Show HN: HCB Mobile – financial app built by 17 y/o, processing $6M/month

Posted by mohamad08 7 days ago

Hey everyone! I just built a mobile app using Expo (React Native) for a platform that moves $6M/month. It’s a neobank used by 6,500+ nonprofit organizations across the world.

One of my biggest challenges, while juggling being a full-time student, was getting permission from Apple/Google to use advanced native features such as Tap to Pay (for in-person donations) and Push Provisioning (for adding your card to your digital wallet). It was months of back-and-forth emails, test case recordings, and also compliance checks.

Even after securing Apple/Google’s permission, any minor fix required publishing a new build, which was time-consuming. After dealing with this for a while, I adopted the idea of “over the air updates” using Expo’s EAS update service. This allowed me to remotely trigger updates without needing a new app build.

The 250 hours I spent building this app were an INSANE learning experience, but it was also a whole lot of fun. Give the app a try, and I’d love any feedback you have on it!

btw, back in March, we open-sourced this nonprofit neobank on GitHub. https://news.ycombinator.com/item?id=43519802

Comments

Comment by KenSF 4 days ago

HCB is an amazing Rails 8 app. It is the Rails app that is processing $6M/month.

https://github.com/hackclub/hcb

Excellent work on the mobile app though I would wonder, since HCB runs on Hotwire, why it was not written as a Hotwire Native app which would leverage the existing Rails Hotwire app and not require a complete rewrite?

Comment by mohamad08 4 days ago

Hotwire Native tbh wouldn't have been a bad choice at all to use tbh. Especially if you wanna maintain 1:1 parity with the website. It combines both being a "web app" and native features we could still use like Tap to Pay and Push Provisioning. The downsides of it is that it isn't a cross platform framework like React so all changes would have to be pushed to both an iOS app repo and an Android app repo. Another downside is that it isn't a "write once run anywhere" type application as you're integrating Hotwire into the native code so you have to be comfortable with both Kotlin and Swift (however if you're writing native modules in React Native same applies).

Both are 2 completely valid and separate paths you could take when building an app and I'd actually be curious what'd HCB Mobile look like if we did use Hotwire Native.

Comment by sailfast 4 days ago

The OP built the React Native mobile app - not the entire platform / company. Some folks commenting like they built the company. Just a point of clarification.

Great work! Keep building OP!

Comment by indigodaddy 4 days ago

The OP title seems a bit misleading notwithstanding this caveat.

Comment by Neywiny 4 days ago

I think there's ambiguity. An app built for a platform that does xyz. Does the app do xyz, the platform, or both? If I build an app that takes you straight to idk a Treasury department website, have I built an app for a platform that transacts trillions of dollars?

Comment by kbar13 4 days ago

seems like this is par for course for hustler “founders” nowadays to say half truths to seem groundbreaking to get attention

Comment by jeswin 4 days ago

True. But willing to cut anyone under 21 some slack.

Comment by dang 4 days ago

I thought that at first too, but then I figured it's pretty impressive that the app is processing $6M/month even though the financial platform pre-existed.

Comment by mandeepj 4 days ago

It’s the same BS that people have at LinkedIn - leading a $250B initiative or increased revenue by $100B

OpenAI’s executive claiming - made one of the top visited websites :-)

Comment by cirrus3 4 days ago

What is this page of transactions for? https://hcb.hackclub.com/hq/transactions

I get that you want to be "open", but is everyone involved in these transactions ok with them being shared? Even if they are, this doesn't seem like a good idea security wise. I see partial account numbers and other IDs/numbers that I assume you'd prefer not be public, regardless of how insensitive they may seem now.

EXPENSIFY, INC. VALIDATION XXXXXX5987 THE HACK FOUNDATION +$0.89

FRONTING $10,000 TO CHRIS WALKER FOR GITHUB GRANTS MADE FROM PERSONAL ACCOUNT -$10,000.00

CHECK TO LACHLAN CAMPBELL +$800.00

Transfer to Emma's Earnings -$1,923.08

Comment by garyhtou 4 days ago

Hi @cirrus3,

You've found an optional feature called Transparency Mode!

I admit, this is A LOT of information being made accessible. We at Hack Club (the nonprofit organization behind HCB, and the owner of the transactions above) have chosen to make our finances publicly available on the internet. You can read more about it here: https://blog.hcb.hackclub.com/posts/transparent-finances-opt...

