As we did the third internship in iOS and Android development at Redmadrobot
Hi, Habr! Today we tell how the next internship for developers at Redmadrobot, the first in 2017, was held. We worked feedback, finally run in the old and added a lot of new. More details under the cut :)
Everything was the same as last time: questioning at the first stage and technical test at the second. In total, we received more than two hundred applications, according to the results of the selection, we formed iOS and Android groups of 7 people. Two more participants joined the iOS, however - we took one of them to work as a developer on the condition that he would complete our internship, and the second worked for our partners Alpina Digital.
Arthur Sakharov (@mc_murphy), Technical Director, Redmadrobot
“Internships at Redmadrobot are for advanced developers of the pre-middle and middle levels, so the experience of commercial development under its platform was a must. It was important for us not to teach "from scratch", but to take those who are already working "in the field" with might and main, but at the same time are ready to spend 20-30 hours a week on their development. Some burned out, but as a result, in each course there were guys who did everything, and quite diligently ”.
')
The internship lasted seven weeks, the classes, as usual, were conducted by Redmadrobot employees. At the lectures, a theory was given, and at the seminars they talked about cases from practice and their implementation. This time among the lecturers there were graduates of our previous internships who joined the team. They did not talk about simple and basic things, but focused on what cannot be found on the Internet and on our own experience. And, of course, the emphasis was on independent work - reading, research, homework preparation.
The Android program has made major changes. The technology stack in Android changes on average once every 1-2 years, we continuously explore fresh, modern approaches and gradually integrate them into production. On an internship, we gave what is now relevant in the industry, but not on the principle of “we take the most fashionable”, but only what we have tested and working.
First, the entire internship was done entirely in the new language - Kotlin instead of Java. We started working with him about a year ago, and now development is carried out only on Kotlin. Secondly, we in the company changed the architectural approach in Android - switched to pure architecture - it became more complex, but gave us the necessary degree of flexibility. Therefore, this time the lecture on architecture for the Android stream was separate.
Alexander Blinov (@Xanderblinov), leading Android developer Redmadrobot
“Pure architecture gives high flexibility and efficiency in handling customer requests. For example, if in the middle of a project a client understands that he needs to add caching, we can easily do it. For an average development team, the architecture is reduced to three layers: View, Presenter, and the model in which the business logic is located: working with the network and database. We have five layers. We split the entire business logic of the application model into three layers. The business logic layer, the repository layer (data source management) and the layer that provides us with data (network, databases, phone sensors). Now this approach has begun to be practiced in the industry, and this is the peak of technology. ”
Many interns almost immediately, as soon as we reached the Kotlin block, we began to write on it - they were impatient and interested. But often, when developers start switching from Java to Kotlin, they essentially write in Java in the Kotlin syntax. To write on the “right” Kotlin, you need to change a bit, this is a more functional language, and some things are written there differently. In one of the lessons, we took apart the typical mistakes and Kotlin chips and immediately began writing in an adult way.
Here, the changes in the program were a little less (although it was not without them). Focusing on feedback, some of the lectures from previous internships were removed, some supplemented, and some modified. Completely new materials were prepared about the assembly of applications and functional programming.
Alexander Emelyanenkov (@Lumenist), iOS developer Redmadrobot, came to the company after the first internship
“From the first internship, everything changed quite significantly. For example, our current service level was written, just as the first internship was going on, and then there were no ready-made solutions on a number of issues. This time we tried to give more examples and fresh case studies from practice. From other changes - on the first internship they wrote on Objective C, on the second one it was possible to work on Objective C, and on Swift. This time they wrote only on Swift, because the company completely transferred to it ”.
The homework mechanics were built as follows: the main mandatory part was supplemented with several optional tasks for which additional points were awarded (and the benefits to karma :)). We checked assignments in groups, and this allowed even those who did not perform additional assignments or did not do everything to find out the details.
Last time, both Android and iOS trainees worked on one of the living projects of Redmadrobot. This time, only the iOS stream had such a project, since, as mentioned above, our Android development is now moving to a new architecture, current projects are waiting for refactoring, and we did not want to show any practices on applications on the old architecture. The tasks for the Android group were “synthetic”, but we tried to make them as interesting and relevant as possible from the point of view of practice.
