*
The moose likes Android and the fly likes Android web app security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Mobile » Android
Bookmark "Android web app security" Watch "Android web app security" New topic
Author

Android web app security

Daniel Trebbien
Ranch Hand

Joined: Jul 10, 2007
Posts: 44
Does Pro Android Web Apps cover information on security considerations when developing Android web apps?

For instance, with desktop browsers a cross-site scripting (XSS) attack can "only" steal users' credentials, port scan the internal network, perform privileged actions impersonating an authenticated user, etc., but within an Android app that uses PhoneGap, a whole range of other possibilities open up, such as meddling with the filesystem, taking pictures with the camera and posting these to the Internet, posting the user's exact location (GPS), uploading the user's contacts to a public web site, initiating calls, and other malicious things. Are there good strategies for mitigating the potential damage by a XSS attack on a PhoneGap app?
Monu Tripathi
Rancher

Joined: Oct 12, 2008
Posts: 1369
    
    1

Although the site doesn't mention web security, a chapter on it would be more than welcome. Maybe the authors will blog about it; just a point of view?


[List of FAQs] | [Android FAQ] | [Samuh Varta]
Damon Oehlman
author
Greenhorn

Joined: Jan 26, 2011
Posts: 23
Hey Guys,

This isn't something that we cover specifically in the book, but I would be more than happy to blog (or write an article, see below) about it. In fact a good friend of mine will be joining me in my business pretty soon and he has extensive experience in the security space, so I would probably pick his brains or potentially even collaborate on writing that post.

In addition to the book, I plan on building up some online resources at a site I've created @ http://www.xpmobi.org/. All the content there will be creative commons licensed and I'm building the site using Jekyll with the intention that people can fork a github repository (https://github.com/sidelab/xpmobi) and contribute articles, all while getting to write their content using markdown

With some of the stuff your getting up to Daniel, I'd certainly welcome any contributions from yourself regarding the things you are doing in the "hybrid" web app / native app space.

The site is still a work in progress, and I have to get a couple of those pages finished before the book hits the shelves...

Kind of got off topic there... sorry... I'm just really keen to see more, useful information around how people can go about building cross-platform mobile apps. The book definitely captures some of that information, but there is just so much more that we can cover, as this particular thread points out.

Cheers,
Damon.


Damon Oehlman
@DamonOehlman - Web - Blog
Monu Tripathi
Rancher

Joined: Oct 12, 2008
Posts: 1369
    
    1

Sounds interesting! Thanks for everything you are doing for the community!
Daniel Trebbien
Ranch Hand

Joined: Jul 10, 2007
Posts: 44
Hi Damon,

I'll be following XPMobi.org with great interest. I'm glad that you made the site open source on GitHub, as I might be able to contribute someday by forking and issuing a pull request.

These past few discussions with you, S├ębastien, and others have really got me thinking about some things. I look forward to exploring these ideas and sharing the results.
Damon Oehlman
author
Greenhorn

Joined: Jan 26, 2011
Posts: 23
Daniel Trebbien wrote:Hi Damon,

I'll be following XPMobi.org with great interest. I'm glad that you made the site open source on GitHub, as I might be able to contribute someday by forking and issuing a pull request.

These past few discussions with you, S├ębastien, and others have really got me thinking about some things. I look forward to exploring these ideas and sharing the results.


Cool - great. Yep - that's the idea - writing articles coder style

It's been great actually, really impressed with JavaRanch actually and the discussions that we've had. I'll be interested to see what you get up to.

Cheers,
Damon.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Android web app security
 
Similar Threads
What extensions to HTML5 and/or Javascript are available for use by Android web apps?
Android Development for client / server architecture
Website using Spring hibernate
Does Pro Android Web Apps cover how to expose native functionality to the JS runtime?
How to debug an Android web app