Overview › Networking & Data Layer
Networking & Data Layer
Retrofit + OkHttp with interceptors, repository pattern, BFF abstraction.
75
SCORE
Summary
Networking is built on Retrofit 3.0.0 + OkHttp 5.3.2 with a layered repository pattern, an abstraction over a BFF (Backend-For-Frontend), and Contentstack delivery for content-driven UI. Volley is also wired up — likely legacy.
Strengths
PASS
Centralized client factory
RetrofitServiceImpl and OkHttpClientFactory centralize HTTP configuration.shared/common/src/main/java/com/costco/app/common/network/clientprovider/RetrofitServiceImpl.kt
PASS
Interceptor pipeline
Connectivity interceptor + retry logic in
shared/common.PASS
BFF abstraction
shared/bff wraps the BFF surface so feature code does not depend directly on raw HTTP shapes.Findings
HIGH
Volley alongside Retrofit
A
VolleyManagerModule indicates Volley is still in use. Two HTTP stacks doubles the surface for retries, timeouts, observability, and security policy.Recommendation: Audit Volley call sites; migrate to Retrofit and remove Volley dependency.
MEDIUM
Certificate pinning unverified
No evidence in the survey of
OkHttpClient.Builder.certificatePinner(...).Recommendation: Pin certificates for
api.costco.com and other first-party domains; rotate via remote config + grace period.MEDIUM
Error mapping consistency
Sealed
NetworkResult / Either-style result types not confirmed across all repositories.Recommendation: Standardize a sealed
NetworkResult<T> with subclasses (Success, HttpError, NetworkError, Unknown); enforce via Detekt rule banning throw from repository APIs.LOW
Caching strategy
OkHttp
Cache is enabled for image loading via Coil; HTTP cache for API responses needs verification.Recommendation: Enable a tuned OkHttp
Cache (10–25 MB) for cacheable GETs; respect Cache-Control headers from BFF.Costco Android · Code Review Report · Generated 2026-05-07 · 626 machine-curated findings