This shows you the differences between two versions of the page.
smd:res:assignment [2020/04/18 20:50] vlad.traista |
smd:res:assignment [2023/04/12 13:10] (current) cosmin.chenaru |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Assignment ====== | ====== Assignment ====== | ||
- | The assignment is an **individual project** in which you will apply what you have learned at the laboratories (Android programming and security guidelines) to develop a secure Android application. | + | The assignment is an **individual project** in which you will apply the concepts learned during the labs to develop a secure Android application. |
- | Create an application which has the following components and functionalities: | + | Your task is to develop an app with any topic/purpose of your choice, which has the following components and functionalities: |
- | - At least 2 activities - **1p** | + | |
- | - At least 1 service - **2p** | + | |
- | - At least 1 broadcast receiver - **1p** | + | |
- | - Integration with at least 1 API, for example: **3p** | + | |
- | - https://api.tfl.gov.uk/ - data for air quality, pollution, transportation etc | + | |
- | - https://earthquake.usgs.gov/fdsnws/event/1/ - data for earthquakes | + | |
- | - https://openweathermap.org/api - weather | + | |
- | - 1 Settings Activity (can be included in the minimum of 2 activities required for the project) and the use of Shared Preferences **1p** (settings activity **0.5p** and shared preferences **0.5p** | + | |
- | - :!: Respect the security guidelines presented throughout the lectures and labs :!: **2p** | + | |
- | :!: Security guidelines :!: | + | * At least 2 activities - **1p** |
- | * all services should not be exported if they are not meant to be used by other apps | + | * At least 1 broadcast receiver - **1p** |
- | * use a local broadcast manager if necessary | + | * Asynchronous work performed on threads other than the main one, or periodically scheduled work **1.5p** |
- | * declare only the necessary permissions in the manifest | + | * Notifications - **0.5p** |
- | * check/request permissions in the activity/other component | + | * Integration with at least 1 API, for example: **3p** |
- | * always use https and, if necessary, validate the digital certificate if a custom one is used | + | * https://api.tfl.gov.uk/ - data for air quality, pollution, transportation etc |
- | * always use internal storage | + | * https://earthquake.usgs.gov/fdsnws/event/1/ - data for earthquakes |
- | * sensitive information to be encrypted (authentication tokens, passwords) using **EncryptedFile** or **EncryptedSharedPreferences**. For more information you can check [[https://developer.android.com/topic/security/data|here]] | + | * https://openweathermap.org/api - weather |
- | * encrypt the data for sensitive communication (e.g. over Bluetooth) | + | * [[ https://medium.com/rakuten-rapidapi/top-10-best-food-and-recipe-apis-yelp-zomato-untappd-and-more-2bf712a032c2|Food APIs list]] |
+ | * 1 Settings Activity (can be included in the minimum of 2 activities required for the project) and the use of Shared Preferences **1p** (settings activity **0.5p** and shared preferences **0.5p**) | ||
+ | * :!: Respect the security guidelines presented throughout the lectures and labs :!: **2p** | ||
+ | |||
+ | |||
+ | The application must be implemented using native Android code, in Kotlin or in Java. If implemented in a framework such as Flutter, all the security requirements must be implemented and the student must show an understanding of their role, in order for the project to be considered for grading. | ||
+ | |||
+ | In the cases where the topic chosen for the app doesn't fit very well into the requirements (e.g. it doesn't need a notification from a usability point of view), then the student should discuss this with the Teaching Assistant to receive advice on how to replace that requirement with something else. | ||
+ | |||
+ | ===== Security guidelines ===== | ||
+ | |||
+ | * You can use this [[https://www.immuniweb.com/mobile/|web APK scanner]] to check how secure your app is | ||
+ | * Do not export components (services, broadcast receivers, apps) unless it's really necessary | ||
+ | * Use a local broadcast manager if applicable | ||
+ | * Declare only the necessary permissions | ||
+ | * Check/request permissions in the activity/other component | ||
+ | * Always use https and, if necessary, validate the digital certificate if a custom one is used | ||
+ | * Always use internal storage | ||
+ | * Sensitive information to be encrypted (authentication tokens, passwords) using **EncryptedFile** or **EncryptedSharedPreferences**. For more information you can check [[https://developer.android.com/topic/security/data|here]] | ||
+ | * Encrypt the data for sensitive communication (e.g. over Bluetooth) | ||
+ | |||
+ | |||
+ | ===== Logistics ===== | ||
+ | |||
+ | The code must be submitted on each student's private Github repository used for the SMD activities and created via Github classroom. | ||
+ | |||
+ | The projects will be checked for plagiarism. | ||
+ | |||
+ | |||
+ | ==== Timeline ==== | ||
+ | |||
+ | - **Choose a topic for your app:** until April 20th 2023 | ||
+ | * discuss your idea with your teaching assistant (at the lab, on MS Teams or by email) | ||
+ | - **Intermediary project presentation:** April 27th 2023 | ||
+ | * Presentation will be a discussion with the Teaching Assistant, during the lab, about the progress you made on your project | ||
+ | * There will be slots in which you can present | ||
+ | * Each presentation will take at most 10 minutes | ||
+ | - **Project presentations**: May 25th 2023 | ||
+ | * The assignment will be presented during the lab | ||
+ | |||
+ | ==== Grading ==== | ||
- | In order to receive **bonus points**, the project must also have the main components and functionalities. In total there can be 2 bonus points. | ||
**Bonus points** can be obtained for including: | **Bonus points** can be obtained for including: | ||
- | * Input sanitization for storage db (to prevent SQLite injection) **1p** | + | * Input sanitization for database storage (to prevent SQLite injection) |
- | * special UI design **1p** | + | * Special UI design |
- | * unit testing. **1-2p** (depends on the unit tests) | + | * MVVM, livedata |
- | * code readability, modularization, clean code **1p** | + | * Kotlin corutines or rxJava/rxKotlin |
- | * integration with an API which belongs to a custom server written by you **1p** | + | * Unit testing |
+ | * Code readability, modularization, clean code | ||
+ | * Integration with an API which belongs to a custom server written by you | ||
+ | |||
+ | The amount of bonus points will be decided by the teaching assistant when evaluating the project. | ||
- | **Timeline** | + | In order to receive bonus points, the project must be functional, respect the security guidelines and the required components. |
- | - Choose a topic for your app: 8-22 March 2020 | + | |
- | * discuss your idea with your teaching assistant (at the lab or by email) | + | |
- | * submit a description of your app on Moodle ([[https://acs.curs.pub.ro/2019/mod/assign/view.php?id=10054|SAS]], [[https://acs.curs.pub.ro/2019/mod/assign/view.php?id=10056|SRIC]]) | + | |
- | * the TA will provide feedback, suggestions on Moodle for your idea | + | |
- | - Intermediary project presentation: 4-8 May 2020 | + | |
- | * Presentation will be a discussion with the TA, during the lab, about the progress you made on your project | + | |
- | - Project presentations: 18-22 May 2020 | + | |
- | * The assignment will be presented during the lab in the last week of the semester. | + | |
- | **Grading** | + | - **3 points** out of the total 10 for the whole semester (exam, labs etc) for a complete assignment |
- | - **3 points** for a complete assignment | + | - **Penalties:** |
- | - Penalties: | + | |
* 0.3 points - for not submitting **the project topic** in time | * 0.3 points - for not submitting **the project topic** in time | ||
* 0.5 points - for not presenting **the intermediary project presentation** | * 0.5 points - for not presenting **the intermediary project presentation** |