• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Android web app security

 
Ranch Hand
Posts: 90
1
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does Pro Android Web Apps cover information on security considerations when developing Android web apps?

For instance, with desktop browsers a cross-site scripting (XSS) attack can "only" steal users' credentials, port scan the internal network, perform privileged actions impersonating an authenticated user, etc., but within an Android app that uses PhoneGap, a whole range of other possibilities open up, such as meddling with the filesystem, taking pictures with the camera and posting these to the Internet, posting the user's exact location (GPS), uploading the user's contacts to a public web site, initiating calls, and other malicious things. Are there good strategies for mitigating the potential damage by a XSS attack on a PhoneGap app?
 
Rancher
Posts: 1369
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Although the site doesn't mention web security, a chapter on it would be more than welcome. Maybe the authors will blog about it; just a point of view?
 
author
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey Guys,

This isn't something that we cover specifically in the book, but I would be more than happy to blog (or write an article, see below) about it. In fact a good friend of mine will be joining me in my business pretty soon and he has extensive experience in the security space, so I would probably pick his brains or potentially even collaborate on writing that post.

In addition to the book, I plan on building up some online resources at a site I've created @ http://www.xpmobi.org/. All the content there will be creative commons licensed and I'm building the site using Jekyll with the intention that people can fork a github repository (https://github.com/sidelab/xpmobi) and contribute articles, all while getting to write their content using markdown

With some of the stuff your getting up to Daniel, I'd certainly welcome any contributions from yourself regarding the things you are doing in the "hybrid" web app / native app space.

The site is still a work in progress, and I have to get a couple of those pages finished before the book hits the shelves...

Kind of got off topic there... sorry... I'm just really keen to see more, useful information around how people can go about building cross-platform mobile apps. The book definitely captures some of that information, but there is just so much more that we can cover, as this particular thread points out.

Cheers,
Damon.
 
Monu Tripathi
Rancher
Posts: 1369
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sounds interesting! Thanks for everything you are doing for the community!
 
Daniel Trebbien
Ranch Hand
Posts: 90
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Damon,

I'll be following XPMobi.org with great interest. I'm glad that you made the site open source on GitHub, as I might be able to contribute someday by forking and issuing a pull request.

These past few discussions with you, Sébastien, and others have really got me thinking about some things. I look forward to exploring these ideas and sharing the results.
 
Damon Oehlman
author
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Daniel Trebbien wrote:Hi Damon,

I'll be following XPMobi.org with great interest. I'm glad that you made the site open source on GitHub, as I might be able to contribute someday by forking and issuing a pull request.

These past few discussions with you, Sébastien, and others have really got me thinking about some things. I look forward to exploring these ideas and sharing the results.



Cool - great. Yep - that's the idea - writing articles coder style

It's been great actually, really impressed with JavaRanch actually and the discussions that we've had. I'll be interested to see what you get up to.

Cheers,
Damon.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic