Xapo is a startup founded in 2014 that currently safeguards $10 billion worth of bitcoin, or 7% of the world's supply.With backers like LinkedIn co-founder Reid Hoffman and advisors like Visa International founder Dee Hock, Xapo has positioned itself as the ultimate solution to protect private keys, the personal code that allows bitcoin owners to access the cryptocurrency for use.While security for the bitcoin elite is one side of the startup's business model, its vision is much broader. Xapo also offers the convenience of a bitcoin wallet through its mobile apps for everyday spending by everyday people.Xapo is betting on bitcoin as the currency of the future. Its founder, PayPal board member Wences Casares, believes that over time, bitcoin will revolutionize how the world spends, empowering billions of people around the world who don't have access to bank accounts.
I think bitcoin will allow us to see 6.3 billion people banking on their cell phones. That’s what’s so exciting to me. That’s a much better world than we have today.
At Instabug, we’re proud to support Xapo's mission by providing bug and crash reporting to help the company maintain its rigorous quality standards in its mobile apps.We sat down with Fabian Cuesta, Head of Mobile at Xapo, to take a peek behind the scenes of the company’s app development process.
What is Xapo's strategy in terms of scaling?
We provide a service for users that want to have a bitcoin wallet, as well as a bitcoin vault for cold storage. We provide that service worldwide.
You can have bitcoin and any other currency in your Xapo account. You can also link a debit card to your bitcoin wallet so you can use that card in any place in the world and exchange your bitcoins against any currency. We support as many currencies as countries are available in the world.
This year, we are going to focus more on the U.S. and Europe, but anyone in the world can download our app and use our service. Our strategy is based on bitcoins. Based on that platform, we can provide services all over the world where the bitcoin is not banned because there are many countries that do not allow bitcoins. It's an ambitious strategy.Instabug has given us a lot of visibility over what is happening in our apps in different scenarios as we provide services all over the world.
What are your thoughts on the recent fluctuations in the bitcoin market?
That is a trend that has happened since the beginning of bitcoin.
Today, bitcoin is more well known all over the world and the scale of the price is bigger, but if you look at the ups and downs of the prices in percentage, major fluctuations have already happened five times in the history of bitcoin.
Regardless of changes in circulation or big players trying to come in or big players saying it is a scam or something that is not going to work, for us it's the same.
The Xapo vault is a global network of hyper secure underground bunkers that contain offline servers.
What security measures do you take with third-party software?
The first thing we look at is how insecure is that specific library or SDK or whatever we may include in our mobile or web apps in terms of what we are going to deploy in production or leave in a staging environment.For Instabug, we use it a lot in our development and staging environment for testing. For production, we include just the part of the Instabug SDK that gives insights on crashes.Any SDK we want to implement first goes to our security department. They analyze how that specific software works. They approve it or not to use.
Within our apps there are specific parts where we encrypt a certain amount of information and data. If any SDK wants to have access to that specific information, basically we don't use it.
The primary objective of our security department is to make sure that it does not interfere in that process. Also, they analyze if it is open to certain known vulnerabilities.We also have scaled penetration testing from third parties and that includes any other library or SDK or external tool that we use.
How do you handle testing for your apps?
Our QA testing department is external. We believe that including testers inside the company creates a bad vibe between engineers and testers.The tester has an objective that is contrary to the engineer's. They are evaluated based on how many bugs they found. We believe that having someone outside of the company for that task is more like having the enemy outside of our team.That is why we use outsiders as testers and because they provide that specific service and they do it better than a couple of guys inside our company. They have experience in other platforms, they have experience with other processes that we are not focused on, so they bring a lot of new ways to test our work. They use Instabug and we do as well.Internally, we have all our employees test our apps using Instabug before going to production and, in many cases, we catch errors that don't apply to any test case we run.
We have 100 employees all over the world and Instabug gives us a great way to communicate with the person reporting the bug. In that way, everyone is involved in our apps. It’s a great way to participate.
With the Xapo mobile wallet, users can invest, trade, and spend bitcoin.
How did you handle bug reports before Instabug?
Before Instabug, we handled bug reports manually. We had those test cases and we reported any bug through our ticketing system, Jira. We didn't get any information regarding logs or device models or localization, those things that are included in the Instabug SDK.
We chose Instabug because it's easy to use for someone who doesn’t understand anything regarding a mobile app, an end user. It's easy to explain that you basically just have to shake the phone and send a bug.
It also offered integrations that were in line with the other products we are using.
What is your bug reporting workflow?
We use integrations so anyone can track specific issues or requests through different channels, from Instabug to Slack as well as to Jira. In Slack, we have one channel per platform for iOS and Android. We forward notifications about any change of a bug reported by any user to keep our teams updated.In Jira, we filter the bugs in the Instabug dashboard and send the bugs with a higher severity to Jira and leave the ones with low severity in the Instabug dashboard until later, and we change the status of those we send to Jira. Sometimes, if the bug is related to an important feature in development, we grab those bugs first in order to fix those issues in a more rapid and flexible way. If it's a bug that is happening not for a feature in development, we filter by severity.
What is your definition of success for your bug reporting process?
We measure how many test cases are approved or not. We generate reports based on our test case database. Instabug is a critical tool in that aspect. With Instabug, we find a lot of bugs and in that way we create more test cases.
Our priority when releasing new features is to ensure that we are sending something to production that really works and doesn't affect the stability of our current application. Instabug is a part of that process that is critical.