That link (https://hcb.hackclub.com/hq/transactions) shows our donations and spending down to the cent since we believe donors deserve to know what their contributions are funding. As a nonprofit, you can talk about what you’re spending money on, but transparency in every transaction builds trust for supporters. This level of transparency is definitely atypical, and I can see why it may raise concerns.

Other organizations using HCB (such as Reboot) can choose to enable this feature too (it's off by default), and they're briefed on the potential risks and level of exposure to decide whether it's right for their organization/team. HCB supports 6.5k nonprofits, and roughly 64% of organizations have chosen to enable this feature.

> I see partial account numbers and other IDs/numbers that I assume you'd prefer not be public, regardless of how insensitive they may seem now.

> EXPENSIFY, INC. VALIDATION XXXXXX5987 THE HACK FOUNDATION +$0.89

Good catch! Thanks for flagging that verification deposit. I've pushed a fix here: https://github.com/hackclub/hcb/pull/12336

As for the account numbers (e.g. XXXXXX5987) visible in some transactions, these are our own defunct operating accounts, and we're aware they're out there on the internet. We have a new way of managing account numbers via Column.com, so these older transactions are less of a concern for me.

I very much appreciate you bringing these to my attention! We're always looking to improve, so I'd love to hear if you find anything else.

Comment by yangikan 4 days ago

Not just for hack club - but transactions for another organization that is using their software is public. https://hcb.hackclub.com/reboot/transactions?page=13

Not sure if all the organizations using their software know this.

Comment by luke-stanley 4 days ago

They have this page for reporting: https://github.com/hackclub/hcb/blob/main/SECURITY.md

Comment by galaxy_gas 4 days ago

Please look at this @mohamad08

The numbers and amounts used for account validations and adding it to be able to pull or push money . Should not be shown public..

Comment by skylurk 4 days ago

I am surprised you managed to get those entitlements at all!

Did it help to be a non-profit?

Comment by mohamad08 4 days ago

Tbh not at all, the process is tedious but pretty straightforward if you understand the requirements. Apple is did throw at me a huge checklist to finish which did take a while to complete, but after you successfully build the feature and submit test case videos to them its only a matter of time until you receive access to it. For Tap to Pay on iPhone, its very easy to achieve development status if you're just curious about the technology and its applications. Its more the production entitlement in which you must complete the specifications I mentioned before.

Comment by VoidWhisperer 4 days ago

No offense to the OP (what you did is great - as someone who had to pick up expo/RN on the fly for my newest job, it can be a bit annoying, and that is before all of the compliance nightmares associated with push provisioning) but the title does seem a bit disingenuous - it is phrased to make it sound like the app he built specifically is processing $6M/Month, where it is actually the platform that the app was built for that is

Comment by nxor 3 days ago

It doesn't "seem," it "is."

Comment by necovek 4 days ago

For something in the financial space, I don't see much (or really, any) tests in the code repository. CI also only has ESlint and prettier running.

How are you ensuring the application will remain maintainable in the future, you are not breaking existing stuff and integration with the actual platform is always up-to-date?

In short, what's the testing strategy for something that claims to deal with $6M a month?

If there is none, you likely want to read up a bit on things like Testing Pyramid, automated test strategies (unit-, integration- and end-to-end testing).

Comment by riffic 4 days ago

I really wish something like Hack Club existed while growing up, how empowering! great work.

Comment by whynotmaybe 4 days ago

Thanks, you just made me realise that I can have OTA update for my app and could deliver more frequently without the play/store hassle!

Comment by 3 days ago

Comment by rahimnathwani 4 days ago

This is great!

I'm curious whether you were able to build the app using backend APIs that were already built, or whether building this app created new requirements for those APIs?

Comment by mohamad08 4 days ago

Hi! Thank you so much for your kinds work :)

I actually did have to end up creating most of the backend APIs myself too or with the help of fellow engineers at HCB! What I like about HCB Mobile is that I'm not only creating a mobile app but also expanding our API infrastructure to allow for future integration with our platform.

Comment by rahimnathwani 4 days ago

Wow that's great experience.

My son is 9yo and loves to make little animations in Scratch. He recently started to learn a bit of Python (just the syntax so far, no projects).

