I'm currently reviewing Xamarin as an option for developing a tablet app (right now aim for iOS and Android but in the future think of porting it to Win8 tablets)
Data to be stored is really sensitive so security is my main concern.
So far I'm thinking of two options:
a) SQLite + SQLCipher: Assuming that Win8 tablets will have SQLite support and that SQLCipher will also work on Win8.
b) Isolated Storage + DPAPI: Assuming that this DPAPI approach will work on Mono platforms and that it will still be available on Win8 tablets.
My concern here is that to securely store the key I guess I'll still need to have separated implementations for each platform (Data Protection on iOS and I'm still reviewing options for Android and Win8 tablets).
Is there any cross platform solution that will work to securely store the encryption key or another completely cross platform way to securely store data? If there is no completely cross platform solution then any recommended options to use on each platform?
I have written a plugin for to address secure storage. It works cross platform and secures the data natively on each platform. It is open source.
Please check it out.
https://www.nuget.org/packages/sameerIOTApps.Plugin.SecureStorage/
Blog:
https://sameer.blog/2018/01/19/whats-new-in-secure-storage-2-0/
Let me know, should you have any questions.
We use SQLite + SQLCipher in our solution, it works really well on a cross-platform environment.
If I am not mistaken there is no problem with using SQLCipher because it uses AES. I would suggest you to check it anyway but I don't think it's a concern. SQLCipher itself doesn't make the data impossible to read, maybe you have a problem if you allow the option to use Passwords with SQLCipher, but still. The process to get a permission is really simple for AES and can be completed in a few days.
Related
Intro
I have build an IOS app with PouchDB and Ionic and Cordova stuff, but now i'm failing with the database and can't see a solution...
SQLite
Sqlite plugin and the synchronization works great, but as soon i want to access the data PouchDB starts indexing which uses to much memory and my app crashes.
Here is a sampleApp with everything prepared for interested helpers to reproduce the crash
SampleApp Github
WebSQL
In WebSQL I can't even sync the database, because I get the "QuotaExceededError" Error. Is there a way to ask for more space in an IOS uiwebview?
IndexedDB
Indexedb isn't usable, cause of too many bugs. And will it also not be better in IOS 9
So any ideas ideas or hints?
The solution to the problem of storage limits on iOS is indeed to use the SQLite Plugin. You can't exceed 50MB on WebSQL.
Sqlite plugin and the synchronization works great, but as soon i want to access the data PouchDB starts indexing which uses to much memory and my app crashes.
Are you sure this is a bug with PouchDB and not with the SQLite Plugin? If it's a crash in Objective-C land, it belongs to the SQLite Plugin. If it's a crash in JavaScript land, it probably belongs to PouchDB.
Either way, if you could provide a test to reproduce, we would welcome a bug report on either the PouchDB Github issues page or the SQLite Plugin issues page. :)
About WebSQL, please consider this:
PouchDB limits
Some versions of Safari have a bug where they only let you request additional storage once, so you'll need to request the desired space up-front. PouchDB allows you to do this using the size option.
Try allocating size upfront, and allocate your biggest expectations about the app. Hope that helps.
Good luck.
Somewhat related to this question I just asked, but I know it isn't good to have multiple questions in one, so making a separate question.
I know Licenses Comparison shows that it is available on all versions (even free) of Unity on all platforms in that list. However, I've found other mistakes/misleading info in that list, so I'd rather hear from someone with experience or someone from Unity.
Also, if I do end up using WWW, I'd need to use a long-polling design (where server waits several seconds, even minutes to reply). Any issues I'll run in to on different platforms?
Main platforms I know I need to target: Windows Store 8 (Surface RT), iOS, Android -- tablets and phones -- probably desktops later (Windows and Mac)
WWW reference
EDIT: I'll be using HTTP and HTTPS in case not obvious (not file: or ftp: protocols).
I have used the WWW-class on PC standalone and Android builds. It worked well with both text and textures. Only platform that requires additional tweaking, that I know of, is the web player where you have to add crossdomain-settings for fetching files.
I am writing an application which requires access to the microphone of a device to determine instantaneous volume levels. The app will have a web version, iOS version, and Android version, and must be compatible with as many devices as possible, since the particular user base our application targets may not be able to switch browsers easily.
At first, I looked into using HTML5 for my application. However, it does not seem to be viable for my purposes, because I can't find any cross-platform way to get instantaneous microphone input and many users may be using an out-of-date version of their browser, which would not support HTML5. Is there any tool which alleviates these challenges and would allow me to use HTML5?
As a replacement, I began looking into Apache Flex. It seems to have all of the features I seek: It is cross-platform, allows me to access microphone volume levels, and will work even on very old devices, as long as they have Flash installed. However, many people predict the imminent death of Flex and strongly argue against using it, opting rather for HTML5. For my purposes, is Flex an appropriate tool, or would it still not be recommended?
You can achieve it by using PhoneGap or similar backend app which can host a webview and allow you to access native api through JavaScript or JSObject.
For front end, you can use HTML and keep your UI standard across all devices/platforms.
PhoneGap is little bulky but on Android and iOS, you can create a minimal app by hosting WebView and customize it to create JavaScript bridge and write your own native api.
I have searched but couldn't find anything. We need to be able to store data offline in our desktop app and we are looking for cross-platform solutions. TideSDK looks promising but I am not sure if it has this functionality.
We can certainly help there. SQLite certainly provide for encrypted data support and is completely cross-platform and supported by TideSDK. We can use an encrypted database just as easily in TideSDK and could offer support in the API for this. If this is of interest, please get in touch by filing a feature request at https://github.com/TideSDK/TideSDK/issues.
If we are talking about encryption of the sources - short term there is obfuscation of the JS sources available in 1.3.0 that is due.
We created a Titanium Desktop module to support encrypted SQLite databases last year. We could help with this and dig out the old code...
My company develops mobile apps that require encryption in their functionality for multiple platforms - iPhone, BlackBerry, J2ME, WinMobile, and probably Android in the near future. I've been trying to find ways to develop our apps such that all the app logic can be developed in a single code-base with a different UI wrapper for each platform, and PhoneGap seems like a promising solution.
What I want to ask is, would it be possible for an app developed in PhoneGap to use encryption like 3DES, AES, MD5, SHA256 etc? Since as far as I understand a PhoneGap app would be written with web dev technologies like Javascript/CSS, and I'm not too sure about the encryption functionalities they provide. (I'm more of an app developer than a web developer)
I thought of making my own helper classes to do this, but am not sure if those classes will be portable across all platforms. For example, if I make those classes using Java, will they be usable on an iPhone? And how?
Or if anybody knows of an even better way to do this, please share it. Thanks!
-Quinn
The major smartphone APIs are all very different from each other (iPhone: objC, Android: modern Java, Blackberry: old J2ME Java).
When you drop out of Phonegap to go native you'll almost certainly need code specific to each platform.
You can do it all in JavaScript - because the JS is compiled into phonegap you don't need to worry about its integrity, plus you can code in your public key allowing your private key to be picked up later.
see http://www.ohdave.com/rsa/ which looks like an RSA implementation (which is asymetric if thats what your after). For symettric, try implementing AES - its only a dozen lines or so of C so shouldn't be too hard to port?.
Generally, you should be looking for entirely-javascript implementations of the various relevant protocols.
Generally, I only look for the industry standard encryption and hashing plus very open licensing (sometimes the GPL does not work for clients)
Currently I will be trying SlowAES for AES and jsSHA2 for SHA-512
I will report back on my results with these.