Some of our clients come to us with little more than an app idea. Others, however, come to us with a nearly finished app that their former developer just could not finish. It’s the story of how we started Twin Sun. Our first few clients had apps that needed help getting over the finish line.
The first step with these clients is to review their app’s existing code. We conduct code reviews to determine the state of the app and to identify how we may best help clients reach their goals.
What is a Code Review?
Generally, a “code review” is a process of assessing the quality of code written for an application. The scope of a code review can be big or small. A developer may review anything from a single file to an entire application.
For our purposes, we call a “code review” a full review of the entire application. Our code reviews involve a thorough examination of the code base, including the architecture, design, and implementation. A lot of the details we review are “under the hood.” We want to know how the app works and what challenges we may face in supporting it. Look and feel are important as well. Our code reviews include a review of the app’s user experience and the user interface.
Our review does not sum up the code base as “good” or “bad.” Instead, we provide a high-level report of our findings, focusing on the facts. With the client’s goals in mind, we then offer our recommendations on the best way to proceed.
Why Do Code Reviews?
Code reviews serve a few purposes. Our primary reason for a code review is to determine if we can work with a client’s existing code base. This is considered the optimal outcome for most clients. They have already invested time and money into their app, and they want to see it through to completion. No one wants to pay twice to build one app.
Some clients, however, aren’t asking to use our development services when they ask us for a code review. Instead, they’re simply looking for a third-party perspective on how their current development team is doing. Others ask for guidance or assistance on specific components of their app.
Another reason to do a code review is to determine if there are hidden flaws in the app. For example, a client may wish for us to conduct a code review as part of a larger security audit or compliance audit.
Regardless of the reason, a code review is a great way to get a fresh perspective on your app.
What to Expect From Our Review
The first thing we do when reviewing your app’s code is ask about your goals for the code review. Perhaps you want to know if your app is ready for production. Maybe you want to know if your app is ready for a security audit. Or, you may want to know if we feel comfortable taking over the development effort for your app.
Once we understand your goal, we select the most appropriate team members to conduct the review. We’ll then ask you for access to the code base and any other relevant information. We review everything you provide: design assets, user stories, and technical documentation are all helpful.
Our code review process is thorough but conducted rather quickly. We typically turn around a document with our findings within a few days, and then have a meeting with you to discuss where you’d like to go from there.
Code Review Process
Before we dive in to your app’s source code, we use the app to get a feel for how it works. We want to understand what users experience. This can help us identify areas of focus for the code review.
We then begin our review of the code itself. Starting with the architecture, we look at how the app is structured. We also build the application ourselves to look for potential problems with the build process. We then analyze the code itself, using both a manual review and static analysis tools.
What We Look For in a Code Review
The manual code review is best for catching problems in business logic, software design, and user experience. We seek to understand the code, see if it is well-organized, and determine if the actions taken in code meet your expectations for the app. There are common software design patterns frequently used by developers to solve common problems. We look for these patterns and determine if they are appropriate for your app.
We also look for common mistakes in the code. Many logic errors, for example, can only be uncovered by a human reviewer (at least, for now!).
Automated static analysis tools are useful for catching problems in code quality, security, and performance. Many security issues can be avoided with regular software updates: we look for evidence of this. Vulnerability scanners show us if your app is vulnerable to known security issues.
We also use static analysis tools to look for performance issues. Static analysis tools look at ABC complexity and cyclomatic complexity. These complexity measures identify code that may run slower than necessary.
Other tools help us identify other areas for improvement, such as code duplication, dead code, and other code smells.
When we’re determining whether we can work with your existing code base, we also look for signs of maintainability. We want to know if we can easily make changes to the code base. Automated testing helps ensure that we can make changes without breaking existing functionality. Every time a code change is made, the automated tests can be run to ensure that the change did not break anything. Without automated tests, maintainability becomes a growing concern over time with any app.
Documenting Our Findings
We take notes as we conduct our review, and compile these notes into a high-level report. The report may dive into technical details or include sections of code, but the written descriptions of problems are intended to explain why those technical details are important.
Our findings cover the application’s architecture, experience, and implementation. Each of our findings are categorized into one of three levels of severity: critical, major, or minor. Critical issues are things that must be addressed before the app can be released. Major issues are things that should be addressed to give the app the best chance of success. Minor issues are things that can wait, but would be nice to address for long-term maintainability or a polished user experience.
Once we have documented our findings, we estimate the time and cost to address our findings. When it makes sense, we sometimes offer an alternative: an estimate of the time and cost to start over from scratch.
What to Do After a Code Review
Once the review is finished, we’ll share our findings and discuss them with you. Ultimately, the decision of what you do with the review findings is up to you. We seek to give you the necessary information to make the best decision possible for your app.
Most of the projects we’ve taken over from other developers have been salvageable. A lot of development agencies don’t like to take over someone else’s code. They’d rather rewrite a new app from scratch. However, we recognize that a rewrite is not always the best business decision.
We’ve helped several clients find success with their existing code base, avoiding the cost of a rewrite. This review-and-complete approach helped Artful Agenda, It’s Your Birthday!, and others get to market quickly on a reasonable budget.