Photo of Samuel Teixeira
Samuel Teixeira
Finoo
Software Engineer (Flutter)
Mar 2024 → May 2025

Finoo Mobile - Security, Product Instrumentation, and UX Evolution

Owned security hardening, analytics, and support integrations in a Flutter iOS/Android app with sensitive authentication and wallet flows.

Tech Stack

Flutter
Dart
iOS
Android
Mixpanel
Intercom
Biometrics
Keychain
Sentry
OneSignal

Key Metrics

305 self-authored commits
111 active development days
~14 months continuous iteration
4 major integrations shipped
ATT & permissions compliance updates

Summary

Over ~14 months, I owned a set of high-risk improvements aimed at making the app safer (security layers + sensitive actions) and easier to operate in production (instrumentation + support), while continuously refining core screens (auth, home, personal data).

Context

Finoo’s mobile app supports financial-like journeys where small gaps in authentication, secure storage, and sensitive actions can create outsized risk. At the same time, product decisions require visibility: without reliable events/funnels and a support channel, teams operate on guesswork.

This case study focuses on the work I owned directly inside the Flutter codebase and the shipped integrations that increased robustness and clarity without destabilizing production.

Key Challenges

  • Evolving multi-step auth/onboarding without regressions
  • Shipping security layers (biometrics, secure storage, OTP) while keeping UX smooth
  • Building analytics/funnels without fragile telemetry
  • Integrating SDKs under iOS/Android constraints and compliance requirements
  • Delivering improvements with limited repo automation (minimal tests / no CI at the time)

What I did

  • Security: implemented biometric login and strengthened local credential handling with secure storage
  • Sensitive flow hardening: shipped a withdrawal OTP flow for a high-risk action
  • Product analytics: introduced Mixpanel and centralized tracking via a dedicated manager (consistent naming + ownership)
  • Support: integrated Intercom and wired help entry points to reduce friction to in-app support
  • Core UX: iterated on high-traffic screens (Home, Login, Personal Data, registration steps) with incremental refactors
  • Platform & compliance: delivered platform compliance-related updates (ATT and permission/version adjustments)

Decisions & Trade-offs

  • Incremental hardening > rewrite: smaller, frequent changes to reduce production risk
    Trade-off: longer coexistence with legacy patterns.
  • Instrument early (Mixpanel): more visibility and less guesswork when prioritizing improvements
    Trade-off: requires discipline (taxonomy, naming, and maintenance).
  • More security = more UI states: biometrics + secure storage + OTP increases protection
    Trade-off: more scenarios/edge cases to validate across devices and OS versions.

Results

  • Measured: 305 self-authored commits across 111 active days, sustaining ~14 months of continuous iteration
  • Technical: shipped additional protection layers (biometrics + secure storage + withdrawal OTP)
  • Operational: Mixpanel enabled funnel/event visibility and Intercom shortened the path to in-app support

Note: product outcomes (conversion, crash-free sessions, MAU) are tracked in internal dashboards; redacted exports are available on request.

What I’d do differently

  • Add CI + basic smoke tests around auth/onboarding and sensitive actions to reduce regression risk
  • Write a lightweight event taxonomy doc (naming rules + ownership) to keep analytics clean over time
  • Introduce feature flags for high-risk flows to allow safer rollouts and faster rollback paths
  • Establish performance budgets and periodic audits (startup time, key screens) to prevent slow drift