[Android Audit] Taptalk Android app decompiled and reviewed [ Jul 25, 2014 ]

1. Constructing keys at runtime from pieces or use bit manipulation like XOR with some other string to hide the actual key should be safer, currently you have 3 keys in strings.xml file:

• maps_api_key: you don’t want to make it easy for others to use your quota of daily responses, if I remember correctly some APIs like places had limits.
• gcm_id
• hockeyapp_id

2. Spacing issues in spacing_issue_1.png and spacing_issue_2.png

• layout_friend_avatar.xml, View android:id=”@id/avatar_gradient” is not really necessary in lv_item_friend.xml because unlike FriendGridItemView.java no name is showed on top of the image.
• layout_friend_avatar.xml, LinearLayout should be lighter than RelativeLayout with fixed height and gravity set to center_vertical.

3. AccountVerifyEmailFragment, AddFriendFragment, ChangeEmailFragment, ChangeNameFragment, ConfirmDeletionFragment, EnterUsernameFragment, FriendOptionsFragment, MainMenuFragment, ProfileChangeFragment, ProfileImageChangeFragment, SignOutConfirmationFragment, TurnOffLocationFragment, VerificationCodeFragment, AddFirstFriendActivity, FriendsActivity, MainActivity, and SignUpActivity:

• inline strings

AlertDialog.Builder localBuilder = new AlertDialog.Builder(getActivity()); 
localBuilder.setTitle(“Verify Email Address”); 
localBuilder.setMessage(“You have not verified your email address. Check your email address below before sending a verification email.”); 
localBuilder.setView(localEditText); localBuilder.setPositiveButton(“Send Verification Email”, …

4. RestServices and model package, interesting read, https://yellow-cow.s3.amazonaws.com/profile/, https://yellow-cow.s3.amazonaws.com/media/