preloader
SparkMinds
SparkMinds
mobile-development-sp

A Cryptocurrency Exchange mobile app based on the API platform

This project involves building a Mobile App for a Crypto Exchange platform based on the pre-existing API platform. The mobile app is required to have all the necessary features of a cryptocurrency exchange, including integrated candlestick charts, user face recognition, and authentication for KYC, trading, deposit, and withdrawal functionalities. Additionally, the app must ensure a high-performance architecture and meet the customer’s security requirements.

Project Overview

Client

Client name: Private
Nation: Private

Industry

Private

Platform

Mobile Application (iOS/Android)

Team Size

Private

Technologies

Private

Features & Security

Functional

  • Trading (Buy/Sell) 
  • FIAT Deposit/Withdrawal
  • Crypto Deposit/Withdrawal 
  • eKYC via Mobile App
  • Candlestick Chart integration
  • Customer helpdesk for mobile
  • And many other functions…

Non-Functional

  • High Performance The app operates efficiently with tens of thousands of user accesses
  • Multi-device/multi-platform Ensuring smooth operation on iOS and Android mobile and tablet devices
  • Real-time device logs Sending real-time logs from each device to Google Analytics/Sentry
  • Security Ensuring security measures such as PIN verification, biometric authentication, OTP, and other mobile app-related security rules

System Security

  • HMAC Authentication Verifies that requests are coming from expected sources and have not been tampered with during transit
  • DDoS Attack Prevention  Utilizing CloudFlare, the system can monitor and quickly block DDoS attacks based on request IP addresses
  • XSS, CSRF & SSRF protection
  • Encrypted data User’s sensitive information related to banking, phone numbers, addresses, etc., is encrypted in the database
  • CloudFlare (CDN) integration  Integration with CloudFlare enables easy prevention of DDOS attacks, unauthorized access through OTP verification, and real-time security monitoring
  • IP Whitelist/VPN Access to the web admin system is restricted to IP Whitelist or authorized VPN accounts
  • Secret key stored in Vault All project keys (such as secret keys, third-party API keys) are stored securely in a separate storage system (without any information stored in the database or source code)
  • Multisignature cold wallets
  • Hide sensitive data in logs All important information is hidden in the system logs
  • Frequent security scanning with OWASP, SynkIO, and AWS Security Scans Integration of well-known security scanning tools such as OWASP, AWS Security Scans, and mandatory SEC tools ensures the detection of security issues and daily updates on new security vulnerabilities

User Security

  • Two-factor Authentication Integration of One-Time Password (Google Authenticator) for functions such as FIAT/Crypto Withdrawal and User Security Features
  • Login Throttling Limits the number of logins attempts an attacker can make while providing multiple opportunities for users to remember their passwords
  • Complexity policy for password and PIN Ensures a certain level of complexity for passwords and PINs (for mobile phones) to prevent easy guessing by hackers

Solutions

We deployed the project with a team of experienced developers in the blockchain field, implemented a Hybrid app approach, chose the right programming languages, integrated Google Analytics & Sentry, and also applied specific security rules.

Evaluation and implementation of a Hybrid app approach 

Choosing programming languages that have libraries supporting all project requirements 

Involving experienced developers who have previously worked on crypto exchange platforms to enhance speed and quality

Integration of Google Analytics/Sentry to identify and handle all non-API-related errors 

Implementation of specific security rules for the mobile app 

dexwonder-project-solution

Challenges

The project team encountered no technical challenges, including achieving the system’s functional criteria as specified by the SEC, based on prior experience working on other exchange systems. However, the project has to face challenges due to the Cryptocurrency downtrend:

Financial Impact of Cryptocurrency Downtrend

Risk of Uncertain Market Conditions

Balancing Project Quality and operational Cost

Managing Stakeholder Expectations

Ensure legal protection for users set by the Securities and Exchange Commission (SEC)

Cost & Quality Optimization

The way we save cost and optimize quality for this project:

Developing the app using a Hybrid approach (Typically, for finance-related apps, prioritizing a consistent logic across iOS and Android reduces errors and cost, making the Hybrid approach the most suitable choice)

Rational division of work
(Developers with no prior experience with exchanges focus on UI development, while developers with exchange knowledge solely handle API integration, significantly boosting project speed and quality) 

Utilizing AI in the workflow

With the current capabilities of AI in assisting various tasks, applying AI to tasks such as UI design, testcase review, and source code review has helped the project team save a significant amount of time and effort.

Automation of code review

Using SonarQube for automated code review helps save costs associated with manual code review and ensures the quality of the source code. 

Proper task allocation

Each project involves both experienced and new team members. Although all team members receive training before joining the project, it is not possible to cover the entire system comprehensively. Therefore, to accelerate project progress and ensure the highest quality, it is essential to assign experienced individuals to tasks that require expertise in a specific domain. For example, when developing a Mobile App, experienced individuals can handle API integration for screens with complex logic, while newcomers can focus on UI development, requiring little or no experience in Crypto Exchange.

Adhering to strict quality processes

It may seem difficult to persuade, but usingthird-party services can save more money than handling a service internally. For instance, by using a third-party service for Slider Captcha (a service provided by a dedicated team), the project can save costs compared to implementing and maintaining a separate service. Based on the company's experience and project team's expertise, they have identified third-party providers with the best cost-effectiveness, stable service quality, and sustainability.

Utilizing third-party services to save costs

Each error results in a series of related actions, such as logging bugs, fixing and retesting, reporting, and capturing evidence. By ensuring strict quality processes within the company, the project team has minimized the occurrence of errors, reduced rework time and saving costs.

Experience from previous projects

With their own experience and a team of experienced consultants, the project's technical and business implementations are streamlined and accurate, minimizing costs, time, and resources. For a large-scale project, even a single incorrect business or technical approach can lead to a cascade of issues. By forecasting and providing appropriate solutions based on previous project experiences, this project ensures the highest quality while maintaining reasonable and cost-effective measures.

Accomplishment

Within less than 3 months, the team successfully completed the app for the client, meeting the set deadlines and quality standards. This achievement serves as a foundation for future projects, as the client continues to engage SparkMinds for further collaborations.

Need a companion?

Don’t Hesitate, Contact Us Now!

    Let's work together!