MobilePro #80: TypeScript Enums, Vulnerability Testing Resources, Reverse Engineering Android apps

Mobile development blogs, tutorials and resources inside! March 18, 2023 Hi {NAME}, Welcome to the mobile app development world with [_mobilepro #80]( Today we dig deep into what the mobile developer community is talking about; [converting React apps to PWAs]( [handling asynchronous data in Flutter]( and our featured topic from developer insights - [TypeScript]( Developers must implement appropriate security measures and regularly update and test apps to prevent serious consequences such as financial loss and reputation damage. In this edition, our infographic features [OWASP's Top Ten Mobile Security vulnerabilities]( Intentional vulnerable Android applications in resources and take you through a [reverse engineering tutorial]( to help test your apps! We have listened to the [_mobilepro]( readership and we think this is something you have been searching for. If you liked this installment in our new series, fill in our survey below. We're committed to bringing our readers exactly what they want, so help us make the right choices! [Take the Survey!]( Thanks, Apurva Kadam Associate Editor-in-Chief, Packt Mobile Developer Community Insights - [The Ultimate Guide to Converting React Apps to Progressive Web Apps]( - Do you want to take your React app to the next level and offer your users an app-like experience without the struggle of downloading a native app? Then Progressive Web Apps (PWAs) are the answer! In this blog, you will walk through the steps on converting your React app to a PWA, allowing you to deliver an immersive, app-like experience to your users. [Know how.]( - [Share your work in progress in real time from VS Code or JetBrains]( Need to ask a teammate for some help with your code, but don’t want to push broken changes to GitHub? GitLive has a solution! This step-by-step tutorial will allow you to seek the help you need. [Explore now.]( - [Handling Asynchronous Data in Flutter - The Power of Streams]( - Flutter is a popular open-source mobile app development framework that allows developers to create high-performance, visually appealing, and feature-rich mobile apps. The stream concept is one of the essential features of Flutter, which will enable you to handle asynchronous data. This article covers Flutter's stream, its uses, and how it works. [Read more.]( - [Swift - Data Types Explained]( - Data Types are the most important part of any programming language. Swift support six data types: Int, String, Float, Double, Bool and Character. In this tutorial you will learn the significance of each type. [Know more.]( Talking TypeScript: This week TypeScript was the talk of the town in the developer community. Here are three articles that saw the most interaction: - [Typescript: Enums]( - Enums are one of the few features TypeScript has which is not a type-level extension of JavaScript. Enums allow a developer to define a set of named constants. Using enums can make it easier to document intent, or create a set of distinct cases. In this article, you'll learn about what enums are and how you can use them in your projects. Enums, short for Enumerated Types. [Learn more.]( - [How to Learn and Use TypeScript: A Comprehensive Beginner's Guide]( – This is a comprehensive resource aimed to be the last resource you will ever need to start using TypeScript. In this article, you will find tools and a mental framework to help you effectively learn and work with TypeScript. You will see learning TypeScript from a JavaScript background is more manageable than it may seem. The following sections will provide information for a beginner learning to use TypeScript for the first time. [Read on!]( - [How To Return Different Types in TypeScript]( - Conditional return types are a powerful feature of TypeScript that allow you to specify different return types for a function based on the type of the arguments. This can be useful when you want to enforce type safety and ensure that the return type matches the expected type. In this tutorial, you will learn how to return various types in Typescript. [Learn now.]( Reading from the UK or the US? Checkout our offers on [Amazon.com]( and [Amazon.co.uk]( Mobile Development Motivation "Security is a process, not a product. It's not something you buy, it's something you do." - Bruce Schneier, Security technologist and Author Food for Thought... The importance of understanding that mobile app security is not just about having the right tools or products in place, but also about implementing a continuous process of identifying and mitigating potential security risks throughout the lifecycle of the app. The quote emphasizes the need for ongoing vigilance and proactive measures to ensure that the app remains secure and protected from potential threats. Vulnerability Resources You Can't Miss! Intentional vulnerable Android applications provide an interface to assess your Android application security hacking skills. If you are looking to build secure android apps practice your security skills on these apps first! - [Allsafe]( - [InsecureShop]( - [OWASP: OMTG-Hacking-Playground]( - [Damn insecure and vulnerable App (DIVA)]( - [Damn-Vulnerable-Bank]( - [Damn Vulnerable Hybrid Mobile App (DVHMA)]( - [Owasp: Goatdroid Project]( - [InjuredAndroid]( - [ExploitMe labs by SecurityCompass]( - [InsecureBankv2]( - [Sieve (Vulnerable ‘Password Manager’ app)]( - [sievePWN]( - [ExploitMe Mobile Android Labs]( - [Hacme Bank]( - [Android Labs]( - [Digitalbank]( - [Dodo vulnerable bank]( - [Oracle android app]( - [Urdu vulnerable app]( - [MoshZuk]( [File]( - [Appknox]( - [Vuln app]( - [Damn Vulnerable FirefoxOS Application]( - [Android security