IO - The public services app

The mobile app of the Digital Citizenship project

• FAQ
  • What is the Digital Citizenship project?
  • What is the Digital Citizenship mobile app?
  • Who develops the app?
  • Can I use the app?
  • How can I help you?
  • What permissions are used by the IO app?
• Getting started
  • Prerequisites
  • Build the app
  • Environment variables
  • Run the app
  • Troubleshooting
• Architecture
  • Main technologies used
  • SPID Authentication
  • Deep linking
  • Design System 🚧
• Appendix
  • Internationalization
  • End to end test

FAQ

What is the Digital Citizenship project?

Digital Citizenship aims at bringing citizens to the center of the Italian public administrations services.

The project comprises two main components:

• a platform made of elements that enable the development of citizen-centric digital services;
• an interface for citizens to manage their data and their digital citizen profiles.

What is the Digital Citizenship mobile app?

The Digital Citizenship mobile app is a native mobile application for iOS and Android with a dual purpose:

• to be an interface for citizens to manage their data and their digital citizen profile;
• to act as reference implementation of the integrations with the Digital Citizenship platform.

Who develops the app?

The development of the app is carried out by several contributors:

• PagoPA S.p.A.;
• volunteers who support the project.

Can I use the app?

Sure! However you will need a SPID account or have a CIE to login to the app.

How can I help you?

Reporting bugs, bug fixes, translations and generally any improvement is welcome! Send us a Pull Request!

What permissions are used by the IO app?

Because different platforms have different types of Permissions below we have two sections about permissions requested by the IO app for both environments (iOS and Android). Some permissions may be defined but not used. Their presence is due to dependencies with third-party modules or because they are required by the target store.

Android

Permission (android.permission.*)	Usage / Meaning
INTERNET	Allows the app to open network sockets (e.g. simple internet connectivity)
ACCESS_NETWORK_STATE	Allows the app to access information about networks (e.g. details about connection quality/state)
CAMERA	Allows the app to access device camera to scan QR codes
NFC	Allows the app to perform I/O operations over NFC
RECEIVE_BOOT_COMPLETED	Allows the app to receive the Intent.ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. Used for push notification.
VIBRATE	Allows the app to access the vibration motor. This allow the application to emit vibration.
WAKE_LOCK	Allows the app to use PowerManager WakeLocks to keep processor from sleeping or screen from dimming. Used for push notification.
READ_APP_BADGE	Allows the app to show notification badges on its icon.
READ_CALENDAR	Allows the app to read the user's calendar data.
WRITE_CALENDAR	Allows the app to write the user's calendar data. Used to automatically set reminders.
READ_EXTERNAL_STORAGE	Allows the app to read from external storage. Used to pick images from gallery with payment QRCode.
WRITE_EXTERNAL_STORAGE	Allows the app to write to external storage. Used to store images, certificates, etc.
USE_FINGERPRINT	Allows the app to use fingerprint hardware for biometric identification required from API level 23 until API level 28
USE_BIOMETRIC	Allows the app to use device's available biometric identification system (Face unlock, Iris unlock, Fingerprint) required from API Level 28.
SCHEDULE_EXACT_ALARM	Allows the app to send local notifications.
DOWNLOAD_WITHOUT_NOTIFICATION	Allows the app to download files in background without promping a notification.
POST_NOTIFICATIONS	Allows the app to post notifications. Used for push notification.

Below there are the permissions required by the main android hardware manufacturers. Mainly used to manage notification badge icons.

Permission (manufacturer)	Usage / Meaning
com.google.android.c2dm.permission.RECEIVE	Allows the app to receive a broadcast from a GCM server that contains a GCM message. Used for push notification.
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE	Allows the app to recognize where the app was installed from. Used for Firebase.
com.anddoes.launcher.permission.UPDATE_COUNT	Allows the app to use notification badges.
com.htc.launcher.permission.READ_SETTINGS	Allows the app to use notification badges.
com.htc.launcher.permission.UPDATE_SHORTCUT	Allows the app to use notification badges.
com.huawei.android.launcher.permission.CHANGE_BADGE	Allows the app to use notification badges.
com.huawei.android.launcher.permission.READ_SETTINGS	Allows the app to use notification badges.
com.huawei.android.launcher.permission.WRITE_SETTINGS	Allows the app to use notification badges.
com.majeur.launcher.permission.UPDATE_BADGE	Allows the app to use notification badges.
com.oppo.launcher.permission.READ_SETTINGS	Allows the app to use notification badges.
com.oppo.launcher.permission.WRITE_SETTINGS	Allows the app to use notification badgee.
com.sec.android.provider.badge.permission.READ	Allows the app to use notification badges.
com.sec.android.provider.badge.permission.WRITE	Allows the app to use notification badges.
com.sonyericsson.home.permission.BROADCAST_BADGE	Allows the app to use notification badges.
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE	Allows the app to use notification badges.
me.everything.badger.permission.BADGE_COUNT_READ	Allows the app to use notification badges.
me.everything.badger.permission.BADGE_COUNT_WRITE	Allows the app to use notification badges.
com.android.vending.CHECK_LICENSE	Allows the app to access Google Play Licensing.
com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY	Allows the app to use the Samsung Developer SDK. Used for Samsung biometric identification.
com.fingerprints.service.ACCESS_FINGERPRINT_MANAGER	Allows the app to access the fingerprint hardware for biometric identification.

