10%

Try : Insurtech, Application Development

Edtech(5)

Events(34)

Interviews(10)

Life@mantra(11)

Logistics(1)

Strategy(14)

Testing(8)

Android(46)

Backend(29)

Dev Ops(3)

Enterprise Solution(22)

Frontend(28)

iOS(41)

Javascript(13)

Augmented Reality(17)

Customer Journey(12)

Design(13)

User Experience(34)

AI in Insurance(31)

Insurtech(59)

Product Innovation(37)

Solutions(15)

E-health(3)

HealthTech(8)

mHealth(3)

Telehealth Care(1)

Telemedicine(1)

Artificial Intelligence(109)

Bitcoin(7)

Blockchain(18)

Cognitive Computing(7)

Computer Vision(8)

Data Science(14)

FinTech(44)

Intelligent Automation(26)

Machine Learning(46)

Natural Language Processing(13)

Google I/O 2016 Day 3 – Review

The day was bit calm as compared to day 1, but didn’t stop surprising audience. The Google went ahead and revealed more about Project Ara and Project Jacquard, two far-out projects from its ATAP division, on Day 3. This grabbed some heat at conference and google successfully captured them and wrapped this 3 day conference very well.

Creating market for manufacturers, from day 1, googles announcements and future technologies would hit by the fall of this year.

On final day of Google I/O 2016, Google finally released Project Ara- its modular smartphone and Project Jacquard- “connected clothing”, which would be ready by the fall of this year.

[section_tc][column_tc span=’12’][youtube_tc id=’https://www.youtube.com/watch?v=QsrLzu7gu0g’][/youtube_tc][/column_tc][/section_tc]

It’s been a long time coming, but Google promises this time (like for real) that the long-delayed Project Ara smartphone will be shipping to developers this fall. While it’s been slow getting out of the gate, the smartphone old guard have dreamed up their own visions of modular mobility. But Ara’s idea of a truly modular smartphone is a step beyond anything even being conceived by other companies. Let’s hope it was worth the wait.

Project Ara:
This is great news for anyone who was looking forward to the long-delayed phone with swappable parts. The LG G5 is only tiding us over with a upgradeable speaker and camera-battery grip parts so far.

“Project Ara is different from LG G5, it is modular to the core”, according to Google ATAP engineering lead Rafa Camargo. He called it a flexible and future-proof phone, which he meant it could last you several years.

“We’ve integrated the phone technology in the frame that frees up space for modules that will create and integrate new functionality that you cannot get on your smartphone today,” he added.

Project Ara will be out this fall in a developer edition.

The Project Ara consumer version would be much more refined, and will be launched to the public in the spring of 2017, and a few months later of a developer beta test.

The reason for two Project Ara release dates is that the Google ATAP team wants to know, what are the modules everyone wants to create.

At first, Ara will come with the frame and a few modules to get things started. This may include swapping in a high-resolution camera, a louder speaker or a better battery.

What was really fascinating was when an integrated glucose sensor was even shown on the Google IO stage. All of a sudden, tech that’s essential to people’s lives but might never get phone integration, has a chance with Project Ara.

The Google ATAP team is promising that the consumer version of Ara will be “thin, light and beautiful” in time for next spring. We’ll have more in-depth Ara updates from Google IO this week.highpants-project-ara-progresses-Ara-Phone(1)

Project Jacquard:
Project Jacquard “connected clothing” is coming later this year.

There is “inherent tension between the two,” says Dr. Ivan Poupyrev of Google’s experimental ATAP division. He leads a team to solve a problem he calls “interactive textile technology.”

Google ATAP, known for its Project Ara modular phone, is working with Levi’s on clothing, as was announced last year, and it’s not going to be smart pants, unlike the concept clothing.

It’s actually quite stylish looking

The very first Jacquard garment is going to be a Levi’s trucker commuter jacket with sensors built right into the black jean fabric.

Google and Levi’s are targeting urban cyclists with this tech-infused jacket, calling it a fashionable, function garment.

“It’s a terrible idea to navigate the screen of your phone while navigating busy streets” says Paul Dillinger, VP of innovation at Levi’s. “Anyone who ride a bike knows that tension.”

What can it do? Well gestures, taps and swipes on the sleeve could help you change music or get directions through haptic feedback. Dillinger calls it a “co-pilot for your ride and your life.”

Project Jacquard’s debut jean jacket is going to be a beta later this year.

Just let that one sink in for a moment.

Yes, that means your clothing is now getting a beta test. It makes sense, though, for the first-ever sensor-embedded jacket you’ll own. Google and Levi’s also have plans to make it a full-fledged retail product by 2017. google-fabric-02-100587918-large(1)

With this google wrapped the Google I/O 2016 on good and promising keynotes, giving people something better to wait for by the fall of this year.

The 3rd day was as expected from this Google I/O 2016. For more updates on future technology stay with Mantra Labs.

If any queries approach us on hello@mantralabsglobal.com

Cancel

Knowledge thats worth delivered in your inbox

12 Tips To Secure Your Mobile Application

Cyber attacks and data theft have become so common these days especially when it comes to mobile applications. As a result, mobile apps that experience security breaches may suffer financial losses. With many hackers eyeing to steal customer data, securing these applications has become the number one priority for organizations and a serious challenge for developers. According to Gartner’s recent research, Hype Cycle for Application Security, investment in application security will increase by more than two-fold over the next few years, from $6 billion this year to $13.7 billion by 2026. Further, the report stated, “Application security is now top-of-mind for developers and security professionals, and the emphasis is now turning to apps hosted in public clouds,” It is crucial to get the fundamental components of DevOps security correct. Here are the 12 tips to secure your mobile application: 

1. Install apps from trusted sources:

It’s common to have Android applications republished on alternate markets or their APKs & IPAs made available for download. Both APK and IPA may be downloaded and installed from a variety of places, including websites, cloud services, drives, social media, and social networking. Only the Play Store and the App Store should be allowed to install trustworthy APK and IPA files. To prevent utilizing these apps, we should have a source check detection (Play Store or App Store) upon app start.

Also read, https://andresand.medium.com/add-method-to-check-which-app-store-the-android-app-is-installed-from-or-if-its-sideloaded-c9f450a3d069

2. Root Detection:

Android: An attacker could launch a mobile application on a rooted device and access the local memory or call specific activities or intents to perform malicious activities in the application. 

iOS: Applications on a jailbroken device run as root outside of the iOS sandbox. This can allow applications to access sensitive data stored in other apps or install malicious software negating sandboxing functionality. 

More on Root Detection- https://owasp.org/www-project-mobile-top-10/2016-risks/m8-code-tampering

3. Data Storing:

Developers use Shared Preferences & User Defaults to store key-value pairs like tokens, mobile numbers, email, boolean values, etc. Additionally, while creating apps, developers prefer SQLite databases for structured data. It is recommended to store any data in the format of encryption so that it is difficult to extract the information by hackers.

4. Secure Secret Keys:

API keys, passwords, and tokens shouldn’t be hardcoded in the code. It is recommended to use different techniques to store these values so that hackers cannot get away quickly by tampering with the application. 

Here’s a reference link: https://guides.codepath.com/android/Storing-Secret-Keys-in-Android

5. Code Obfuscation

An attacker may decompile the APK file and extract the source code of the application. This may expose sensitive information stored in the source code of the application to the attacker which may be used to perform tailored attacks. 

It is better to obfuscate the source code to prevent all the sensitive information contained in the source code.

6. Secure Communication:

An attacker may perform malicious activities to leverage the level of attacks since all communication is happening over unencrypted channels. So always use HTTPS URLs over HTTP URLs.

7. SSL Pinning:

Certificate pinning allows mobile applications to restrict communication only to servers with a valid certificate matching the expected value (pin). Pinning ensures that no network data is compromised even if a user is tricked into installing a malicious root certificate on their mobile device. Any app that pins its certificates would thwart such phishing attempts by refusing to transmit data over a compromised connection

Please refer: 

https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning

8. Secure API request & response data

The standard practice is to use HTTPS for the baseline protection of REST API calls. The information sent to the server or received from the server may be further encrypted with AES, etc. For example, if there are sensitive contents, you might choose to select those to encrypt so that even if the HTTPS is somehow broken or misconfigured, you have another layer of protection from your encryption.

9. Secure Mobile App Authentication:

In case an application does not assign distinct and complex session tokens after login to a user, an attacker can conduct phishing in order to lure the victim to use a custom-generated token provided by the attacker and easily bypass the login page with the captured session by using a MiTM attack.

i) Assign a distinct and complex session token to a user each time he/she logs on successfully to the application. 

ii) Terminate the session lifetime immediately after logging out. 

iii) Do not use the same session token for two or more IP addresses. 

iv) Limit the expiry time for every session token.

10.  Allow Backup 

Disallow users to back up an app if it contains sensitive data. Having access to backup files (i.e. when android:allowBackup=”true”), it is possible to modify/read the content of an app even on a non-rooted device. So it is recommended to make allow backup false. 

11. Restrict accessing android application screens from other apps

Ideally, your activities should not give any provision to the opening from other services or applications. Make it true only when you have a specific requirement to access your flutter screens from other apps otherwise change to android:exported= ”false”

12. Restrict installing packages from the android application

REQUEST_INSTALL_PACKAGES permission allows apps to install new packages on a user’s device. We are committed to preventing abuse on the Android platform and protecting users from apps that self-update using any method other than Google Play’s update mechanism or download harmful APKs.

Conclusion: 

Mobile Apps have become more personalized than ever before with heaps of customers’ personal data stored in them every day. In order to build trust and loyalty among users and prevent significant financial and credential losses for the companies, it is now crucial to make sure the application is secure for the user. Following the above-mentioned mobile app security checklists will definitely help to prevent hackers from hacking the app.

About the Author:

Raviteja Aketi is a Senior Software Engineer at Mantra Labs. He has extensive experience with B2B projects. Raviteja loves exploring new technologies, watching movies, and spending time with family and friends.

Read our latest blog: Implementing a Clean Architecture with Nest.JS

Cancel

Knowledge thats worth delivered in your inbox

Loading More Posts ...