Though widely used among app developers, the practice shows a preference for easy fixes over in-depth understanding
The Mitron app is an example of dependency on foreign coding sources
NEW DELHI :
Indian companies racing to build mobile apps are turning to readymade code available from foreign sources, making the country one of the fastest-growing markets for CodeCanyon, a code marketplace. Though widely used among app developers, the practice shows a preference for easy fixes over in-depth understanding.
CodeCanyon’s gross revenue from India grew 184% year-on-year as of 13 July, said David Brice, general manager, customer group at Envato Market, the company that owns CodeCanyon. Sessions on CodeCanyon from India were almost 64% higher from the start of April, as compared to last year.
“India’s increase is by far the largest by one country, particularly over the past few months, where it has grown 3x faster than the site average," Brice said over the phone.
Viral short video app Mitron, which soared in popularity in India as a rival to China’s TikTok, is one example of this dependence. Security researcher Karan Saini had found earlier that the app’s developers bought the code for Pakistani platform TicTic and rebranded it to make Mitron.
To be sure, buying code from marketplaces such as CodeCanyon and Github is common practice, and certainly not wrong. But experts say that while it might work as a quick fix, it can’t be a long-term solution.
Jayanth Kolla, founder of Convergence Catalyst, a global research and advisory firm, said such tactics are often used when a company’s engineers are unable to build a feature, or do not have time to write the code. “Our IT industry historically has never been an end-to-end product development industry, it’s been an IT services industry," said Kolla. Software engineers working in IT services in India have mostly worked on maintenance and hardly any product development. “The end-to-end product thinking itself has been missing in India for the longest time, especially software product development, until recently," he said.
Shared codebases allow developers to claim they “built" a product from the ground up, but it may be troublesome when raising funds. Kolla said each line of code is scrutinized when a startup goes to raise funds and having off-the-shelf code will be a hindrance.
Failing to do proper due diligence while buying off-the-shelf code may also result in security gaffes. Loopholes are often carried over from the original code. Not knowing the code you’re using can make it much more difficult to find and fix such loopholes. For example, Saini found the same security issues in Mitron as in TicTic. It may also be difficult to fix the code in the future since the app developer is unaware of how it works. This is especially true for machine learning and artificial intelligence algorithms since these change themselves once they’ve been put to use.