My company develops mobile apps that require encryption in their functionality for multiple platforms - iPhone, BlackBerry, J2ME, WinMobile, and probably Android in the near future. I've been trying to find ways to develop our apps such that all the app logic can be developed in a single code-base with a different UI wrapper for each platform, and PhoneGap seems like a promising solution.
What I want to ask is, would it be possible for an app developed in PhoneGap to use encryption like 3DES, AES, MD5, SHA256 etc? Since as far as I understand a PhoneGap app would be written with web dev technologies like Javascript/CSS, and I'm not too sure about the encryption functionalities they provide. (I'm more of an app developer than a web developer)
I thought of making my own helper classes to do this, but am not sure if those classes will be portable across all platforms. For example, if I make those classes using Java, will they be usable on an iPhone? And how?
Or if anybody knows of an even better way to do this, please share it. Thanks!
-Quinn
The major smartphone APIs are all very different from each other (iPhone: objC, Android: modern Java, Blackberry: old J2ME Java).
When you drop out of Phonegap to go native you'll almost certainly need code specific to each platform.
You can do it all in JavaScript - because the JS is compiled into phonegap you don't need to worry about its integrity, plus you can code in your public key allowing your private key to be picked up later.
see http://www.ohdave.com/rsa/ which looks like an RSA implementation (which is asymetric if thats what your after). For symettric, try implementing AES - its only a dozen lines or so of C so shouldn't be too hard to port?.
Generally, you should be looking for entirely-javascript implementations of the various relevant protocols.
Generally, I only look for the industry standard encryption and hashing plus very open licensing (sometimes the GPL does not work for clients)
Currently I will be trying SlowAES for AES and jsSHA2 for SHA-512
I will report back on my results with these.
Related
I am writing an application which requires access to the microphone of a device to determine instantaneous volume levels. The app will have a web version, iOS version, and Android version, and must be compatible with as many devices as possible, since the particular user base our application targets may not be able to switch browsers easily.
At first, I looked into using HTML5 for my application. However, it does not seem to be viable for my purposes, because I can't find any cross-platform way to get instantaneous microphone input and many users may be using an out-of-date version of their browser, which would not support HTML5. Is there any tool which alleviates these challenges and would allow me to use HTML5?
As a replacement, I began looking into Apache Flex. It seems to have all of the features I seek: It is cross-platform, allows me to access microphone volume levels, and will work even on very old devices, as long as they have Flash installed. However, many people predict the imminent death of Flex and strongly argue against using it, opting rather for HTML5. For my purposes, is Flex an appropriate tool, or would it still not be recommended?
You can achieve it by using PhoneGap or similar backend app which can host a webview and allow you to access native api through JavaScript or JSObject.
For front end, you can use HTML and keep your UI standard across all devices/platforms.
PhoneGap is little bulky but on Android and iOS, you can create a minimal app by hosting WebView and customize it to create JavaScript bridge and write your own native api.
I'm currently reviewing Xamarin as an option for developing a tablet app (right now aim for iOS and Android but in the future think of porting it to Win8 tablets)
Data to be stored is really sensitive so security is my main concern.
So far I'm thinking of two options:
a) SQLite + SQLCipher: Assuming that Win8 tablets will have SQLite support and that SQLCipher will also work on Win8.
b) Isolated Storage + DPAPI: Assuming that this DPAPI approach will work on Mono platforms and that it will still be available on Win8 tablets.
My concern here is that to securely store the key I guess I'll still need to have separated implementations for each platform (Data Protection on iOS and I'm still reviewing options for Android and Win8 tablets).
Is there any cross platform solution that will work to securely store the encryption key or another completely cross platform way to securely store data? If there is no completely cross platform solution then any recommended options to use on each platform?
I have written a plugin for to address secure storage. It works cross platform and secures the data natively on each platform. It is open source.
Please check it out.
https://www.nuget.org/packages/sameerIOTApps.Plugin.SecureStorage/
Blog:
https://sameer.blog/2018/01/19/whats-new-in-secure-storage-2-0/
Let me know, should you have any questions.
We use SQLite + SQLCipher in our solution, it works really well on a cross-platform environment.
If I am not mistaken there is no problem with using SQLCipher because it uses AES. I would suggest you to check it anyway but I don't think it's a concern. SQLCipher itself doesn't make the data impossible to read, maybe you have a problem if you allow the option to use Passwords with SQLCipher, but still. The process to get a permission is really simple for AES and can be completed in a few days.
I am thinking about using PlayN to manage "common code" in Java and use PlayN to generate iOS, Android, and HTML native versions of the common code.
I figure I could then use the playn-generated native code and link with actual platform specific code (such as UI).
In other words,
Common Code libs in Java-> PlayN -> Native Commond Code Libs -> Link with Native App
Is the use of Play for the above workflow/pipeline appropriate? Any challenges?
Thank-you...
Firstly, you have to specify what you mean by "native" code for the different platforms.
On Android, your java files are specifically compiled/prepared for dalvik. So they are already "native" of a fashion, no work needed to be done here. If you want to get C/C++ native code for Android using the NDK, you're out of luck. PlayN doesn't do this and this is a hard problem (going from Java to C++)
If you take a look at the Maven modular layout of how PlayN is intended to be used, it isn't difficult to define a Factory interface in the common code and pass in a platform specific implementation for each module. It's no big deal to support Android specific functionality this way.