I wonder whether you can share anything about your journey, especially if you have any tips for the stage my son is at.

Comment by mohamad08 4 days ago

That's great to hear your son is starting at such a young age! From my personal experience I would recommend focusing more on the concepts (which Python helps with as the syntax is easy to navigate!). Project-based coding is my ideal way of learning as you build things you are truly proud of. I remember when I was young and made my very first Python turtle drawings. Once he turns 13, I highly recommend him join the Hack Club community. Hack Club is our parent organization and its dedicated mission is to help teenagers interested in coding. I believe I wouldn't be where I am today without it. It truly helped me become a better programmer and Hack Club even offers free prizes that help you learn even more such as a Raspberry Pi for those who submit their incredible projects :) Hope that helps! Always down to help if you have anymore questions

Comment by brahbrahbat 4 days ago

This is very helpful to the community. Great work.

Comment by mrb 4 days ago

That's awesome, and impressive you were able to build that. As an angel investor, my first question would be: how do you deal with financial fraud? Like users exploiting your app for money laundering via donations then spending... Any system that lets money get in and out is eventually used as a channel by launderers.

Comment by daredoes 4 days ago

Was just looking at this the other day for personal reasons. Great work!

Comment by 7 days ago

Comment by miroljub 4 days ago

Why does it matter how old is the author?

We should judge software by the quality, not by authors age.

Comment by dang 4 days ago

It's an age-old convention, a way of supporting and encouraging kids, and harmless.

Comment by NaOH 4 days ago

>It's an age-old convention....

Bonus points for the wordplay.

Comment by pinkmuffinere 4 days ago

HN isn't a judge of software; it's a place to learn and be curious. So people are often interested in projects that do a novel thing in a normal way, or a normal thing in a novel way. Eg, stories fascinate us because something was built by a very lean team, or a group with no money, or somebody who is an industry outsider, or a parapalegic, etc. Overcoming these limitations is a sort of 'hacking'.

Comment by trollbridge 4 days ago

There is a new trend in Silicon Valley of bragging about how young founders are, etc. along with the rather bizarre trend of bragging about dropping out of high school to "found a startup".

Comment by rvz 4 days ago

Always has been.

It is a deliberate advertisement to VCs to find "the next Mark Zuckerberg" which the entire point is that there is only one.

For every 1,000+ startups there is exactly only *one* exceptional founder.

Comment by recursive 4 days ago

It's quite remarkable that such a loosely quantified pool of startups (1000+) yields precisely one exceptional founder.

Comment by Cyao 4 days ago

Totally agree. Even if I'm a teen myself I never post my age unless someone asks explicitly. Saying your age is just trying to find excuses to justify a sub-par software imo (Not saying this project is sub-par)

Comment by debo_ 4 days ago

Maybe they are rightfully proud that they did this at such a young age?

Comment by supportengineer 4 days ago

[flagged]

Comment by mohamad08 4 days ago

My parents nor did any parent step in to help me on this application or the approval processes. Furthermore, the approvals didn't get "rammed through". It took me quite a bit to actually acquire their entitlements and app review approval. I dislike when people assume just because I live in "Silicon Valley" I automatically have everything handed to me. If you would like to learn more about how the processes that I took to achieve this feel free to ask!

Comment by DANmode 4 days ago

I would – as an admirer.

Comment by nxor 3 days ago

Proximity to some of the country's best high schools, universities, and the people who work there, as well as some of the most unique industries in the country, could have played a role. In other places, if not most, people don't even know these things exist. Everyone has the internet, sure, and anyone from anywhere can learn about anything, but it's hard to compete with people who encountered useful/the right information early in life.

Comment by dang 4 days ago

Please don't be cynical on HN. It's not what this site is for, and destroys what it is for.

https://news.ycombinator.com/newsguidelines.html

Comment by baranul 3 days ago

Mr. dang, is there some other secret guidelines, stealth censorship, or are only certain languages allowed to be discussed? Post that are submitted are shadow banned or hidden for unknown reasons? Please explain.

Examples:

[1] https://news.ycombinator.com/item?id=46177518

[2] https://news.ycombinator.com/item?id=46177449

Comment by aw1621107 3 days ago

You're probably more likely to get a response by emailing the mods directly rather than commenting on a completely unrelated thread.

