CPRG303 Final Project
This is a small Tic-Tac-Toe game created for Android mobile devices using React Native, and bootstrapped using @react-native-community/cli.
Icons used in the game are from icons8.com.
Status: Proposed
Deciders: Sha Eugenio, Lance Gonzales, Zoe Goodwin, Austin Huynh, James Sundby
Date: Dec. 6, 2023
The security recommendation that best fits our Tic Tac Toe application is to get the APK digitally signed through Android Studio to ensure that no debug mode features have been left in [1]. As our game does not store any sensitive user information or access any system resources or features, this is the best option we can provide for our users so they can be sure that no changes have been made or malicious code has been added to the app.
This recommendation protects the end-users as it helps prevent third parties from applying updates that could potentially add malicious code to the application [1]. For example, if a third party tried to add a crypto-miner update in the background of our app, they would be unable to do so without the digital signature.
The recommendation should be implemented into the release procedure, guaranteeing that the APK is digitally signed before distribution. This recommendation is essential in reducing the possibility of security breaches brought on by unauthorized app updates.
Our Tic-Tac-Toe app needs to be “built-in release mode, with settings appropriate for a release build (e.g. non-debuggable)” [1] to ensure that the app is properly signed with a working release key and abides by Android’s security requirements. This process also prevents tampering and the addition of malicious code. Releasing in a non-debuggable mode keeps the app secure by omitting debugging information, making it harder for hackers to access sensitive details.
We would create a final release build of the app and then use Android Studio to generate an upload key and keystore [2]. The certificate generated would have a validity period of 25 or more years to ensure acceptance if it were to be uploaded to any app store.
[1] B. Mueller. “Android App Security Checklist.” GitHub. Accessed: Dec. 06, 2023. [Online]. Available: https://github.com/muellerberndt/android_app_security_checklist.
[2] Android Studio. “Sign your app.” Android Studio Editor, Aug. 16, 2023. Accessed: Dec. 06, 2023. [Online]. Available: https://developer.android.com/studio/publish/app-signing.html#generate-key
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