Alexander Blinov, Android lead developer Redmadrobot
“We chose homework so that they were as diverse as possible. The first lecture was devoted to architecture, and the homework for it was the largest in volume. The guys immediately had to penetrate into Dagger (the framework for dependency injection, due to which the architecture is built) and then make the skeleton of their application and implement pagination - make a list with loading their elements. One intern immediately decided that he could not cope. At the second lecture, we reviewed three frameworks, and the fourth students had to study on their own and prepare their own “mini-lecture” about its internal structure. Such tasks help to look at third-party libraries in a different way, not to be afraid to drop in under the hood and, based on this, decide what to use and what not. In addition, there were tasks to set up the build of the project on the build-server, make beautiful lists as part of working with the UI, ensure the security of the application, and, finally, carry out reverse engineering. ”
In fact, the Android trainees wrote the application from scratch and tried the multi-layered architecture and Kotlin on it.
Olga Vorona (@malinoeshka), Redmadrobot iOS developer
“The project on which the iOS-trainees worked was our application 'Taste of Taste'. The guys connected to the test server with their accounts, set up all requests there, worked with databases and made screens according to our requirements. That is, they created their own small product. ”
General change for both flows - this time we did not do a separate lecture on design, but integrated it into a more general and also new lecture on the processes in the company.
Pavel Strelchenko, Android flow trainee
“The guys showed architectural approaches that I hadn’t even considered before, I had to sit a long time over the analysis of the Moxy open source library . In general, the main problem for me was to properly allocate time: the main work required complete commitment, but the internship also required it. And although I expected something different from the internship, I thought that I would discover some kind of “Zen” every day, I learned a lot of new things, especially at the level of approaches. ”
Mikhail Konovalov, iOS flow trainee
“I ran into a higher level than expected. In all the lectures, we were mainly given introductory, outlined some boundaries, and then the material had to be studied independently. I learned a lot of new things about developing for iOS, I would recommend to anyone who has an interest to try for such an internship in the future. ”
We at Redmadrobot are super attentive to the security issues of our applications, and on internships we always work a lot with this topic. We talked about security threats in mobile applications and how to combat them at the level of principles and approaches that are fair for iOS and Android, and about specific things for each of the platforms. A separate moment - the specifics of working with applications for large businesses, where, in one way or another, personal data of users are entered and displayed, monetary operations are performed and various services are ordered. Security of such functions should be at the highest level, because any vulnerability may carry risks for both the customer’s business and the reputation of the developer company.
Artem Kulakov (@ Fi5t), Android-leading Redmadrobot developer
“In general, the materials of the lectures on security were similar to the materials of the second internship, I told both about defensive and offensive. But there were new chips. In the first lecture, we examined what threats exist, the vectors of attacks, what protection practices are adopted in our company, how effective this protection is, and what, in terms of security, appeared in new versions of the platform. But security in Android is still a semi-mythical theme - the platform is open, and if you want, you can get to everything sooner or later. Therefore, in the second lecture, I showed that everything we talked about at the first one actually breaks. For clarity, brought a piece of iron, with which you can deploy an access point, intercept and decrypt traffic, sitting somewhere in the cafe - the antenna and single board computer. ”
In the homework for security in the Android group, interns of your choice were offered a pool of tasks of different complexity levels. The guys had to coordinate and develop a library to ensure the security of mobile applications: decide who will write which component and how to put it all together then. The point was to develop teamwork skills - so that the guys talked like colleagues, and not stuffed the code alone all the time. This time, Android developers had a special chat in Telegram, where they could ask questions to mentors and solve them “in dynamics”.
iOS is a safer system, without a jailbreak, the user has only access to his sandbox, and it is difficult to get anywhere else. But we paid no less attention to the apple platform.
