Mobile Apps Load Testing

Mobile App development does not stop when you build your app and have a binary ready to be installed on the device. Regardless of how good your code is or how much unit and regression testing you performed, there are elements that need to be tested under different circumstances, for example, data traffic, the number of users, location, and high latency in the mobile network.

Continue reading “Mobile Apps Load Testing”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Manage your Mongo Databases in RHMAP with Mongo Express

Red Hat Mobile Application Platform (RHMAP) supports an agile approach to developing, integrating, and deploying enterprise mobile applications. Most likely, your mobile apps will include one or more cloud apps which will require persistence support such as a Mongo Database. But managing databases is not always easy, as command line support for this databases is complex and not always available.

To ease this pain, Mongo Express can be used as an database GUI. For the mongo databases in your cloud apps, it is a powerful and intuitive tool which can be used in conjunction or as substitute for the default database browser. The main benefits from using “Mongo Express” instead of “Data Browser” are:

  • Can run complex queries
  • In-depth stats for every view
  • Supports BSON types as TimeStamp() or DBRef()

IMPORTANT: there are some implications when using Mongo Express as a database manager:

  • Mongo Express can only manage the databases in one Cloud App and environment at a time
  • There is no authentication by default when using Mongo Express as explained in this article so take into account all the security issues that this may arise [1]
  • Users running the platform on the RHMAP should upgrade their databases if it was not upgraded before

[1] Check the Annex ‘how to add authentication’ to overcome this issue

Continue reading “Manage your Mongo Databases in RHMAP with Mongo Express”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

What is mobile security? What is the mobile security ecosystem?

I was recently introduced to a published draft by the National Institute of Standards and Technology (NIST) from the U.S. Department of Commerce which talks about assessing the threats to mobile devices & infrastructure. The document discusses the Mobile Threat Catalogue which describes, identifies and structures the threats posed to mobile information systems.   This blog summarizes the 50-page document with added context and commentary based on my experience in the mobile industry helping organizations building mobile apps.

More than ever before in today’s connected world, the security and protection of our information has the highest priority. Recent Distributed Denial of Service (DDoS) attacks that brought down the internet were generated with the unauthorized use of the Internet of Things (IoT) devices, proving yet again that security breaches can be crippling. The use of mobile devices continues to grow globally and most organizations now have mobile apps that access mission critical information.   It is then important to have a broader view of the entire mobile security ecosystem and understand everything that involves mobile security. As they say, “information is the most powerful weapon”  – in this case to protect our mobile solutions.

The NIST document outlines a catalog of threats to mobile devices and associated mobile infrastructure to support development and implementation of mobile security solutions to better protect enterprise information technology (IT). Smartphones and tablets running modern mobile operating systems are the primary targets in this analysis, not IoT devices.

Mobile devices contain integrated hardware components to support a variety of I/O mechanisms and while some of the communication mechanisms are wireless (i.e., cellular, WiFi, Bluetooth, GPS, NFC), they also include physical connectors (i.e., power and synchronization cable, SD cards, SIM cards, etc.). Wireless and wired device communication mechanisms expose the mobile device to a distinct set of threats and must be secured or the overall security of the device or app may be compromised.  [1]

What do we secure?

Since mobile devices can store a lot of data, personal and enterprise data becomes a target, from sensitive information like home address, telephone number, medical information and credit card numbers to authentication information (users & passwords).   Protecting data also means protecting identity as identity theft can be used to gain unauthorized access to information that can then be compromised or stolen.

Mobile Security Ecosystem

Here the Mobile Security Ecosystem relates to general threat categories that need to be reviewed and understood.

Threats to mobile apps can be classified in 2 groups:

  1. Software vulnerabilities to exploit data residing within the mobile app running on the mobile operating system, and
  2. Malicious or privacy-invasive apps that identify malware based threats to damage your device and/or mobile service.

There are different types of authentication mechanisms for mobile apps; authentication access to devices, to remote services, to remote networks, and to enterprise systems. Vulnerabilities in the mobile apps represent a very high risk of compromising sensitive personal or enterprise data. In summary,  mobile app security is about data protection in the mobile app itself.  

Checklist for Securing Mobile Applications

While building mobile apps, the architecture, and design of the app becomes a critical first step for security,  decisions need to be made and best practices need to be followed.  

Here’s a checklist of considerations for the architecture design.

