Over The Air

| 0 comments | facebook mobile application ota12 hack day

Last week, Ali and I attended the 2012 Over The Air, a mobile applications themed hackday. It was held at Bletchley Park, home to the National Museum of Computing, among other things.

There was an extremely packed schedule comprising of talks on a whole manner of subjects relating to the mobile web. I managed to attend the talks on QR codes, WebRTC, Facebook Graph API, O2 Labs and the keynotes.

I would have loved to have seen more, however, we had a hack to build.

Ali had an mbed and a GPS/GPRS module that he had used for his solo project. We decided to use the mbed platform as they were at the event with Vodaphone 3G dongles. We created Dude, Where's My Car?

The mbed device, connected via the 3G dongle, sends GPS co-ordinates to the server every few seconds. These appear in the timeline on the website. You can then create a trip by selecting start and stop positions which is then shared with your friends on Facebook using the open graph API. We made actions of going on a trip which had properties including the trip name and geo-location data.

Ali also had a OBD (On Board Diagnostics) interface that connects to a car. Through this device, the mbed could get a number of parameters from the car such as speed, throttle, rpm, engine temperature etc. This data was added to the server along with the GPS and pased through to Facebook wihin the open graph metadata. It was then used to generate averages, minimums and maximums for the car data. All this then appears on your Facebook timeline looking like the example below.

Facebook Timeline Post

We demo-ed our hack to the judges and audience and ended up winning both the Facebook Open Graph Challenge and the Embedded Hardware Hack Challenge. They loved how we took the real-world action of driving and sharing that with your friends.

Android Read Log Permission

| 0 comments | android

When reading this post about the Facebook SDK writing a line to your Android phone's log file, I was interested to see what other applications wrote sensitive data to the log.

The log is available to any application that has the READ LOG permission. This permission is marked dangerous but users are confronted with this message:

Allows the app to read from the system's various log files. This allows it to discover general information about what you are doing with the tablet, potentially including personal or private information.

From what I have seen, that word "potentially" needs to be changed to "most definitely".

On my Samsung Galaxy S2, I found that all my texts and emails were written to the log file in plain text. I even wrote a proof of concept application to read my emails.

I see no good reason as to why applications would need to write any private data to the log. The permission is there in the first place for easy debugging which makes sense, but just writing whole emails and texts to the log makes no sense. When I receive a text, a notification is written to the notification bar which includes the text contents, including the name of the contact - this whole string, for some reason, is written to the log file. Likewise whenever I open an email in the Gmail application, the whole content of the email is written to the log file.

I did try and reach out to Google and Samsung about this issue, but after a couple of weeks have not heard anything back.

Google do not seem to be following their own advice that states:

Application developers should be careful writing to on-device logs. In Android, logs are a shared resource, and are available to an application with the READ_LOGS permission. Even though the phone log data is temporary and erased on reboot, inappropriate logging of user information could inadvertently leak user data to other applications.

Firefox Aurora Web Inspector

| 0 comments | firefox html5 video webgl

I downloaded the pre-beta version of Firefox, named Firefox Aurora. I started experimenting with it and it seemed alright but did not support the range input type which was sad, but then I right-clicked and opened up the web inspector and saw this:

WOW! - Very cool.

The 3D view of the page structure allows you to pan around and zoom using WebGL. More details are on the Mozilla Development Blog.