Overview › Networking & Data Layer
Networking & Data Layer
URLSession + custom CostcoNetworkClient + ServerTrustManager (cert pinning) — solid.
75
SCORE
Summary
Networking is on URLSession + a custom CostcoNetworkClient with cert pinning via CostcoServerTrustManager. Adobe Target/Optimize for personalization, Contentstack for content delivery. RZVinyl is a legacy custom networking + caching layer — candidate for retirement.
Findings
PASS
Cert pinning via CostcoServerTrustManager
Costco-Digital/CoreImplementation/Sources/CoreImplementation/Network/CostcoServerTrustManager/CostcoServerTrustManager.swift — pinning is wired to URLSession via the network client.
PASS
Centralized network client
CostcoNetworkClient.swift centralizes session config, retry, logging.HIGH
RZVinyl legacy networking layer
RZVinyl ships with the app via custom git fork. Two networking stacks doubles security/instrumentation surface.
Recommendation: Audit RZVinyl call sites; migrate to CostcoNetworkClient + Codable.
MEDIUM
Verify pin rotation strategy
Pinning is great until certs rotate. Without a backup pin and remote-config kill-switch, a cert renewal can brick the app.
Recommendation: Two pins (current + backup); ship pin updates via Adobe Target / remote config behind a kill-switch.
MEDIUM
Error mapping consistency
Confirm a single typed error model is used across the network layer; without one, callers handle errors inconsistently.
Recommendation: Sealed
NetworkError enum (transport, http, decoding, business); enforce via API.No findings logged in this category yet for iOS.
Costco iOS · Code Review Report · Generated 2026-05-07 · 88 machine-curated findings