Grigory Matvievich (@fountainhead), iOS Development Team Leader, Redmadrobot Security Expert
“We have disassembled what data and what besides data should be protected in mobile applications. Walked through the risks from OWASP in detail, for example:
1. Incorrect use of the platform and the SDK, ignoring system protection mechanisms (incorrect work with permissions to access data, camera, microphone, and so on);
2. Insecure data storage and accidental leakage;
3. The use of unsafe connections and the lack of verification of certificates;
4. Insecure authorization and authentication scenarios;
5. Incorrect use of cryptographic tools, including outdated and self-written algorithms.
And in the block “Ensuring the protection of mobile applications” we talked about specific implementations, most of which then had to be written independently when doing homework. We also reviewed the iOS Security Model. Starting from how the operating system load chain is organized, what Secure Enclave is, how code signing works, what Sandbox is, how encryption works, and how Application Transport Security works to protect connections. We considered how access rights are regulated when distributing applications (entitlements, provision profile, certificates) and what are the ways to protect data access (Touch ID, passcode, keychain, Data Protection API) ”.
In general, we tried to convey to the children the idea that the security of a mobile application is always built in an integrated manner. Sometimes it can be a false impression that a single “small” risk does not pose a big threat, but this is fundamentally wrong. A standard attack vector uses many risks, and the slightest indulgence can lead to dire consequences.
The mobile development market is still very young, and one of the problems is the lack of standards and systematic training of specialists. For various reasons, many developers have limited opportunities for development: someone is responsible for the development of one in the company, where the practice of researching new approaches and technologies is not developed. We aim to influence this situation by translating our experience into the community, including through such internships at Redmadrobot.
It's great that the guys all the time had questions: “how else to work with this architecture?”, “What design principle do you use here and why?”. The same tasks can often be solved by combining different approaches. We didn’t have a goal to equip the interns with a specific technology stack - we wanted to show them different horizons.
All those who have completed the internship are well-trained developers who are able to develop high-quality applications for their platforms. From the iOS stream, everyone has come to the end, but in the Android camp the losses were three people. Two iOS developers have joined the Redmadrobot team - welcome on board. Traditionally, we say that this internship is not the last, stay tuned here on Habré and in our social networks.
Selection and the program as a whole
Everything was the same as last time: questioning at the first stage and technical test at the second. In total, we received more than two hundred applications, according to the results of the selection, we formed iOS and Android groups of 7 people. Two more participants joined the iOS, however - we took one of them to work as a developer on the condition that he would complete our internship, and the second worked for our partners Alpina Digital.
Arthur Sakharov (@mc_murphy), Technical Director, Redmadrobot“Internships at Redmadrobot are for advanced developers of the pre-middle and middle levels, so the experience of commercial development under its platform was a must. It was important for us not to teach "from scratch", but to take those who are already working "in the field" with might and main, but at the same time are ready to spend 20-30 hours a week on their development. Some burned out, but as a result, in each course there were guys who did everything, and quite diligently ”.
')
The internship lasted seven weeks, the classes, as usual, were conducted by Redmadrobot employees. At the lectures, a theory was given, and at the seminars they talked about cases from practice and their implementation. This time among the lecturers there were graduates of our previous internships who joined the team. They did not talk about simple and basic things, but focused on what cannot be found on the Internet and on our own experience. And, of course, the emphasis was on independent work - reading, research, homework preparation.
What's new
Android
The Android program has made major changes. The technology stack in Android changes on average once every 1-2 years, we continuously explore fresh, modern approaches and gradually integrate them into production. On an internship, we gave what is now relevant in the industry, but not on the principle of “we take the most fashionable”, but only what we have tested and working.
First, the entire internship was done entirely in the new language - Kotlin instead of Java. We started working with him about a year ago, and now development is carried out only on Kotlin. Secondly, we in the company changed the architectural approach in Android - switched to pure architecture - it became more complex, but gave us the necessary degree of flexibility. Therefore, this time the lecture on architecture for the Android stream was separate.
