Improving User Experience using The Cloud

In part one of this series of blog posts, we discussed the importance of the user experience within the mobile industry, and how your API has a significant role in this. We followed up with part two, which demonstrates how to make API responses smaller and therefore use less network and fewer battery resources for mobile consumers.

Continue reading “Improving User Experience using The Cloud”

Mobile Apps Load Testing

Mobile App development does not stop when you build your app and have a binary ready to be installed on the device. Regardless of how good your code is or how much unit and regression testing you performed, there are elements that need to be tested under different circumstances, for example, data traffic, the number of users, location, and high latency in the mobile network.

Continue reading “Mobile Apps Load Testing”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Release of v3.15 of the Red Hat Mobile Application Platform

Red Hat Mobile Application Platform (RHMAP) lets teams extend their development capabilities to mobile by developing collaboratively, centralizing control of security and using back-end integration with a range of cloud deployments.

We have just completed the deployment of the RHMAP v3.15 to all our actively updated grids.

Please pay particular attention to notes on deprecations and upcoming removals.

Full release notes including a list of known issues, customer-facing bug-fixes and changes are available on the Customer Portal here.

Continue reading “Release of v3.15 of the Red Hat Mobile Application Platform”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Manage your Mongo Databases in RHMAP with Mongo Express

Red Hat Mobile Application Platform (RHMAP) supports an agile approach to developing, integrating, and deploying enterprise mobile applications. Most likely, your mobile apps will include one or more cloud apps which will require persistence support such as a Mongo Database. But managing databases is not always easy, as command line support for this databases is complex and not always available.

To ease this pain, Mongo Express can be used as an database GUI. For the mongo databases in your cloud apps, it is a powerful and intuitive tool which can be used in conjunction or as substitute for the default database browser. The main benefits from using “Mongo Express” instead of “Data Browser” are:

  • Can run complex queries
  • In-depth stats for every view
  • Supports BSON types as TimeStamp() or DBRef()

IMPORTANT: there are some implications when using Mongo Express as a database manager:

  • Mongo Express can only manage the databases in one Cloud App and environment at a time
  • There is no authentication by default when using Mongo Express as explained in this article so take into account all the security issues that this may arise [1]
  • Users running the platform on the RHMAP should upgrade their databases if it was not upgraded before

[1] Check the Annex ‘how to add authentication’ to overcome this issue

Continue reading “Manage your Mongo Databases in RHMAP with Mongo Express”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

What is mobile security? What is the mobile security ecosystem?

I was recently introduced to a published draft by the National Institute of Standards and Technology (NIST) from the U.S. Department of Commerce which talks about assessing the threats to mobile devices & infrastructure. The document discusses the Mobile Threat Catalogue which describes, identifies and structures the threats posed to mobile information systems.   This blog summarizes the 50-page document with added context and commentary based on my experience in the mobile industry helping organizations building mobile apps.

More than ever before in today’s connected world, the security and protection of our information has the highest priority. Recent Distributed Denial of Service (DDoS) attacks that brought down the internet were generated with the unauthorized use of the Internet of Things (IoT) devices, proving yet again that security breaches can be crippling. The use of mobile devices continues to grow globally and most organizations now have mobile apps that access mission critical information.   It is then important to have a broader view of the entire mobile security ecosystem and understand everything that involves mobile security. As they say, “information is the most powerful weapon”  – in this case to protect our mobile solutions.

The NIST document outlines a catalog of threats to mobile devices and associated mobile infrastructure to support development and implementation of mobile security solutions to better protect enterprise information technology (IT). Smartphones and tablets running modern mobile operating systems are the primary targets in this analysis, not IoT devices.

Mobile devices contain integrated hardware components to support a variety of I/O mechanisms and while some of the communication mechanisms are wireless (i.e., cellular, WiFi, Bluetooth, GPS, NFC), they also include physical connectors (i.e., power and synchronization cable, SD cards, SIM cards, etc.). Wireless and wired device communication mechanisms expose the mobile device to a distinct set of threats and must be secured or the overall security of the device or app may be compromised.  [1]

What do we secure?

Since mobile devices can store a lot of data, personal and enterprise data becomes a target, from sensitive information like home address, telephone number, medical information and credit card numbers to authentication information (users & passwords).   Protecting data also means protecting identity as identity theft can be used to gain unauthorized access to information that can then be compromised or stolen.

Mobile Security Ecosystem

Here the Mobile Security Ecosystem relates to general threat categories that need to be reviewed and understood.

