10%

Try : Insurtech, Application Development

Edtech(5)

Events(34)

Interviews(10)

Life@mantra(11)

Logistics(1)

Strategy(14)

Testing(8)

Android(46)

Backend(29)

Dev Ops(3)

Enterprise Solution(22)

Frontend(28)

iOS(41)

Javascript(13)

Augmented Reality(17)

Customer Journey(12)

Design(13)

User Experience(34)

AI in Insurance(31)

Insurtech(59)

Product Innovation(37)

Solutions(15)

E-health(3)

HealthTech(8)

mHealth(3)

Telehealth Care(1)

Telemedicine(1)

Artificial Intelligence(109)

Bitcoin(7)

Blockchain(18)

Cognitive Computing(7)

Computer Vision(8)

Data Science(14)

FinTech(44)

Intelligent Automation(26)

Machine Learning(46)

Natural Language Processing(13)

Facebook’s F8 Conference 2016- Announcements You Need to Know

At Facebook’s Annual F8 conference 2016, Facebook unveiled the future of Messenger, live video, chatbots, artificial intelligence, and Internet-beaming satellites in San Francisco, which was a great success. Zuckerberg also shared a 10-year roadmap for the company that basically consists of Lasers, Virtual Reality, and bots. Zuckerberg foresees the company making VR headsets small enough to look like ordinary glasses.

But before all this takes place, Facebook has made it important to connect the world to the Web, and it is doing so with a variety of projects such as Drones and Antennas. The company plans to test in developing countries and smaller cities before implementing them on larger scales and prove successful.

The road-map seemed more like a preview of this F8 than the future, but it’s interesting to think about what exactly Facebook might be building in 10 years from now.

The Facebook CEO, kicked off the conference by 4 keynotes:

  • Slamming Trump in F8 opner: ‘Instead of building walls we can help building bridges’.
  • Facebook’s 10-year roadmap is basically lasers, bots and VR.
  • Facebook will make VR headsets look like Ray-Bans in 10-year.
  • Here’s how Facebook plans to connect the world.

New-Facebook-Developer-tools-Pages-Messenger-Bot-Live-video-e1460576537898

Here are few products and announcements by Facebook which took the center stage in the conference:

Messenger:
It was clear the star of the show this year was Facebook Messenger. The company unveiled Messenger Platform which lets anyone create bots for the app, and launched a few for users to try on the spot.

If you need help creating a bot, there’s also a Bot Engine based on Facebook M, an artificial intelligence program Facebook unveiled last year. Facebook foresees this future being more about how people can interact with businesses more intuitively, and use bots to make their lives easier – be it to order pizza, arrange a car pickup, send flowers, or go shopping.

For example, you can interact with the CNN bot on Facebook Messenger and tell it topics you are interested in. In return, the bot can provide you with a news story you might have missed, or provide a digest of things worth your time.

It makes you wonder what Facebook will look like in that 10-year roadmap if everything you can do on the app will soon be available directly on Messenger.

Internet-Beaming Satellite:
Another product that was focus of the conference was company’s “Internet.org program.” It will launch its first satellite in the next few months. According to Zuckerberg, Facebook’s Free Basics initiative has now helped more than 25 million people around the world get online. Facebook also announced a Free Basics simulator for developers. the company revealed that it was using satellites to beam broadband Internet to people in large swaths of Africa.Screen-Shot-2016-04-12-at-1.20.54-PM-930x581

360-degree camera/flying saucer
Facebook showcased its flying saucer- 360-degree camera, which would capture virtual reality imagery for its Oculus Rift headset. Along with the camera, Facebook is building software to stitch the footage together as a seamless 360-degree video.

Facebook is open-sourcing the camera’s specs and its design, which means anyone in the public, particularly hardware hackers known as makers, can create their own cameras.

Facebook’s Oculus division, which it acquired for $2 billion in 2014, launched the Rift headset on March 28. And Samsung launched the Samsung Gear VR, powered by Oculus, for mobile users in November.

Mark Zuckerberg also announced that in about 10 years or so, we’ll be able to see augmented reality and virtual reality using gadgets that look like ordinary glasses. And with this kind of camera, you’ll probably be able to livestream what you see around you in VR.fb360still

Antennas for improving Internet Access
Facebook showed off its latest unconventional equipment for bringing better Internet connectivity to more people.

There are two new projects: the Terragraph antennas for distributing gigabit Internet in densely city environments using both Wi-Fi and cellular signals, and the Aries array of radio antennas for delivering wireless signals to devices in rural areas — where you don’t always get 4G LTE connections today.

The social network is keen to go beyond its current reach of 1.55 billion monthly active users and sign up the next billion on the way to having 5 billion users by 2030. Improving Internet access can make using the Internet — and Facebook — less impractical and more enjoyable.

It was clear that Facebook intends to submit Terragraph to its recently announced Telecom Infra Project in some way.

As for Aries, Facebook intends to “make this technology open to the wireless communications research and academic community to help build and improve on the already implemented algorithms (or devise new ones) that will help solve broader connectivity challenges of the future,” wrote Choubey and Panah.

project-aries-facebook-100655919-large.png

Some other Facebook tools were also showcased and announced
Moving over to some developer updates. Facebook announced a handful of new tools to make navigating the Web more intuitive. Such tools include an Account Kit so you can log into any service with just your phone number or email, a quote sharing tool, and a Save to Facebook button for any website to implement.

There are also updates to Analytics for Apps which aims to help developers gain more understanding of their users’ demographics, such as their age range and what time they tend to make in-app purchases. They can also target notifications to these users for higher engagement rates.

Facebook said that its React framework will now be available on Windows and Samsung devices, allowing developers to create apps for smart TV, wearables, and gaming consoles.

Facebook knows it needs partnerships to continue growing, and swiftly announced a new selfie kit that includes six beta partners to help users spice up their profile videos. It’s also got a new live video API so more people can choose its platform over, to better brand and extend reach, says, Periscope.

In short, this conference was full of future surprises and had enough for developers and companies to work on. At Mantra Labs we continuously work of present and future technology and help clients in choosing best for them. If you want to know more approach us on hello@mantralabsglobal.com

Cancel

Knowledge thats worth delivered in your inbox

12 Tips To Secure Your Mobile Application

Cyber attacks and data theft have become so common these days especially when it comes to mobile applications. As a result, mobile apps that experience security breaches may suffer financial losses. With many hackers eyeing to steal customer data, securing these applications has become the number one priority for organizations and a serious challenge for developers. According to Gartner’s recent research, Hype Cycle for Application Security, investment in application security will increase by more than two-fold over the next few years, from $6 billion this year to $13.7 billion by 2026. Further, the report stated, “Application security is now top-of-mind for developers and security professionals, and the emphasis is now turning to apps hosted in public clouds,” It is crucial to get the fundamental components of DevOps security correct. Here are the 12 tips to secure your mobile application: 

1. Install apps from trusted sources:

It’s common to have Android applications republished on alternate markets or their APKs & IPAs made available for download. Both APK and IPA may be downloaded and installed from a variety of places, including websites, cloud services, drives, social media, and social networking. Only the Play Store and the App Store should be allowed to install trustworthy APK and IPA files. To prevent utilizing these apps, we should have a source check detection (Play Store or App Store) upon app start.

Also read, https://andresand.medium.com/add-method-to-check-which-app-store-the-android-app-is-installed-from-or-if-its-sideloaded-c9f450a3d069

2. Root Detection:

Android: An attacker could launch a mobile application on a rooted device and access the local memory or call specific activities or intents to perform malicious activities in the application. 

iOS: Applications on a jailbroken device run as root outside of the iOS sandbox. This can allow applications to access sensitive data stored in other apps or install malicious software negating sandboxing functionality. 

More on Root Detection- https://owasp.org/www-project-mobile-top-10/2016-risks/m8-code-tampering

3. Data Storing:

Developers use Shared Preferences & User Defaults to store key-value pairs like tokens, mobile numbers, email, boolean values, etc. Additionally, while creating apps, developers prefer SQLite databases for structured data. It is recommended to store any data in the format of encryption so that it is difficult to extract the information by hackers.

4. Secure Secret Keys:

API keys, passwords, and tokens shouldn’t be hardcoded in the code. It is recommended to use different techniques to store these values so that hackers cannot get away quickly by tampering with the application. 

Here’s a reference link: https://guides.codepath.com/android/Storing-Secret-Keys-in-Android

5. Code Obfuscation

An attacker may decompile the APK file and extract the source code of the application. This may expose sensitive information stored in the source code of the application to the attacker which may be used to perform tailored attacks. 

It is better to obfuscate the source code to prevent all the sensitive information contained in the source code.

6. Secure Communication:

An attacker may perform malicious activities to leverage the level of attacks since all communication is happening over unencrypted channels. So always use HTTPS URLs over HTTP URLs.

7. SSL Pinning:

Certificate pinning allows mobile applications to restrict communication only to servers with a valid certificate matching the expected value (pin). Pinning ensures that no network data is compromised even if a user is tricked into installing a malicious root certificate on their mobile device. Any app that pins its certificates would thwart such phishing attempts by refusing to transmit data over a compromised connection

Please refer: 

https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning

8. Secure API request & response data

The standard practice is to use HTTPS for the baseline protection of REST API calls. The information sent to the server or received from the server may be further encrypted with AES, etc. For example, if there are sensitive contents, you might choose to select those to encrypt so that even if the HTTPS is somehow broken or misconfigured, you have another layer of protection from your encryption.

9. Secure Mobile App Authentication:

In case an application does not assign distinct and complex session tokens after login to a user, an attacker can conduct phishing in order to lure the victim to use a custom-generated token provided by the attacker and easily bypass the login page with the captured session by using a MiTM attack.

i) Assign a distinct and complex session token to a user each time he/she logs on successfully to the application. 

ii) Terminate the session lifetime immediately after logging out. 

iii) Do not use the same session token for two or more IP addresses. 

iv) Limit the expiry time for every session token.

10.  Allow Backup 

Disallow users to back up an app if it contains sensitive data. Having access to backup files (i.e. when android:allowBackup=”true”), it is possible to modify/read the content of an app even on a non-rooted device. So it is recommended to make allow backup false. 

11. Restrict accessing android application screens from other apps

Ideally, your activities should not give any provision to the opening from other services or applications. Make it true only when you have a specific requirement to access your flutter screens from other apps otherwise change to android:exported= ”false”

12. Restrict installing packages from the android application

REQUEST_INSTALL_PACKAGES permission allows apps to install new packages on a user’s device. We are committed to preventing abuse on the Android platform and protecting users from apps that self-update using any method other than Google Play’s update mechanism or download harmful APKs.

Conclusion: 

Mobile Apps have become more personalized than ever before with heaps of customers’ personal data stored in them every day. In order to build trust and loyalty among users and prevent significant financial and credential losses for the companies, it is now crucial to make sure the application is secure for the user. Following the above-mentioned mobile app security checklists will definitely help to prevent hackers from hacking the app.

About the Author:

Raviteja Aketi is a Senior Software Engineer at Mantra Labs. He has extensive experience with B2B projects. Raviteja loves exploring new technologies, watching movies, and spending time with family and friends.

Read our latest blog: Implementing a Clean Architecture with Nest.JS

Cancel

Knowledge thats worth delivered in your inbox

Loading More Posts ...