iOS

Permission	Usage / Meaning
NSAppleMusicUsageDescription	Allows the app to access the user’s media library.
NSBluetoothAlwaysUsageDescription	Allows the app to use the device’s Bluetooth interface.
NSBluetoothPeripheralUsageDescription	Allows the app to access Bluetooth peripherals and has a deployment target earlier than iOS 13.
NSContactsUsageDescription	Allows the app to access contacts to let you add them in calendar events.
NSLocationAlwaysUsageDescription	Allows the app to access the user’s location at all times and deploys to targets earlier than iOS 11.
NSLocationUsageDescription	Allows the app to access the user’s location information.
NSLocationWhenInUseUsageDescription	Allows the app to access the user’s location information while the app is in use.
NSMicrophoneUsageDescription	Allows the app to use the microphone in case you want to leave a voice note. Used in the assistance flow.
NSMotionUsageDescription	Allows the app to access the device’s motion data.
NSCalendarsUsageDescription	Allows the app to access the calendar to add event reminders.
NSCameraUsageDescription	Allows the app to use the camera to scan QR codes.
NSFaceIDUsageDescription	Allows the app to use Face ID for biometric identification.
NSPhotoLibraryAddUsageDescription	Allows the app to access the user’s photo library.
NSPhotoLibraryUsageDescription	Allows the app to access the photo library to scan QR codes.
NSSpeechRecognitionUsageDescription	Allows the app to send user data to Apple’s speech recognition servers. Used in the assistance flow.
Remote Notification	Allows the app to receive remote push notification.
NFC (Near Field Communication Tag Reading)	Allows the app to use the NFC.

Getting started

The following sections provide instructions to build and run the app for development purposes.

Prerequisites

NodeJS and Ruby

To run the project you need to install the correct version of NodeJS and Ruby. We recommend the use of a virtual environment of your choice. For ease of use, this guide adopts nodenv for NodeJS, rbenv for Ruby.

The node version used in this project is stored in .node-version, while the version of Ruby is stored in .ruby-version.

React Native

Follow the official tutorial for installing the React Native CLI for your operating system.

If you have a macOS system, you can follow both the tutorial for iOS and for Android. If you have a Linux or Windows system, you need only to install the development environment for Android.

Build the app

In order to build the app, we use yarn for managing javascript dependencies. As stated previously, we also use nodenv and rbenv for managing the environment:

# Clone the repository
$ git clone https://github.com/pagopa/io-app

# CD into the repository
$ cd io-app

# Install NodeJS with nodenv, the returned version should match the one in the .node-version file
$ nodenv install && nodenv version

# Install Ruby with rbenv, the returned version should match the one in the .ruby-version file
$ rbenv install && rbenv version

# Install yarn and rehash to install shims
$ npm install -g yarn && nodenv rehash

# Install bundle
$ gem install bundle

# Install the required Gems from the Gemfile
# Run this only during the first setup and when Gems dependencies change
$ bundle install

# Install dependencies 
# Run this only during the first setup and when JS dependencies change
$ yarn install

# Install podfiles when targeting iOS (ignore this step for Android)
# Run this only during the first setup and when Pods dependencies change
$ cd iOS && bundle exec pod install && cd ..

# Generate the definitions from the OpenAPI specs and from the YAML translations
# Run this only during the first setup and when specs/translations change
$ yarn generate

Environment variables

Production

You can target the production server by copying the included .env.production file to .env:

$ cp .env.production .env

[!NOTE] The sample configuration sets the app to interface with our test environment, on which we work continuously; therefore, it may occur that some features are not always available or fully working. Check the comments in the file for more informations about environment variables.

io-dev-api-server

You can also target the io-dev-api-server for development purposes by coyping the included .env.local file to .env:

$ cp .env.local .env

Run the app

Android Emulator

An Android Emulator must be created and launched manually. Then, from your command line, run these commands:

# Perform the port forwarding
$ adb reverse tcp:8081 tcp:8081;adb reverse tcp:3000 tcp:3000;adb reverse tcp:9090 tcp:9090

# Run Android build
$ yarn run-android

iOS Simulator

# Run iOS build
$ yarn run-ios

Physical devices

The React Native documentation provides a useful guide for running projects on physical devices.

