[guardian-dev] Seeking Jetpack Compose Security Concerns

Mark Murphy mmurphy at commonsware.com
Mon Nov 4 07:47:02 EST 2019


On Mon, Nov 4, 2019, at 05:08, Hans-Christoph Steiner wrote:
> Thanks for all your work tracking and pushing stuff like this!  Sounds
> like you're already raising some key points.  I haven't looked at this
> at all yet.  I must say: such a drastic change sounds scary in terms of
> the amount of work it'll take to move apps.  It is really warranted to
> ditch the whole View structure?

It depends on how you define "ditch". There is a View in the end, because Activity needs one. However, that View has a Canvas, and all the composable functions that make up a Compose UI just draw on that Canvas. So, the view hierarchy has a very shallow depth, with all of the real application logic all in one View.

In terms of the level of effort to move apps... I expect it to be a bit more difficult than the effort to move from Java to Kotlin. More code is affected in the Java -> Kotlin migration, as not all Android app code is tied to the UI. However, I expect that the View -> Compose migration will be more manual.

In terms of whether any of this is "warranted"... Google has their reasons (maintainability, more open, first-class reactive implementation, etc.). The bigger thing is that Google will be steering developers to use it, which means the next generation of Android developers will start with Compose. So, while Compose is still nicely malleable, we need to try to make sure that it doesn't screw up security.

-- 
Mark Murphy (a Commons Guy)
https://commonsware.com | https://github.com/commonsguy
https://commonsware.com/blog | https://twitter.com/commonsguy


More information about the guardian-dev mailing list