Integration of BankID Services in a PhoneGap Based Mobile Application

Eggestig, Lars, Wodajo, Mintesinot

January 2014

Security concerns became high with the rapid technology advancement andwith the open nature of the internet. BankID is the leading electronic identificationsystem in Sweden which is used by around 5 million people in a variety ofpublic and private services. BankID allows users to securely authenticate themselvesand digitally sign important documents and transactions over the internet.In 2011, BankID Security App was launched to be used in mobile smartphones and tablet computers. In this paper, different components of the PublicKey Infrastructure (PKI) which is a cryptographic technique that enables usersto safely communicate over the insecure internet has been studied in detail. Furthermore,a test BankID-integrated PhoneGap based app on the Android platformis implemented and a performance evaluation and security analysis wereperformed. The test implementation of the BankID-integrated app on theAndroid platform provides user authentication and digital signing functions.The implemented backend system consists of a server with digital certificateand a database. The performance test emphasizes on the measurement of the accesstime between the components of the system and usability of the application.Access time measurement includes a reasonable amount of time in whichthe user is able to perform different activities in the system. In usability assessmentnumber of actions to perform a certain task and the ease of the user interfacehas been taken into consideration. The security analysis aims to identifypotential security flaws in the system and discuss possible solutions. The potentialsecurity risks we identified during the implementation of the system are theman-in-the-middle-attack, the Heartbleed bug, losing the mobile device andphysical access to the backend system. The potential security risks in the systemwere examined with regard to severity and probability of occurrence. Finally,the thesis project has been discussed in terms of the future work and system expansions.The result of the thesis will be used as a base in production developmentby Dewire, the company for which the thesis work has been conducted.

Security

BankID

PhoneGap

PKI

Android

Tweet analysis for Android malware detection in Google Play Store

Fan, Zhiang

January 1900

Master of Science / Department of Computer Science / Major Professor Not Listed / There are many approaches to detect if an app is malware or benign, for example, using static or dynamic analysis. Static analysis can be used to look for APIs that are indicative of malware. Alternatively, emulating the app’s behavior using dynamic analysis can also help in detecting malware. Each type of approach has advantages and disadvantages. To complement existing approaches, in this report, I studied the use of Twitter data to identify malware. The dataset that I used consists of a large set of Android apps made available by AndroZoo. For each app, AndroZoo provides information on vt detection, which records number of anti-virus programs in VirusTotal that label the app as malware. As an additional source of information about apps, I crawled a large set of tweets and analyzed them to identify patterns of malware and benign apps in Twitter. Tweets were crawled based on keywords related to Google Play Store app links. A Google Play Store app link contains the corresponding app’s ID, which makes it easy to link tweets to apps. Certain fields of the tweets were analyzed by comparing patterns in malware versus benign apps, with the goal of identifying fields that are indicative of malware behavior. The classification label from AndroZoo was considered as ground truth.

twitter

malware

googleplay

android

detection

Fleet management system

Challa, Abhishek

January 1900

Master of Science / Department of Computer Science / Daniel Andresen / Web services have become quintessential in web application development. RESTful web services are one way of providing interoperability between computer systems on the internet. REST-compliant web services allow requesting systems to access and manipulate textual representations of web resources using a uniform and predefined set of stateless operations. These services, which are online APIs, can be accessed from various applications and the results can be used to offer specific functionality to users. This project consists of an Android app, a Server application and a Client application. The Server application exposes a REST API (Web Services developed using REpresentational State Transfer (REST) protocol) using, which the consuming client applications can make use of various functionalities as services across the network. The Android app would be installed in the smart phone present in each vehicle of the fleet, this app would send live location data to the database using the REST API. The manager uses the client application to track the vehicles in real time, the manager can also choose to track a particular vehicle. The API could also be used to integrate the services with other systems. This project serves to a wide variety of users, from small local businesses owning tens or hundreds of vehicle to parents who would like to track the location of their children in real time. This project aims to help the managers/owners better control and track the vehicles. Also, the exposed API could be used by other developers to customize or extend this application. This project is easy to install, use and hence friendly for users with even minimal computer skills.

Web Services

Hibernate

Spring

Android

Vidareutveckling av ett Android-spel

Roxbo, Daniel

January 2016

Rapporten behandlar en vidareutveckling av ett kartbaserat Android-spel där vidareutvecklingen moderniserar koden, implementerar ny funktionalitet och optimerar spelets prestanda. Vid kodmoderniseringen identifieras 8 föråldrade API-användningar som bytts ut under arbetets gång. Prestandamässigt sänks arbetsbördan vilket gör att enheten snabbare kan generera bildrutor. Minneskonsumtionen för spelet minskas med nästan 40% under delar av spelet. Flera nya funktioner implementeras och presenteras vilket tar spelet närmare ett lanseringsklart stadie.

Android

Computer Sciences

Datavetenskap (datalogi)

Open source application development for phenotypical data acquisition

Courtney, Chaney Lee

January 1900

Master of Science / Department of Computing and Information Sciences / Mitchell L. Neilsen / The Poland Lab at Kansas State University studies the genetics of wheat ‘to develop a climate-resilient wheat variety that can combat rising heat and drought.’ With populations and food demand rising the need for accelerated food growth is imminent. A previous group of Android applications, Field book has shown that the use of open source app development could create a segue to increasing food development through modernized plant breeding across the world. This is especially useful to various countries that may have a limited budget and have a rising market for Android mobile devices. The applications described in this report include: Verify, a barcode scanning application that can quickly confirm if various seed identifiers are found within a database, Field Mapping, an application that identifies individual plot segments throughout farmland and finally, Survey, an application for manual input of latitude and longitude data. These three applications and services open a new open-source domain for acquisition of data on farmlands to accompany the research of plant breeders.

