Game Changing Mobility

knowledge engineering blog

Month: July 2019

How to Start Your Android Development Journey

The mobile industry is one of the fast-growing industries. Among them, 75% are Android users.

People using smart-phones demand application with better performance and regular updates for apps they are using, which in turn is a huge scope for android mobile application development.

How to Start Your Android Development Journey

Beginners who have some basic programming knowledge can start developing android application even if they don’t have any application development experience. It is not necessary to join any Android application development course. Start by finding and following some good online tutorials on the internet.

There are many reasons to choose Android as a platform for application development. Such as;

  • Android is open source
  • It is easy to Learn
  • Fastest growing technology
  • Size of the market
  • Job prospects

Open-source

Android is an open-source platform. Developers can leverage it to develop applications with different look and feel. Manufacturers can change it according to their needs and add functionalities to their phones to make them different from other phones in the market. Since it is open source, even you can download the source code and make your own android application.

Easy to Learn

It is easy to code on Android. Someone who is having basic programming knowledge can easily develop an android application. There are lots of online websites available from where you can study android app development for free.

Fast growing technology

Nowadays, mobile technology has almost all the features and capabilities to cut down the number of desktops and laptops usage. Modern smartphones and tablets are able to offer real means of computing-on-the-go for almost all types of business and personal requirements.

Size of the market

The number of available apps in the Google Play Store was most recently placed at 2.6 million apps and it is increasing day by day. Google Play is a huge and powerful market for Android apps. one who makes an app can be easy to sell their product through Google Play at free of cost.

Job prospects

As a result of an increase in android mobile users, Android developers are being hired in all sectors. An average person spends 3 hours a day in his/her smartphone making payments, online shopping, playing games, and on mobile applications. Nowadays Android apps are available for almost everything. Every business is developing its own mobile apps to improves sales and customer satisfaction and as a part of their marketing strategy. Websites are being vanished as a result of mobile apps.

How to Start Your Android Development Journey

  • Android Core Concepts
  • Official Android Training Guides
  • Download Android Studio IDE
  • Try some coding Official Android Training Guides
  • Stay up to date

Android Core Concepts

As someone who is going to develop an Android mobile application for the first time, you must have some basic idea about bellow concepts.

  • Activities
  • Fragments
  • Layout XML Files
  • Intents
  • Services
  • Sensors

Activity

Activity is the screen that the user interacts with. In an application, there will be one more activity. For example, we can consider login screen as an activity and when login gets success the user goes to another activity.

Fragments

A fragment is a part of an activity. We can think fragment is like an independent part of a modular UI component attached to an activity. Since a single fragment can be used in many activities, Fragments are reusable.

Fragments

Layout XML file

Activities, fragments, and some ViewGroups can use XML files to define their layout and contents. we can create our UI using XML code. Android studio provides an XML editor along with preview functionality.

XML Android development

Intents

Intents are the messaging system by which one activity is able to launch another activity.

Intent Android development

Services

Android services are used to perform background tasks. We can create apps that work on the foreground as well as in the background. Services are used to create apps that work on the background. An alarm is a good example of service, as it always runs in the background when we set an alarm.

Sensors

Android devices contain different types of sensors like Accelerometer, Gyroscope, Magnetometer, GPS, etc. We can access all these sensors programmatically and we can link with our application. For instance, we can access GPS for getting a position in our app.

Official Android Training Guides

The official training (https://developer.android.com) guide for Android developers from Google is extremely useful for any beginner developer. It has plenty of code examples and covers almost everything. They provide everything you needed to become an excellent android application developer. They also properly update their documentation if they replace any functions or elements with newer ones.

Official Android Training Guides

Download Android Studio IDE

Android Studio is an integrated development environment (IDE) that is used for building apps on every type of Android device. We can refer to the official website for download and installation of an android studio. It is also important that you need a high-end PC for the proper working of android studio.

Android Studio IDE

Try some coding

After the successful installation of your android studio, you can try some basic coding. Every new project on android studio is by default a sample app (Hello world). There are many websites out there having many numbers of sample tutorials. Just start with simple projects.

Stay up to date

Technologies are changing day-by-day. So, staying up to date with the latest trends is important. Google updates everything with the Android and they publish on their official site. We can update it from there. Staying up to date with the latest developing trends would be very helpful in starting a new project or refactoring an old one.