  • Data transfer encryption
  • Data-at-Rest encryption
  • Store on device and/or store on the cloud
  • Data input validation
  • Use of tokens or keys
  • Hashing and salting passwords
  • Authentication and corporate Identity Management Integration
  • Security policies with an Enterprise Mobility Management system (EMM)
  • Need for VPN connectivity
  • Backend integrations (legacy, web services, RESTful APIs, etc.), use only the data you need, do not transfer everything
  • Secure storage in the cloud and on-premise
  • Files permissions
  • Log files and auditing information
  • Plan for penetration tests
  • Government or regulatory compliance
  • Choice of Mobile Application Development Platform features

More information about mobile app development security best practices by major players in the space:

Enterprise Mobility Management

EMM systems are a common way of managing employee mobile devices in an enterprise. They include a combination of mobile device management (MDM) and mobile application management (MAM) functionality. MDM focuses securing and monitoring mobile devices, while MAM focuses on app distribution and controlling user access to apps. The key feature for EMM systems is to deliver mobile policies, such as only allowing a whitelisted set of applications to run, remote data wipe, ensuring a lock screen and disabling certain device peripherals (e.g., camera).  Different vendors offer different sets of policies, it is important to compare and review differences.  These are implemented via SDKs developers have to use while building apps or by a “wrapper” mechanism on built mobile app binaries.

Other sources of vulnerabilities in the mobile ecosystem

Mobile Operating Systems

Vulnerabilities found at mobile operating systems level which are typically addressed by the platform vendors in a form of patch or new release (Android, iOS, Windows). An example of vulnerabilities is Android 2.3 Gingerbread which is no longer supported by Google and has been considered one of the mobile operating system versions with the most malware attacks.

Device Drivers

Plugins provide access to device hardware and other peripheral device functionality that is ordinarily unavailable to web-based apps (i.e.. camera, geolocation, device motion, accelerometer, vibration, battery status).  Apache Cordova plugins are an example of mobile apps using device functionality and a potential security risk, especially when developers create their own plugins or identify a vulnerability on Cordova. Just like the mobile operating systems, Cordova, and similar products report and address security issue, for example, a critical issue identify on Apache Cordova for Android 4.0.2 and 3.7.2 releases.

SD Cards

SD cards are removable memory used to expand the storage capacity of mobile devices to store data such as photos, videos, music, and application data. Similar other media devices in the Laptop/Desktop world,  SD cards can be source of malware and spyware.

SIM Card

This removable hardware is a chip housing the International mobile subscriber identity (IMSI) needed to obtain access to cellular networks, pre-shared cryptographic keys,  the phone number and even contact information.  Every mobile device has a SIM card (3G & 4G) making it the most widely used security token in the world,  still hackers can send properly signed binary SMS (text messages), which downloads Java applets onto the SIM that can access phone number and identity information.  Use of modern SIM cards with the latest cryptography an SMS firewall for selection of binary SMS to trust are recommended to secure SIM Cards.

Mobile carrier infrastructure and interoperability

This relates to the Mobile Operator and includes threats to the base stations, network backhaul, cellular network cores and signaling threats associated with the widely used Signaling System No. 7 (SS7) networks in the mobile networks.  With 4 Generation (4G) mobile networks the move from proprietary networks and protocols to IP-based networks brought a lot of changes, many of the positive from the operation side, but at the same time brought new security risks never seen by Mobile Operators.    There is not much either a mobile app developer or an organization can do at the network infrastructure level to tackle such vulnerabilities, but it is important to be aware of the risks at infrastructure and interoperability level.

There are many more details, a lot more things to learn with regards to mobile app security, an understanding of the ecosystem and the security threats is a good first step to take on building your secured mobile solutions.

[1] http://csrc.nist.gov/publications/drafts/nistir-8144/nistir8144_draft.pdf

Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

A step-by-step tutorial for continuous integration with Jenkins for a Red Hat Mobile Native iOS application

This post was originally published on redhat.com.

Part 1: Adding Unit Tests to Native iOS Red Hat Mobile Application Platform Application

A robust and agile mobile application development environment requires continuous integration and delivery. It also requires an integrated and automated unit testing process that helps bring applications to market successfully. This two-part series details my work done at the Red Hat Open Innovation Labs and as a Mobile Technical Account Manager to capture these mobile innovations in a useful, repeatable way. In part one of this two-part series, I break down the steps to create and unit test a native iOS application using Red Hat Mobile Application Platform. In part two, I’ll show how Jenkins can be used to automate continuous integration and unit testing of that Mobile app. If you would like to try out our Red Hat Mobile Application Platform product please visit our Red Hat Mobile Application Platform site.