Threats to mobile apps can be classified in 2 groups:

  1. Software vulnerabilities to exploit data residing within the mobile app running on the mobile operating system, and
  2. Malicious or privacy-invasive apps that identify malware based threats to damage your device and/or mobile service.

There are different types of authentication mechanisms for mobile apps; authentication access to devices, to remote services, to remote networks, and to enterprise systems. Vulnerabilities in the mobile apps represent a very high risk of compromising sensitive personal or enterprise data. In summary,  mobile app security is about data protection in the mobile app itself.  

Checklist for Securing Mobile Applications

While building mobile apps, the architecture, and design of the app becomes a critical first step for security,  decisions need to be made and best practices need to be followed.  

Here’s a checklist of considerations for the architecture design.

  • Data transfer encryption
  • Data-at-Rest encryption
  • Store on device and/or store on the cloud
  • Data input validation
  • Use of tokens or keys
  • Hashing and salting passwords
  • Authentication and corporate Identity Management Integration
  • Security policies with an Enterprise Mobility Management system (EMM)
  • Need for VPN connectivity
  • Backend integrations (legacy, web services, RESTful APIs, etc.), use only the data you need, do not transfer everything
  • Secure storage in the cloud and on-premise
  • Files permissions
  • Log files and auditing information
  • Plan for penetration tests
  • Government or regulatory compliance
  • Choice of Mobile Application Development Platform features

More information about mobile app development security best practices by major players in the space:

Enterprise Mobility Management

EMM systems are a common way of managing employee mobile devices in an enterprise. They include a combination of mobile device management (MDM) and mobile application management (MAM) functionality. MDM focuses securing and monitoring mobile devices, while MAM focuses on app distribution and controlling user access to apps. The key feature for EMM systems is to deliver mobile policies, such as only allowing a whitelisted set of applications to run, remote data wipe, ensuring a lock screen and disabling certain device peripherals (e.g., camera).  Different vendors offer different sets of policies, it is important to compare and review differences.  These are implemented via SDKs developers have to use while building apps or by a “wrapper” mechanism on built mobile app binaries.

Other sources of vulnerabilities in the mobile ecosystem

Mobile Operating Systems

Vulnerabilities found at mobile operating systems level which are typically addressed by the platform vendors in a form of patch or new release (Android, iOS, Windows). An example of vulnerabilities is Android 2.3 Gingerbread which is no longer supported by Google and has been considered one of the mobile operating system versions with the most malware attacks.

Device Drivers

Plugins provide access to device hardware and other peripheral device functionality that is ordinarily unavailable to web-based apps (i.e.. camera, geolocation, device motion, accelerometer, vibration, battery status).  Apache Cordova plugins are an example of mobile apps using device functionality and a potential security risk, especially when developers create their own plugins or identify a vulnerability on Cordova. Just like the mobile operating systems, Cordova, and similar products report and address security issue, for example, a critical issue identify on Apache Cordova for Android 4.0.2 and 3.7.2 releases.

SD Cards

SD cards are removable memory used to expand the storage capacity of mobile devices to store data such as photos, videos, music, and application data. Similar other media devices in the Laptop/Desktop world,  SD cards can be source of malware and spyware.

SIM Card

This removable hardware is a chip housing the International mobile subscriber identity (IMSI) needed to obtain access to cellular networks, pre-shared cryptographic keys,  the phone number and even contact information.  Every mobile device has a SIM card (3G & 4G) making it the most widely used security token in the world,  still hackers can send properly signed binary SMS (text messages), which downloads Java applets onto the SIM that can access phone number and identity information.  Use of modern SIM cards with the latest cryptography an SMS firewall for selection of binary SMS to trust are recommended to secure SIM Cards.

Mobile carrier infrastructure and interoperability

This relates to the Mobile Operator and includes threats to the base stations, network backhaul, cellular network cores and signaling threats associated with the widely used Signaling System No. 7 (SS7) networks in the mobile networks.  With 4 Generation (4G) mobile networks the move from proprietary networks and protocols to IP-based networks brought a lot of changes, many of the positive from the operation side, but at the same time brought new security risks never seen by Mobile Operators.    There is not much either a mobile app developer or an organization can do at the network infrastructure level to tackle such vulnerabilities, but it is important to be aware of the risks at infrastructure and interoperability level.

There are many more details, a lot more things to learn with regards to mobile app security, an understanding of the ecosystem and the security threats is a good first step to take on building your secured mobile solutions.

[1] http://csrc.nist.gov/publications/drafts/nistir-8144/nistir8144_draft.pdf

Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

A step-by-step tutorial for continuous integration with Jenkins for a Red Hat Mobile Native iOS application

This post was originally published on redhat.com.