Conclusion

Android applications can be developed by anyone who is having a basic knowledge of programming. The Android development industry today offers an outstanding career for anyone who is enthusiastic in coding and help them to contribute to the field of technology innovation and application development.

- Dyenal Dinesh

Solutions: most dangerous mobile security threats of 2019

Prevention of mobile security threats helps organizations and individuals to protect their devices, apps, users and content from malicious attacks. Security teams can prevent these threats by using an app that scans devices and configurations within the network, or by setting up security protocols in case malware is present on the network.

Solutions: most dangerous mobile security threats of 2019

Cryptojacking attacks

Check these steps to minimize the risk of your organization falling into a trap

  1.     Install an ad-blocking or anti-crypto mining extension on web browsers.

Since crypto jacking scripts are often delivered through web ads, installing an ad blocker can be an effective means of stopping them. Using ad blockers like the Ad Blocker Plus can easily detect crypto mining scripts. Experts recommend extensions like No Coin and MinerBlock, which are designed to detect and block crypto mining scripts.

  1.      Keep your web filtering tools up to date.

If you identify a web page that is delivering crypto jacking scripts, make sure your users are blocked from accessing it again.

  1.      Maintain browser extensions.

Browser extensions are meant to make our tasks simpler. But, some of them could be a trap set by an attacker to execute crypto mining scripts.

  1.    Use mobile device management (MDM) solution to better control users’ devices.

Bring-your-own-device (BYOD) policies for preventing illicit crypto mining. An MDM solution can help to manage apps and extensions on users’ devices. MDM solutions tend to be geared toward larger enterprises, and smaller companies that often can’t afford them. However, experts note that mobile devices are not as at risk as desktop computers and servers. Because they tend to have less processing power, they do not produce a great deal or profit for hackers.

Insecure Communications

Here is a list of few best practices to be used for Android phones which may bring down risks related to insecure communication.

Understand that the network layer is highly capable of eavesdropping, thus making it insecure.

  • It is important to apply SSL/TLS to transport channels used by the mobile app to transmit sensitive pieces of information, session tokens, or other sensitive data to a backend API or web service.
  • When an application runs a routine via the browser/WebKit, using outside entities for third-party analytics companies and social networks could be more secure. Mixed SSL sessions should be avoided as they could expose the user’s session ID.
  • Always use a strong, standard cipher suites with suitable key lengths.
  • Use certificates signed by a trusted CA provider.
  • Do not pin certificate for security conscious applications and never allow using self-signed certificates.
  • Always require SSL(Secure Socket Layer) chain verification.
  • Always establish a secure connection with trusted certificates from keychain after verifying the identity of the endpoint server.
  • Build a UI that alerts users when a mobile app detects an invalid certificate.
  • Avoid sending sensitive data over alternate channels (e.g, SMS, MMS, or notifications).
  • Apply a separate layer of encryption to any sensitive data before it is given to the SSL channel. In the event of a possible vulnerability in the SSL implementation, the encrypted data will provide a secondary defence against confidentiality violation.

Mobile Ransomware

  • Only install applications from authorized stores like Google Play or AppStore. To be sure that no application makes its way onto your device from an untrusted source, go to Android settings, choose Security, and make sure that the “Unknown Sources” box is not checked.
  • Regularly check updates for your installed applications and your device OS. You can choose to update all installed apps automatically. It’s better to do update the system to the latest version as soon as an over-the-air (OTA) update arrives.
  • Install a strong security solution. Downloading apps from only the official stores and updating them regularly alone will not promise maximum security. Malware can lurk into even Google Play and, can also spread by means of exploit kits using yet-unknown vulnerabilities.

Phishing attacks

  • Think Before You Click!
  • Keep Your Browser Up to Date
  • Keep Informed About Phishing Techniques
  • Check Your Online Accounts Regularly
  • Use Firewalls

SMS –based Attacks

  • Think before you click a link from SMS
  • Do not open spam messages
  • Keep informed about phishing techniques

Botnets attack

To avoid system compromises, it is advised to use only licensed and genuine software. Keep your mobile updated with latest security patches. Install anti-malware solution and update it regularly. Disable Autoplay /Autorun for removable drives.

Always protect your device from Trojans and other threats by using effective anti-malware software.

User & Device Authentication

  • Think before allowing store passwords, and your data in mailing apps and browsers

Remember there is no single fool-proof way to avoid mobile security threats.

Habeeb Rahman

References

1 . Wikipedia (https://www.wikipedia.org)

2 . Medium (http://medium.com)

3 . Quora (https://quora.com)

Most dangerous mobile security threats of 2019

Smartphones are widely used across the world today, hence the security threats are also widely spread.

Our phones have become the most connected devices, at the same time the least secure. The security threats we face are those which we fail to notice and will be more hazardous in the near future.

Let us look at some of the major security threats that every mobile user must be aware of.

Most dangerous mobile security threats you should avoid at any cost in 2019

Cryptojacking

Cryptojacking is defined as the secret use of your smartphone device by the attacker to mine cryptocurrency.
Cryptojacking used to be confined to the victim unknowingly installing a program that secretly mines cryptocurrency.

When using browser there is no need of a separate program to do the In-browser crypto jacking.

How cryptojacking works

  1. The threat actor compromises a website
  2. The crypto mining script executes when the user connects to the compromised website.
  3. Users unknowingly start mining cryptocurrency on behalf of the threat actor
  4. When successfully adding a new block to the blockchain, the threat actor receives a reward in cryptocurrency coins.

Insecure Communications

The networks that you use to communicate are never fully foolproof, making your device vulnerable to attacks from malware. There are chances that hackers tend to set-up fake access points when you access WiFi in public places such as coffee shops, airports, etc. The access points are named using nonexclusive names, which can fool even the most brilliant people.

It is always good to be cautious when connecting to public WiFi. Use public WiFi only if extremely required and never use it to access personal information like bank account access etc.

Mobile Ransomware

A form of ransomware which affects only mobile devices is called mobile ransomware.

A cybercriminal uses mobile malware to steal sensitive data from smartphones or attempts to lock a device, before demanding payment to return the data to the user or to unlock the blocked device. Sometimes people may find some innocent content or some software through social networks, which they download accidentally and get tricked into downloading some malicious ransomware.

After the malware is downloaded onto a device, it will ask the user to pay an amount before encrypting files and locking the phone. After the payment is processed online, often via Bitcoin, the ransomware will send a code to unlock the phone or data.

While installing any app, make sure the app is downloaded from Google Play or App Store than from any third-party app stores.

Phishing attacks

A social engineering attack often used to steal user data, including login credentials and credit card numbers is called Phishing.

It occurs when an attacker fools the victim into opening an email, instant message, or text message by acting as a trusted entity.

User can play smart by not clicking any unfamiliar email links. Always enter URLs manually as much as possible.

SMS –based Attacks

From the email world, the phishing has evolved into the SMS world. You get SMS texts and links that you are asked to open to authenticate certain information. To any novice user, the links and the sender would seem genuine. However, clicking on these links can make your device vulnerable to the attacks, and in turn, give away your confidential information. This is a developing security threat for your mobile device.

Botnets attack

A botnet is just a short form for the terms “robot” and “network”.

A botnet is a number of web-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed refusing of service attack (DDoS attack), send spam, steal data, and allows the attacker to access the device and its connection.

A botnet attack firstly requires creating numerous botnets or a botnet army. Once the attack is initiated, these botnets are used to send network/Internet-based requests to the target system in a large quantity. These requests can be in the form of bulk email messages to simple ping messages. The attack can slow down the network/server, making it busy or unable for others to access it or temporarily freeze the server.

Distributed denial of service (DDOS) is a common example of a botnet attack that utilizes a number of botnet devices to send a large number of simultaneous requests/packets to the targeted system.

Installing effective antivirus/anti-malware software can protect your device from such attacks.

User & Device Authentication

Most mailing apps have provided the user & device authentication, which has allowed the user to store passwords, and their data on the devices. If the device is stolen, your authentication and the data will be at risk. This is one of the major threats to mobile devices, as they contain our valuable personal pieces of information.

The smartphone is a device that blurs the boundaries between professional and personal life and the users are up to three times more likely to be the victims of mobile threats. Safe browsing, identifying suspicious files or phishing emails, ensuring safe data access at public Wi-Fi networks, safe downloads are some of the important tips that a user must be careful about. Other than these security measures, several mobile security software is available to download from Google Play and App Store to ensure safety in your mobile devices.

Understanding these common security threats and implementing recommended solutions can help you protect data in your smartphone.

Habeeb Rahman