Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Android web app security

 
Daniel Trebbien
Ranch Hand
Posts: 62
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does Pro Android Web Apps cover information on security considerations when developing Android web apps?

For instance, with desktop browsers a cross-site scripting (XSS) attack can "only" steal users' credentials, port scan the internal network, perform privileged actions impersonating an authenticated user, etc., but within an Android app that uses PhoneGap, a whole range of other possibilities open up, such as meddling with the filesystem, taking pictures with the camera and posting these to the Internet, posting the user's exact location (GPS), uploading the user's contacts to a public web site, initiating calls, and other malicious things. Are there good strategies for mitigating the potential damage by a XSS attack on a PhoneGap app?
 
Monu Tripathi
Rancher
Posts: 1369
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Although the site doesn't mention web security, a chapter on it would be more than welcome. Maybe the authors will blog about it; just a point of view?
 
Damon Oehlman
author
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Guys,

This isn't something that we cover specifically in the book, but I would be more than happy to blog (or write an article, see below) about it. In fact a good friend of mine will be joining me in my business pretty soon and he has extensive experience in the security space, so I would probably pick his brains or potentially even collaborate on writing that post.

In addition to the book, I plan on building up some online resources at a site I've created @ http://www.xpmobi.org/. All the content there will be creative commons licensed and I'm building the site using Jekyll with the intention that people can fork a github repository (https://github.com/sidelab/xpmobi) and contribute articles, all while getting to write their content using markdown

With some of the stuff your getting up to Daniel, I'd certainly welcome any contributions from yourself regarding the things you are doing in the "hybrid" web app / native app space.

The site is still a work in progress, and I have to get a couple of those pages finished before the book hits the shelves...

Kind of got off topic there... sorry... I'm just really keen to see more, useful information around how people can go about building cross-platform mobile apps. The book definitely captures some of that information, but there is just so much more that we can cover, as this particular thread points out.

Cheers,
Damon.
 
Monu Tripathi
Rancher
Posts: 1369
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sounds interesting! Thanks for everything you are doing for the community!
 
Daniel Trebbien
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Damon,

I'll be following XPMobi.org with great interest. I'm glad that you made the site open source on GitHub, as I might be able to contribute someday by forking and issuing a pull request.

These past few discussions with you, S├ębastien, and others have really got me thinking about some things. I look forward to exploring these ideas and sharing the results.
 
Damon Oehlman
author
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Daniel Trebbien wrote:Hi Damon,

I'll be following XPMobi.org with great interest. I'm glad that you made the site open source on GitHub, as I might be able to contribute someday by forking and issuing a pull request.

These past few discussions with you, S├ębastien, and others have really got me thinking about some things. I look forward to exploring these ideas and sharing the results.


Cool - great. Yep - that's the idea - writing articles coder style

It's been great actually, really impressed with JavaRanch actually and the discussions that we've had. I'll be interested to see what you get up to.

Cheers,
Damon.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic