Discussion Forums  >  Plugins, Customizing, Source Code

Replies: 2    Views: 59

Sherry
Lost but trying
Profile
Posts: 123
Reg: Jan 05, 2013
South Africa
11,530
10/23/17 02:02 PM (3 weeks ago)

How to send data with encryption

I need to know how to make a Bt3 android app more secure because I've done an app for a corporate which needs a new version published to google play store but the corporate is getting my apk file analyzed by a 3rd party company before they will publish it and it keeps being rejected because they say "Sends Sensitive Data without Encryption – The application transmits the sensitive data without proper encryption or as a query parameter. This vulnerability allows an adversary to eavesdrop the data"

I am on self host and have a ssl certificate installed and the report to cloud and configuration url is set as https:// in the control panel. Currently the Url merge fields are set as the default in the report to cloud i.e."deviceId=[deviceId]&deviceLatitude=[deviceLatitude]&deviceLongitude=[deviceLongitude]&deviceModel=[deviceModel]&userId=[userId]" and not sure if this is part of the problem and could delete most of these fields except for userid because I use a login screen.

If updating the app to BT4 will fix this then I will but I really need help from the experts because I am a complete novice and not sure what I need to do and although my issue is with Android now i think the same thing is going to happen with ios when I need to update it later on.
 
SmugWimp
Smugger than thou...
Profile
Posts: 6251
Reg: Nov 07, 2012
Tamuning, GU
80,760
like
10/23/17 03:33 PM (3 weeks ago)
I wish I could help with Android, but again, I just haven't opened up Studio in a while. I'm updating the iOS side for the moment.

That said, here's what I've done in the BT_application.m file for the Report To Cloud method. Note the new 'doSomething' method created to handle the returned data. And all you're really going to do is substitute your URL with an https address (if applicable).

https://pastebin.com/1bL2jdrd

Hope this helps.

Cheers!

-- Smug
 
Wagnerbrock
I hate code!
Profile
Posts: 1
Reg: Oct 26, 2017
USA
10
like
10/31/17 01:49 PM (2 weeks ago)
i have a ssl certificate installed but not working!!
 

Login + Screen Name Required to Post

pointerLogin to participate so you can start earning points. Once you're logged in (and have a screen name entered in your profile), you can subscribe to topics, follow users, and start learning how to make apps like the pros.