MOBILE TERMINAL AND APPLICATION SECURITY

Chapter I
Mobile Terminal
Introduction to Mobile Terminals
A mobile communication device is a small, portable electronic device, with wireless communication
capabilities, which is easy to carry around. There are several types of mobile communication devices,
like cell phones or mobile phones, WLAN devices, and GPS navigation devices, but it is the mobile
phone that has adopted the term “mobile device,” and gradually its purpose has shifted from a verbal
communication tool to a multimedia tool.

A mobile phone, which is also known as mobile terminal (MT), cellular phone, cell phone, hand
phone, or simply a phone, is a device that can send and receive telephone calls over a radio link while
being connected to a cellular base station operated by a cellular network operator. It provides user
mobility around a wide geographic area. A feature phone is a low‐end mobile phone with limited
capabilities and it provides mainly voice calling, text messaging, multimedia, and Internet
functionality. In addition to telephone calls, modern multifunctional mobile phones with more
computing capabilities, which support a wide variety of other applications and services like SMS
(Short Message Service), MMS (Multimedia Messaging Service), e‐mails, Internet, Web browsing,
news, gaming, playing music, movies, calendar management, contact, video, photography, short‐
range connectivity, location‐specific information, WLAN connectivity, and GPS connectivity, are
considered as smartphones. Smartphones offer all these services in single device, so they are
becoming increasingly important as work tools for users who rely on these services. Today, they have
become universal replacements for personal digital assistant (PDA) devices. Typically, a smartphone
incorporates handheld computer functionalities along with the communication capabilities of a cell
phone by providing support of multimodal, multi‐RAT connectivity and user customized applications.
Personal digital assistants / enterprise digital assistants, tablet computers, ultramobile PCs, and a lot of
wearable devices also provide mobile communication capabilities by integrating communication
modems in them. Various types of these devices are shown below.

(a) PDA, (b) smartphone (c) tablet (d) wearable device

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 1
 MOBILE TERMINAL AND APPLICATION SECURITY

Building Blocks of a Smartphone

A system‐level block diagram of a smartphone is shown in Figure 1.2. Smartphones are equipped with
various functional blocks as given below:

• Mobile terminal modem unit. This unit (cellular systems modem) interfaces with the cellular base
stations, and sends / receives user information (voice, data) generated by the application unit. So, it
interacts with a base station using different cellular air interface standards like GSM (Global System for
Mobile Communications), WCDMA (Wideband Code Division Multiple Access), LTE (Long‐Term
Evolution) etc. to send / receive information to distantly located called party or server. It also interacts
locally with its application units, like speech, video, and data transfer applications for getting /
providing the user application data. This is discussed in Chapters 2, 3 and 4. This consists of two main
submodules: Radio Frequency (RF) unit and Baseband (BB) unit.
◦ RF unit. The RF analog front‐end unit’s transmitter circuit helps to upconvert the low frequency
baseband signal to a high‐frequency amplified RF signal for transmission, and the receiver circuit
helps to down convert the analog amplified received high‐frequency signal to a low‐frequency
baseband signal.

◦ Baseband unit. The baseband unit helps for digital bit detection, system protocol processing for
proper and reliable communication with the network.

◦ SIM. A subscriber identification module (SIM) is an integrated circuit that securely stores the
international mobile subscriber identity (IMSI) and the related key used to identify and authenticate
subscribers on mobile telephony devices. A SIM circuit is embedded into a removable plastic card,
called “SIM card.”

System‐level block diagram of a typical smartphone

• Application unit. This unit is in charge of running various applications. It interacts with the modem
and connectivity modules to send / receive information from remote devices, and uses that data to
drive various applications. It provides the functions that users want to execute on the smart phone and
these may include speech, audio playback, fax transmission / reception, Internet, e‐mail, Web
browsing, image reproduction, streaming video, games, and so forth. This unit also handles the
interface functions such as keyboard, display, and speech recognition, and it interfaces and manages
other connectivity modules such as GPS and WLAN. Depending on the smartphone device
complexity, there could one or several application processors in a mobile phone. The application

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 2
 MOBILE TERMINAL AND APPLICATION SECURITY
processor consists of components like the processor core and device interfaces, which communicate
with other peripheral devices attached to the application processor like the LCD screen, camera,
keypad, universal serial bus (USB), and multimedia card (MMC) via interfaces.

◦ Peripheral devices. There are several peripheral devices placed in the smart phone for different
purposes. Like, for data transfer with other devices or PC, an USB device is placed in the phone.
Similarly, UART(universal asynchronous receiver / transmitter), I2S (Integrated Inter-IC Sound Bus)
etc. are used for intermodule or interdevice communication. The other devices are like, SD (Secure
Digital) / MMC (Microsoft Management Console), LCD display, keyboard, microphone, and speaker
are also used in a mobile phone.
◦ Multimedia modules. It performs multimedia related functions like, speech encoding / decoding,
audio encoding / decoding, video encoding / decoding by employing various multimedia standards
(MP3, JPEG, MPEG, and so forth). As multimedia‐related functions are time consuming, so these are
generally implemented in dedicated hardware block. Also, smartphone contain graphics processing
unit (GPU) for rapid processing of multimedia functions.

◦ Various sensors and actuators. A sensor is a device that measures a physical quantity and converts
it into a signal (electrical or optical) by an instrument. They sense the changes in the environment and
send them to the application processor. The commonly used sensors in handsets include
accelerometers, gyroscopes, proximity sensors, ambient light sensors, barometers, and so forth. On
the other hand, an actuator is a type of motor that is responsible for moving or controlling a
mechanism or a system.

◦ Vibrator. A vibra alert device is used to give a silent alert signal to the phone user. Generally, the
vibration is made using an improperly balanced motor and controlled with a pulse width modulation
(PWM) signal via the battery terminal.

◦ Connectivity modules. Apart from cellular system modem, the smart phone also houses several
other wireless connectivity modules like, Geo Positioning System (GPS), Bluetooth (BT), FM radio,
ZigBee, Wireless LAN (WLAN), and so forth. These individual submodules have RF and digital
baseband processing unit and interact with the other devices, peripherals like, headset or server
through radio interface.

◦ Power management module. This unit is responsible for distributing the regulated battery power
among various modules, conversion of the battery voltage (generally 3.6 V) according to the different
voltage level needed by different modules, which means up or down conversion to various voltages
(such as 4.8 V, 2.8 V, 1.8 V and 1.6 V) using, for example, a DC‐DC converter, a battery power
consumption control device, sleep‐related functionalities management, battery‐charging control. The
battery‐charging component is responsible for charging the battery of the smartphone.

◦ Clock distribution module. This distributes a clock signal to the mobile phone. The clock signal is
required in every digital block in the system and also it is required in RF unit for scheduling
transmission and reception at a specific time.

◦ Memory. Various types of memory are used in the mobile phone for storing code and data.
Generally, Flash memory, EPROM, and DRAM memory are used in a mobile phone.

Apart from all these hardware blocks, firmware and software components reside in the memory and
are executed by processors to configure, control, and process different hardware modules,
applications, and protocols.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 3
 MOBILE TERMINAL AND APPLICATION SECURITY

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 4
 MOBILE TERMINAL AND APPLICATION SECURITY

Introduction to Android OS

Android operating system is the largest installed base among various mobile platforms across the
globe. Hundreds of millions of mobile devices are powered by Android in more than 190 countries of
the world. It conquered around 71% of the global market share by the end of 2021, and this trend is
growing bigger every other day. The company named Open Handset Alliance developed Android for
the first time that is based on the modified version of the Linux kernel and other open-source
software. Google sponsored the project at initial stages and in the year 2005, it acquired the whole
company. In September 2008, the first Android-powered device was launched in the market.

Android dominates the mobile OS industry because of the long list of features it provides.

 It’s user-friendly,
 Has huge community support,
 Provides a greater extent of customization, and
 A large number of companies build Android-compatible smartphones.

As a result, the market observes a sharp increase in the demand for developing Android mobile
applications, and with that companies need smart developers with the right skill set. At first, the
purpose of Android was thought of as a mobile operating system. However, with the advancement of
code libraries and its popularity among developers of the divergent domain, Android becomes an
absolute set of software for all devices like tablets, wearables, set-top boxes, smart TVs, notebooks,
etc.

Features of Android

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 5
 MOBILE TERMINAL AND APPLICATION SECURITY
Android is a powerful open-source operating system that open-source provides immense features and
some of these are listed below.

 Android Open-Source Project so we can customize the OS based on our requirements.

 Android supports different types of connectivity for GSM, CDMA, Wi-Fi, Bluetooth, etc. for
telephonic conversation or data transfer.
 Using Wi-Fi technology, we can pair with other devices while playing games or using other
applications.
 It contains multiple APIs to support location-tracking services such as GPS.
 We can manage all data storage-related activities by using the file manager.
 It contains a wide range of media supports like AVI, MKV, FLV, MPEG4, etc. to play or
record a variety of audio/video.
 It also supports different image formats like JPEG, PNG, GIF, BMP, MP3, etc.
 It supports multimedia hardware control to perform playback or recording using a camera and
microphone.
 Android has an integrated open-source Web Kit layout-based web browser to support User
Interfaces like HTML5, and CSS3.
 Android supports multi-tasking means we can run multiple applications at a time and can
switch between them.
 It provides support for virtual reality or 2D/3D Graphics.

Android Versions
Google first publicly announced Android in November 2007 but was released on 23 SEPTEMBER
2008 to be exact. The first device to bring Android into the market was the HTC Dream with the
version Android 1.0. Since then, Google released a lot of android versions such as Apple Pie, Banana

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 6
 MOBILE TERMINAL AND APPLICATION SECURITY
Bread, Cupcake, Donut, Éclair, Froyo, Gingerbread, Jellybeans, KitKat, Lollipop, marshmallow,
Nougat, Oreo, etc. with extra functionalities and new features.

The following table shows the version details of android which is released by Google from 2007 to
date.

Code Name Version API level Release date

– Android 1.0 1 September 23, 2008
– Android 1.1 2 February 9, 2009
Cupcake Android 1.5 3 April 30, 2009
Donut Android 1.6 4 September 15, 2009
Eclair Android 2.0 – 2.1 5-7 October 26, 2009
Froyo Android 2.2 – 2.2.3 8 May 20, 2010
Gingerbread Android 2.3 – 2.3.4 9-10 December 6, 2010
Honeycomb Android 3.0.x – 3.2.x 11 – 13 February 22, 2011
Ice Cream Sandwich Android 4.0 – 4.0.4 14 – 15 October 18, 2011
Jelly Bean Android 4.1 – 4.1.2 16 – 18 July 9, 2012
Kitkat Android 4.4 – 4.4.4 19 July 9, 2012
Lollipop Android 5.0 – 5.1 21 – 22 October 17, 2014
Marshmallow Android 6.0 – 6.0.1 23 October 5, 2015
Nougat Android 7.0 – 7.1 24 – 25 August 22, 2016
Oreo Android 8.0 26 August 21, 2017
Pie Android 9.0 27 August 6, 2018
Android Q Android 10.0 29 September 3, 2019
Android 11 Android 11.0 30 September 8, 2020
Snow Cone Android 12.0 – 12.1 31-32 October 4, 2021

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 7
 MOBILE TERMINAL AND APPLICATION SECURITY
Tiramisu Android 13 33 August 15, 2022
Android 14 UPCOMING
Programming Languages used in Developing Android Applications

 Java
 Kotlin

Developing the Android Application using Kotlin is preferred by Google, as Kotlin is made an official
language for Android Development, which is developed and maintained by JetBrains. Previously
before Java is considered the official language for Android Development. Kotlin is made official for
Android Development in Google I/O 2017.

Types Of Mobile Operating Systems (Mobile Os)

Like a computer operating system, a mobile operating system is the software platform for mobile
devices on top of which other programs run. When you purchase a mobile device, the manufacturer
will have chosen the mobile OS for that specific device. The mobile operating system is responsible
for determining the functions and features available on your device, such as thumbwheel, keyboards,
WAP, synchronization with applications, e-mail, text messaging and more.

The mobile operating system will also determine which third-party applications can be used on your
device. Some of the more common and well-known mobile operating systems include the following:

Apple iOS

Apple’s iOS mobile operating system powers the company’s line of mobile devices like
the iPhone, iPad, iPod touch, and Apple TV. Apple iOS was originally called the iPhone OS but was
renamed in 2010 to reflect the operating system’s evolving support for additional Apple devices.
Apple updated iOS to iOS 9 in 2015 in conjunction with the company’s OS X El Capitan operating
system release.

Google Android

Google Android is a mobile operating system based on Linux that has quickly become the biggest
competitor to Apple iOS in the mobile device market. Google originally released Android’s source
code under open source licenses, and today the company continues to develop the mobile OS
privately prior to major update releases that are made available to OEMs and the
public.Manufacturers of Android-powered smartphone and tablet devices include Samsung, Sony,
Asus, Amazon, HTC and LG, as well as Google itself.

Windows Phone

Originally called the Windows Mobile platform and then Windows Phone, Microsoft’s mobile OS is
available on a variety of devices from a variety of wireless operators. You will find Windows Phone
on Microsoft hardware devices as well as Nokia, Dell, HP, Motorola, Palm and i-mate products.
Microsoft unveiled the latest release of its mobile operating system, Windows 10 Mobile, in late 2015
as part of the Windows 10 family of operating systems.

EARLY MOBILE OS

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 8
 MOBILE TERMINAL AND APPLICATION SECURITY
While not as frequently encountered in today’s market, some of the earlier generation mobile OSes
have included:

Palm OS

Since the introduction of the first Palm Pilot in 1996, the Palm OS platform has provided mobile
devices with essential business tools, as well as capability to access the Internet or a central corporate
database via a wireless connection.Link: Palm OS Web site

Symbian OS

Symbian OS has become a standard operating system for smartphones, and is licensed by more than
85 percent of the world’s handset manufacturers. The Symbian OS is designed for the specific
requirements of 2.5G and 3G mobile phones.

Linux

The first company to launch phones with Linux as its OS was Motorola in 2003. Linux has been seen
as a suitable option for higher-end phones with powerful processors and larger amounts of memory.

MXI

MXI is a universal mobile operating system that allows existing full-fledged desktop and mobile
applications written for Windows, Linux, Java and Palm to be enabled immediately on mobile devices
without any redevelopment. MXI allows for interoperability between various platforms, networks,
software and hardware components.MXI Web site.

Android App Development Fundamentals for Beginners

Android is an operating system that is built basically for Mobile phones. It is based on the Linux
Kernel and other open-source software and is developed by Google. It is used for touchscreen
mobile devices such as smartphones and tablets. But nowadays these are used in Android Auto cars,
TV, watches, camera, etc. It has been one of the best-selling OS for smartphones. Android OS was
developed by Android Inc. which Google bought in 2005. Various applications (apps) like games,
music player, camera, etc. are built for these smartphones for running on Android. Google Play
store features more than 3.3 million apps. The app is developed on an application known as Android
Studio. These executable apps are installed through a bundle or package called APK (Android
Package Kit).

Android Fundamentals
1. Android Programming Languages

In Android, basically, programming is done in two languages JAVA or C++ and XML (Extension
Markup Language). Nowadays KOTLIN is also preferred. The XML file deals with the design,
presentation, layouts, blueprint, etc (as a front-end) while the JAVA or KOTLIN deals with the
working of buttons, variables, storing, etc (as a back-end).

2. Android Components

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 9
 MOBILE TERMINAL AND APPLICATION SECURITY
The App components are the building blocks of Android. Each component has its own role and life
cycles i.e from launching of an app till the end. Some of these components depend upon others also.
Each component has a definite purpose. The four major app components are:

 Activities
 Services
 Broadcast Receivers:
 Content Provider:

3. Structural Layout of Android Studio

The basic structural layout of Android Studio is given below:

The above figure represents the various structure of an app.

 Manifest Folder: Android Manifest is an XML file that is the root of the project source set. It
describes the essential information about the app and the Android build tools, the Android
Operating System, and Google Play. It contains the permission that an app might need in
order to perform a specific task. It also contains the Hardware and the Software features of the
app, which determines the compatibility of an app on the Play Store. It also includes special
activities like services, broadcast receiver, content providers, package name, etc.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 10
 MOBILE TERMINAL AND APPLICATION SECURITY
 Java Folder: The JAVA folder consists of the java files that are required to perform the
background task of the app. It consists of the functionality of the buttons, calculation, storing,
variables, toast (small popup message), programming function, etc. The number of these files
depends upon the type of activities created.
 Resource Folder: The res or Resource folder consists of the various resources that are used
in the app. This consists of sub-folders like drawable, layout, mipmap, raw, and values. The
drawable consists of the images. The layout consists of the XML files that define the user
interface layout. These are stored in res.layout and are accessed as R.layout class. The raw
consists of the Resources files like audio files or music files, etc. values are used to store the
hardcoded strings (considered safe to store string values) values, integers, and colors.
 Gradle Files: Gradle is an advanced toolkit, which is used to manage the build process, that
allows defining the flexible custom build configurations. Each build configuration can define
its own set of code and resources while reusing the parts common to all versions of your app.
The Android plugin for Gradle works with the build toolkit to provide processes and
configurable settings that are specific to building and testing Android applications. Gradle and
the Android plugin run independently of Android Studio. This means that you can build your
Android apps from within Android Studio. The flexibility of the Android build system
enables you to perform custom build configurations without modifying your app’s core
source files.

4. Lifecycle of Activity in Android App

The Lifecycle of Activity in Android App can be shown through this diagram:

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 11
 MOBILE TERMINAL AND APPLICATION SECURITY

States of Android Lifecycle:

 OnCreate: This is called when activity is first created.

 OnStart: This is called when the activity becomes visible to the user.
 OnResume: This is called when the activity starts to interact with the user.
 OnPause: This is called when activity is not visible to the user.
 OnStop: This is called when activity is no longer visible.
 OnRestart: This is called when activity is stopped, and restarted again.
 OnDestroy: This is called when activity is to be closed or destroyed.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 12
 MOBILE TERMINAL AND APPLICATION SECURITY

Essential Elements of a Program

A program is simply a series of instructions that tell the computer what to do. Although programs can
be complex, each individual instruction is generally simple. The computer starts at the beginning and
works through, line by line, until it gets to the end. Here are some of the essential elements in Visual
Basic:

Statements
A statement is an instruction that performs an action. For example, the statement Lbl.BackColor =
Color.Blue sets the background color of Lbl to Blue.

Functions
A function is a statement that returns a value. For example, the function InputBox() returns the value
of its dialog text field.

Variables
A variable is a word defined in the program that stores a value. As the foundation of any computer
programming language, variables act as “containers” that “hold” information. These containers then
store this information for later use. For example, the statement msg = “Hello World!” stores a string
of characters in a variable called msg. For example, imagine you are visiting the homepage of a
website. Once you land on this page, a dialog box pops into view with this simple greeting: “Hi!
What’s your name?” This dialog box is a variable! In this code, the programmer could name this
variable “visitorName.” This means that when you type your name into the form and hit submit, your
information would be stored in the “visitorName” variable. The programmer could then reference this
variable at any time to access the information it contains.

Operators
An operator is an arithmetical symbol. For example, the * asterisk character is the multiplication
operator and the / forward slash character is the division operator.

Objects
An object is a program “building block” entity. It can be visible, like a Button control, or invisible like
a Timer control.

Properties
A property is a characteristic of an object. For example, the property Btn.Text is the Text property of
the Btn object.

Methods
A method is an action that an object can perform. For example, the method Btn.Click() is
the Click method of the Btn object.

Comments
A comment is an explanatory line in the program code starting with an apostrophe ’ character. It’s not
actually read by the compiler but exists to explain the purpose of the code. For example, ‘ Clear the
list. might explain a Clear statement.

Data Structures

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 13
 MOBILE TERMINAL AND APPLICATION SECURITY
Data structures allow programmers to streamline data collection when a large amount of related
information is involved. Let’s go back to our “visitorName” variable from above, but imagine the
computer programmer needs to store and reference 10 different visitors’ names rather than just one.

Rather than creating 10 different variables for each new visitor — which would increase the sheer
amount of text in the program and make adding or removing new contacts difficult — the
programmer could simply use a data structure to contain all related variables. In this case, the data
structure would be a List.

With this List data structure, the programmer only needs to create one variable rather than 10, which
means the code would be much more flexible to change.

Control Structures

A control structure analyzes variables and selects a direction in which to go determined from the
given parameters. For example, when a computer program is running, the code is being read by the
computer line by line from top to bottom and (for the most part) left to right.

As the code is being read, the computer will reach a point where it needs to make a “decision” (based
on strict rules set by the computer programmer). At this point, the code could do things like jump to a
different part of the program, re-run a certain piece of code again, or simply skip a block of code
altogether.

Whatever parameters are set by the programmer will affect the code flow. Think of control
structures as the directions your program needs to allow it to make choices and execute commands
under different conditions.

Syntax

Just like in the English language, computer programming follows a syntax or a set of rules that define
particular layouts of letters and symbols. Proper syntax ensures the computer reads and interprets code
accurately. For example, let’s consider a simple email address and its required syntax.

Email addresses are understood by readers and computers immediately due to their format. Typically,
email addresses must consist of a string of letters and numbers, followed by the “@” symbol, and
finally a website domain (e.g., bob_smith@companyname.com). This structure is known as the
standard email syntax! It’s easy to imagine that if the email address were not syntactically correct
(company@.comnamebob_smith), computers would not be able to process it.

In a similar fashion, each computer programming language has its own syntax or appropriate order in
how code should be written for the program to understand what it is supposed to do.

Tools

In the physical world, tools allow workers to perform tasks that would otherwise be extremely
difficult (think of how a hammer helps drive a nail into a piece of wood and what this job would be
like without tools). Similarly, a tool in computer programming is a piece of software that helps
programmers write code much faster.

For example, one of the most important tools for computer programmers is an Integrated
Development Environment (IDE). An IDE can check the syntax of code for errors, organize files,
autocomplete commonly used code, and help you easily navigate through your code. Tools are the
final crucial element to code, as they streamline processes and ensure accuracy.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 14
 MOBILE TERMINAL AND APPLICATION SECURITY

The illustration below shows the Code Editor view of Visual Basic programming code, for
the Click event-handler of a Button control – line numbering is turned on to aid analysis of the code.

Line-by-line analysis

 Lines 1 and 16 – start and end of the entire Form code

 Lines 3 and 14 – start and end of the Button event-handler
 Lines 5, 8, and 11 – explanatory comments
 Line 6 – creates a variable called msg to store String data
 Line 9 – places text value into the msg variable
 Line 12 – calls the MsgBox() function to show the msg value

Syntax highlighting

 Keywords – Visual Basic core language words appear in blue

 Strings – text values, within double-quotes, appear in red
 Comments – explanatory lines appear in green
 Code – everything else appears in black

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 15
 MOBILE TERMINAL AND APPLICATION SECURITY

iOS App Development

Introduction
There were over one billion iPhone users in 2022, and the App Store made more than $643 billion in
revenue in 2020, with more than 900 million paid subscriptions across Apple services. This opens up
a massive potential market for app developers working on iOS.

The sheer size of Apple's ecosystem and the number of people who use iOS create a demand for iOS
developers capable of producing high-quality apps that are downloaded and used by millions. And it
is true that the demand for iOS mobile applications and iPhone users will increase in the coming
years. As a result of this, many companies look to hire skilled iOS developers.

iOS app development is the process of building iOS applications for Apple hardware, including the
apple iPhone, iPad, iPod, apple tv etc., using Apple's proprietary tools and technologies, such as
Xcode, and programming languages like Swift.

What exactly is iOS app development?

iOS app development, from a technical point of view, is the process of making robust applications for
Apple's iOS operating system. We all know that Apple is known for the security it provides, and
building on top of that can reduce the risk of any future threats or malware.

There are many native as well as cross-platform libraries and frameworks that we can use in order to
build iOS applications, which we will look at in detail further in this blog.

While iOS app development and game development itself may seem complex at first glance, it can be
simplified with the right tools and resources. The average salary of an iOS developer is around
$100K, and the highest packages can go up to $200K.

Requirements of an iOS app Developer

iOS development is a complex process that requires specific skills and knowledge. Before starting the
actual app development process, there are some key requirements that developers must meet, such
developer requirements such as:

A Mac computer with the latest version of mac OS.

Xcode, which is the app development environment for macOS and can be downloaded for free from
the Mac App Store.

To distribute your app on the App Store and access various Apple resources, you must enroll in the
Apple Developer Program, which requires an annual fee of USD 99. Once you have an Apple
Developer Program account, you can submit your app for review and, upon approval, make it
available for download on the App Store.

To develop iOS apps, you might need a Mac OS computer (not limited to Mac) with the latest macOS
version installed because the tools for iOS app development, like Xcode, are optimized and developed

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 16
 MOBILE TERMINAL AND APPLICATION SECURITY
specifically for the macOS environment. Because they depend on the architecture and frameworks of
macOS, they might not work right on other operating systems.

If you are using Windows, you cannot build a native application for iOS, but with cross-platform
applications like React Native and Flutter, you can build an iOS application using your Windows PC.
These frameworks use a different method than traditional native app development, which makes them
more compatible with different platforms.

Objective-C

Objective-C was made in the early 1980s, and for many years it was the main language used to
programme all Apple products. It is an object-oriented language that is based on C. Instead of calling
processes, as traditional C programming does, messages are passed between them.

Some of the key features of Objective-C are:

 Object-Oriented: Objective-C is a programming language that allows developers to design
objects that contain data and methods that operate on that data.
 Dynamic Runtime: Objective-C has a dynamic runtime that allows doing things like
dynamic binding, message passing, and method swizzling.
 Interoperability: Objective-C can be used with C and C++ in the same program, which
makes it easier to integrate with existing codebases.
 Automatic Reference Counting (ARC): This feature, which was added to Objective-C in
2011, aids in memory management by automatically retiring objects when they are no longer
required.
 Open Source: Objective-C is open source, meaning the code can be viewed, modified, and
distributed freely.

Swift

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 17
 MOBILE TERMINAL AND APPLICATION SECURITY

Swift is the official programming language of iOS apps and has many advantages over Objective-C.
Swift is a modern programming language with features like optionals, closures, and type
inference that make building iOS apps faster and easier. With its ease of use, speed, and safety
features, it has quickly become a popular choice among iOS developers

Some of the notable features of Swift programming

are:
 Simple syntax: Swift's syntax is simpler and more expressive than that of Objective-C,
making it easier to read and write code.
 Improved safety: Swift is designed to prevent common programming errors and improve
code safety. It comes with features like automatic and optional memory management that
make it less likely that it will crash or lose memory.
 Faster performance: Swift programming is faster than Objective-C, which means that apps
run more smoothly and efficiently.
 Easy to learn: Swift is easy to learn, especially for beginners, thanks to its modern and
approachable syntax.
 Interoperability: Swift works perfectly with Objective-C, which makes it easy to update and
maintain old Objective-C programs.
 Community: Swift's community of developers and resources is growing quickly, which
makes it easier to find help and support when making iOS apps.

Even though Swift is quite popular among many developers still prefer using Objective-C for their
legacy applications instead of transitioning to the newer framework.

Understanding the primary tools for iOS app

development

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 18
 MOBILE TERMINAL AND APPLICATION SECURITY
As an iOS developer, if you are using a Mac, you will be using Xcode most of the time. It offers a
wide range of powerful features like Storyboards and Auto Layout that can significantly increase your
productivity.

Here are some tools and software commonly used in

iOS development:
 Code Editor: Xcode, which is the primary tool used for iOS development, comes with its
own code editor. However, some developers prefer to use other code editors like Visual
Studio Code, Atom, or Sublime Text.
 Programming Language: As mentioned earlier, Swift is the primary language used for iOS
development. Apple developed it specifically for watchOS, macOS, and iOS apps. But some
developers still use Objective-C, an older language that has been used for iOS development in
the past.
 Interface Builder: Interface Builder is a graphical user interface (GUI) editor that is part of
Xcode. It allows developers to create UI elements like buttons, labels, and text fields by
dragging and dropping them onto a storyboard or XIB file.
 Package Manager: CocoaPods or Swift Package Manager (SPM) are tools that make it easy
to manage dependencies in iOS development. CocoaPods is a well-known third-party package
manager that makes it easy for developers to add libraries from outside their projects to their
own. For managing Swift packages, Apple created the official package manager known as
SPM.
 Simulator: The iOS Simulator is a tool that comes with Xcode that lets developers test their
apps without needing a real device. By using iOS simulator, you can simulate different iOS
devices, developers can test their apps on screens with different sizes and resolutions.
 TestFlight: TestFlight app is a tool made by Apple that lets developers give beta versions of
their apps to testers before making them available to the public. TestFlight app lets developers
get feedback and find problems before the app is released. This makes the app development
better in general.

Depending on the scope of your project, you will use a variety of other tools and third-party services
in your iOS project.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 19
 MOBILE TERMINAL AND APPLICATION SECURITY

Type of mobile terminals

The term mobile device refers to a wide range of consumer electronics. Mobile device typically is
used to describe portable devices that can connect to the Internet. However, some also classify
connected digital cameras and standard MP3 players as mobile devices as well. The category of
mobile devices includes the following devices, as well as others:
1. Personal Digital Assistant (PDA)
Sometimes called pocket computers, PDAs are handheld devices that combine elements of
computing, telephone/fax, Internet and networking in a single device. A typical PDA can function as a
cellular phone, fax sender, Web browser and personal organizer.
Unlike portable computers, most PDAs began as pen-based, using a stylus rather than a keyboard for
input. This means that they also incorporated handwriting recognition features. Some PDAs can also
react to voice input by using voice recognition technologies. The PDAs of today are available in either
a stylus or keyboard version (called a datapad).
PDAs have largely been rendered obsolete by the rise in popularity of smartphones and tablets, but
they still retain a presence in niche markets.Examples of PDA devices through the years have
included the Palm Pilot, Revo, Sony Clie, Hewlett-Packard Jornado, Casio Cassiopedia, Compaq iPaq
and Toshiba Pocket PC.
2. Smartphones
Smartphones combine a mobile phone and a handheld computer into a single device. Smartphones
allow users to access and store information (e.g. e-mail) and install programs (applications) while also
being able to use a mobile phone in one device. For example, a smartphone could be a mobile phone
with some PDA functions integrated into the device or vice versa.Examples of smartphones over the
years have included the Apple iPhone, Samsung Galaxy, Microsoft and Nokia Lumia, Sony Ericsson,
Palm Treo, Blackberry, Nokia T-Mobile Sidekick, Torq, Motorola Q, E-Ten, HP iPaq and I-mate.
3. Tablet PCs
Tablet PCs are an evolution of the notebook computer with touchscreen LCD screens that can be
utilized with your fingertips or with a stylus. The handwriting with a stylus is digitized and can be
converted to standard text through handwriting recognition, or it can remain as handwritten text. The
stylus can also be used to type on a pen-based key layout where the lettered keys are arranged
differently than a QWERTY keyboard. Tablet PCs may also offer a removable keyboard as an
additional input option.Examples of tablet PCs have included Apple iPad, Microsoft
Surface and Surface Pro, Samsung Galaxy Tab, Samsung Nexus, Amazon Kindle Fire HD and
Lenovo Yoga.
4. Typical hardened scanning terminals

these terminals with integrated scanner / imager (commonly called "zapette") exist from all
manufacturers, with various characteristics: with hardened touch screen of several dimensions, with or
without physical keyboard, with cradle, in "gun" or "palm" mode (in the hand flat), tilted reading
head, all under Android now, in Wifi mode and some with 4G in addition, light, heavy, close or
remote reading.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 20
 MOBILE TERMINAL AND APPLICATION SECURITY

Scanning terminal in palm or gun form

4.3" touch screen, gun mode scanning (imager), induction charging (no contacts), Android

5. Commercial, light industrial terminals

These mobile terminals are designed for standard and versatile use with elaborate ergonomics and
communications while maintaining the advantages of ease of use, durability and price.

6. Mobile terminals for industry

These professional laptops are semi-hardened to ultra-hardened: that is, depending on their
specifications, can fall on the ground, take the rain, "dive" a little under water.
Most of them can exchange data via 3/4G or Wifi and Bluetooth and can be used as a phone
and a digital assistant as well as a scanner.
One of the typical application is in transport : Geolocation application of the parcel drop-off
point - csv record.

7. Hands-free mobile terminals and rings

Bar code terminals worn on the arm, wrist, for logistics, hands-free picking, with a finger pointer
(ring)
Utility of hands-free mobile scanning terminals

Fingertip Scanning

1. Typical order-picking application for these hands-free terminals: Android app for
receiving or picking orders by location
The "hands-free" mobile scanning terminal provides speed, productivity and error reduction for order
pickers who have a list of orders to prepare in a counted and record time. The terminal is constantly
available to remind the operator of the next package to be loaded on the pallet and allows him to scan
the barcode of the picked product with his fingertip and enter the quantity on the keyboard or select
the batch of the picked product.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 21
 MOBILE TERMINAL AND APPLICATION SECURITY

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 22
 MOBILE TERMINAL AND APPLICATION SECURITY

Mobile Web Applications

Introduction
Mobile Web applications refer to applications for mobile devices that require only a Web browser to
be installed on the device. They typically use HTML and Ajax (and, increasingly, HTML5
components), although they may make use of augmented rich Internet application (RIA) technologies,
such as Flash, JavaFX and Silverlight, but are not written specifically for the device. Rich, mobile
Web applications has roughly equivalent usability to PC-rich Web applications (or RIAs), when
designed specifically for smaller form factors. Simple mobile Web applications limit the use of RIA
technologies and are designed to present information in a readable, action-oriented format.

Mobile Web
Mobile web refers to browsing the internet using a web browser on a mobile device, such as a
smartphone or tablet. This can include accessing websites, searching for information, and using web-
based applications.

But how does mobile web differ from mobile web apps?

The main difference between mobile web and mobile web apps is that mobile web refers to accessing
websites through a web browser, while mobile web apps are web-based applications that provide a
more app-like experience.

Here are some examples:

Mobile web:

 Using a web browser such as Google Chrome, Safari, or Firefox on your smartphone to
search for information on Google.
 Checking your email using the web-based version of Gmail.
 Visiting a news website, such as CNN or BBC, to read the latest headlines.

Mobile web apps:

 Using the Twitter mobile web app to browse tweets and post updates.
 Using the Google Maps web app to get directions and search for nearby locations.
 Accessing the Spotify web app to stream music on your mobile device.

Both mobile web and mobile web apps offer a way to access the internet and web-based content on
mobile devices. However, mobile web apps provide a more app-like experience, while mobile web is
more focused on browsing websites.

Mobile Web vs. Web App vs. Mobile App

Here is a comparison table that highlights some of the key differences between mobile web, web apps,
and mobile apps:

Category Mobile Web Web App Mobile App

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 23
 MOBILE TERMINAL AND APPLICATION SECURITY
Platform Accessible via web browser on Accessed through a web browser, but Installed on a mobile device and
a mobile device. designed to work like an app. accessed through an app icon
Development Designed to be responsive to Designed to work like an app, with Developed specifically for the
mobile devices. additional features such as offline mobile platform.
functionality and push notifications.
User May require more scrolling and Offers an app-like experience, but it Provides a smooth and optimized
experience zooming. may not be as smooth as a mobile user experience.
app.
Performance Can be slower due to internet May be slower than a native app, but Provides fast and responsive
connectivity and reliance on can still offer good performance. performance.
web browsers.
Access Accessible to anyone with a Accessible through a web browser You must download and install it
mobile device and internet and internet connectivity. on a mobile device.
connectivity.
Features Limited to what can be Can offer additional features, such as It offers features including
accomplished through a web offline functionality and push access to device hardware
browser. notifications. (camera, microphone, etc.)
Maintenance Easier to maintain as you can The maintenance is simple, as you Requires regular updates and
change the website. can easily change a web app. maintenance.

Each type of application has its strengths and weaknesses, and the choice between mobile web, web
apps, and mobile apps will depend on the application’s specific needs and its users.

What is Mobile Web Design?

It refers to designing and creating websites optimized for viewing and interacting with on mobile
devices like smartphones and tablets.

Mobile web design considers the smaller screen size, touch-based interactions of mobile devices,
varying screen resolutions, and internet connectivity speeds.

 Responsive design: A mobile website must be designed using multiple responsive design
techniques to ensure that it can adapt to different screen sizes and orientations.
You can test your mobile website’s responsive design on multiple device-browser-OS
combinations using BrowserStack Automate, App Automate, App Live, and Live to ensure a
seamless user experience with your software. BrowserStack provides automated and manual
options for online mobile testing for websites and apps.
 Simplified navigation: Mobile users must find what they want on a website. Mobile web
design should simplify navigation and minimize the clicks required to access the content.
 Optimized content: Mobile web design should optimize content for mobile devices, including
using smaller images and simplified layouts to reduce load times and improve user
experience.
 Touch-based interactions: Mobile devices rely on touch-based interactions, so mobile web
design should consider how users interact with the website using touch gestures.
 Fast load times: Mobile web design should optimize for fast load times, including reducing
the size of images and using caching techniques.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 24
 MOBILE TERMINAL AND APPLICATION SECURITY
With more and more people using smartphones and tablets for quick internet access, mobile web
design has become a highly important aspect of web design.

Responsive Frameworks for Building Mobile Web and Mobile

Web Applications
Responsive frameworks are a collection of pre-written code and stylesheets that make creating
responsive websites and applications that work well on mobile devices easier.

Here are some popular responsive frameworks for building mobile web and mobile web applications:

1. Bootstrap: It offers a wide range of pre-built components, such as navigation bars, modals, forms,
and typography, as well as a grid system for creating responsive layouts. It also comes with various
CSS and JavaScript plugins and utilities for adding interactivity and functionality to your web pages.

One of the benefits of using Bootstrap is that it is designed to be mobile-first, meaning that its
components and layout are optimized for use on mobile devices. This makes it an excellent choice for
building mobile web and mobile web applications.

2. Materialize: It is an open-source CSS and JavaScript framework for building responsive and
modern web applications. It is based on Google’s Material Design guidelines, which provide a set of
design principles and guidelines for creating user interfaces that are visually appealing and intuitive to
use.

Materialize is easy to get started with, and it provides comprehensive documentation and a variety of
templates and examples to help you get started quickly. It also has a large community of developers
who contribute to its development and provide support to other users.

3. Ionic: Ionic is a popular framework for building mobile web and hybrid mobile applications. It
provides a range of responsive design components, including grids, typography, and navigation, that
can be used to build mobile-friendly applications. It is built on top of AngularJS, a popular JavaScript
framework, and provides a range of features, such as native app integration and offline support.

4. Semantic UI: Semantic UI is a front-end framework that provides multiple responsive design
components. It includes pre-built templates and themes that can be customized to fit specific design
needs. It also offers a range of customization options, such as theming and modularization.

These frameworks can be highly effective in helping you achieve the desired performance of your
application.

How to Optimize your Mobile Web Application for Performance?

Optimizing the performance of a mobile web application is crucial for providing a good user
experience and improving engagement.

Here are some tips for optimizing your mobile web application for performance:

 Large images can slow down the performance of your mobile web application. Ensure to
compress images to reduce their file size without compromising quality. Use compressed
images with the appropriate file format (JPEG, PNG, SVG) and dimensions to reduce the size
of your web pages and improve loading speed.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 25
 MOBILE TERMINAL AND APPLICATION SECURITY
 Use lazy loading to delay the loading of non-critical content, such as images and videos, until
the user scrolls to that part of the page.
 A CDN can fasten up the delivery of your mobile web application’s content by caching it in
multiple locations worldwide. This can reduce the time it takes for your application to load,
especially for users far from your server.
 Each mobile web application’s HTTP request can slow down performance. Minimize the
number of HTTP requests by combining multiple resources, such as CSS and JavaScript files,
into a single file.
 Caching can help to speed up your mobile web application by storing frequently accessed
data on the user’s device or in the browser cache. It can reduce the number of requests to be
made to the server.
 Optimize your mobile web application’s code and minimize the size of your HTML, CSS,
and JavaScript files by removing unnecessary code and optimizing loops and conditionals.
Use asynchronous loading for scripts to avoid blocking the rendering of the page.
 The time it takes for your server to respond to requests can impact your mobile web
application’s performance. Optimize your server response time by using a content delivery
network, optimizing your database queries, and using a caching layer.
 Use responsive design to optimize your web pages for different screen sizes and devices.
 Regularly test your mobile web application’s performance using tools like Google PageSpeed
Insights or GTmetrix. Also, apart from performance, you can run a detailed speed test on real
browsers and devices using the BrowserStack which is ideal for covering real-world
conditions for the most accurate results.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 26
 MOBILE TERMINAL AND APPLICATION SECURITY

Introduction to JavaScript

What is JavaScript?

JavaScript is a lightweight, cross-platform, single-threaded, and interpreted compiled programming

language. It is also known as the scripting language for webpages. It is well-known for the
development of web pages, and many non-browser environments also use it.

JavaScript is a weakly typed language (dynamically typed). JavaScript can be used for Client-
side developments as well as Server-side developments. JavaScript is both an imperative and
declarative type of language. JavaScript contains a standard library of objects, like Array, Date,
and Math, and a core set of language elements like operators, control structures, and statements.

 Client-side: It supplies objects to control a browser and its Document Object Model
(DOM). Like if client-side extensions allow an application to place elements on an HTML
form and respond to user events such as mouse clicks, form input, and page navigation.
Useful libraries for the client side are AngularJS, ReactJS, VueJS, and so many others.
 Server-side: It supplies objects relevant to running JavaScript on a server. For if the server-
side extensions allow an application to communicate with a database, and provide continuity
of information from one invocation to another of the application, or perform file
manipulations on a server. The useful framework which is the most famous these days
is node.js.
 Imperative language – In this type of language we are mostly concerned about how it is to be
done. It simply controls the flow of computation. The procedural programming approach,
object, oriented approach comes under this as async await we are thinking about what is to be
done further after the async call.
 Declarative programming – In this type of language we are concerned about how it is to be
done; basically, here logical computation requires. Her main goal is to describe the desired
result without direct dictation on how to get it as the arrow function does.

How to Link JavaScript File in HTML?

JavaScript can be added to HTML file in two ways:

Internal JS: We can add JavaScript directly to our HTML file by writing the code inside the <script>
tag. The <script> tag can either be placed inside the <head> or the <body> tag according to the
requirement.

External JS: We can write JavaScript code in another files having an extension.js and then link this
file inside the <head> tag of the HTML file in which we want to add this code.

Syntax:

<script>
// JavaScript Code
</script>

Example:

HTML

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 27
 MOBILE TERMINAL AND APPLICATION SECURITY

<!DOCTYPE html>

<html lang="en">

<head>

<title>

Basic Example to Describe JavaScript

</title>

</head>

<body>

<!-- JavaScript code can be embedded inside

head section or body section -->

<script>

console.log("Welcome to GeeksforGeeks");

</script>

</body>

</html>

Output: The output will display on the console.

Welcome to GeeksforGeeks

Features of JavaScript
According to a recent survey conducted by Stack Overflow, JavaScript is the most popular language
on earth.
With advances in browser technology and JavaScript having moved into the server with Node.js and
other frameworks, JavaScript is capable of so much more. Here are a few things that we can do with
JavaScript:

 JavaScript was created in the first place for DOM manipulation. Earlier websites were mostly
static, after JS was created dynamic Web sites were made.
 Functions in JS are objects. They may have properties and methods just like other objects.
They can be passed as arguments in other functions.
 Can handle date and time.
 Performs Form Validation although the forms are created using HTML.
 No compiler is needed.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 28
 MOBILE TERMINAL AND APPLICATION SECURITY

Applications of JavaScript
 Web Development: Adding interactivity and behavior to static sites JavaScript was invented
to do this in 1995. By using AngularJS that can be achieved so easily.
 Web Applications: With technology, browsers have improved to the extent that a language
was required to create robust web applications. When we explore a map in Google Maps then
we only need to click and drag the mouse. All detailed view is just a click away, and this is
possible only because of JavaScript. It uses Application Programming Interfaces(APIs) that
provide extra power to the code. The Electron and React are helpful in this department.
 Server Applications: With the help of Node.js, JavaScript made its way from client to server
and Node.js is the most powerful on the server side.
 Games: Not only in websites, but JavaScript also helps in creating games for leisure. The
combination of JavaScript and HTML 5 makes JavaScript popular in game development as
well. It provides the EaseJS library which provides solutions for working with rich graphics.
 Smartwatches: JavaScript is being used in all possible devices and applications. It provides a
library PebbleJS which is used in smartwatch applications. This framework works for
applications that require the Internet for their functioning.
 Art: Artists and designers can create whatever they want using JavaScript to draw on HTML
5 canvas, and make the sound more effective also can be used p5.js library.
 Machine Learning: This JavaScript ml5.js library can be used in web development by using
machine learning.
 Mobile Applications: JavaScript can also be used to build an application for non-web
contexts. The features and uses of JavaScript make it a powerful tool for creating mobile
applications. This is a Framework for building web and mobile apps using JavaScript. Using
React Native, we can build mobile applications for different operating systems. We do not
require to write code for different systems. Write once use it anywhere!

Limitations of JavaScript
 Security risks: JavaScript can be used to fetch data using AJAX or by manipulating tags that
load data such as <img>, <object>, <script>. These attacks are called cross-site script attacks.
They inject JS that is not part of the site into the visitor’s browser thus fetching the details.
 Performance: JavaScript does not provide the same level of performance as offered by many
traditional languages as a complex program written in JavaScript would be comparatively
slow. But as JavaScript is used to perform simple tasks in a browser, so performance is not
considered a big restriction in its use.
 Complexity: To master a scripting language, programmers must have a thorough knowledge
of all the programming concepts, core language objects, and client and server-side objects
otherwise it would be difficult for them to write advanced scripts using JavaScript.
 Weak error handling and type checking facilities: It is a weakly typed language as there is no
need to specify the data type of the variable. So wrong type checking is not performed by
compile.

Why JavaScript is known as a lightweight programming language?

JavaScript is considered lightweight due to the fact that it has low CPU usage, is easy to implement,
and has a minimalist syntax. Minimalist syntax as in, has no data types. Everything is treated here as
an object. It is very easy to learn because of its syntax similar to C++ and Java.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 29
 MOBILE TERMINAL AND APPLICATION SECURITY
A lightweight language does not consume much of your CPU’s resources. It doesn’t put excess strain
on your CPU or RAM. JavaScript runs in the browser even though it has complex paradigms and
logic which means it uses fewer resources than other languages. For example, NodeJs, a variation of
JavaScript not only performs faster computations but also uses fewer resources than its counterparts
such as Dart or Java.

Additionally, when compared with other programming languages, it has fewer in-built libraries or
frameworks, contributing as another reason for it being lightweight. However, this brings a drawback
in that we need to incorporate external libraries and frameworks.

Is JavaScript Compiled or Interpreted or both?

JavaScript is both compiled and interpreted. In the earlier versions of JavaScript, it used only the
interpreter that executed code line by line and shows the result immediately. But with time the
performance became an issue as interpretation is quite slow. Therefore, in the newer versions of JS,
probably after the V8, the JIT compiler was also incorporated to optimize the execution and display
the result more quickly. This JIT compiler generates a bytecode that is relatively easier to code. This
bytecode is a set of highly optimized instructions.
The V8 engine initially uses an interpreter, to interpret the code. On further executions, the V8 engine
finds patterns such as frequently executed functions, and frequently used variables, and compiles them
to improve performance.

JavaScript is best known for web page development but it is also used in a variety of non-browser
environments.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 30
 MOBILE TERMINAL AND APPLICATION SECURITY

Apache Cordova

Apache Cordova is an open-source platform for developing mobile apps through web applications like
HTML, CSS, JavaScript. Cordova is very useful to web-developers as they can turn their web pages
to a web app with native app functionalities easily using Cordova. This is an extremely helpful feature
as normal web apps don’t have this functionality.

Cordova is used to making cross-platform mobile applications and provides a wide range of plugins
for better functionality of the app which is easy to embed.

How to Installation

We are installing the Cordova command-line tool. If not already installed follow the steps given
below:

 Download Node.js and install it from here.

 Using npm utility (Node.js) to install Cordova module

Installation on Linux / macOS

 Prefixing the sudo command to the npm command might be needed to install the utility
 $ sudo npm install -g Cordova

Installation on Windows

 The -g flag tells the npm utility to install Cordova globally

 C:\>npm install -g Cordova

Run Cordova in the command line to check if properly installed if installed it should print help text.

Cordova’s Application Architecture

Cordova has a high-level design the diagram shown below depicts its architecture

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 31
 MOBILE TERMINAL AND APPLICATION SECURITY

Cordova’s application architecture

Web View: This is the user interface of the Cordova application. The applications used are integrated
with the web view and the native components (for hybrid apps).

Web App: This is the basic web page layout made using HTML, CSS, JavaScript. This is the core of
the Cordova application the web app runs in the web view. The file config.xml is responsible for the
information on the app

Plugins

Plugins are one of the best features in Cordova. Integrating plugins adds apps functionality and
attractiveness. Cordova maintains a set of plugins called Core Plugins which provides application
capabilities like Camera, Battery, File transfer etc. In addition to the core plugins, there are several
third-party plugins that provide additional bindings to features. Cordova does not provide any mv
framework or widgets. Plugins are necessary for functionality like communication between Cordova
and custom native components. Plugins can be searched using the npm command or searched at the
link given below

Development Paths

Basically there are two development paths in Cordova each with its own advantages :

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 32
 MOBILE TERMINAL AND APPLICATION SECURITY
 Cross-Platform Workflow: This workflow is centered around the command-line interface
(CLI) and mostly used when a developer wants the application to run on different platforms.
This workflow has very little need for platform-specific developments. Here the CLI copies
assets of different platforms into sub-directories for each of the platforms and has a common
interface to apply plugins.

 Platform-centered Workflow: This workflow is centered around lower-level shell scripts for a
specific platform and is used when a developer is focused on building an application on a
single platform and wants to modify it at a lower level like adding native components to the
web-based components. This workflow does not have any high-level tools. If a user wants to
modify the application with SDK the Platform-centered workflow is used

Features:
 Command Line Interface: Used for installing plugins and writing commands to build a
Cordova application
 Cordova Plugins: Many APIs can be used in Cordova to add functionality to a Cordova
application
 Cordova Core Components: A set of components used to build the application

Advantages of using Cordova

 Easy to use and does not require a lot of time to make an application with Cordova.
 There is no need to learn a specific development programming language to develop an
application.
 Cordova follows a plugin architecture, many plugins to work with which can be added and
modified. We can enable and disable plugins as per our priorities.
 Is a platform for developing an application that can be used in different platforms — Ubuntu,
Windows, Blackberry, etc.

Limitations
 Not all plugins are compatible with every platform.
 Hybrid apps are slower than native apps.
 Not optimum for making an application that requires a large set of data.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 33
 MOBILE TERMINAL AND APPLICATION SECURITY

Introduction to AngularJS
AngularJS is a JavaScript open-source front-end structural framework that is mainly used to develop
single-page web applications (SPAs). It is a continuously growing and expanding framework which
provides better ways for developing web applications. It changes the static HTML to dynamic HTML.
Its features like dynamic binding and dependency injection eliminate the need for code that we have
to write otherwise. AngularJS is rapidly growing and because of this reason, we have different
versions of AngularJS with the latest stable being 1.7.9. It is also important to note that Angular is
different from AngularJS. It is an open-source project which can be freely used and changed by
anyone. It extends HTML attributes with Directives, and data is bound with HTML.

