Issues webview Android application - javascript

I make a web application using quasar and java spring boot backend. I convet my web application to an Android application using webview. But when i published in play store, its gives security issue for my backend server url. But i do not collect any data or install anything in Android apps or user device but Google gives an exception in my Android App. How can i fix this issue in Android web-view apps.

This warning is sent by Google Safe Browsing service, which is embedded in the Google Chrome Browser and several other browsers, this service looks for vulnerabilities principally in the markup; for example open tags that could lead to a code injection or other possible threats. The Safe browsing service is independent of the GCP Serverless services, this means that GCP is not marking the site as dangerous.
To prevent this message from appearing, or remove it we can do the following:
Look out for potential vulnerabilities in the app, once the changes have been made, you can use this page to see the Safe Browsing Status.
If you think that there was a mistake, you can request a review to remove the Phishing Warning in this site.
It is highly recommended to take a look a this documentation to understand what could be the reason behind the message

My issue is now fixed. It ended up being a hosting server issue. Google had me on a black list, but now its fixed.

Related

Can I use Google Auth 2.0 from any origin?

I develop modal window with React.js, that can be distributed for several sites via some kind of web application market.
So I faced the issue, that for any website, that would install this extension (btw it's builded to a simple html page + couple of js files, so app will be hosted directly on website of even customer), Google auth error will throw exception of invalid origin.
So is there any way to find a workaround for my case?
btw now I'm using react-google-login library
Google allows you to set multiple URIs. Just take a look in the settings.

Source visibility in ionic hybrid apps

I've just started learning ionic framework. It uses web browser capabilities for building apps.
These capabilities namely HTML, javascript and CSS are client side stuff. Which on browsers can be seen with view source.
My questions is how will be the visibility of the source? Will the end user be able to see the source of the app?
If yes, is it normal for any app? Shall one be worried about the security of the source?
The visibility of the source in chrome://inspect#device , is pretty much the whole application. And no, end user cannot see the source of your application once you set and push the project to production mode.
Well, since you are developing a hybrid application, there are of course, pros and cons for each. Security might not be as strong as native apps, but development time is greatly reduced to push the app to different platforms.
If you would to do something would requires high security and non-visibility of your source , then native is the way to go. As for hybrid apps,if you need somewhere to store your data securely, you will need plugins to communicate with native platform's secure storage which might pose a security risk. But then again, even native applications can be de-compiled. The way developers tries to make it harder is via obfuscation methods.
Once u set your application to production mode, you will not be able to inspect your application anymore.
To show your web-app on chrome://inspect/#devices :
1) Make sure your web-app is running and your phone is plugged into your computer via usb with USB debugging on and your PC is trusted by the phone.
2) Under device manager, you should not have missing phone drivers. (it would look something like this)
3) ADB should not be running co-currently. And you should be able to see something like this on ur inspect page:
4) Click on inspect button and you're done! (:
You have a signed apk, when you install it on a device and inspect the device on google chrome the inspect option will not be available. Theres an easy way to do that decompile the signed apk using apktools you will get the AndroidManifest.xml file. simply add android:debuggable="true" to the tag and recompile it resign it and you will be able to inspect it. If you check the main.js file in the inspect section the source code is visible.
Hence you can use Jscrambler to prevent this (Its a paid service i too am new to it)

How to get Google Drive API example to run in Phonegap application (support for Android)?

I have successfully been able to use the example provided for the Google Drive API to authenticate and get files & folders of a user's Drive (https://developers.google.com/drive/web/quickstart/quickstart-js).
But I need to convert this example to be able to launch on an Android device using Phonegap. When I run the Phonegap application I get the following error:
Refused to display document because display forbidden by X-Frame-Options.
I have had a look at some answers for dealing with this error for other applications such as including SAMEORIGIN for X-Frame-Options in the meta tag and running the application in the emulator to see if it works but it does not. I have also made sure that the inAppBrowser plugin has been added.
Note, I am using localhost to test the application. I'm not sure if this will cause an issue.
I'm not sure how to solve Google Drive authentication in a Phonegap application.
I'm not sure what your issue is at this point, nor what you are ultimately wanting to do with your app. Consider looking at Filepicker.io as a PhoneGap integration point for Google Drive. Filepicker.io Home Page and the github repo for the plugin

How to run a script from the Web in a Windows 8 app?

My organization already developed iOS and Android apps, and is starting to develop an app for Windows 8. In case it matters, the app is using Phonegap a.k.a. Cordova.
On the existing apps, the user downloads a very "slim" app from the store, containing a minimal HTML page. The user logs into a server, and then script tags are dynamically added pointing to locations on that server. Similar to web apps, scripts are downloaded to the client and then executed.
Windows 8's new security model blocks this behavior. Since the app runs in the local context and the script is on the web, I get the error "An app can’t load remote web content in the local context."
Is there a way to get around this restriction?
I'm open to "creative" suggestions and hacks, up to a point. I've already tried a few things, such as fetching a script with plain XHR calls and then injecting the response to a pre-defined script tag. Windows blocked this and all other attempts.
I also considered rendering everything in an iframe with a "ms-appx-web:" scheme (learned about this scheme here, "Schemas and contexts" section). This might allow me to load remote scripts, but would prevent code from accessing APIs of the locally-running JavaScript code -- Cordova and Windows Runtime. This access is necessary for my app. If there's a way to access Cordova and Windows Runtime from the web context, that might be useful too.
I very much doubt it.
The whole point of the MS Windows Store certification model is that they can test your code for malware/ crashes. If you can change the code on the fly, you could ship a perfectly harmless app, have it certified by MS, and then change it to something dreadful after the user installs it.

Simple application to aggregate information from multiple web services in fullscreen

Whats the easiest way to build a simple 'web' application which is a single page, that just refreshes itself (using AJAX or something) to display continuously changing data hosted on various different servers on the internet?
I want to interface with (for example) Twitter, Facebook, Skype, Google Calendar, and any number of other services that have some type of web API.
The application does not need to allow user interaction other than to configure it with the authentication parameters needed to access those services.
It should be able to run full-screen with no UI elements showing, just the pretty information I am displaying.
I started to write an HTML file using Jquery but I am running into "Same Origin Policy" issues. Is there a way around this?
I'd love to just write this in Html/Javascript and run it in Google Chrome, is that possible somehow? I don't know how to get around SOP without hosting my own web server as a proxy to cross the domains.
Is there another alternative that is still pretty easy and simple? I looked into using the Windows Vista Sidebar but apparently you can't have a full-screen gadget.
I figured out that I can use the command line option for chrome:
--disable-web-security
And it will allow me to workaround the same origin policy, and since I am using this for a local application I can put the app in a virtual machine and let it run without too much worry.

Categories

Resources