sandbox]( Secure App Development The Open Web Application Security Project (OWASP) is a nonprofit foundation dedicated to improving software security. OWASP Mobile Security Project provides a comprehensive guide for mobile app developers to create secure mobile applications. The project highlights the most critical mobile application security risks that developers should consider and provides recommendations for securing mobile apps against these risks. [m]( Reverse Engineering Apps Tutorial Reverse Engineering Android applications - Extracting the Java source code Reverse app engineering is the process of analyzing and understanding the inner workings of a mobile app by decompiling its binary code, reverse-engineering the algorithms used, and understanding the data structures employed. Reverse app engineering is commonly used by attackers to identify vulnerabilities in mobile apps and exploit them for malicious purposes. However, it can also be used by app developers to analyze and improve the performance and security of their apps. The first objective of reverse engineering is to get the original source code with maximum accuracy. As we have the application package downloaded on our Ubuntu virtual machine, let's use the JADX tool to get the Java code. However, it might also be a good idea to simply unzip the APK and extract its contents to see what's inside: [Figure 3.5 – Extracted contents of the APK] Extracted contents of the APK In order to use the JADX tool, open the directory where you extracted the JADX .zip file (as explained in [Chapter 2]( Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools). Once in the directory, right-click to select the Open in Terminal option. In the opened Terminal window, type the following command to run JADX: # cd bin/ # ./jadx-gui In the JADX window, open the APK file you just downloaded. Refer to [Chapter 2]( Setting Up a Mobile App Reverse Engineering Environment Using Modern Tools, to see how to do this: [Figure 3.6 – Decompiled Java source code of the application] Decompiled Java source code of the application In the majority of applications, it is possible to reverse engineer the application package to the decompiled Java source code. However, in some cases, it is possible that the decompiled Java code does not look very clear, or multiple parts of the Java code are not readable at all in the Java decompiles [...read more]( [Read the Book]( What's Happening in Mobile App Dev? Apple - App Store pricing upgrades have expanded to all purchase types - The [most comprehensive upgrade to pricing capabilities]( since the App store first launched, are now available for all app and in‑app purchase types, including paid apps and one‑time in‑app purchases. These upgrades include: more flexible price points, enhanced global pricing, world-wide options for base price, and regional options for availability. Android - [Unlock seamless gameplay across mobile and PC with Google Play Games]( – Through a partnership with Intel, Google is making it easier to join Google Play Games on PC with an existing mobile build. While fully optimized games still offer the best experience for users and qualify for unique cross-platform marketing and promotion, you can now submit your existing mobile build in the meantime to reach players faster. So, if your mobile game already plays well on desktop, you can [express interest]( now to join Google Play Games. Microsoft - [Visual Studio 2022 v17.6 Preview 2 is now available]( - If you are a game developer, a mobile developer, or are interested in learning new tricks to better debug your code, check out this latest release. It’s as easy as upgrading your Preview channel in the Visual Studio installer. - [Announcing Polyglot Notebooks! Multi-language notebooks in Visual Studio Code]( - Polyglot Notebooks, Visual Studio Code’s multi-language notebook extension, is now generally available in the [VS Code Marketplace]( The Polyglot Notebooks extension in VS Code currently supports the following languages with more to come - C#, F#, PowerShell, JavaScript, HTML*, Mermaid*, SQL, and KQL (Kusto Query Language). - [TypeScript’s Migration to Modules]( - One of the most impactful changes in TypeScript 5.0 isn’t a feature, a bug fix, or a data structure optimization. Instead, it’s the infrastructure. In TypeScript 5.0, the entire codebase is now restructured to use ECMAScript modules and switched to a newer emit target. The codebase is faster, more modern with its dramatically streamlined build. See you next week! [Someone forwarded this email? Subscribe here!]( We understand that people move on or sometimes need a break away from emails. If you wish to stop receiving [_mobilepro]( emails, simply opt out using the button below. [Unsubscribe]( Copyright © 2023 Packt Publishing, All rights reserved. Hello, Thank you for being a part of the Newsbytes weekly newsletter. Team Packt Our mailing address is: Packt Publishing Livery Place 35 Livery StreetBirmingham, West Midlands B3 2PB United Kingdom [Add us to your address book]( As a GDPR-compliant company, we want you to know why you’re getting this email. The _mobilepro team, as a part of Packt Publishing, believes that you have a legitimate interest in our newsletter and the products associated with it. Our research shows that you,<< Test Email Address >>, opted-in for communication with Packt Publishing in the past and we think that your previous interest warrants our appropriate communication. If you do not feel that you should have received this or are no longer interested in _mobilepro, you can opt out of our emails by [unsubscribing here](. Want to change how you receive these emails? You can [update your preferences]( or [unsubscribe from this list](.