History of AngularJS: AngularJS was originally developed in 2008-2009 by Miško Hevery and
Adam Abrons at Brat Tech LLC, as software for the online JSON storage service, in order to ease to
development of the applications for the enterprise, that has been valued by the megabyte. It is now
maintained by Google. AngularJS was released with version 1.6, which contains the component-based
application architecture concept. This release version removed the Sandbox, which facilitates security,
despite having the various vulnerabilities that have evolved, which bypassed the Sandbox.

Why use AngularJS?

 Easy to work with: All you need to know to work with AngularJS is the basics of HTML,
CSS, and Javascript, not necessary to be an expert in these technologies.
 Time-saving: AngularJs allows us to work with components and hence we can use them
again which saves time and unnecessary code.
 Ready to use a template: AngularJs is mainly plain HTML, and it mainly makes use of the
plain HTML template and passes it to the DOM and then the AngularJS compiler. It traverses
the templates and then they are ready to use.
 Directives: AngularJS’s directives allow you to extend HTML with custom elements and
attributes. This enables you to create reusable components and define custom behaviors for
your application. Directives make it easier to manipulate the DOM, handle events, and
encapsulate complex UI logic within a single component.

Key Features: There are numerous features of AngularJS that contribute to creating efficient
applications. Some of the features are described below:

Model View Controller (MVC): An architecture is basically a software pattern used to develop an
application. It consists of three components:

 Model: This component consists of a database & is responsible for managing the data & logic
of the application. It responds to the request made by the View component & the instruction
given by the Controller component, in order to update itself.
 View: This component is responsible for displaying the application data to the users. The
View is basically the user interface that helps to render the required data to the user, with the
help of the AngularJS expressions.
 Controller: This component is responsible for communicating & interacting between the
Model & the View Component, i.e., its main job is to connect the model and the view
component. It helps to validate the input data by implementing some business logic that
manipulates the state of the data model.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 34
 MOBILE TERMINAL AND APPLICATION SECURITY
Normally, when we talk about MVC architecture, we have to split our applications into these three
components and then write the code to connect them. However, in AngularJS, all we have to do is
split the application into MVC and it does the rest by itself. It saves a lot of time and allows you to
finish the job with less code.

 Data Model Binding: Data Binding in AngularJS is a two-way process, i.e. the view layer of
the MVC architecture is an exact copy of the model layer. You don’t need to write special
code to bind data to the HTML controls. Normally, in other MVC architectures, we have to
continuously update the view layer and the model layer to remain in sync with one another. In
AngularJs it can be said that the model layer and the view layer remain synchronized with
each other. When the data in the model changes, then the view layer reflects the change and
vice versa. It happens immediately and automatically which helps in making sure that the
model and the view are updated at all times.
 Templates: The main advantage of using AngularJS is how it makes use of the templates.
Normally what happens is that the templates are passed by the browser into DOM, then DOM
becomes the input of the AngularJS compiler and then AngularJS traverses the DOM
template for rendering instructions which are called directives. The other siblings of
AngularJS work differently as they make use of the HTML String whereas AngularJs does
not manipulate the template strings. Using the DOM is what gives us the privilege to extend
the directive vocabulary or even abstract them into reusable components.
 Unit Testing ready: The concern of Google’s designer was not only to develop Angular but
also to develop a testing framework called “Karma” which helps in designing unit tests for
AngularJS applications.
 Integration and Extensibility: AngularJS can be easily integrated with other libraries and
frameworks. It provides support for interacting with server-side APIs, handling HTTP
requests, and integrating with third-party tools. AngularJS also allows you to extend its
functionality by creating custom directives, filters, and services, giving you the flexibility to
tailor the framework to your specific needs.

Benefits of AngularJS:
Depending Injection: Dependency Injection is a software design pattern. It works on the basis of
Inversion of Control. Inversion control means objects do not create other objects. Instead, they get
these objects from an outside source. The dependent object is not created by the primary object after
that and then uses its methods. Instead, an external source creates the dependent object and gives it to
the source object for further usage. On the basis of dependency injection, we create a service to
acquire all the information from the database and get it into the model class.

In Angular.JS, dependencies are injected by using an “injectable factory method” or “constructor

function”. These components can be injected with “service” and “value” components as
dependencies. The $http service is normally defined from within the controller in the following
manner.

sampleApp.controller ('AngularJSController', function ($scope,

$http)
Example: This example illustrates the basic Angular JS by implementing the
directive, controller, etc.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 35
 MOBILE TERMINAL AND APPLICATION SECURITY
HTML

<!DOCTYPE html>

<html>

<head>

<title>AngularJS Example</title>

<script src=

"https://ajax.googleapis.com/ajax/libs/angularjs/1.6.9/angular.min.js">

</script>

</head>

<body>

<center>

<h1 style="color:green">

GeeksforGeeks

</h1>

<h3>AngularJS Example</h3>

<div ng-app="myApp"

ng-controller="myCtrl"

ng-style="gfgObj">

<input type="text"

ng-model="comName">

<input type="text"

ng-model="detail">

<br> {{comName + " "+detail }}

</div>

</center>

<script>

var app = angular.module('myApp', []);

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 36
 MOBILE TERMINAL AND APPLICATION SECURITY

app.controller('myCtrl', function($scope) {

$scope.comName = "GeeksforGeeks";

$scope.detail = "Learning Together!"

$scope.gfgObj = {

"color": "green",

"font-family": "sans-serif",

"font-size": "25px"

});

</script>

</body>

</html>

Output:

Pros of AngularJS:

 It facilitates the Two-way Binding that helps to render correspondingly the changes made to
the view or the model.
 It helps to create a responsive web application, along with providing the prototyping that can
be utilized to load the application faster.
 It uses the concept of directive that helps to add functionality to the application. For this, the
overall length of the code reduces along with discarding the repetition of the code that is
specific to perform the particular task.

Cons of AngularJS:

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 37
 MOBILE TERMINAL AND APPLICATION SECURITY
 As this framework belongs to Javascript, so it is required to have prior knowledge of
Javascript.
 If new to this framework, then debugging the scope can be a difficult task.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 38
 MOBILE TERMINAL AND APPLICATION SECURITY

Chapter II
Application security
Introduction

Application security (AppSec) is the processes, practices, and tools used to identify, repair, and
protect against vulnerabilities in applications, throughout the software development life cycle
(SDLC). Application security involves a wide array of tools and methodologies, but all have the same
goal: to identify weaknesses and vulnerabilities and fix them before they can be exploited.
Application security (AppSec) helps protect application data and code against cyberattacks and data
theft. It covers all security considerations during application design, development, and deployment.
AppSec involves implementing software, hardware, and procedures that identify and reduce the
number of security vulnerabilities and minimize the chance of successful attack.

AppSec typically involves building protections and controls into software processes. For example,
automated static analysis of new code, testing new software releases for security vulnerabilities or
misconfigurations, and using an application firewall to strictly define allowed and prohibited
activities.

Threat modeling involves identifying vulnerabilities and objectives and defining suitable
countermeasures to mitigate and prevent the impacts of threats. It is a fundamental component of a
comprehensive application security program.

Here are several ways to promote application security throughout the software development lifecycle
(SDLC):

 Introduce security standards and tools during design and application development phases. For
example, include vulnerability scanning during early development.
 Implement security procedures and systems to protect applications in production
environments. For example, perform continuous security testing.
 Implement strong authentication for applications that contain sensitive data or are mission
critical.
 Use security systems such as firewalls, web application firewalls (WAF), and intrusion
prevention systems (IPS).

Requirements
To build good requirements, make sure that you’re answering questions about your requirements. A
software security requirement should be much like a functionality requirement; it shouldn’t be vague
or unattainable. Anticipate developers’ questions and answer them ahead of time. Here’s how:

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 39
 MOBILE TERMINAL AND APPLICATION SECURITY
 Is this testable? Can we test this requirement in the final application? “Be secure” is not a
testable requirement. “Encode all user-supplied output” is.
 Is this measurable? When we test for this, can we determine coverage and effectiveness?
 Is this complete? Are we forgetting something? Are we mandating checks for user-supplied
data to databases but not logs?
 Is this clear? Will the people responsible for designing, implementing, testing, and delivering
on this requirement understand the intent of the requirement?
 Is this unambiguous? Could someone interpret this requirement in any other ways?
 Are these requirements consistent? Are we approaching each security requirement in the
same way to ensure that the security measures are applied consistently across the board?

When building a requirement, remember that it is a goal that someone must achieve. Designers and
developers can’t meet the security goals for an application unless you create specific and
achievable requirements.

