Access Control for Plugins in Cordova-Based Hybrid Applications

Hybrid application frameworks such as Cordova allow mobile application (app) developers to create platformindependent apps. The code is written in JavaScript, with special APIs to access device resources in a platform-agnostic way. In this paper, we present a novel app-repackaging attack that repackages hybrid apps with malicious code; this code can exploit Cordova’s plugin interface to tamper with device resources. We further demonstrate a defense against this attack through the use of a novel runtime access control mechanism that restricts access based on the mobile user’s judgement. Our mechanism is easy to introduce to existing Cordova apps, and allows developers to produce apps that are resistant to app-repackaging attacks

ERP implementation for an administrative agency as a corporative frontend and an e-commerce smartphone app

This document contains all the descriptions, arguments and demonstrations of the researches, analysis, reasoning, designs and tasks performed to achieve the requirement to technologically evolve an managing agency in a way that, through a solution that requires a reduced investment, makes possible to arrange a business management tool with e-commerce and also a mobile application that allows access and consultation of mentioned tool. The first part of the document describes the scenario in order to contextualize the project and introduces ERP (Enterprise Resources Planning). In the second part, a deep research of ERP market products is carried out, identifying the strengths and weaknesses of each one of the products in order to finish with the choice of the most suitable product for the scenario proposed in the project. A third part of the document describes the installation process of the selected product carried out based on the use of Dockers, as well as the configurations and customizations that they make on the selected ERP. A description of the installation and configuration of additional modules is also made, necessary to achieve the agreed scope of the project. In a fourth part of the thesis, the process of creating an iOS and Android App that connects to the selected ERP database is described. The process begins with the design of the App. Once designed, it is explained the process of study and documentation of technologies to choose the technology stack that allows making an application robust and contemporary without use of licensing. After choosing the technologies to use there are explained the dependencies and needs to install runtime enviornments prior to the start of coding. Later, it describes how the code of the App has been raised and developed. The compilation and verification mechanisms are indicated in continuation. And finally, it is showed the result of the development of the App once distributed. Finally, a chapter for the conclusions analyzes the difficulties encountered during the project and the achievements, analyzing what has been learned during the development of this project

MQTT And TCP Socket JavaScript Interface For Hybrid Mobile Applications

Today's needs require portable platforms such as mobile and IoT devices to be used more widely. The mobile platform development industry has grown rapidly as a result of the requirements of today's needs. There are various operating systems available on market such as iOS and Android. Naturally, software companies need to run their applications on multiple operating systems. Therefore, the software companies need to develop a new software with the native programming language of each operating system. Some frameworks like Cordova make possible to develop hybrid applications which based on web technologies and they are able to run on multiple operating systems. In some cases, developers may need to access device resources. In these cases, the developers should develop custom plugin for the hybrid framework. In this study, a plugin for Cordova framework has been developed that allows you to interact between web technologies and MQTT and TCP protocols through the JavaScript API

Mobile client for collecting sport activity statistics

Vývoj mobilních aplikací může být poměrně náročný v případech, kdy je vyžadována dostupnost aplikace na více platformách. Cílem této práce bylo prozkoumat možnosti pro vývoj multiplatformních mobilních aplikací, seznámit se s technologií Apache Cordova a použít ji k vývoji mobilního klienta pro uživatele portálu Jäsenverkko.fi. Aplikace umožňuje uživatelům spravovat jejich data uložená na vzdáleném serveru. Pokud je zařízení připojeno k internetu, aplikace data automaticky synchronizuje za použití aplikačního rozhraní portálu, je však schopna pracovat i bez připojení díky implementaci lokálního úložiště. Aplikace umožňuje ukládání vzdáleně definovaných tréninkových statistik pomocí snadno rozšiřitelných modulů. Výsledkem práce je přenositelná aplikace otestovaná na platformách Android a Windows Phone.ObhájenoMobile applications development can be rather demanding in cases where it is required to users on multiple platforms. The goal of this thesis was to investigate methods of mobile multiplatform development, get acquainted with and utilize Apache Cordova to implement a mobile client application for Jäsenverkko.fi portal users. The application allows its users to manage their data stored on a remote server. It automatically synchronizes them using portal's RESTful API when connected to the internet but is able to work even when offline as it contains a local storage facility. The application makes it possible to collect custom sport statistics specified remotely with a module that is easily extendable. A result of the work is a portable application tested on Android and Windows Phone platforms

HybridGuard: A Principal-based Permission and Fine-Grained Policy Enforcement Framework for Web-based Mobile Applications

