Show HN: HCB Mobile – financial app built by 17 y/o, processing $6M/month

hackclub.com

92 points by mohamad08 3 days ago

Hey everyone! I just built a mobile app using Expo (React Native) for a platform that moves $6M/month. It’s a neobank used by 6,500+ nonprofit organizations across the world.

One of my biggest challenges, while juggling being a full-time student, was getting permission from Apple/Google to use advanced native features such as Tap to Pay (for in-person donations) and Push Provisioning (for adding your card to your digital wallet). It was months of back-and-forth emails, test case recordings, and also compliance checks.

Even after securing Apple/Google’s permission, any minor fix required publishing a new build, which was time-consuming. After dealing with this for a while, I adopted the idea of “over the air updates” using Expo’s EAS update service. This allowed me to remotely trigger updates without needing a new app build.

The 250 hours I spent building this app were an INSANE learning experience, but it was also a whole lot of fun. Give the app a try, and I’d love any feedback you have on it!

btw, back in March, we open-sourced this nonprofit neobank on GitHub. https://news.ycombinator.com/item?id=43519802

KenSF an hour ago

HCB is an amazing Rails 8 app. It is the Rails app that is processing $6M/month.

https://github.com/hackclub/hcb

Excellent work on the mobile app though I would wonder, since HCB runs on Hotwire, why it was not written as a Hotwire Native app which would leverage the existing Rails Hotwire app and not require a complete rewrite?

sailfast 4 hours ago

The OP built the React Native mobile app - not the entire platform / company. Some folks commenting like they built the company. Just a point of clarification.

Great work! Keep building OP!

  • indigodaddy 2 hours ago

    The OP title seems a bit misleading notwithstanding this caveat.

skylurk 4 hours ago

I am surprised you managed to get those entitlements at all!

Did it help to be a non-profit?

mrb 2 hours ago

That's awesome, and impressive you were able to build that. As an angel investor, my first question would be: how do you deal with financial fraud? Like users exploiting your app for money laundering via donations then spending... Any system that lets money get in and out is eventually used as a channel by launderers.

cirrus3 an hour ago

What is this page of transactions for? https://hcb.hackclub.com/hq/transactions

I get that you want to be "open", but is everyone involved in these transactions ok with them being shared? Even if they are, this doesn't seem like a good idea security wise. I see partial account numbers and other IDs/numbers that I assume you'd prefer not be public, regardless of how insensitive they may seem now.

EXPENSIFY, INC. VALIDATION XXXXXX5987 THE HACK FOUNDATION +$0.89

FRONTING $10,000 TO CHRIS WALKER FOR GITHUB GRANTS MADE FROM PERSONAL ACCOUNT -$10,000.00

CHECK TO LACHLAN CAMPBELL +$800.00

Transfer to Emma's Earnings -$1,923.08

  • galaxy_gas 25 minutes ago

    Please look at this @mohamad08

    The numbers and amounts used for account validations and adding it to be able to pull or push money . Should not be shown public..

rahimnathwani 3 hours ago

This is great!

I'm curious whether you were able to build the app using backend APIs that were already built, or whether building this app created new requirements for those APIs?

riffic 4 hours ago

I really wish something like Hack Club existed while growing up, how empowering! great work.

daredoes 3 hours ago

Was just looking at this the other day for personal reasons. Great work!

miroljub 4 hours ago

Why does it matter how old is the author?

We should judge software by the quality, not by authors age.

  • pinkmuffinere 3 hours ago

    HN isn't a judge of software; it's a place to learn and be curious. So people are often interested in projects that do a novel thing in a normal way, or a normal thing in a novel way. Eg, stories fascinate us because something was built by a very lean team, or a group with no money, or somebody who is an industry outsider, or a parapalegic, etc. Overcoming these limitations is a sort of 'hacking'.

  • Cyao 3 hours ago

    Totally agree. Even if I'm a teen myself I never post my age unless someone asks explicitly. Saying your age is just trying to find excuses to justify a sub-par software imo (Not saying this project is sub-par)

  • trollbridge 3 hours ago

    There is a new trend in Silicon Valley of bragging about how young founders are, etc. along with the rather bizarre trend of bragging about dropping out of high school to "found a startup".

    • rvz 2 hours ago

      Always has been.

      It is a deliberate advertisement to VCs to find "the next Mark Zuckerberg" which the entire point is that there is only one.

      For every 1,000+ startups there is exactly only *one* exceptional founder.

      • recursive an hour ago

        It's quite remarkable that such a loosely quantified pool of startups (1000+) yields precisely one exceptional founder.

LoganDark 3 hours ago

> I adopted the idea of “over the air updates” using Expo’s EAS update service.

Be careful with this. If Apple finds out for instance, your app will still be taken down.

  • rahimnathwani 2 hours ago

    Many developers do this, and it's explicitly allowed under Apple's Developer Agreement (section 3.3.1).

      Interpreted code may be downloaded to an Application but only so long as such code: (a) does not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application (b) does not bypass signing, sandbox, or other security features of the OS; and (c) for Applications distributed on the App Store, does not create a store or storefront for other Applications.
    The app store review guidelines (section 2.5.1) seem more narrow, but I think the above is what's enforced.
    • LoganDark 41 minutes ago

      Weird, because Apple took down Fortnite for enabling a direct buy-button (bypassing IAP) after review completed. Just because an offending feature wasn't enabled at the time of review absolutely does not mean you're in the clear to turn it on after the review is complete. Whereas before you'd get the opportunity to fix anything like that during the review process, by sidestepping the review process you'd better be confident you don't ever ship anything that wouldn't pass.

constantcrying 4 hours ago

It is clear that you put a lot of effort into this, but I do not believe that a 17 year old is capable to realize what he is sacrificing for this or what his responsibilities are.

I do actually believe that zero teenagers should make banking apps or run non-profits.

  • simonw 4 hours ago

    The parent non-profit organization Hack Club isn't run by teenagers. https://hackclub.com/team/

    • webdevver 3 hours ago

      oh my goodness, ofcourse they flag the op. holy reddit! so incredibly lame.

      its the controvertial takes that bring readership...

      • lagniappe 3 hours ago

        There is a vouching system for comments that are flagged.

        Click the date on the post, and if you have a button saying "vouch", click that.

  • E-Reverance 4 hours ago

    > I do actually believe that zero teenagers should make banking apps or run non-profits.

    That sounds like a lot of fun and should be a pretty social experience.

    Also I'm going to assume his parents are proud, which should put his family at ease.

  • brailsafe 2 hours ago

    It's the lowest cost time to take risks like that, and it's a hell of a lot more constructive than fighting in a world war like 17 y.o men of the past.