For the HTML version, you can use HTML libraries no problem using JNI, although really garnering specific functionality of the browser I'd imagined of limited value compared to what PlayN has already exposed. The one thing that is useful is text/keyboard input, although I'd recommend triplePlay https://github.com/threerings/tripleplay UI library as they've solved this, and it's an active project.
As for iOS, this might be more complicated as the iOS module is a bit of a hack where the compiled Java classes are run through an JVM runtime for .net (IKVM) and then uses the Monotouch tools to compile the whole thing to native code for iOS. See https://github.com/samskivert/ikvm-monotouch
So for iOS, you won't be able to bind the code to any form of native version, and what you have access to via the toolchain method depends very much on what Monotouch has catered for iOS (quite a lot I imagine), and also what IKVM-Monotouch has supported (I imagine the bare minimum to get PlayN working).
I'm not familiar enough with the Flash pipeline to give you an appraisal, although I think that it's quite flexible.
The above answer is written assuming your app is actually a game. If it is not and you intend to use the standard widget libraries for various platforms on mass, it should be possible. Choosing a good MVP framework would be good here, and depending on the assumptions it makes on different host environments will determine how easy the whole thing will be.
I'd recommend reading and comparing https://developers.google.com/web-toolkit/articles/mvp-architecture and perhaps look at questions like What is your favorite GWT MVP Framework?
...although a lot of these frameworks might be GWT specific and not really have catered to being reused on other platforms.
I have been tasked to develop an application for my school that should be usable by smartphones.
Now, I have never done any smartphone programming so there is a lot of research to be done regarding well, everything.
So, my question here is, if I have to develop an application with no specific smartphone in mind, what would the most generic kind then be?
Second, I am looking for some reading material where I can get an understanding of the common aspects of the various smartphones so that I can pick the tools to work with, that are generic across smartphones. Any suggestions?
For the lowest barrier to entry for this project, consider using HTML/JavaScript and running it (at first) as a web page. Then, if you decide this is the path you want to take, use PhoneGap (or similar) to create native apps from your existing work.
May not be at the exact 'generic' level you are looking for, but the 'Mono' project may be worth a look.
http://www.mono-project.com/Main_Page
Its a commercial project allowing developers to create production code in C#/.Net, and use the Mono framework to deploy to cross platforms such as Macs, iphones, andriods etc..
I would agree with the above that HTML/CSS coded for the respective browsers using mobile resolutions would be the easiest way to go - but should you really wish to have a native application instead of a web-app, then Mono could be useful to you.
what does the relation between a Web frontend and a smartphone App with identical feature sets look like regarding the development effort? Are there any specific differences regarding the development effort between Apps of different smartphone platforms (iOS, symbian OS, Android, etc.) ignoring training time? A general estimation would completely satisfy me. ;)
Thanks in advance,
Flinsch.
I hesitate to call this an estimate, or even an informed guess, but perhaps by putting down some ideas I might help your thinking.
Ignoring any particular platform specifics I see the fundamental difference of Web v Native is that in the Web case you have some extra work to do:
a). You have presentation separated from the backend, with probably HTTP in between. So there are services to write and issues concerned with notifications and/or polling to deal with.
b). You're likely using a browser to do the presentation so you will be using some JavaScript kind of library, and these are still hard to drive.
So, if you are targeting a single device my guess is that writing native code is likely to be 50% quicker than web-based code - assuming that you really are targetting identical function.
What seems to happend is that we compromise Web Apps, reducing functionality somewhat and hence the overhead is reduced.
Also there's another factor, the UI portions of the Web App are in principle portable, hence in fact the Web App development may be a reasonable investment even if it does take more effort.
I suspect that portability may well end up being a dominant consideration.
specific differences? There are plenty, but each with their own tradeoff:
UI: Web applications have CSS, (HTML, XHTML, HTML5) specifications that is supported by major browsers (although have have their issues). For Smartphone apps, each UI has to be designed and implemented according to the language the apps can be built on. You can effectively create apps like Winamp (having skins). For web applications, this is relatively a quick effort compared to writing UI's for each different smartphone OS models out there.
Language of use/Portability: In Web applications, an application sits in a server, so every request is sent to the server and response is returned from it. This allows that 1) Web applications can be written in any language of choice, as the end user never sees the server nor needs to configure it, 2) It allows the developer to write in a language that he/she is comfortable in. In smartphone apps, for the developer to run his apps to all the smartphone OS'es, he/she has to learn the programming language for the OS, and learn to port their code to work there (if porting is possible). That never exists in Web applications.
Hardware limitations: For smartapps, the developer must be aware of the cellphone capabilities and limitations. Facebook (e.g.) can essentially grow their memory, and add new servers and cluster their environment as the demand grows. You can't do that with smartphone apps. You will have to limit your implementation to run in a capability that your desired smartphone can accommodate.
There are more (feel free to add) but all these are part of the development effort that a software developer has to look at if they want to go a a field of choice.