2UFI: Native Bridges for Financial Complexity

Technical Details

Role

Mobile Consultant

iOS

Swift, Objective-C bridging

Android

Kotlin, Java interop

Framework

React Native

Security

Secure Enclave, Keystore

Features

Biometrics, Document Scan

← Back to projects

2UFI: Native Bridges for Financial Complexity

Building Swift and Kotlin extensions for a React Native fintech app.

2UFI is a fintech startup building a React Native mobile application that helps users manage complex financial products. As a mobile consultant, I was brought in to build native Swift and Kotlin extensions that bridged the gap between React Native's JavaScript layer and platform-specific functionality that couldn't be achieved through existing libraries.

The Challenge

React Native excels at building cross-platform UIs, but fintech applications have unique requirements that push beyond what JavaScript alone can handle:

  • Biometric Authentication: Secure enclave integration for Face ID, Touch ID, and Android BiometricPrompt
  • Document Scanning: High-performance camera access for check deposits and ID verification
  • Secure Storage: Platform-specific keychain and keystore integration for sensitive data
  • Push Notifications: Rich notifications with custom actions and in-app handling
  • Deep Linking: Complex routing for email verification and payment flows
The existing React Native libraries either lacked the security certifications required for financial applications or didn't provide the level of customization 2UFI needed.

iOS Native Module Architecture

The Swift extensions followed a modular architecture that integrated cleanly with React Native's bridge:

BiometricAuth Module:

  • LAContext integration with fallback handling
  • Secure Enclave key generation for transaction signing
  • Biometric change detection for re-enrollment flows
  • Custom UI for authentication prompts matching 2UFI branding
DocumentCapture Module:
  • AVFoundation-based camera with real-time edge detection
  • Core Image filters for document enhancement
  • Vision framework integration for text extraction
  • Automatic capture when document alignment is detected
SecureStorage Module:
  • Keychain Services with appropriate access controls
  • Data protection classes for different sensitivity levels
  • Biometric-gated access for high-security items
  • Migration utilities for keychain schema updates

Android Native Module Architecture

The Kotlin extensions mirrored iOS functionality while respecting Android platform conventions:

BiometricAuth Module:

  • BiometricPrompt API with CryptoObject integration
  • Android Keystore for cryptographic operations
  • Fingerprint and face authentication support
  • Graceful degradation for older Android versions
DocumentCapture Module:
  • CameraX for consistent camera behavior across devices
  • ML Kit for document detection and OCR
  • Custom ViewFinder with alignment guides
  • Image compression and upload optimization
SecureStorage Module:
  • EncryptedSharedPreferences for general secure storage
  • Android Keystore for cryptographic keys
  • Hardware-backed security where available
  • Automatic key rotation policies

Bridge Implementation

The React Native bridge layer was designed for type safety and developer experience:

TypeScript Definitions:

  • Full TypeScript types for all native modules
  • Discriminated unions for result types
  • Platform-specific type narrowing where needed
Error Handling:
  • Consistent error codes across platforms
  • Detailed error messages for debugging
  • User-friendly error descriptions for UI display
Testing Strategy:
  • Mock implementations for Jest testing
  • Detox tests for end-to-end native functionality
  • Platform-specific unit tests in XCTest and JUnit

Security Considerations

Fintech applications require exceptional attention to security:

Code Protection:

  • ProGuard/R8 obfuscation on Android
  • No sensitive logic in JavaScript bundle
  • Certificate pinning in native networking code
Runtime Protection:
  • Jailbreak and root detection
  • Debugger detection
  • Screen capture prevention for sensitive screens
  • Clipboard clearing for sensitive data
Audit Compliance:
  • All native code reviewed for OWASP mobile vulnerabilities
  • Penetration testing of native modules
  • Documentation for SOC 2 compliance

Results

The native extensions enabled 2UFI to deliver a secure, polished fintech experience:

  • Sub-second biometric authentication with Secure Enclave/Keystore signing
  • 95% successful first-attempt document captures with auto-detection
  • Zero security incidents related to native module vulnerabilities
  • Consistent UX across iOS and Android with platform-appropriate interactions
The modular architecture allowed 2UFI's team to continue development independently, with clear interfaces between JavaScript and native code. The TypeScript definitions and comprehensive documentation reduced onboarding time for new developers joining the project.