[!IMPORTANT]
For building the app on an iOS physical device, a few additional steps are necessary:

• Navigate to Build Phases in Xcode and expand Bundle React Native code and images. Update the NODE_BINARY variable with the path to your Node.js environment. You can find the correct path by running which node in a terminal from the app's root directory;
• If you're not part of the PagoPA S.p.A. organization then you must change the Bundle Identifier to something unique. This adjustment can be made in the Signing (Debug) section of Xcode;
• In order to test the CIE authentication flow, run yarn cie-ios:prod before building the app. The process can be reverted by running yarn cie-ios:dev.

Troubleshooting

This section lists possible solutions to problems you might encounter while building the app.

iOS build

• error: redefinition of module 'YogaKit' build Failed
  

  Restart your machine to fix the issue.

  ---

• error No simulator available with name "iPhone 13".
  

  This happens because new versions of Xcode do not automatically create a simulator for the iPhone 13. To fix the issue you can either create a new simulator and name it iPhone 13 or run the command yarn run-ios --simulator='a valid simulator name'.

  ---

• Application launch for 'it.pagopa.app.io' did not return a valid pid nor a launch error. Domain: NSPOSIXErrorDomain Code: 3 Failure Reason: No such process User Info: { DVTErrorCreationDateKey = "2022-01-25 12:02:41 +0000"; IDERunOperationFailingWorker = IDELaunchiPhoneSimulatorLauncher; }
  

  This happens on Apple Silicon CPUs because some Pods do not implement the XCFramework yet. Install Rosetta by running softwareupdate --install-rosetta to fix the issue.

  ---

Architecture

Main technologies used

• TypeScript
• React Native
• Redux
• Redux Saga

SPID Authentication

The application relies on a backend for the authentication through SPID (the Public System for Digital Identity) and for interacting with the other components and APIs that are part of the digital citizenship project.

The backend implements a SAML2 Service Provider that deals with user authentication with the SPID Identity Providers (IdP).

The authentication between the application and the backend takes place via a session token, generated by the backend at the time of the authentication with the SPID IdP.

Once the backend communicates the session token to the application, it is used for all subsequent calls that the application makes to the API exposed by the backend.

The authentication flow is as follows:

1. The user selects the IdP;
2. The app opens a webview on the SAML SP authentication endpoint implemented in the backend, which specifies: the entity ID of the IdP selected by the user and, as returns URL, the URL of the endpoint that generates a new session token.
3. The SAML SP logic takes over the authentication process by redirecting the user to the chosen IdP.
4. After the authentication, a redirect is made from the IdP to the backend endpoint that deals with the generation of a new session token.
5. The endpoint that generates a new token receives the SPID attributes via the HTTP header; then, it generates a new random session token and returns to the webview an HTTP redirect to an URL well-known containing the session token.
6. The app, which monitors the webview, intercepts this URL before the HTTP request is made, extracts the session token and ends the authentication flow by closing the webview.
7. Next, the session token is used by the app to make calls to the backend API.

Deep linking

The application is able to manage deep links. Deep linking allows opening the app or a specific screen once a user clicks on specific URL. The URL scheme for io-app is: ioit://.

Supported URLs

main

ioit://main/messages

ioit://main/services

ioit://main/profile

wallet

ioit://wallet

ioit://wallet/payments-history

ioit://wallet/card-onboarding-attempts

services

ioit://services/service-detail?serviceId=:id

profile

ioit://profile

ioit://profile/preferences

ioit://profile/privacy

ioit://profile/privacy-main

fci

ioit://fci/main?signatureRequestId=:id

ioit://fci/signature-requests

ioit://cgn-details/categories-merchant/:category

Design System

The interface for the entire application was built using NativeBase, a component library first developed for React Native. Although it was quite useful in the early stages, the significant API changes between 2.x and 3.x versions made upgrading the library very expensive. For this reason, we have been gradually rolling out a new library of custom components that utilizes React Native's latest APIs since Q1 2023.

The new library is available through the external io-app-design-system package.

In the meantime, there are two complementary and simultaneous activities going on in the application:

• The partial (or complete) rewriting of legacy screens to deprecate NativeBase and remove it from the codebase.
• The gradual introduction of the new design system through the development of new screens or the adaptation of existing ones.

You can keep track of the latest developments by filtering all the PRs according to the type of activity: