10%

Try : Insurtech, Application Development

Edtech(5)

Events(34)

Interviews(10)

Life@mantra(11)

Logistics(1)

Strategy(14)

Testing(8)

Android(46)

Backend(29)

Dev Ops(3)

Enterprise Solution(22)

Frontend(28)

iOS(41)

Javascript(13)

Augmented Reality(17)

Customer Journey(12)

Design(13)

User Experience(34)

AI in Insurance(31)

Insurtech(59)

Product Innovation(37)

Solutions(15)

E-health(3)

HealthTech(8)

mHealth(3)

Telehealth Care(1)

Telemedicine(1)

Artificial Intelligence(109)

Bitcoin(7)

Blockchain(18)

Cognitive Computing(7)

Computer Vision(8)

Data Science(14)

FinTech(44)

Intelligent Automation(26)

Machine Learning(46)

Natural Language Processing(13)

Android 13: Latest in OS

3 minutes 40 seconds read

Android 13 (Code name – Tiramisu)- the next big OS update is around the corner for users in July. Now, why is this update important? Users will get features, security and privacy enhancements that go beyond the little fixes provided in monthly updates. For developers, this latest rendition will introduce new features, tools & API’s to improve their productivity and build apps faster. 

Google had already rolled out the beta version of Tiramisu in April for developers to test their applications. 

Here are the key features that Android 13 will offer to developers and users: 

  1. New Copy Paste UI: Give confirmation on whether the content was successfully copied or not and provide a preview of the copied content once it is added to the clipboard.
  2. Predictive back gesture: This feature allows the user to decide whether to continue or stay in the current view by previewing the destination or other result of a back gesture before they fully complete it.
  3. Themed app icons: This feature will change colors of app icons dynamically based on the user’s chosen wallpaper and other themes.
  4. Quick Settings placement API: Using this API, users can change settings or take quick actions without leaving the context of an app.
  5. Better support for Multilingual users: Apps can use new platform APIs to set or get a user’s preferred, per-app language. Users can set different languages for different applications.
  6. Improved Japanese text wrapping: TextViews can now wrap text by Bunsetsu (the smallest unit of words that sounds natural) or phrases—instead of by character—for more polished and readable Japanese applications.
  7. Improved line heights for non-latin scripts: Android 13 improves the display of non-Latin scripts (such as Tamil, Burmese, Telugu, and Tibetan) by using a line height that’s adapted for each language. The new line heights prevent clipping and improve the positioning of characters.
  8. Text Conversion APIs: In Android 13, apps can use text conversion API to make search & auto completion faster and easier.
  9. Unicode Library Updates: Android 13 adds the latest improvements, fixes, and changes that are included in Unicode ICU 70, Unicode CLDR 40, and Unicode 14.0.
  10. Faster Hyphenation: Hyphenation makes wrapped text easier to read and helps make your UI more adaptive.
  11. Color Vector Fonts: Android 13 adds rendering support for COLR version 1 (COLRv1) fonts and updates system emoji to the COLRv1 format. 
  12. Bluetooth LE Audio: Android 13 adds built-in support for LE Audio, so developers should get the new capabilities for free on compatible devices. Users can receive high fidelity audio without sacrificing battery life.MIDI 2.0: Android 13 adds support for the new MIDI 2.0 standard, including the ability to connect MIDI 2.0 hardware through USB.

Android 13 will focus on user privacy & security as well:

  • Permissions: Android 13 has some changes in runtime permission of notifications, scanning of nearby wifi devices, media, alarms, background running body sensors & developer downgradable permissions.
  • Photo Picker: A new photo picker feature will provide safe, built-in way for users to select media files without granting access to their entire media library.
  • Safer exporting of context-registered receivers: A new security feature allows user to specify whether a particular broadcast receiver in the app should be exported and visible to other apps or not.
  • Hide sensitive content from clipboard: Apps that allow users to copy sensitive content to clipboard must add a flag to hide that content from previews.
  • Tablet and large-screens support: Android 13 builds on tablet optimizations introduced in Android 12 and 12L feature drop—including optimizations for system UI, better multitasking, and improved compatibility modes.

What else is interesting?

  • Notification Prompt Request: All the applications will seek user permission to send notifications.
  • Split-screen View: Users can long press on notifications and drag them down to get into split view. They no longer have to interrupt their process on one app to open up another.
  • Customization to give a different look to the phone: Users can choose from pre-made color variants. Once applied across the entire OS, it will accentuate wallpaper and style.
  • New Media Control. Users can customize look based on music that they are listening to, featuring the album’s artwork visible on lock screen and in notifications panel.

In a nutshell

Android has been the world’s most popular mobile operating system. The 13th addition will be more user-friendly than ever before. With significant features and tools, it intends to enhance developer productivity as well. From the business perspective, the modifications in the user interface and behavioral changes promises to help them grow customer satisfaction. It will help them bring out applications faster, experiment and develop mobile apps that can give a great experience to the users.