Android

Agriculture

Computer science

Phenotype

Materiales educativos basados en la Realidad Aumentada y su influencia en el Rendimiento Académico de los estudiantes con discapacidad intelectual en el Centro Educativo Básico especial "Señor de los Milagros"

Ramirez Huaccho, Jefferson Fredy

11 July 2016

La presente investigación se realizó en el Centro Educativo Básico Especial “Señor de los Milagros” durante el periodo comprendido del mes de Octubre del 2015 a Enero del 2016 y en la misma participaron los alumnos con discapacidad intelectual moderada, tomando como parámetro de medición las calificaciones de los alumnos evaluados, de allí el propósito de la presente investigación consistió en determinar la influencia de los materiales educativos basada en tecnología de la Realidad Aumentada en el rendimiento de los estudiantes de esta institución mencionada. Para ello fue necesario determinar la diferencia en el rendimiento de los alumnos que utilizan materiales educativos basados en RA frente a los alumnos que utilizan materiales educativos tradicionales y se determinó el nivel de aceptación de los materiales educativos basados en Realidad Aumentada utilizados por los alumnos. El presente investigación se justificó por poseer valor teórico, relevancia social y en base a los beneficios que genera. Metodológicamente el trabajo de investigación se aborda desde la perspectiva de los tipos de estudio aplicada, con la aplicación de un diseño de instigación experimental y la técnica empleada fue la de observación en la cual se aplicó lista de cotejo y escala de valoración validado por el juicio del profesor experto. El procesamiento de datos permitió determinar que el rendimiento de los alumnos incremento 42.8% de estudiantes aprobados. Lo que permitió llegar a la conclusión que se logró mejorar el rendimiento académico de los alumnos, mediante la usabilidad y accesibilidad de los materiales educativos basados en RA e impulsando la enseñanza mediante la motivación que generan estos dispositivos y tecnológicos. / Tesis

Realidad aumentada

Discapacidad intelectual

Android

A Comparison of the Usability of Security Mechanisms Provided by iOS and Android

Maulick, David E

01 June 2018

The Open Web Application Security Project identifies that the number one vulnerability in mobile applications is the misuse of platform-provided security mechanisms. This means that platforms like iOS and Android, which now account for 99.8\% of the mobile phone market, are providing mechanisms that are consistently being used in an incorrect manner. This statistic shines a spotlight onto both platforms. Why is it that so many people are misusing platform provided security mechanisms? And is it the platform’s fault? The supposition of this paper is that both iOS and Android are not creating usable security mechanisms. This paper is meant to be a direct response to the number one spot on the OWASP Top Ten Mobile Vulnerabilities list. As a result, our primary goal is to identify whether or not iOS and Android are creating usable security mechanisms. To do this we first proposed an evaluation framework that is tailored to evaluate the usability of mobile device security mechanisms. Then we used it to evaluate seven of the most important and therefore most popular security mechanisms provided by iOS and Android. Through this evaluation we not only hope to develop a clear landscape of overall mobile security mechanism usability, but we also hope to compare the usability across the two platforms. Overall, it was found that both platforms adequately supported the more popular security mechanisms like key storage and HTTPS. Whereas support for some of the more low-level mechanisms, like encryption and MACs, were often neglected. Such neglect could be seen in a number of different ways; however, the most common neglect came in the form of old documentation, or APIs that are long over do for a rebuild or increased abstraction. Furthermore, both platforms barely addressed the testing of implementations, despite the fact that testing is arguably the most important part of the software development cycle. Both iOS and Android seldom gave the developer any guidance on verifying the functionality of their implementations.

Usability

Security Mechanisms

iOS

Android

Řízení kolejového provozu mobilním zařízením

Mařík, Miroslav

January 2017

Mařík, M. Driving in a mobile device. Diploma thesis. Brno: Mendel University in Brno, 2017. The text describes the development of a mobile application used to driving vehicles in the laboratory of rail traffic control.

Open-source mobilná a webová aplikacia pre elektronickú evidenciu tržieb

Osuský, Peter

January 2019

The text describes the process of designing and developing mobile applications for electronic sales records. The work also describes the procedure of electronic registration and also contains an analysis of existing solutions.

Security Weaknesses of the Android Advertising Ecosystem

Tate, Jeremy

27 January 2015

Mobile device security is becoming increasingly important as the number of devices that are used continues to grow and has surpassed one billion active devices globally. In this thesis, we will investigate the security of Android ad supported apps, security vulnerabilities that have been identified in the way those ads are delivered to the device and improvements that can be made to protect the privacy of the end user. To do this, we will discuss the Android architecture and the ecosystems of apps and ads on those devices. To better understand the threats to mobile devices, a threat analysis will be conducted, investigating the different attack vectors that devices are susceptible to. This will also include a survey of existing work that has been conducted within the realm of Android security and web based exploits. The specific attacks that are detailed in this research are addJavascriptInterface attacks against a WebView used to display an ad and information leakage from the ad URL request. These attack vectors are discussed in detail with applicability and feasibility studies conducted. The results of these attacks will be analyzed with a discussion of the methodology used to obtain them. In order to combat such attacks, there will also be discussion of potential solutions to mitigate the threats of attack from a variety of angles, to include steps that users can take to protect themselves as well as changes that should be made to the Android operating system itself. / Master of Science

Android

Cyber Security

Advertising Network