Skip to content
This repository has been archived by the owner on Jun 18, 2023. It is now read-only.

Option to donate usage data to AWARE project #60

Merged
merged 2 commits into from
Oct 3, 2016
Merged

Option to donate usage data to AWARE project #60

merged 2 commits into from
Oct 3, 2016

Conversation

rkdarst
Copy link
Contributor

@rkdarst rkdarst commented Sep 29, 2016

This is the start of a commit to make donating usage information optional. By default it is off, but users can turn it on. This commit isn't ready for pulling yet, but making the request to get feedback.

To-do:

  • Currently, in Aware.java, it sends an intent to get the cert of the server's api. I should do something about this still. The comment implies that this is for the use getting plugins, but this now goes to the play store directly, so is it not necessary anymore? However, presumably it is also necessary for sending the usage information.
  • I was going to add the certificate-getting in the AsynchronousPing. As part of this, I would add another function ensureCertificate or some such, which gets the certificate if it doesn't already exist. It isn't very secure for certificates to be fetched at random times over non-ssl (but at the same time, there eventually needs to be a way to handle upgrading certs).
  • I was going to add platform="android", packagename=..., and packageverision=... to the usage data that is sent. I will also have it send these on the initial study registration, to provide a way to distinguish between android and iOS devices (though is there already a way to do this?)

Any comments?

existing commit msg:

  • Menu option which turns on the usage information.
  • Usage information sent to api.awareframework.com, like before.
  • Defaults to false, but can always be turned on by user, even if they
    are in a study.

denzilferreira
denzilferreira reviewed Sep 30, 2016
View reviewed changes
aware-core/src/main/res/xml/aware_preferences.xml
android:defaultValue="false"
android:key="aware_donate_usage"
android:persistent="true"
android:title="Lew AWARE team know you are using it" />
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo here.

denzilferreira
denzilferreira reviewed Sep 30, 2016
View reviewed changes
aware-phone/src/main/res/xml/aware_preferences.xml
android:defaultValue="false"
android:key="aware_donate_usage"
android:persistent="true"
android:title="Lew AWARE team know you are using it" />
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo here.

rkdarst added 2 commits October 2, 2016 23:35
@rkdarst
Improve the certificate handling protocol.
fd978f9 
- Refactoring of SSLManager to handle new protocol.
  - handleUrl is the new entry pointt.  Given a study URL, it
    - looks for crt, crt_url, or crt_sha256 query parameters and
      uses those if avaliable.
    - Uses the old method as a fallback, GET http://<host>/public/server.crt
  - Study joining does NOT use query parameters, when you scan a QR code the
    webservice_server URL is everything except the query parameters.
- New option key_strategy
  - "once" -> keys are never downloaded again.  If a new key is given
    by QR code, that will be used always.
  - default: re-download the cert at any time.
  - In the future, a good strategy would involve sending new keys via
    the webservice and accepting multiple keys per server.
- TODO: what is the cert management policy of api.awareframework.com.
- URL parsing uses the Uri class now (but not everywhere)
@rkdarst
Option to donate usage data to AWARE project
4da8829 
- Menu option which turns on the usage information.
- Usage information sent to api.awareframework.com, like before.
- Defaults to false, but can always be turned on by user, even if they
  are in a study.
@rkdarst
Copy link
Contributor Author

rkdarst commented Oct 2, 2016

OK, this is a bit of a big commit. There are two commits now:

"Improve the certificate handling protocol."

  • Read the commit message for basic intro.
  • This adds support for what was discussed in Cert pinning tetujin/aware-client-ios#4. This was a sort of soft dependency, since in order to run the usage data donation I adjusted the cert-getting for the pinged server. In the end I should have made them non-dependent, but then the pull requests depend on each other.
  • I use a lot of java utilities where appropriate, but I am not sure if I have done things The Right Way.
  • handleURL is the new entry point, and the intent service delegates to that.
  • QR code scanning now also has to be able to strip off query parameters, which it does properly.
  • New key_strategy option which can be used to specify that keys should not be updated once saved (however URL-embedded keys are always used)
  • In the future there should be ability for multiple keys, which would allow graceful key upgrades via webservice (webservice says "here are two keys you should have in your DB", after all clients have two, then it can change over).

Donate usage data:

  • updated the text.

@denzilferreira denzilferreira merged commit 0831784 into denzilferreira:master Oct 3, 2016
@rkdarst rkdarst deleted the donate_usage branch March 12, 2017 22:20
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@denzilferreira denzilferreira denzilferreira left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rkdarst @denzilferreira