Cancel

Knowledge thats worth delivered in your inbox

12 Tips To Secure Your Mobile Application

Cyber attacks and data theft have become so common these days especially when it comes to mobile applications. As a result, mobile apps that experience security breaches may suffer financial losses. With many hackers eyeing to steal customer data, securing these applications has become the number one priority for organizations and a serious challenge for developers. According to Gartner’s recent research, Hype Cycle for Application Security, investment in application security will increase by more than two-fold over the next few years, from $6 billion this year to $13.7 billion by 2026. Further, the report stated, “Application security is now top-of-mind for developers and security professionals, and the emphasis is now turning to apps hosted in public clouds,” It is crucial to get the fundamental components of DevOps security correct. Here are the 12 tips to secure your mobile application: 

1. Install apps from trusted sources:

It’s common to have Android applications republished on alternate markets or their APKs & IPAs made available for download. Both APK and IPA may be downloaded and installed from a variety of places, including websites, cloud services, drives, social media, and social networking. Only the Play Store and the App Store should be allowed to install trustworthy APK and IPA files. To prevent utilizing these apps, we should have a source check detection (Play Store or App Store) upon app start.

Also read, https://andresand.medium.com/add-method-to-check-which-app-store-the-android-app-is-installed-from-or-if-its-sideloaded-c9f450a3d069

2. Root Detection:

Android: An attacker could launch a mobile application on a rooted device and access the local memory or call specific activities or intents to perform malicious activities in the application. 

iOS: Applications on a jailbroken device run as root outside of the iOS sandbox. This can allow applications to access sensitive data stored in other apps or install malicious software negating sandboxing functionality. 

More on Root Detection- https://owasp.org/www-project-mobile-top-10/2016-risks/m8-code-tampering

3. Data Storing:

Developers use Shared Preferences & User Defaults to store key-value pairs like tokens, mobile numbers, email, boolean values, etc. Additionally, while creating apps, developers prefer SQLite databases for structured data. It is recommended to store any data in the format of encryption so that it is difficult to extract the information by hackers.

4. Secure Secret Keys:

API keys, passwords, and tokens shouldn’t be hardcoded in the code. It is recommended to use different techniques to store these values so that hackers cannot get away quickly by tampering with the application. 

Here’s a reference link: https://guides.codepath.com/android/Storing-Secret-Keys-in-Android

5. Code Obfuscation

An attacker may decompile the APK file and extract the source code of the application. This may expose sensitive information stored in the source code of the application to the attacker which may be used to perform tailored attacks. 

It is better to obfuscate the source code to prevent all the sensitive information contained in the source code.

6. Secure Communication:

An attacker may perform malicious activities to leverage the level of attacks since all communication is happening over unencrypted channels. So always use HTTPS URLs over HTTP URLs.

7. SSL Pinning:

Certificate pinning allows mobile applications to restrict communication only to servers with a valid certificate matching the expected value (pin). Pinning ensures that no network data is compromised even if a user is tricked into installing a malicious root certificate on their mobile device. Any app that pins its certificates would thwart such phishing attempts by refusing to transmit data over a compromised connection

Please refer: 

https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning

8. Secure API request & response data

The standard practice is to use HTTPS for the baseline protection of REST API calls. The information sent to the server or received from the server may be further encrypted with AES, etc. For example, if there are sensitive contents, you might choose to select those to encrypt so that even if the HTTPS is somehow broken or misconfigured, you have another layer of protection from your encryption.

9. Secure Mobile App Authentication:

In case an application does not assign distinct and complex session tokens after login to a user, an attacker can conduct phishing in order to lure the victim to use a custom-generated token provided by the attacker and easily bypass the login page with the captured session by using a MiTM attack.

i) Assign a distinct and complex session token to a user each time he/she logs on successfully to the application. 

ii) Terminate the session lifetime immediately after logging out. 

iii) Do not use the same session token for two or more IP addresses. 

iv) Limit the expiry time for every session token.

10.  Allow Backup 

Disallow users to back up an app if it contains sensitive data. Having access to backup files (i.e. when android:allowBackup=”true”), it is possible to modify/read the content of an app even on a non-rooted device. So it is recommended to make allow backup false. 

11. Restrict accessing android application screens from other apps

Ideally, your activities should not give any provision to the opening from other services or applications. Make it true only when you have a specific requirement to access your flutter screens from other apps otherwise change to android:exported= ”false”

12. Restrict installing packages from the android application

REQUEST_INSTALL_PACKAGES permission allows apps to install new packages on a user’s device. We are committed to preventing abuse on the Android platform and protecting users from apps that self-update using any method other than Google Play’s update mechanism or download harmful APKs.

Conclusion: 

Mobile Apps have become more personalized than ever before with heaps of customers’ personal data stored in them every day. In order to build trust and loyalty among users and prevent significant financial and credential losses for the companies, it is now crucial to make sure the application is secure for the user. Following the above-mentioned mobile app security checklists will definitely help to prevent hackers from hacking the app.

About the Author:

Raviteja Aketi is a Senior Software Engineer at Mantra Labs. He has extensive experience with B2B projects. Raviteja loves exploring new technologies, watching movies, and spending time with family and friends.

Read our latest blog: Implementing a Clean Architecture with Nest.JS

Cancel

Knowledge thats worth delivered in your inbox

Loading More Posts ...