How to release finance apps quickly and confidently with DevSecOps

In this article, you will learn how to release better and more secure finance apps rapidly, by applying security measures and moving to shift-left testing in the DevOps cycles.

Finance and fintech apps play a huge role in our everyday activities, especially since the pandemic. We are using different apps from e-commerce, food/groceries delivery, to digital banking so fintech is becoming a big part of our personal and professional lives. In the digital age, fintech has already made a significant impact, and these advanced technological tools for both private and marketable finance will only evolve further in their usage and effectiveness.

According to the American Banking Association, banking customers increasingly turn to mobile apps more than any other channel to manage their accounts. The trend toward mobile banking is quickly spreading around the globe. As developers continue to find ways to innovate mobile finance, this sector continues to flourish, changing the face of personal banking and the way businesses interact with their customers.

Fintech app types

There are different types of Fintech apps: 

  • Digital banking apps
  • Investment apps
  • Personal finance management apps
  • Tax management apps

The most widely used apps are digital banking apps. Let’s see why they are so important. 

What are digital banking apps?

With digital banking apps, customers can access financial services and manage their accounts without having to go to a bank branch in person. With mobile and online banking, they can access your account from anywhere at anytime.

In digital banking apps, such as N26, Nubank, or Wise, or financial services app such as Neo Financial, users can access all the services available at a physical bank, such as:

  • Opening an account.
  • Making payments.
  • Checking the balance.
  • Taking out a loan.


Their biggest advantage is that users can access your money 24/7 and thanks to their transparent services, they are always kept up to date.

As with any finance or fintech app, security is critical. Customers are very concerned about safety: if they have any doubts about the app’s security, they will immediately uninstall it and switch to another service. Most digital banking apps have robust security features like payment blocking, biometrics, two-factor authentication (2FA) and only allow users to submit complex passwords. Furthermore, customer data protection and handling are essential, especially if you operate in the E.U., where GDPR rules apply.

In addition, payment processing apps in digital banking are all about speed, so developers have make this a top priority when building the app: app latency and app load time must be optimized.

As we can see, a successful digital banking or finance app must meet certain criteria, including security, data protection, app speed, app load time, and latency. To understand how to release financial apps quickly and confidently, let's examine the most common challenges facing mobile development teams.  

The challenges

Let’s assume that we are working at a fintech company and we already have a mobile app but it’s missing certain features, such as push notifications, or need to add a new feature such as taking out a loan. We have different problems affecting our development and release processes, for example: 

  • We are releasing new features every 2 months: this is a huge factor, because we have to keep uo with competitors and always push the new features live as quickly as possible. 
  • Shipping code is a painful process: we don’t have a clear deployment process or a release manager and this makes the deployment process chaotic and painful.
  • Inflexible and fragile CI server: daily issues with our CI server, configuration, network, and devices consume time and effort from the team to handle these issues.
  • Manual testing is time-consuming and requires a lot of effort. Plus, if we have automated tests, UI tests & emulators might be flaky.
  • We don’t have security testing: and don’t know which testing tools are suitable for our app.

Furthermore, fintech apps are constantly evolving, so the team should always be prepared for implementing quick changes. Now that we have discussed the challenges, let's see how we can overcome them.

Release finance apps quickly and confidently

Speed, frequency, and security are the major factors for releasing finance and fintech apps. Based on the book, Accelerate: The Science Behind DevOps, there are key processes for accelerating software development and delivery in a company. Here are these key elements: 

  1. Use trunk-based development process
  2. Implement test automation
  3. Shift-left on security
  4. Automate the deployment process
  5. Support test data management
  6. Implement Continuous Integration (CI) and Continuous Delivery (CD)

Let's briefly discuss these points. 

1. Use a Trunk-based development process

A source-control branching model, where developers collaborate on code in a single branch called ‘trunk’ *, resists any pressure to create other long-lived development branches by employing documented techniques. They, therefore, avoid merging hell, do not break the build, and live happily ever after.

Trunk-based development is a required practice for continuous integration. Continuous integration (CI) is the combination of practicing trunk-based development and maintaining a suite of fast automated tests that run after each commit to trunk to make sure the system is always working.


Source: https://trunkbaseddevelopment.com/#trunk-based-development-for-smaller-teams

2. Implement test automation

Test automation is a solution to produce high-quality, robust, and reliable mobile applications amid the ever-growing complexity of technology, massive competitive pressures, and the need for cost optimization.

Writing mobile tests is not just nice to have anymore. In different companies, the responsibility of test automation is shared between developers and test engineers to increase productivity and collaboration, especially if they are working in an Agile environment. There are 4 main factors to consider as part of your test automation strategy to to set yourself up for success with test automation.

3. Shift-left on security

Security plays an important role in many areas of our life, especially with the wave of digital transformation. We are using our sensitive data in emails, addresses, credit cards, and mobile numbers, sharing them in different fintech applications daily. Security is becoming more important than ever

And as the speed and frequency of releases increase, traditional application security teams cannot keep up with the pace of releases to ensure each release is secure.Shift-left testing is the approach of taking the action of testing the software and moving it to the left in the delivery pipeline — or, testing the software before the historically typical development lifecycle.