Alexander Blinov (@Xanderblinov), leading Android developer Redmadrobot“Pure architecture gives high flexibility and efficiency in handling customer requests. For example, if in the middle of a project a client understands that he needs to add caching, we can easily do it. For an average development team, the architecture is reduced to three layers: View, Presenter, and the model in which the business logic is located: working with the network and database. We have five layers. We split the entire business logic of the application model into three layers. The business logic layer, the repository layer (data source management) and the layer that provides us with data (network, databases, phone sensors). Now this approach has begun to be practiced in the industry, and this is the peak of technology. ”
Many interns almost immediately, as soon as we reached the Kotlin block, we began to write on it - they were impatient and interested. But often, when developers start switching from Java to Kotlin, they essentially write in Java in the Kotlin syntax. To write on the “right” Kotlin, you need to change a bit, this is a more functional language, and some things are written there differently. In one of the lessons, we took apart the typical mistakes and Kotlin chips and immediately began writing in an adult way.
iOS
Here, the changes in the program were a little less (although it was not without them). Focusing on feedback, some of the lectures from previous internships were removed, some supplemented, and some modified. Completely new materials were prepared about the assembly of applications and functional programming.
Alexander Emelyanenkov (@Lumenist), iOS developer Redmadrobot, came to the company after the first internship“From the first internship, everything changed quite significantly. For example, our current service level was written, just as the first internship was going on, and then there were no ready-made solutions on a number of issues. This time we tried to give more examples and fresh case studies from practice. From other changes - on the first internship they wrote on Objective C, on the second one it was possible to work on Objective C, and on Swift. This time they wrote only on Swift, because the company completely transferred to it ”.
Homework and projects
The homework mechanics were built as follows: the main mandatory part was supplemented with several optional tasks for which additional points were awarded (and the benefits to karma :)). We checked assignments in groups, and this allowed even those who did not perform additional assignments or did not do everything to find out the details.
Last time, both Android and iOS trainees worked on one of the living projects of Redmadrobot. This time, only the iOS stream had such a project, since, as mentioned above, our Android development is now moving to a new architecture, current projects are waiting for refactoring, and we did not want to show any practices on applications on the old architecture. The tasks for the Android group were “synthetic”, but we tried to make them as interesting and relevant as possible from the point of view of practice.
Alexander Blinov, Android lead developer Redmadrobot“We chose homework so that they were as diverse as possible. The first lecture was devoted to architecture, and the homework for it was the largest in volume. The guys immediately had to penetrate into Dagger (the framework for dependency injection, due to which the architecture is built) and then make the skeleton of their application and implement pagination - make a list with loading their elements. One intern immediately decided that he could not cope. At the second lecture, we reviewed three frameworks, and the fourth students had to study on their own and prepare their own “mini-lecture” about its internal structure. Such tasks help to look at third-party libraries in a different way, not to be afraid to drop in under the hood and, based on this, decide what to use and what not. In addition, there were tasks to set up the build of the project on the build-server, make beautiful lists as part of working with the UI, ensure the security of the application, and, finally, carry out reverse engineering. ”
In fact, the Android trainees wrote the application from scratch and tried the multi-layered architecture and Kotlin on it.
Olga Vorona (@malinoeshka), Redmadrobot iOS developer“The project on which the iOS-trainees worked was our application 'Taste of Taste'. The guys connected to the test server with their accounts, set up all requests there, worked with databases and made screens according to our requirements. That is, they created their own small product. ”
General change for both flows - this time we did not do a separate lecture on design, but integrated it into a more general and also new lecture on the processes in the company.
Pavel Strelchenko, Android flow trainee“The guys showed architectural approaches that I hadn’t even considered before, I had to sit a long time over the analysis of the Moxy open source library . In general, the main problem for me was to properly allocate time: the main work required complete commitment, but the internship also required it. And although I expected something different from the internship, I thought that I would discover some kind of “Zen” every day, I learned a lot of new things, especially at the level of approaches. ”
Mikhail Konovalov, iOS flow trainee“I ran into a higher level than expected. In all the lectures, we were mainly given introductory, outlined some boundaries, and then the material had to be studied independently. I learned a lot of new things about developing for iOS, I would recommend to anyone who has an interest to try for such an internship in the future. ”
Security
We at Redmadrobot are super attentive to the security issues of our applications, and on internships we always work a lot with this topic. We talked about security threats in mobile applications and how to combat them at the level of principles and approaches that are fair for iOS and Android, and about specific things for each of the platforms. A separate moment - the specifics of working with applications for large businesses, where, in one way or another, personal data of users are entered and displayed, monetary operations are performed and various services are ordered. Security of such functions should be at the highest level, because any vulnerability may carry risks for both the customer’s business and the reputation of the developer company.
