Why use third party packages?
Using third party packages for your next mobile app is a great way to speed up your time-to-market and to ameliorate the functionality of your app. Let’s face it: you really, really do not want to spend all the time or energy to develop everything from scratch without a compelling reason.
In this article I’d like to list the 10 top must-have Android packages that you should consider for your next project.
Building everything from scratch in my view is costly, unnecessary, and prone to error. If you select that route, your project may get hung up developing some kind of peripheral functionality that you could have easily integrated by loading a package.
What about Security?
It’s a valid concern, but not a good argument for developing everything from scratch. As a professional in the security space, I can tell you that we do use some third party libraries. But not just any libraries. If you are concerned about security, you have to be selective.
How to select a third-party package?
Here a few tips you should follow when considering to use a third-party package:
- Use packages from well-known IT companies: Google, Amazon, Microsoft, Twitter, etc. When they publish a library, their reputation is at stake so the quality is likely much better than a module that a six grader developed as a homework assignment.
- Use packages that are open-source. Open source equates to accountability. With the whole world doing a source code review, it’s likely that bug will get discovered.
- Use packages that are mature and have been implemented in a variety of other apps, preferably with a large user base. Let’s face it, but you don’t want to be the first one to find out that a module has major issues.
- Do a code review yourself. Seriously, if the package is open source, go out to GitHub and take a look at the source. I’ve recently found out that a popular library for storing preferences securely called ‘Ophio Secure’ uses an insecure encryption algorithm (PBE with DES) and writes the private key to a file instead of leaving it in the Android Key store, so sometimes it pays reviewing the code.
So without further rambling, here the Top 10 Android packages you should use for your next project, not necessarily in order of priority.
Realm is a great database library and alternative to SQLite. The big advantage that will drive down your development time is the fact that realm doesn’t require defining a relational database schema. You can just define a Realm object or a Realm list of objects and store them in the database without having to construct SQL statements.
As an added bonus, Realm has the option to set an encryption key, which transparently encrypts the database data with AES-256.
Realm is also available on iOS, so if you are developing on multiple platforms, using the same modules can simplify the implementation.
To find more about Realm, visit the Realm repository on GitHub.
2. Dagger 2
Dagger 2 is a framework to simplify Dependency Injection that was developed by Square and is now maintained by Google.
So what the heck is Dependency Injection? It’s a software development pattern in which components that a class is dependent on are not instantiated within that class but injected into the class from outside. This supports some of the software design principles such as ‘Separation of Concerns and ‘Encapsulation’. By injecting dependencies from outside, we have a more flexible implementation where these dependent objects can be switched out for testing or to support different implementation scenarios.
You can find more about Dagger here.
3. Not ButterKnife
Ok, I know a lot of developers love ButterKnife. OK, I prefer Android data binding, which is the out-of-the box functionality provided by Android. The reason is that with ButterKnife, you still have to bind each UI control manually in the View Controller using BindView. If you have a lot of controls, that’s a lot of code.
With Android data binding, you bind to the layout view once in the View Controller, and then you can access each UI control via the binding.
Or you can use automatic two-way binding by binding the view to a model. This way, any changes to the model data from the controller or the user side will be automatically reflected in the UI. Very convenient.
You can find out more about data binding in the Android documentation.
4. Firebase Auth
If you want to authenticate your users and build security rules to protect your data around it, I recommend to take a look at the Firebase Auth module. As you may know, Firebase is a full-featured mobile backend now owned by Google.
By using Firebase for user authentication and account management, you are saving yourself implementing web services and a backend for user management.
The Firebase Auth module provides you with options for the user to authenticate using email and password, or a social media account such as Facebook or Twitter.
If all those are not an option and you’d like build your own authentication implementation, you can use Firebase custom tokens, which are session tokens that you can generate yourself using Firebase private key credentials.
Firebase Auth uses the oAuth protocol under the covers and communication between the client and the Firebase backend is secured using SSL with 2048-bit keys.
5. Firebase Database
Another nice Firebase module for cloud storage is their database service. Firebase has two database versions: The Firebase database, which is their more mature implementation, and the new Firebase Firestore, their more scalable service, which is currently still in Beta. Unless you have a good reason, I would recommend you go with Firestore. From the Firebase uptime stats it looks like it’s a lot more stable than Firebase database.
Both databases are no-SQL databases that let’s you easily store objects as a JSON. In addition, you can configure listeners to listen for changes and handle change events using the Firebase database SDK. The SDK also provides some caching functionality for offline caching.
Their database implementation works nicely together with Firebase Auth and you can build database security rules around your data referencing the authentication token’s user id.
You can find out more about Firebase databases here.
6. Firebase Storage
In case you are building an app that needs to store files in the cloud or share files between users, I recommend Firebase Storage.
Firebase Storage is a module that is really easy to integrate. You basically load the Firebase package and then you can use the Firebase Storage SDK apis to upload and download files. Files are then accessed via URLs.
Firebase Storage works together nicely with the Firebase Authentication module so you can build security rules for accessing stored files by reference the user’s authentication token information.
If you are looking for a full-featured HTTP client without the complexity of a module like Retrofit, I recommend OKHttp by Square.
Here are some of the advantages of OKHttp over Android’s HttpURLConnection:
- HTTP/2 support allows all requests to the same host to share a socket.
- Connection pooling reduces request latency (if HTTP/2 isn’t available).
- Transparent GZIP shrinks download sizes.
- Response caching avoids the network completely for repeat requests.
OKHttp allows you to easily implement GET or POST requests and evaluate success and failure results, add header parameters, etc.
You can find out more about OKHttp on the web site here.
8. Secure Preferences
SecurePreferences is a library I created myself. You can find it on GitHub here.
As you may know, the standard Android SharedPreferences store preference keys and values in plain text in an xml file. Secure Preferences let’s you store local user preferences or credentials using AES-256 encryption.
SecurePreferences is built after the Ophio Secure Preferences module and has the following features:
- Leverages the Android standard SharedPreferences class
- Encrypts both keys and values transparently
- Uses a strong encryption algorithm of AES 256 with CBC padding.
- Stores the encryption key securely in the Android key store.
Logger is a great module to enhance logging and debugging for more complex apps.
Logger let’s you do a whole lot:
- formatting your log output, e.g. by color-coding or custom formatting
- Supports log output in JSON and XML format
- building custom log adapters, e.g. for output to a file
- Ability to show thread info that shows the calling method.
Find out more about Logger from the GitHub site.
Picasso is a very useful library for image loading and processing by Square. Picasso let’s you easily load an image from URL and load it into an image view.
Picasso also allows you to easily perform image transformations such as resizing, cropping, or conversion info other image formats.
You can find out more about Picasso from the Square web site here.
Of course there are about a million and two other useful packages out there for just about anything your app needs to do, from interfacing with other service providers, image loading, databases, UI widgets like tooltips, spinners, alerts, etc.
This article tried to give you an idea of some of the basic packages I would first load when creating a new app.
For further reading, a more comprehensive list can be found on GitHub here.