Engineering Note on 10 31 2016

Engineering Note

Test of the main feature of our app.

Lint

The initial lint scan result is in the folder named tests. After editing the errors from this lint report, the final lint report is stored in a folder named [lintreport. (https://github.com/JoshuaW1990/comp150mob/tree/experimental/lintreport).

Fabric

We have installed fabric in android studio and start to utilize crashlytics to record the crash events when testing the app in the emulator. Here is the screenshot of the fabric dashboard of the crash report of our app:

Static Analysis

In order to test our app statically, we ran our compiled .apk file through Veracode. With a low policy evaluation our app scored a 90 as a security rating. A screenshot of the above report can be seen below: After looking at the assessment report, it seems that that majority of the most critical security issues stem from careless authorization information management and loose variable handling. The steps to remedy this involve cleaning up our module structures and consolidating information within our modules before passing data around. Luckily, our app handles very little sensitive information right now (barring password information that would be bad if leaked if our users use the same passwords across all their accounts), so these security issues are not incredibly detrimental if exploited. However, with this being said, the security of our app will be looked at with more scrutiny as we move from a MVP to a production ready program.