Professional Documents
Culture Documents
20bce0610 VL2022230103815 Pe003
20bce0610 VL2022230103815 Pe003
20bce0610 VL2022230103815 Pe003
PROJECT REPORT
Submitted in partial fulfilment for the J-Component
2. Reverse-engineering
Some hackers use dedicated tools to reverse-engineer the app's
source code. This can reveal a company's core business logic, which
can be used by competitors to steal ideas and tactics.
9. Observing logs
Sometimes the developers of the app put logs to debug the
application, and forget to remove them before releasing to
production. Anyone can simply observe these logs and get insight into
the working of the apps.
10. Observing unencrypted network traffic
If the app's communication with server is not encrypted correctly, all
the communication can be read in plain language by an observer. This
includes the credentials passed to the server, sensitive information
returned by the server etc.
REVERSE ENGINEERING
In simple terms, reverse engineering, in this case, is application
development, only backward. Hackers often disassemble apps piece
by piece in order to understand the algorithms and workflows,
followed by exploiting detected vulnerabilities.
There are two main flows through which the user can interact
and navigate.
1.Authentication flow through which user can either log in
or sign up through their own e-mail and ID or through Gmail e-
mail address in order to log in and create an account for the
meeting application.
2.The next 3 pages are all intended to be used with the
main of functionality and includes searching for a friend
through the search tab by which a list of various friends will be
listed and the user can select or choose them and add them to
their following list. Another page is the view-all page, where
viewers can see their friends’ pages and interact with them as
well as see their caption or log out of the application the third
and final page is the users on profile page through which he can
view his profile details update them as well as view his images
that he's uploaded and upload images to his friends
3.Users will also be able to view the various events
happening around the university campus through the
information page which stores various information such as the
location the event name the event timing so that they can go
and share them to their friends as well.
APP SCREENSHOTS:
IMPACT:
The impact of the system is to better integrate and connect
student to the social media platform specifically to VIT Vellore
itself and to find out more about all the events happening, as well
as know about and discover their friend circles around them.
While normal media platforms provide an audience much larger,
MeetIn aims to create a homegrown audience through its User
Generated Content and its localization to VIT and the events there
itself. The various attacks on the application will have a significant
impact. This is because the user database will get compromised as
well as the safety of private information and the organization as
well since the large-scale attack will create billing impact and thus
negatively affect developer by high request reads to the database,
which can also reduce service and stop app main functionality.
EXPLANATION AND ARCHTECTURE DIAGRAM:
1. SQLite Injection:
2.Intent Injection:
4.Authentication Spoofing:
Database Hacking:
Tap Jacking
Clicking on the homepage redirects you to a random
advertisement page on your web browser without user
permission. this is because malicious user creates a view in front
of the actual activity in order to make user click on something they
are not. This is like an iframe in the case of websites on the
Internet
SQLite Injection
This is like tap jacking but in the sense that user is able to access
another application using external intents which allows them to
send data to any form of other social media which can be
WhatsApp Facebook etc. In the given case the application where
is sending data is to the e-mail and it automatically filling in the
information without explicitly asking you.
RESULTS:
4.Database Side:
Writing robust secure roles in the firebase role section is the most
versatile and important method in order to secure the database in
the given scenario the database is secured by confirming the user
unique ID that firebase assigned on creation of a new user. This
prevents unknown person from accessing the database, and only
admin can do so only after authorization as well.
Attempting to perform a database snooping using .json method
now shows an error since we are not authorized to access the
database.
Permission Manager:
Using a permission manager application ensures that there is no
application overall which is snooping into the phone and asking
for unnecessary requests or permissions. It also prevents apps
from accessing and moving into another application from their
current application. This is the most common and deadliest form ,
so restricting an apps permission to only what it needs is an
important task that must be performed.
Android: Exported=”false”