Differences

This shows you the differences between two versions of the page.

Link to this comparison view

smd:res:assignment [2020/04/18 20:50]
vlad.traista
smd:res:assignment [2023/04/12 13:10] (current)
cosmin.chenaru
Line 1: Line 1:
 ====== Assignment ====== ====== Assignment ======
  
-The assignment is an **individual project** in which you will apply what you have learned ​at the laboratories (Android programming and security guidelines) ​to develop a secure Android application.+The assignment is an **individual project** in which you will apply the concepts ​learned ​during ​the labs to develop a secure Android application. ​
  
-Create ​an application ​which has the following components and functionalities:​ +Your task is to develop ​an app with any topic/​purpose of your choice, ​which has the following components and functionalities:​
- - At least 2 activities - **1p** +
- - At least 1 service - **2p** +
- - At least 1 broadcast receiver - **1p** +
- - Integration with at least 1 API, for example: **3p** +
- - https://​api.tfl.gov.uk/​ - data for air quality, pollution, transportation etc +
- - https://​earthquake.usgs.gov/​fdsnws/​event/​1/​ - data for earthquakes +
- - https://​openweathermap.org/​api - weather +
- - 1 Settings Activity (can be included in the minimum of 2 activities required for the project) and the use of Shared Preferences **1p** (settings activity **0.5p** and shared preferences **0.5p** +
- - :!: Respect the security guidelines presented throughout the lectures and labs :!: **2p**+
  
-:!: Security ​guidelines :!: +  * At least 2 activities - **1p** 
-  ​* all services should not be exported if they are not meant to be used by other apps +  * At least 1 broadcast receiver - **1p** 
-  * use a local broadcast manager if necessary +  * Asynchronous work performed on threads other than the main one, or periodically scheduled work **1.5p** 
-  * declare ​only the necessary permissions ​in the manifest +  * Notifications - **0.5p**  
-  * check/request permissions in the activity/​other component +  * Integration with at least 1 API, for example: **3p** 
-  * always ​use https and, if necessary, validate the digital certificate if a custom one is used +     * https://​api.tfl.gov.uk/​ - data for air quality, pollution, transportation etc 
-  * always ​use internal storage +     * https://​earthquake.usgs.gov/​fdsnws/​event/​1/​ - data for earthquakes 
-  * sensitive ​information to be encrypted (authentication tokens, passwords) using **EncryptedFile** or **EncryptedSharedPreferences**. For more information you can check [[https://​developer.android.com/​topic/​security/​data|here]] +     * https://​openweathermap.org/​api - weather 
-  * encrypt ​the data for sensitive communication (e.g. over Bluetooth)+     * [[ https://​medium.com/​rakuten-rapidapi/​top-10-best-food-and-recipe-apis-yelp-zomato-untappd-and-more-2bf712a032c2|Food APIs list]] 
 +  * 1 Settings Activity (can be included in the minimum of 2 activities required for the project) and the use of Shared Preferences **1p** (settings activity **0.5p** and shared preferences **0.5p**) 
 +  * :!: Respect the security ​guidelines ​presented throughout the lectures and labs :!: **2p** 
 + 
 + 
 +The application must be implemented using native Android code, in Kotlin or in Java. If implemented in a framework such as Flutter, ​all the security requirements must be implemented and the student must show an understanding of their role, in order for the project ​to be considered for grading. 
 + 
 +In the cases where the topic chosen for the app doesn'​t fit very well into the requirements (e.g. it doesn'​t need a notification from a usability point of view), then the student should discuss this with the Teaching Assistant to receive advice on how to replace that requirement with something else. 
 + 
 +===== Security guidelines ===== 
 + 
 +  * You can use this [[https://​www.immuniweb.com/​mobile/​|web APK scanner]] to check how secure your app is 
 +  * Do not export components (services, broadcast receivers, apps) unless it's really necessary 
 +  * Use a local broadcast manager if applicable 
 +  * Declare ​only the necessary permissions 
 +  * Check/request permissions in the activity/​other component 
 +  * Always ​use https and, if necessary, validate the digital certificate if a custom one is used 
 +  * Always ​use internal storage 
 +  * Sensitive ​information to be encrypted (authentication tokens, passwords) using **EncryptedFile** or **EncryptedSharedPreferences**. For more information you can check [[https://​developer.android.com/​topic/​security/​data|here]] 
 +  * Encrypt ​the data for sensitive communication (e.g. over Bluetooth) 
 + 
 + 
 +===== Logistics ===== 
 + 
 +The code must be submitted on each student'​s private Github repository used for the SMD activities and created via Github classroom. 
 + 
 +The projects will be checked for plagiarism. 
 + 
 + 
 +==== Timeline ==== 
 + 
 +  - **Choose a topic for your app:** until April 20th 2023 
 +    * discuss your idea with your teaching assistant (at the lab, on MS Teams or by email) 
 +  - **Intermediary project presentation:​** April 27th 2023 
 +    * Presentation will be a discussion with the Teaching Assistant, during the lab, about the progress you made on your project 
 +    * There will be slots in which you can present 
 +    * Each presentation will take at most 10 minutes 
 +  - **Project presentations**:​ May 25th 2023  
 +    *  The assignment will be presented during the lab 
 + 
 +==== Grading ====
  
-In order to receive **bonus points**, the project must also have the main components and functionalities. In total there can be 2 bonus points. 
  
 **Bonus points** can be obtained for including: **Bonus points** can be obtained for including:
-  * Input sanitization for storage ​db (to prevent SQLite injection) ​**1p** +  * Input sanitization for database ​storage (to prevent SQLite injection) 
-  * special ​UI design **1p** +  * Special ​UI design 
-  * unit testing. **1-2p** (depends on the unit tests) +  ​MVVM, livedata 
-  * code readability,​ modularization,​ clean code **1p** +  ​Kotlin corutines or rxJava/​rxKotlin 
-  * integration ​with an API which belongs to a custom server written by you **1p**+  * Unit testing 
 +  * Code readability,​ modularization,​ clean code 
 +  * Integration ​with an API which belongs to a custom server written by you 
 + 
 +The amount of bonus points will be decided by the teaching assistant when evaluating the project.
  
-**Timeline** +In order to receive bonus points, the project ​must be functionalrespect ​the security guidelines and the required components.
-  - Choose a topic for your app: 8-22 March 2020 +
-    * discuss your idea with your teaching assistant (at the lab or by email) +
-    * submit a description of your app on Moodle ([[https://​acs.curs.pub.ro/​2019/​mod/​assign/​view.php?​id=10054|SAS]][[https://​acs.curs.pub.ro/​2019/​mod/​assign/​view.php?​id=10056|SRIC]]) +
-    * the TA will provide feedback, suggestions on Moodle for your idea +
-  - Intermediary ​project ​presentation:​ 4-8 May 2020 +
-    * Presentation will be a discussion with the TAduring the lab, about the progress you made on your project +
-  - Project presentations:​ 18-22 May 2020 +
-    *  The assignment will be presented during the lab in the last week of the semester.+
  
-**Grading** +  ​- **3 points** ​out of the total 10 for the whole semester (exam, labs etc) for a complete assignment 
-  ​- **3 points** for a complete assignment +  - **Penalties:** 
-  - Penalties: ​+
     * 0.3 points - for not submitting **the project topic** in time     * 0.3 points - for not submitting **the project topic** in time
     * 0.5 points - for not presenting **the intermediary project presentation**     * 0.5 points - for not presenting **the intermediary project presentation**
smd/res/assignment.1587232221.txt.gz · Last modified: 2020/04/18 20:50 by vlad.traista
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0