Web-based or hybrid mobile applications (apps) are widely used and supported by various modern hybrid app development frameworks. In this architecture, any JavaScript code, local or remote, can access available APIs, including JavaScript bridges provided by the hybrid framework, to access device resources. This JavaScript inclusion capability is dangerous, since there is no mechanism to determine the origin of the code to control access, and any JavaScript code running in the mobile app can access the device resources through the exposed APIs. Previous solutions are either limited to a particular platform (e.g., Android) or a specific hybrid framework (e.g., Cordova) or only protect the device resources and disregard the sensitive elements in the web environment. Moreover, most of the solutions require the modification of the base platform. In this paper, we present HybridGuard, a novel policy enforcement framework that can enforce principal-based, stateful policies, on multiple origins without modifying the hybrid frameworks or mobile platforms. In HybridGuard, hybrid app developers can specify principal-based permissions, and define fine-grained, and stateful policies that can mitigate a significant class of attacks caused by potentially malicious JavaScript code included from third-party domains, including ads running inside the app. HybridGuard also provides a mechanism and policy patterns for app developers to specify fine-grained policies for multiple principals. HybridGuard is implemented in JavaScript, therefore, it can be easily adapted for other hybrid frameworks or mobile platforms without modification of these frameworks or platforms. We present attack scenarios and report experimental results to demonstrate how HybridGuard can thwart attacks against hybrid mobile apps

Study and Development of Cross-Platform Cloogy Mobile Application for VPS – Virtual Power Solutions.

A energia renovável e a conservação de energia tornaram-se tópicos importantes nos últimos anos. As empresas têm realizado esforços para reduzir o consumo de energia através da otimização de dispositivos e da conscientização dos consumidores sobre o seu uso. Para contribuir com este esforço, a Virtual Power Solutions (VPS) fornece uma solução onde os proprietários / utilizadores de edifícios obtêm visibilidade e controle em tempo real dos seus aparelhos elétricos instalados na sua residência. A VPS alcançou com sucesso a gestão de procura, e a tecnologia de automação de edifícios numa única aplicação móvel designada por Cloogy. Esta aplicação fornece aos consumidores de energia e aos seus parceiros a capacidade de verificar e controlar o consumo de energia em tempo real, permitindo reduzir o nível de consumo ao mínimo sem comprometer as operações do dia a dia. Atualmente, a Cloogy tem suas aplicações móveis disponíveis para Android, iOS e Windows Phone com funcionalidades semelhantes. Deste modo, porem cada aplicação requer diferentes linguagens de programação para cada plataforma, o que envolve um custo para manter essas diferentes plataformas. Por esta razão, para a presente tese, a VPS appresentou o objetivo de desenvolver uma aplicação móvel híbrida, que se baseará numa base de código único e terá acesso a todas as APIs da plataforma. Diferentes tipos de ferramentas de desenvolvimento estão disponíveis para construir uma aplicação híbrida. Depois de definir os requisitos funcionais e não-funcionais, um protótipo de aplicação híbrida foi construído usando o Ionic Framework, que consiste numa das Frameworks de código aberto os disponíveis para construir aplicações móveis híbridas. Com a ajuda desta framework, uma aplicação móvel pode ser criada usando um conjunto de tecnologias da web, como JavaScript, HTML e CSS, e implementada o aplicativo em todas as principais plataformas, como Android e iOS. O protótipo construído nos permite-nos aceder a dados de consumo através do nosso smartphone ou tablet a partir de uma localização remota com a ajuda da iEnergy3 API da VPS. As principais características oferecidas pelo protótipo são a monitorização do consumo de energia através de registros e dados em tempo real, e a verificação dos indicadores de consumo como desempenho, média diária, previsões, etc. O protótipo também fornece pegadas ecológicas, conjuntamente com indicadores de consumo, e é capaz de controlar e agendar períodos de consumo de electricidade a partir de um local remoto.N/

From native to cross-platform hybrid development : CodeGT, design and development of a mobile app for ERP