Types of security requirements

If you’re entrenched in the requirements or contracting world, you’re already aware of the basic kinds
of requirements: functional, nonfunctional, and derived. Software security requirements fall into the
same categories. Just like performance requirements define what a system has to do and be to perform
according to specifications, security requirements define what a system has to do and be to perform
securely.

When defining functional no security requirements, you see statements such as “If the scan button is
pressed, the lasers shall activate and scan for a barcode.” This is what a barcode scanner needs to do.
Likewise, a security requirement describes something a system has to do to enforce security. For
example: “The cashier must log in with a magnetic stripe card and PIN before the cash register is
ready to process sales.”

 Functional requirements describe what a system has to do. So functional security

requirements describe functional behavior that enforces security. Functional requirements can
be directly tested and observed. Requirements related to access control, data integrity,
authentication, and wrong password lockouts fall under functional requirements.
 Nonfunctional requirements describe what a system has to be. These are statements that
support auditability and uptime. Nonfunctional security requirements are statements such as
“Audit logs shall be verbose enough to support forensics.” Supporting auditability is not a
direct functionality requirement, but it supports auditability requirements from regulations
that might apply.
 Derived requirements are inspired by the functional and nonfunctional requirements. For
example, if a system has a user ID and PIN functional requirement, a derived requirement
might define the number of allowable incorrect PIN guesses before an account is locked out.
For audit logs, a derived requirement might support the integrity of the logs, such as log
injection prevention.

Derived requirements are tricky because these stem from abuse cases. Not only must requirements
designers think like a user and a customer, but they also have to think like an attacker. For every bit of
functionality given to users, an attacker could abuse it. For example, log-in functionality could

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 40
 MOBILE TERMINAL AND APPLICATION SECURITY
become password guessing attempts, uploading files could open a system up to hosting malware, and
accepting text could open the door to cross-site scripting or SQL injection.

What Types of Applications Does a Modern

Organization Need to Secure?
Web Application Security

A web application is software that runs on a web server and is accessible via the Internet. The client
runs in a web browser. By nature, applications must accept connections from clients over insecure
networks. This exposes them to a range of vulnerabilities. Many web applications are business critical
and contain sensitive customer data, making them a valuable target for attackers and a high priority
for any cyber security program.

The evolution of the Internet has addressed some web application vulnerabilities – such as the
introduction of HTTPS, which creates an encrypted communication channel that protects against man
in the middle (MitM) attacks. However, many vulnerabilities remain. The most severe and common
vulnerabilities are documented by the Open Web Application Security Project (OWASP), in the form
of the OWASP Top 10.

Due to the growing problem of web application security, many security vendors have introduced
solutions especially designed to secure web applications. Examples include the web application
firewall (WAF), a security tool designed to detect and block application-layer attacks.

API Security

Application Programming Interfaces (API) are growing in importance. They are the basis of modern
microservices applications, and an entire API economy has emerged, which allows organizations to
share data and access software functionality created by others. This means API security is critical for
modern organizations.

APIs that suffer from security vulnerabilities are the cause of major data breaches. They can
expose sensitive data and result in disruption of critical business operations. Common security
weaknesses of APIs are weak authentication, unwanted exposure of data, and failure to perform rate
limiting, which enables API abuse.

Like web application security, the need for API security has led to the development of specialized
tools that can identify vulnerabilities in APIs and secure APIs in production.

Cloud Native Application Security

Cloud native applications are applications built in a microservices architecture using technologies like
virtual machines, containers, and serverless platforms. Cloud native security is a complex challenge,
because cloud native applications have a large number of moving parts and components tend to be
ephemeral—frequently torn down and replaced by others. This makes it difficult to gain visibility
over a cloud native environment and ensure all components are secure.

In cloud native applications, infrastructure and environments are typically set up automatically based
on declarative configuration—this is called infrastructure as code (IaC). Developers are responsible
for building declarative configurations and application code, and both should be subject to security

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 41
 MOBILE TERMINAL AND APPLICATION SECURITY
considerations. Shifting left is much more important in cloud native environments, because almost
everything is determined at the development stage.

Cloud native applications can benefit from traditional testing tools, but these tools are not enough.
Dedicated cloud native security tools are needed, able to instrument containers, container clusters, and
serverless functions, report on security issues, and provide a fast feedback loop for developers.

Another important aspect of cloud native security is automated scanning of all artifacts, at all stages of
the development lifecycle. Most importantly, organizations must scan container images at all stages of
the development process.

Application Security Risks

Web Application Security Risks

Software applications can be affected by numerous threats. The Open Web Application Security
Project (OWASP) Top 10 list includes critical application threats that are most likely to affect
applications in production.

Broken Access Control

Broken access control allows threats and users to gain unauthorized access and privileges. Here are
the most common issues:

 It enables attackers to gain unauthorized access to user accounts and act as administrators or
regular users.
 It provides users with unauthorized privileged functions.

You can remediate this issue by implementing strong access mechanisms that ensure each role is
clearly defined with isolated privileges.

Cryptographic Failures

Cryptographic failures (previously referred to as “sensitive data exposure”) occur when data is not
properly protected in transit and at rest. It can expose passwords, health records, credit card numbers,
and personal data.

This application security risk can lead to non-compliance with data privacy regulations, such as the
EU General Data Protection Regulation (GDPR), and financial standards like PCI Data Security
Standards (PCI DSS).

Injection (Including XSS, LFI, and SQL Injection)

Injection vulnerabilities enable threat actors to send malicious data to a web application interpreter. It
can cause this data to be compiled and executed on the server.

Insecure Design

Insecure design covers many application weaknesses that occur due to ineffective or missing security
controls. Applications that do not have basic security controls capable of against critical threats.
While you can fix implementation flaws in applications with secure design, it is not possible to fix
insecure design with proper configuration or remediation.

Security Misconfiguration (Including XXE)

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 42
 MOBILE TERMINAL AND APPLICATION SECURITY
Security misconfigurations occur due to a lack of security hardening across the application stack. Here
are common security misconfigurations:

 Improperly configuring cloud service permissions

 Leaving unrequired features enabled or installed
 Using default passwords or admin accounts
 XML External Entities (XXE) vulnerabilities

Vulnerable and Outdated Components

Vulnerable and outdated components (previously referred to as “using components with known
vulnerabilities”) include any vulnerability resulting from outdated or unsupported software. It can
occur when you build or use an application without prior knowledge of its internal components and
versions.

Identification and Authentication Failures

Identification and authentication failures (previously referred to as “broken authentication”) include

any security problem related to user identities. You can protect against identity attacks and exploits by
establishing secure session management and setting up authentication and verification for all
identities.

Software and Data Integrity Failures

Software and data integrity failures occur when infrastructure and code are vulnerable to integrity
violations. It can occur during software updates, sensitive data modification, and any CI/CD pipeline
changes that are not validated. Insecure CI/CD pipelines can result in unauthorized access and lead to
supply chain attacks.

Security Logging and Monitoring Failures

Security logging and monitoring failures (previously referred to as “insufficient logging and
monitoring”) occur when application weaknesses cannot properly detect and respond to security risks.
Logging and monitoring are critical to the detection of breaches. When these mechanisms do not
work, it hinders the application’s visibility and compromises alerting and forensics.

Server-Side Request Forgery

Server-side request forgery (SSRF) vulnerabilities occur when a web application does not validate a
URL inputted by a user before pulling data from a remote resource. It can affect firewall-protected
servers and any network access control list (ACL) that does not validate URLs.

Types of application security

Different types of application security features include authentication, authorization, encryption,
logging, and application security testing. Developers can also code applications to reduce security
vulnerabilities.

 Authentication: When software developers build procedures into an application to ensure

that only authorized users gain access to it. Authentication procedures ensure that a user is
who they say they are. This can be accomplished by requiring the user to provide a user name

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 43
 MOBILE TERMINAL AND APPLICATION SECURITY
and password when logging in to an application. Multi-factor authentication requires more
than one form of authentication—the factors might include something you know (a
password), something you have (a mobile device), and something you are (a thumb print or
facial recognition).
 Authorization: After a user has been authenticated, the user may be authorized to access and
use the application. The system can validate that a user has permission to access the
application by comparing the user’s identity with a list of authorized users. Authentication
must happen before authorization so that the application matches only validated user
credentials to the authorized user list.
 Encryption: After a user has been authenticated and is using the application, other security
measures can protect sensitive data from being seen or even used by a cybercriminal. In
cloud-based applications, where traffic containing sensitive data travels between the end user
and the cloud, that traffic can be encrypted to keep the data safe.
 Logging: If there is a security breach in an application, logging can help identify who got
access to the data and how. Application log files provide a time-stamped record of which
aspects of the application were accessed and by whom.
 Application security testing: A necessary process to ensure that all of these security controls
work properly.

COURSE INSTRUCTOR: Engr. Kila Frederick Kisife

Email:kilafrederick@gmail.com
Tel: 673986003 44