Our Android test automation engineer, Lewis Magri, has been busy this week working to fix some bugs that are stopping our users from connecting their bank accounts when on Android!

Four oh four

The last week for me has been a bit of a challenge; in adding new functionality to the app we have discovered some issues with the way App Links work within the Android environment.

Tl;dr
When a user links their bank via a webflow and they have the bank’s app installed, Android doesn’t seem to handle links that open other apps from redirected requests as expected.

This can lead to users not being returned to the app after successfully linking their bank account, and they will see a 404 page instead. The 404 prevents the app from knowing when a user has successfully linked their bank account and the only way of proceeding is by restarting the app. Without a restart they’d forever be stuck in a loop of links. But have no fear we are working on a fix!

So you want more do ya?:

In the week I found that when we had the Nationwide app installed on a test device, and we attempted to link a Nationwide test account to a dummy user via the AISP integration, the user was not returned to the app’s “Syncing” screen on completion. After some discussions with our Pulse Devs it wasn’t clear what the issue was and clearly required more digging. So I set out on my quest to understand what was going on.

A common testing tool in the industry is Charles Proxy. This is a tool that allows a machine to act as a “Man In The Middle” between a client (the Android device) and a server. The MITM can then observe all traffic flowing between the client and the server, and can even see the contents of HTTPS (encrypted traffic) if the MITM’s root certificates has been added to the client.

After configuring Charles Proxy, routing all the Android device’s traffic through it, and ensuring the nationwide app was set up with the test user logged in, I set about running through the onboarding flow again, and was able to see the traffic flowing in and out of the Android device.

After creating a test user account and linking the Xero test account, I successfully authenticated and selected a bank account to link via Nationwide webflow in the Chrome browser via our AISP. On submitting details on this last page a POST request (sending some data to the server) is made to obauthonline.nationwide.co.uk, which returns a 302 redirect code to the Android device that redirects the user to obonline.nationwide.co.uk.

This is where the problem begins. As you can see below the Nationwide app is registered to handle requests made to obonline.nationwide.co.uk

So when this happens the user is prompted to either open the link in the nationwide app or in the Chrome browser.

If the user opens the link in the Nationwide app, the app is opened and user is dropped onto their home screen, and the journey ends in failure as the user is not directed back to the pulse app.

If the user chooses to process the link in Chrome all subsequent 301 redirects from Nationwide, to our AISP, to us are made via Chrome even though our app is registered to handle requests made to the domain www.projectpulse.co.uk

When all of the requests are made in Chrome it leads to a 404 (not found) error on the Project Pulse web page as the endpoint “/openBanking” is an endpoint that is handled internally by the app when opened via an App Link. The full chain of redirects up to the point of the 404 can be seen below:
It seems to us that there is a quirk to the way Android App Linking works, in that once an app is selected to handle a request chain, the whole chain is processed via that app, which is why our app is not being called to process requests to www.projectpulse.co.uk.

We are currently looking into potential solutions for this, and look to have a fix out ASAP.

If this looks like an issue you are encountering during the onboarding process a short term solution is to close our app and launch it again, which will pull your users account status from the server and if the server believes you have linked you will either see the syncing screen or your invoices.