The current trend towards mobility of individuals, together with the exponential growth of the number of mobile devices led the market to a boom in the demand for the development of mobile applications. Moreover, with the expansion and heterogeneity of the mobile devices and platforms, software companies need to search for faster and cheaper ways to develop applications that can span as many devices as possible to capture the market. Currently, the Android and iOS Operating Systems roughly share and dominate the mobile market, with timid expressions of other competitors. Each of these mobile operating systems were developed using their own languages, strategy and SDKs for development of applications using their libraries – known as Native apps. On the other hand, the evolution of HTML5, CSS and JavaScript created generic alternatives to create mobile apps that run on devices on all operating systems, although lacking the capability to access the device’s full potential. Alongside came the new Hybrid cross-platform development frameworks, which try to take the best of both worlds. This dissertation describes the evolution of the different mobile app development approaches and the state-of-the-art in their development techniques, and compares them with the Hybrid app approach, then highlighting the trends in mobile app development using Hybrid platforms and their advantages. This research includes the development of a mobile Hybrid application, CodeGT, which interacts with an Enterprise Resource Planning (ERP) to access the Transport Documents registered in this ERP and access to the code transmitted by the Portuguese Tax Authority (AT), therefore not requiring the printing of documents and meeting a need of the business market. This application does already have customer industry companies interested in it.As tendências atuais em direção à grande mobilidade dos indivíduos, juntamente com o crescimento exponencial do número de dispositivos móveis, levaram ao enorme crescimento na procura do desenvolvimento de aplicações móveis. Além disso, com a expansão e heterogeneidade dos dispositivos e das plataformas móveis, as empresas de desenvolvimento de software necessitam de encontrar formas mais rápidas e baratas de desenvolver aplicações capazes de abranger o maior número de dispositivos para ir ao encontro da elevada procura do mercado. Atualmente, os sistemas operativos Android e iOS dividem e dominam o mercado de dispositivos móveis com expressões tímidas de outros concorrentes. Cada um desses sistemas operativos móveis foi desenvolvido especificamente para linguagens de programação e estratégias próprias e oferecem um conjunto de ferramentas de desenvolvimento com as suas bibliotecas, para a criação de aplicações nativas. Por outro lado, a evolução do HTML5, CSS e do JavaScript criaram oportunidades para o surgimento de alternativas genéricas para criação de aplicações multiplataforma que correm em todos os dispositivos e em todos os sistemas operativos, mas sem a capacidade de aceder todo o potencial nativo do dispositivo. Paralelamente surgiram as novas plataformas de desenvolvimento híbridas, que tentam tirar o melhor partido dos dois mundos. Esta dissertação descreve a evolução das diferentes abordagens no desenvolvimento de aplicações móveis mais concretamente na utilização de ferramentas multiplataformas para a criação de aplicações móveis híbridas e as suas vantagens. A pesquisa incluiu ainda o desenvolvimento de uma aplicação móvel, CodeGT, desenvolvido numa plataforma híbrida para interagir com um software ERP, acedendo aos Documentos de Transporte registados nesse ERP, assim como ao código transmitido pela Autoridade Tributária (AT), que assim dispensa a impressão de documentos e indo ao encontro de uma necessidade do mercado. Esta aplicação já tem empresas clientes interessadas nela

Endicia Proof of Concept: A Link Between Endicia and E-Commerce Buyers

Endicia operates in the shipping software solution market space providing services to warehouses and e-commerce merchants. This project aims to branch out from Endicia’s shipper oriented solutions, and instead form a connection with the recipients of packages, the ecommerce buyers. For an effective connection to be formed, buyers must be given enticing reasons to connect, offered an easy method of registration, and provided valuable services. By conducting market research, establishing product requirements, and iterative implementation, we developed a buyer link prototype and laid the groundwork for Endicia to expand into the e-commerce buyer market. The prototype includes a mobile application, a web application, an API backend, and a database built with modern frameworks and technologies

The Design of Reference Service System in Cordova-based Hybrid Frameworks

With the rise of mobile technology, the library reference service has dramatically changed. Targeting the new requirements, this paper aims to design a new library reference service system in Cordova-based hybrid frameworks, which caters to the web service embedded in two major mobile platforms, iOS and Android, as well as the PC platform. The new system adopts the WebSocket based technology to realize the function of independent online reference, which improves the quality of the normal digital reference service. The newly designed system also applies the ECS cloud server technology, thereby significantly slashing the hardware setup cost, extending the basic reference service, and improving its fitness-for-use and convenience, and optimizing the allocation of local resources

Development of an Innovative Mobile Phone-Based Newborn Care Training Application

Mobile infrastructure in low - and middle-income countries (LMIC) has shown immense potential to reach the unreachable. Healthcare providers (HCP) are one such group who are at the frontline of the fight against infant mortality in LMICs. Mortality among newborn infants (birth to 28 days) now accounts for around 45% of all under 5-years child mortality. Birth asphyxia is one of the three leading causes of newborn death; neonatal resuscitation training, among health care providers, reduces mortality from birth asphyxia. We have developed a mobile phone-based training app, called mobile Helping Babies Survive (mHBS), to support the training of health care providers on neonatal resuscitation. mHBS is integrated with the District Health Information System (DHIS2) platform, which is used in over 60 countries around the world. The mHBS/DHIS2 training app is a part of an application suite which includes another DHIS2-linked data collection app, mHBS tracker. The mHBS training application has the potential to scale-up integration with other neonatal training apps. Ultimately, the mHBS training suite will provide new insights into healthcare worker education along with the necessary tools for effective care of newborn babies