Overview › Schemas, Deep Links & Feature Flags
Schemas, Deep Links & Feature Flags
Detailed static-analysis report for schemas, deep links & feature flags.
Executive summary
Three Room databases coexist (CostcoDb at version 25 with 11 schema files, an older CostcoDb with 5 versions, and CouponsDB). Deep-link surface is wide: 11+ intent filters across MainActivity and FindAStoreActivity covering costco://, costco-dmc-widget://, and the costco.com / costco.ca domains. Feature flags / Remote Config: at least 14 distinct keys identified in 5+ provider files, with 60+ files referencing the RC pattern.
Room database evolution
| Database | Class | Schema versions | Notable entities/DAOs |
|---|---|---|---|
| CostcoDb (current) | com.costco.app.android.data.source.local.CostcoDb | 11 versions (current 25) | SearchHistory + SearchHistoryDao + others |
| CostcoDb (legacy) | com.costco.app.android.db.CostcoDb | 5 versions (4-8) | Older path; verify if still in use |
| CouponsDB | com.costco.app.android.data.source.local.CouponsDB | 1 version | Coupon-specific data |
| ShoppingListDatabase | ...shoppinglist/model/ShoppingListDatabase | — | Separate @Database |
HIGH
Multiple coexisting Room databases — confusion risk
Two classes named
CostcoDb in different packages. Migration logic is split across them; data ownership is unclear.Recommendation: Audit which databases ship in the current release. Consolidate to one. Use a Room MigrationTestHelper for every existing version bump.
Deep-link inventory
Source: Costco/src/main/AndroidManifest.xml
| Scheme(s) | Host(s) | Path / pattern | autoVerify | Activity |
|---|---|---|---|---|
costco:// | any | any | false | MainActivity |
costco-dmc-widget:// | any | any | false | MainActivity |
costco://, https:// | www-vqa2.costco.ca, www-vqa3.costco.ca, www.costco.ca | /SecureKeyMembershipAccountVerificationCmd | true | MainActivity |
https://, http:// | (from strings — Sameday US/CA hosts) | any | true | MainActivity |
https://, http:// | costco.com variants, m.costco.com, travel.com | any | true | MainActivity |
https://, http:// | costco.com / .ca variants | /Service, /OnLine_Offer, /Membership, /Pharmacy, /Health_Beauty, /Security | true | MainActivity |
https://, http:// | costco.com / m.costco.com / costco.ca / m.costco.ca | /warehouse/locator | — | FindAStoreActivity |
HIGHGeneric
Generic costco:// intent filter without host
Anyone can craft a
costco:// URL. Without strict path matching, any third-party app can launch MainActivity with arbitrary data.Recommendation: Tighten
costco:// intent filter to require a android:host + path prefix. Validate every payload at the entry point. For sensitive routes, require a session check before honoring.MEDIUM
VQA / staging hosts in production manifest
www-vqa2.costco.ca and www-vqa3.costco.ca appear in the production manifest. Staging hosts should not be in release builds.Recommendation: Move VQA hosts to a
debug/AndroidManifest.xml manifest merge and strip in release.Feature flags / Remote Config inventory
Identified keys (sample of 14; ~60 files contain RC patterns total):
| Key | Provider file |
|---|---|
transformation | core/core/.../RemoteConfigConstants.kt |
forced_update / forced_update_text | .../ForcedUpgradeRemoteConfigProvider.kt |
feature_highlight_content / feature_highlight_flows | .../FeatureHighlightsConfigProvider.kt |
quick_actions_drawer / android_quick_actions_tray_show | .../QuickActionRemoteConfigProvider.kt |
pill_bar_menu | .../PillBarRemoteConfigProvider.kt |
account_optimization | shared/common/.../DMCModernizationRemoteConfig.kt |
DMC_Package_Transition_Config / DMC_Wallet_Setting_Config | feature/dmc/.../DmcFeatureRemoteConfig.kt |
config_ecom_urls / onlineShoppingListUrl / businessShoppingListUrl | .../ShoppingListRemoteConfig.kt |
MEDIUM
RC keys distributed across modules; no single registry
60+ files implementing the RC pattern make stale-flag detection difficult. There is no central registry to identify which keys are unused.
Recommendation: Centralize keys in a typed registry (sealed class with default values). Add an annual stale-flag audit; remove flags whose value has been constant for 90+ days.
LOW
No flag exposure to QA
No debug-menu surface for toggling RC flags during QA appears wired up beyond the existing debug menu.
Recommendation: Confirm the debug menu lets QA override every RC flag locally; add the missing toggles.
Costco Android · Code Review Report · Generated 2026-05-07 · 626 machine-curated findings