That being said, one reason a domain gets banned is when they are spam or consistently a source of off-topic or low-quality articles" [0]. Given the string of [flagged] posts from that domain and the bit of the guidelines that say that original sources are preferred, I wouldn't be too surprised if that particular domain was determined to be ban-worthy, whether manually or automatically.

Of course, I'm a nobody with no special insight into how HN works, so take the above with an appropriately sized grain of salt.

[0]: https://news.ycombinator.com/item?id=23772723

Comment by baranul 1 day ago

It's not just the domain, because a submission to youtube[1] was shadow banned or censored as well. This looks like undisclosed censorship against a particular language, which is why the question was asked. However, thanks for the response, because concerns over censorship and bans on hacker news should be out in the open.

[1]: https://news.ycombinator.com/item?id=46141171

Comment by aw1621107 1 day ago

I focused on the domain because that was the common factor that stood out to me in the examples you provided, especially given the domain's recent history here. I don't think I can usefully speculate as to why the post you linked was killed, though I am somewhat skeptical about the conclusion you appear to have drawn.

> However, thanks for the response, because concerns over censorship and bans on hacker news should be out in the open.

Maybe, maybe not, but either way hijacking unrelated threads is probably not the way to go about doing such a thing.

Comment by dang 2 days ago

There are no restrictions against any programming languages. There are restrictions against accounts using HN primarily for promotion. This is in the site guidelines: https://news.ycombinator.com/newsguidelines.html.

Comment by baranul 1 day ago

Mr. dang, that does not appear to be true (about restrictions), based on facts and reviewing profiles: 1) Hacker News gives the impression of specifically having restrictions against certain languages, that looks to result in bans, shadow bans, and censorship. 2) You have obvious accounts that have been strongly promoting their languages on Hacker News (with posts numbering into the thousands), for many years.

Examples of accounts using Hacker News for language and site promotion: 1) AndyKelley (Zig creator and profile promotes full throttle), 2) kristoff_it (profile clearly states he's the VP of Zig Software Foundation), 3) gingerBill (Odin creator), 4) lerno (C3 creator and numerous submissions), pcwalton (many comments about Dlang, however, submissions are very varied), etc...

Speaking of which, the number of Zig and Rust posts and submissions on Hacker News are insane (per search). Absolutely insane! Rust is not even in the top 10 of programming languages, and Zig is the lower part of the top 50 languages. It's to the extent we are left to wonder if Hacker News is financially linked to them or perhaps submissions about languages other than Zig or Rust can be quietly ghosted or treated like a bannable offense. If we submit something other than about Zig or Rust, it should not be interpreted as excessively promoting that language.

I just study about many languages (emphasis on many) and gave some opinions. Have no allegiance to any language organization. Unlike the accounts previously mentioned, who may even advertise their affiliations on their Hacker News profiles. Links I have submitted (which are few), were for and about many different languages, not just only one. Stealth censorship is something dastardly and gives the impression of a hidden approval list, and those languages not on it (and any supporters or submissions) are subject to being censored.

Comment by dang 1 day ago

HN has had many threads about, for example, array languages (APL/K/J/BQN) and stack languages (Forth et. al.), and countless languages even more obscure than those. HN is, in fact, in love with obscure programming languages. The fact that some languages are more popular than others doesn't mean we're biased in favor of them. If there's a bias, it's in favor of having threads about lesser-known ones. That doesn't mean every submission about them automatically makes the front page. (Your submissions in particular are getting affected by the software filters I mentioned in my reply above—but that's got nothing to do with which programming languages they're about.)

The stuff about dastardly censorship and financial shenanigans is, forgive me, a bit silly. HN is a big statistical cloud or, if you want to be more vivid about it, a big Rohrschach diagram. People can (and do) imagine any such monsters into it—all I can tell you is if anything so weird is happening, I'm completely unaware of it.

There have always been waves of internet drama about programming languages, going back to Usenet and no doubt earlier than that. Your comment makes me wonder if you might be getting swept along in the latest of those a little bit. If that's not the case, I'm happy to be wrong, but some of the tone of your comment reminds me of how certain language-enthusiast communities enjoy going to battle against each other nowadays. That's fine as a hobby but not on topic for HN.