Continue reading “A step-by-step tutorial for continuous integration with Jenkins for a Red Hat Mobile Native iOS application”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Improving user experience for mobile APIs using the cloud

For your end users, one of the most important aspects of your API is the perceived response time — if your mobile application takes an excessive amount of time to load data, users will get frustrated.  

In this series of blog posts, we’ll cover three ways to approach building a RESTful API that leads to better user experience by minimizing perceived response time. These strategies include: processing requests quickly, reducing payload sizes, and eliminating requests entirely, or only downloading data that has changed. And, we’ll show you how to do each by providing sample node.js code that can be deployed ‘as is’ on Red Hat Mobile Application Platform to build a better mobile API.  

But, before getting into each strategy, why are these important? The user interface (UI) and user experience (UX) are extremely important to the success of mobile applications.

Continue reading “Improving user experience for mobile APIs using the cloud”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Release of v3.14 of the Red Hat Mobile Application Platform

We have just begun the deployment of the Red Hat Mobile Application Platform v3.14 to all our actively updated grids. This will be complete by Oct 21st.

Please pay particular attention to the notes below on Node.js 0.10.x, Cordova Light and CocoaPods 1.x.

Continue reading “Release of v3.14 of the Red Hat Mobile Application Platform”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Release of v3.13 of the Red Hat Mobile Application Platform

We have just completed the deployment of the Red Hat Mobile Application Platform v3.13 to all our actively updated grids. This is mainly a bug-fix and enhancement release with no major new features.

Please pay particular attention to the extra notes below on Node.js 0.10.x, Cordova Light and CocoaPods 1.x.

Continue reading “Release of v3.13 of the Red Hat Mobile Application Platform”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Release of v3.12 and v4.1 of the Red Hat Mobile Application Platform

Red Hat Mobile Application Platform lets teams extend their development capabilities to mobile by developing collaboratively, centralizing control of security and using back-end integration with a range of cloud deployments.

We have just completed the deployment of the Red Hat Mobile Application Platform v3.12 and v4.1 to all our actively updated grids. The main features of this release are:

MBaaS v4.1

v4.1 of our MBaaS, which runs on the OpenShift Container Platform 3, includes the following:

  • Support for OpenShift Container Platform 3.2
  • Support for Node.js 4.4.2 LTS from Red Hat Software Collections (RHSCL)
  • Support for MongoDB 3.2 from RHSCL

We recommend that all existing MBaaS 4.0 installation upgrade to 4.1 and also upgrade from OpenShift 3.1 to 3.2

Instructions on how to upgrade from 4.0 to 4.1 MBaaS are here.

A new summary document with a step-by-step guide on how to install 4.1 MBaaS is here.

Important Note: Whilst MongoDB 3.2 is available on MBaaS 4.1, we have not yet moved to it on RHMAP Hosted (3.12), due to the complex nature of MongoDB upgrades. This will be available in a later release, TBA.

Continue reading “Release of v3.12 and v4.1 of the Red Hat Mobile Application Platform”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Release of v3.11 of the Red Hat Mobile Application Platform

We have just completed the deployment of the Red Hat Mobile Application Platform v3.11 to all our actively updated grids.

The main features of this release are:

  • Tech preview of Node.js 4.4.2 LTS as an option for your Cloud Code
  • Google Play Store changes (POSSIBLE ACTION REQUIRED)
  • Updating Forms Apps to new versions of Cordova and Cordova Plugins
  • Updating Cordova “Light” Apps to new versions of Cordova and Cordova Plugins (POTENTIAL BREAKING CHANGE)
  • Announcement of  future deprecation of Node.js 0.8.x
  • Updating Xamarin support to v5.x
  • Addition of options for CSV and PDF in Forms Submissions retrieval via API

Node.js 4.4.2 LTS Tech Preview

When you deploy your Cloud Code or Services, you can now select Node 4.4.2 LTS as the target version, in addition to the existing Node 0.10.x. Note that 0.10.x remains the default in this release. Re-deployment of existing code will also default to 0.10 unless you manually select 4.4.2.

Whilst 4.4.2 is fully functional for your code, we are calling it a Tech Preview as not all of our templates have been fully ported to this version.

Google Play Store changes (Possible Action Required)

It is important to note that Cordova apps of any kind, built with Cordova < 4.1.1 will be rejected by the Google Play Store after July 11 2016. This affects Cordova, Cordova Light and Forms Apps on RHMAP, whether you build them locally or on our Build Farm.