Image Source: https://www.xenonstack.com/insights/shift-left-testing


DevSecOps means injecting security into the Mobile CI/CD pipelines at the early stages in the development process. It’s an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire Mobile DevOps lifecycle.

3.1. Automated security tests

The ultimate goal of DevSecOps is to automate security practices and vulnerability detection into a continuous delivery workflow. As developers gain more responsibility to push applications to production, they are under pressure to release code quickly.

Bitrise has different Security Verified Steps including static, dynamic, and vulnerabilities scan tools you can add them into your CI/CD workflow such as:


To ensure that your codebase and apps are secure and there are no issues at the early stages and within your CI/CD pipeline, which is to eliminate silos between the teams and reduce the release frequency.

Example: AppSweep Android scan results


Example: Oversecured scan results


Additionally, if you are using any other third-party security tools or services and need to integrate them with Bitrise, you can easily customize the CI/CD workflow and create your environment with just a few steps. 

4. Automate the deployment process

You can automate the process of submitting updates, such as code signing, profile provisioning, versioning, packaging release binaries, metadata, or screenshots.




4.1. Deploy features under Feature Flags/Toggles

Feature flags help create conditional feature branches in the code so that a particular logic is only exposed to particular groups of users at a certain moment. You can reduce development risks, easily perform A/B testing, and incorporate actual user input by releasing experimental features under feature flags.


And if you want to test these features, you will need to enable or disable particular features in our automated tests, so it’s required us to use custom functions for that, as you can see here:

4.2. The mobile release train

Once you have CI in place, building release trains can accelerate your release cycles. This approach will help you release more consistently and allow distributed teams to work more aligned around app development.

During the development phase, your teams have the time to review, test, and merge the features to the main branch that should be part of the train (always keep the master branch green) and when the content for a release is agreed on and ready, there will be a final testing phase


5. Support Test Data Management

Test data is important because it's required by all kinds of tests throughout your test suite, including manual and automated tests. Good test data lets you validate common or high-value user journeys, test for edge cases, reproduce defects, and simulate errors.

6. Implement CI/CD and Mobile DevOps

Mobile DevOps is a set of processes to implement continuous integration and continuous delivery (CI/CD) practices into build and release processes to achieve a quick and frequent release schedule. They include different key components, such as continuous communication, planning, integration, testing, delivery, deployment, and monitoring.


Continuous delivery improves both the delivery performance and quality. It also makes work more sustainable by reducing the pain of deployment and preventing burnout.

6.1. Move to cloud-based & mobile-focused CI/CD

Releasing mobile apps without the right tooling is a complex process for your teams. A mobile-specific CI/CD tool considers the unique challenges of building for mobile and has mobile-first features that help you build, test, and deploy mobile apps faster and more efficiently.

6.2. How it works

With Bitrise, developers automate the processes required for the integration, testing, and deployment of your mobile applications.



When an automated process is triggered, Bitrise creates a new virtual machine for your specific task on our managed macOS and Linux infrastructure, ensuring a clean environment and consistent outcomes.

6.3. The advantages of Mobile DevOps and continuous delivery

Complicated toolchains are difficult to maintain and create information silos for teams but with DevOps, you can experience the following advantages:

  • Successful collaboration between stakeholders, product managers, and developers
  • Shortened time-to-release
  • Guaranteed quality delivery
  • Faster error detection and resolution process
  • Improved customer satisfaction
  • Increased employee engagement

Last but not least, if you are releasing your fintech app for the first time, you should know the 3 steps you need to take and the five important UX processes that fintech apps use. 

Find out what kind of tools and technologies can you implement for fast and stable releases with our free report about how mobile products succeed in finance and banking. How can you comply with the strict security standards and ensure the security of your users' data? DevSecOps plays a unique role in finance app development from CI/CD automation to feature flags and more.

Conclusion

Since security is becoming more important than ever, we should make sure to always add automated testing into our CI/CD pipelines and inject security into the Mobile CI/CD pipelines at the early stages in the development process. DevSecOps is an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire app development lifecycle.

Let’s summarize what we learned from this article: 

  • Security is becoming more important than ever.
  • Testing and security are a whole team approach.
  • Test automation is a vital part of Mobile DevOps.
  • CI/CD is the coordination process.

Further reading

No items found.
The Mobile DevOps Newsletter

Explore more topics

App development

Best practices from engineers on how to use Bitrise to build better apps, faster.

Community

Meet other Bitrise engineers, technology experts, power users, partners and join our BUGs.

Company

All the updates about Bitrise events, sponsorships, employees, and more.

Insights

Mobile development, latest tech, industry insights, and interviews with experts.

Mobile DevOps

Learn why mobile development is unique and requires a set of unique practices.

Releases

Stay tuned for the last updates, new features, and product improvements.

The Mobile DevOps Newsletter

Join 1000s of your peers. Sign up to receive Mobile DevOps tips, news, and best practice guides once every two weeks.