Part 1: Adding Unit Tests to Native iOS Red Hat Mobile Application Platform Application

A robust and agile mobile application development environment requires continuous integration and delivery. It also requires an integrated and automated unit testing process that helps bring applications to market successfully. This two-part series details my work done at the Red Hat Open Innovation Labs and as a Mobile Technical Account Manager to capture these mobile innovations in a useful, repeatable way. In part one of this two-part series, I break down the steps to create and unit test a native iOS application using Red Hat Mobile Application Platform. In part two, I’ll show how Jenkins can be used to automate continuous integration and unit testing of that Mobile app. If you would like to try out our Red Hat Mobile Application Platform product please visit our Red Hat Mobile Application Platform site.

Continue reading “A step-by-step tutorial for continuous integration with Jenkins for a Red Hat Mobile Native iOS application”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Improving user experience for mobile APIs using the cloud

For your end users, one of the most important aspects of your API is the perceived response time — if your mobile application takes an excessive amount of time to load data, users will get frustrated.  

In this series of blog posts, we’ll cover three ways to approach building a RESTful API that leads to better user experience by minimizing perceived response time. These strategies include: processing requests quickly, reducing payload sizes, and eliminating requests entirely, or only downloading data that has changed. And, we’ll show you how to do each by providing sample node.js code that can be deployed ‘as is’ on Red Hat Mobile Application Platform to build a better mobile API.  

But, before getting into each strategy, why are these important? The user interface (UI) and user experience (UX) are extremely important to the success of mobile applications.

Continue reading “Improving user experience for mobile APIs using the cloud”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Release of v3.14 of the Red Hat Mobile Application Platform

We have just begun the deployment of the Red Hat Mobile Application Platform v3.14 to all our actively updated grids. This will be complete by Oct 21st.

Please pay particular attention to the notes below on Node.js 0.10.x, Cordova Light and CocoaPods 1.x.

Continue reading “Release of v3.14 of the Red Hat Mobile Application Platform”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Announcing fully containerized Red Hat Mobile Application Platform 4.2

Last June, we announced the availability of version 4.0 of our product. This was the culmination of months of hard work and demonstrated our constantly expanding set of capabilities. I went on to recap the key technology choices made over five years ago, choices that proved to be visionary for our mobile platform’s architecture and functionality: Node.js and containers. We are very proud of our accomplishments with Red Hat Mobile Application Platform 4.0 and the new technologies we introduced to our  Mobile Backend-as-a-Service (MBaaS) component.

Well, now we are back again with another major announcement. Not only have we provided new underlying technologies for the important MBaaS component, but today, with version 4.2, we are launching our Core Mobile Application Platform running on the same foundation of Red Hat Enterprise Linux (RHEL) and Red Hat OpenShift Container Platform, leveraging docker formatted containers and Kubernetes orchestration for our entire product’s infrastructure. Starting today, we have a full Mobile Application Platform that can be installed on-premise, in private clouds or in public clouds and is fully supported from the ground up by our world-class Red Hat support team.

Our top-notch team of Engineers and Solution Architects is always happy to talk to you about our mobile platform architecture and technologies. We love to talk about all the goodness you get with Red Hat Mobile Application Platform (RHMAP): containers, security, microservices, JavaScript, Node.js, APIs, automation and, of course, mobile apps. However, first let me talk to you about the problems our product solves for you and your organization.

Continue reading “Announcing fully containerized Red Hat Mobile Application Platform 4.2”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Top 10 "Yum" installables to be productive as a developer on Red Hat Enterprise Linux

Red Hat Enterprise Linux (RHEL) is not Ubuntu. Out of the box, it seems the default packages installed for developers are somewhat limited. To provide exceptional long-term stability, Red Hat takes a different approach to default packages and software repositories (repos). Development tools aren’t installed unless specifically selected. The repos that are initially enabled only contain packages that Red Hat supports over the long term lifecycle of RHEL. Because RHEL’s default repos don’t have as large a selection of development tools as other freely available operating systems’ servers, that doesn’t mean you are out of luck. Enabling a few additional repos from Red Hat and a third party makes a wide variety of packages available using the same familiar yum commands.

In preparing to write this article, I spent hours scouring RHEL’s package lists in order to highlight some of the most useful “yum” installables that you can use to supercharge your development productivity. Some are available from the default repos, others require enabling an additional repo which I’ll point out. Here are my top 10.

Continue reading “Top 10 "Yum" installables to be productive as a developer on Red Hat Enterprise Linux”