modify request and
    responses
    •Can be used in production
    •Amazing for handling errors like 401!

    View Slide

  36. Network interceptor
    @ddinorahtovar

    View Slide

  37. Network interceptors
    @ddinorahtovar
    •Do we need it like that?
    •Let’s do it in a cool way
    ->
    •Short Answer: well, maybe no

    View Slide

  38. Network Interceptor
    @ddinorahtovar

    View Slide

  39. Interceptor.Chain
    @ddinorahtovar
    •We need to talk about Interceptor.Chain
    •Specially about RealInterceptorChain

    View Slide

  40. Interceptor.Chain
    @ddinorahtovar
    •Here is where all the HTTP work happens

    View Slide

  41. Network Interceptor
    @ddinorahtovar

    View Slide

  42. Authenticator
    @ddinorahtovar
    •Returns a request that includes a credential to
    satisfy an authentication
    •Authenticate by returning a follow-up request
    that includes an authorization

    View Slide

  43. Authenticator
    @ddinorahtovar
    Your App Authenticator Your server
    401
    Try to
    access
    Refresh
    Refresh
    Normal
    request
    Normal
    request

    View Slide

  44. Authenticators
    @ddinorahtovar

    View Slide

  45. A tip for OkHttpClient

    View Slide

  46. OkHttpClient and Start up time
    @ddinorahtovar
    •Slow the times of creating

    View Slide

  47. @ddinorahtovar
    •Dagger Party tricks by Zac Sweers
    OkHttpClient and Start up time

    View Slide

  48. Performance

    View Slide

  49. Performance!
    @ddinorahtovar
    •Depends of many things
    •Redundancy
    •Concurrency
    •OkHttpClient*

    View Slide

  50. Concurrency
    @ddinorahtovar
    •Is not proper mobile but is important!
    Fault tolerance
    High Availability

    View Slide

  51. Concurrency
    @ddinorahtovar
    Pools
    Threading
    •Is about three things
    Coroutines*

    View Slide

  52. Threading
    @ddinorahtovar
    UI Thread
    Dispatcher IO

    Suspendable action

    View Slide

  53. Connection Pool
    @ddinorahtovar
    CPU operation
    like Files
    Databases
    Network

    View Slide

  54. Testing

    View Slide

  55. Testing should be simpl
    @ddinorahtovar
    Your App MockResponse MockWebServer
    Intercept
    call
    Normal
    request
    Mocked
    response
    Normal
    request

    View Slide

  56. MockWebServer
    @ddinorahtovar
    •Let you manipulate the responses and let you
    verify request were made as expected
    •Testing of:
    •Request/Response
    •Body’s responses
    •Header’s

    View Slide

  57. MockWebServer
    @ddinorahtovar
    •Simple setup

    View Slide

  58. MockWebServer
    @ddinorahtovar
    •Adding responses is pretty simple!

    View Slide

  59. MockWebServer
    @ddinorahtovar

    View Slide

  60. Practical Network for
    Android Developers
    Dinorah Tova
    r

    Google Developer Expert

    Platform Mobile Engineer

    @ konfío.mx
    @ddinorahtovar
    @ddinorahtovar

    View Slide