Comment by nxor 3 days ago

It's not cynical, and even if it doesn't apply here, the truth is it's frequently the case. I agree it's wrong to generalize and to oversimplify but it's also wrong to ignore the role that wealth and proximity to information play in a person's life. (Again, not saying that's the case here. The title is asking for this discussion. And frankly why can't people express this view?)

Comment by dang 2 days ago

I would say that title was obviously not "asking for this".

Comments that try to cast shade on someone else's work or achievements are not good for HN to begin with, and when they're being used to cut down a kid, that's seriously bad.

Comment by arschficknigger 4 days ago

[flagged]

Comment by constantcrying 4 days ago

[flagged]

Comment by E-Reverance 4 days ago

> I do actually believe that zero teenagers should make banking apps or run non-profits.

That sounds like a lot of fun and should be a pretty social experience.

Also I'm going to assume his parents are proud, which should put his family at ease.

Comment by simonw 4 days ago

The parent non-profit organization Hack Club isn't run by teenagers. https://hackclub.com/team/

Comment by webdevver 4 days ago

[flagged]

Comment by lagniappe 4 days ago

There is a vouching system for comments that are flagged.

Click the date on the post, and if you have a button saying "vouch", click that.

Comment by brailsafe 4 days ago

It's the lowest cost time to take risks like that, and it's a hell of a lot more constructive than fighting in a world war like 17 y.o men of the past.

Comment by constantcrying 4 days ago

What kind of insane dichotomy is this? If you are 17 you can do so much with your life which isn't either grinding away making banking apps (if you want to do that, you can do that for the next 50 years of your life) or dying in a war.

Do you genuinely believe that my argument is that OP should have went into a war zone as a soldier instead? If not, why bring that up at all?

Comment by brailsafe 3 days ago

> Do you genuinely believe that my argument is that OP should have went into a war zone as a soldier instead? If not, why bring that up at all?

No, but that is true for many 17 year olds, if you have an opportunity, jump on it.

Comment by webdevver 4 days ago

[flagged]

Comment by LoganDark 4 days ago

> I adopted the idea of “over the air updates” using Expo’s EAS update service.

Be careful with this. If Apple finds out for instance, your app will still be taken down.

Comment by rahimnathwani 4 days ago

Many developers do this, and it's explicitly allowed under Apple's Developer Agreement (section 3.3.1).

  Interpreted code may be downloaded to an Application but only so long as such code: (a) does not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application (b) does not bypass signing, sandbox, or other security features of the OS; and (c) for Applications distributed on the App Store, does not create a store or storefront for other Applications.

The app store review guidelines (section 2.5.1) seem more narrow, but I think the above is what's enforced.

Comment by LoganDark 4 days ago

Weird, because Apple took down Fortnite for enabling a direct buy-button (bypassing IAP) after review completed. Just because an offending feature wasn't enabled at the time of review absolutely does not mean you're in the clear to turn it on after the review is complete. Whereas before you'd get the opportunity to fix anything like that during the review process, by sidestepping the review process you'd better be confident you don't ever ship anything that wouldn't pass.

Comment by DANmode 4 days ago

Not that weird, because they were shiving each other in federal court at the time.

Comment by DANmode 4 days ago

I was going to offer a similar, less-absolute warning.

Comment by throwaway5465 4 days ago

In accounting, finance, M stands for 'mille' aka 'thousand'. So the headline reads $6000/month.

Given how famed HN is for its pedantry I thought you may find this useful as sooner or later someone in your industry might make a judgement on it.

MM is million, BTW.

Comment by airstrike 4 days ago

Hardly. I was an M&A banker for a decade in New York and we used `M` for millions across the board. A few people would use `MM` but on every deck I signed off we used `M` for millions, `B` for billions

Some people do use `MM` but it's far from a standard.

Comment by DANmode 4 days ago

Mostly Europeans.

Comment by esafak 4 days ago

I think being programmers we'd expect K and M. Save the mm for your financial report.

Comment by enronmusk 4 days ago

Humanity has moved on from roman numerals 1000+ years ago. Talk about tech debt.

> In accounting

Only in America.

Comment by 4 days ago

Comment by efilife 4 days ago

america is not the entire world

also a simple google search disproves what you are saying. M is correct

Comment by ImPostingOnHN 3 days ago

America largely uses K,M,B

Either OP is incorrect, or not American