DEV Community

SoftwareDevs mvpfactory.io
SoftwareDevs mvpfactory.io

Posted on • Originally published at mvpfactory.io

WebSocket Connection Lifecycle in Mobile Apps

#webdev #programming 
---
title: "Mobile WebSocket Tuning That Stops Silent Message Loss"
published: true
description: "A deep dive into building a reconnection state machine in Kotlin that took delivery rates from ~94% to 99.97% on lossy mobile networks, with real production numbers."
tags: kotlin, android, mobile, architecture
canonical_url: https://blog.mvpfactory.co/mobile-websocket-tuning-that-stops-silent-message-loss
---

## What We're Building

In this workshop, we're going to build a **deterministic WebSocket reconnection state machine in Kotlin** that handles the ugly realities of mobile networks — doze mode, cell handoffs, carrier NAT expiration, and app backgrounding.

By the end, you'll understand the three-layer keepalive mismatch that silently kills mobile WebSocket connections, and you'll have working code for exponential backoff with jitter and a proper message drain queue. These patterns took our measured delivery rate from ~94% to 99.97% on lossy networks. Let me show you how.

## Prerequisites

- Familiarity with Kotlin coroutines
- Basic understanding of WebSocket connections (OkHttp or Ktor)
- An Android project where you're maintaining a persistent WebSocket connection

## Step 1: Understand the Three-Layer Keepalive Mismatch

Here is the gotcha that will save you hours. There are **three distinct keepalive mechanisms** at play, and their defaults are wildly mismatched for mobile:

| Mechanism | Layer | Default Interval | Mobile OS Behavior |
|---|---|---|---|
| TCP Keep-Alive | Transport | 2 hours (Linux) | Suspended in Doze mode |
| WebSocket Ping/Pong | Application | None (optional) | Suspended when app backgrounded |
| HTTP/Proxy Timeout | Infrastructure | 60-120s | Unaware of mobile state |

TCP keep-alive defaults to two hours — effectively useless. Your load balancer kills idle connections in 60 seconds. And both app-level pings and TCP keepalives get suspended in Android Doze mode. The result: your app thinks it's connected, the server has already cleaned up the session, and messages land in a void.

## Step 2: Define the State Machine

Naive retry logic (`while(true) { connect(); delay(5000); }`) gives you thundering herds after outages and duplicate delivery during partial failures. Here is the minimal setup to get this working — a deterministic state machine:
Enter fullscreen mode Exit fullscreen mode


kotlin
enum class ConnectionState {
DISCONNECTED,
CONNECTING,
CONNECTED,
WAITING_FOR_RETRY,
BACKING_OFF,
DRAINING_QUEUE
}


The states most implementations miss are `BACKING_OFF` and `DRAINING_QUEUE`. When a reconnection succeeds, you **cannot** immediately resume normal operation. You must first drain any queued messages in order, confirming delivery of each before sending the next. Skipping this step is where that 3-8% silent message loss hides.

## Step 3: Tune Your Heartbeat Intervals

Through production testing across ~200K daily active mobile connections, we converged on these values:

| Parameter | Value | Rationale |
|---|---|---|
| App-level ping interval | 25s | Below typical LB idle timeout (60s) |
| Ping timeout (pong expected) | 10s | Aggressive enough to detect dead connections |
| TCP keep-alive interval | 30s | Overridden from 2h default via socket options |
| Initial reconnect delay | 500ms | Fast enough for transient drops |
| Max backoff ceiling | 30s | Prevents multi-minute gaps |
| Jitter range | 0-50% of delay | Prevents thundering herd |

The docs do not mention this, but the 25-second ping interval is deliberate. We measured one major US carrier expiring NAT mappings at 28 seconds on their LTE network. Many teams set pings to 30 or 60 seconds and wonder why connections drop on cellular.

## Step 4: Implement Exponential Backoff with Jitter
Enter fullscreen mode Exit fullscreen mode


kotlin
fun nextDelay(attempt: Int): Long {
val exponential = minOf(
MAX_BACKOFF_MS,
INITIAL_DELAY_MS * 2.0.pow(attempt).toLong()
)
val jitter = (exponential * Random.nextDouble(0.0, 0.5)).toLong()
return exponential + jitter
}


Without jitter, a server restart causes every client to reconnect at exactly the same intervals, creating predictable load spikes. In our load tests, removing jitter turned a 12-second recovery into a 45-second cascading failure. Don't skip the jitter.

## Step 5: Handle Android Doze Mode as a Network Event

Here is a pattern I use in every project that maintains a persistent connection on Android. When Android enters Doze mode, network access is batched into maintenance windows. Your ping timer fires, but the packet doesn't leave the device. When the maintenance window opens, a stale ping goes out, the server has already timed you out, and you get a close frame — or worse, nothing at all.

The fix: listen for `ACTION_DEVICE_IDLE_MODE_CHANGED` broadcasts and treat Doze entry as a **controlled disconnect**. Preemptively move to `DISCONNECTED` state, queue outbound messages, and reconnect immediately on Doze exit. This single change moved our measured delivery rate from 94.2% to 99.6%.

The remaining 0.37% came from proper `DRAINING_QUEUE` handling and server-side message deduplication using idempotency keys.

## Gotchas

- **Most WebSocket libraries leave keepalive at OS defaults.** OkHttp and Ktor wrappers give you a clean API but don't configure socket-level options. Those defaults were designed for servers, not a phone riding the subway. Always configure explicitly.
- **Testing on WiFi in the foreground on a charged device tells you nothing.** Production users are on congested LTE, walking into elevators, with battery saver enabled. The gap between lab and production is enormous.
- **The dead connection problem is about awareness, not connectivity.** A TCP socket can appear open for minutes after the actual network path has failed. Your first priority is detecting death fast, not preventing it.
- **The [jqwik incident](https://news.ycombinator.com/item?id=48319968)** — where a developer embedded a prompt injection in their library that instructed AI coding agents to delete application output — is a reminder that hidden behaviors in dependencies cause real damage. Audit what your WebSocket library actually does under the hood.

## Wrapping Up

The three changes that matter most:

1. **Override TCP keep-alive at the socket level.** Set it to 30 seconds and pair it with a 25-second application-level ping.
2. **Build a state machine, not a retry loop.** Include `DRAINING_QUEUE` as a first-class state and confirm delivery of buffered messages before resuming normal flow.
3. **Treat OS power states as network events.** Proactively disconnect on Doze entry and reconnect on exit instead of waiting for timeout detection, which can take 30+ seconds and silently drop messages.

These patterns are framework-agnostic — whether you're on OkHttp, Ktor, or rolling your own, the principles hold. Start by measuring your actual delivery rate on cellular networks. You might be surprised by how much you're silently losing.
Enter fullscreen mode Exit fullscreen mode

Top comments (0)