Artem Kulakov (@ Fi5t), Android-leading Redmadrobot developer“In general, the materials of the lectures on security were similar to the materials of the second internship, I told both about defensive and offensive. But there were new chips. In the first lecture, we examined what threats exist, the vectors of attacks, what protection practices are adopted in our company, how effective this protection is, and what, in terms of security, appeared in new versions of the platform. But security in Android is still a semi-mythical theme - the platform is open, and if you want, you can get to everything sooner or later. Therefore, in the second lecture, I showed that everything we talked about at the first one actually breaks. For clarity, brought a piece of iron, with which you can deploy an access point, intercept and decrypt traffic, sitting somewhere in the cafe - the antenna and single board computer. ”
In the homework for security in the Android group, interns of your choice were offered a pool of tasks of different complexity levels. The guys had to coordinate and develop a library to ensure the security of mobile applications: decide who will write which component and how to put it all together then. The point was to develop teamwork skills - so that the guys talked like colleagues, and not stuffed the code alone all the time. This time, Android developers had a special chat in Telegram, where they could ask questions to mentors and solve them “in dynamics”.
iOS is a safer system, without a jailbreak, the user has only access to his sandbox, and it is difficult to get anywhere else. But we paid no less attention to the apple platform.
Grigory Matvievich (@fountainhead), iOS Development Team Leader, Redmadrobot Security Expert“We have disassembled what data and what besides data should be protected in mobile applications. Walked through the risks from OWASP in detail, for example:
1. Incorrect use of the platform and the SDK, ignoring system protection mechanisms (incorrect work with permissions to access data, camera, microphone, and so on);
2. Insecure data storage and accidental leakage;
3. The use of unsafe connections and the lack of verification of certificates;
4. Insecure authorization and authentication scenarios;
5. Incorrect use of cryptographic tools, including outdated and self-written algorithms.
And in the block “Ensuring the protection of mobile applications” we talked about specific implementations, most of which then had to be written independently when doing homework. We also reviewed the iOS Security Model. Starting from how the operating system load chain is organized, what Secure Enclave is, how code signing works, what Sandbox is, how encryption works, and how Application Transport Security works to protect connections. We considered how access rights are regulated when distributing applications (entitlements, provision profile, certificates) and what are the ways to protect data access (Touch ID, passcode, keychain, Data Protection API) ”.
In general, we tried to convey to the children the idea that the security of a mobile application is always built in an integrated manner. Sometimes it can be a false impression that a single “small” risk does not pose a big threat, but this is fundamentally wrong. A standard attack vector uses many risks, and the slightest indulgence can lead to dire consequences.
What is the result
The mobile development market is still very young, and one of the problems is the lack of standards and systematic training of specialists. For various reasons, many developers have limited opportunities for development: someone is responsible for the development of one in the company, where the practice of researching new approaches and technologies is not developed. We aim to influence this situation by translating our experience into the community, including through such internships at Redmadrobot.
It's great that the guys all the time had questions: “how else to work with this architecture?”, “What design principle do you use here and why?”. The same tasks can often be solved by combining different approaches. We didn’t have a goal to equip the interns with a specific technology stack - we wanted to show them different horizons.
All those who have completed the internship are well-trained developers who are able to develop high-quality applications for their platforms. From the iOS stream, everyone has come to the end, but in the Android camp the losses were three people. Two iOS developers have joined the Redmadrobot team - welcome on board. Traditionally, we say that this internship is not the last, stay tuned here on Habré and in our social networks.
Source: https://habr.com/ru/post/328356/
All Articles