If you wish to put those apps in the public Google Play Store after July 11, you must update those Apps to Cordova > 4.1.1 or they will be rejected the next time you try to upload a new version. See Google FAQ here.

If you wish to update your Apps, you should do the following:

  • Cordova Apps – Please check your Cordova config.xml. If you are specifying a version of Cordova there, it must be updated to be 4.1.0 (this strangely means 4.1.1 to Cordova) or greater. E.g.
    <engine name="android" spec="~5.2.0" />

    If it’s not specified, you don’t need to change that file.

    Note: You will have to test any plugins you use to ensure they are Cordova 5.2 compatible and update as needed.

    Then rebuild your app in the Build Farm and upload it to the Google Play Store.

  • Light Apps – Once you rebuild your Light App in the RHMAP 3.11 Build Farm, it will automatically use Cordova 5.x. The older versions of our default plugins (see list here) have been tested to work with Cordova 5.2.Note: If you have added other plugins to config.json, you will need to test if they still work with 5.2 and possibly update them to the latest versions.
  • Forms Apps – Once you rebuild your standard auto-generated Forms App in the RHMAP 3.11 Build Farm, it will automatically use Cordova 5.x.Note: If you have customised the default app and added other plugins to config.json, you will need to test if they still work with 5.2 and possibly update them to the latest versions.

Latest Cordova for Forms and Light Apps

In our recent releases we updated our Cordova support for standard Cordova Apps to Cordova CLI 5.2. We are now updating both our Forms Apps and Cordova Light Apps to the same level for iOS, Android and Windows.

In a tiny number of cases, this can break some Cordova Light Apps and you need to ensure you follow the update procedure below, only if this applies to you.

Forms Apps

You should see no functional difference in the auto-generated Forms Apps with this update.

Existing Forms Apps do not need to be changed. On your next Build Farm build, they will automatically use Cordova CLI 5.2.

New Forms Apps will automatically use Cordova CLI 5.2 in the Build Farm and no action is required on your part.

Cordova Light Apps (Potential Breaking Change)

Cordova Light Apps are specific to Red Hat Mobile and provide a simple way to generate Cordova Apps using just HTML/CSS/JS. All of the Cordova pieces are handled for you by our Build Farm.

Existing Cordova Light Apps will continue to run without change. The vast majority of existing Cordova Light Apps will continue to build in our Build Farm without change. However, if you have Cordova Light apps, you must check the following (This does not apply to standard Cordova Apps):

  1. If your App is a Cordova Light App (you can see its type in the Project in the Studio)
  2. And if it is missing the www/config.json file
  3. And if you are using one of a set of Cordova plugins listed here
  4. And if you are going to re-build your application
  5. Then you need to create a www/config.json file  and update your code, using the instructions here

Again note that it is extremely unlikely that your app meets all of the above conditions, but you should check to be absolutely sure.

If you are creating any new Cordova Light Apps from scratch, you must include config.json. If you start with any of our Cordova Light templates, you will get this by default.

Future deprecation of Node.js 0.8.x

Note that Node.js 0.8 is still selectable as a target version in this release. However it has not been the default for over two years in RHMAP.

This version of Node.js has been long obsolete and is not supported by the Node.js Foundation or by Red Hat Software Collections.

For all of these reasons, we will be removing support for Node.js 0.8 by September 30 2016.

It is very unlikely you are using Node.js 0.8, but if you are, you will need to carry out any porting work to update it to Node.js 4.4.2 by this time. If your app does not need any changes, or never needs a clean redeployment, an upgrade of the Node.js version is not necessary, but is recommended.

Xamarin

We have updated our Xamarin support to v5.x and refreshed the templates appropriately. Note that Push functionality in the SDK is still in development and won’t be released in 3.11. Xamarin Apps must still be built locally and cannot use the Build Farm.

Forms

  • Forms Submissions retrieval via API now offer options for CSV and PDF. API details will be here.
  • Further performance improvements in submissions display in Studio with very large numbers of submissions

Known Issues

  • Forms and broken Environments – If you have Environments that are no longer accessible, you will get errors from the Forms section of the Studio. Please contact Red Hat Support to fix the problem.

Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Launching Red Hat Mobile Application Platform 4.0, enterprise mobility to the next level

At Red Hat Mobile, we have been working hard over the last several months on exciting new technologies.  Today we are happy to announce the general availability of Red Hat Mobile Application Platform 4.0.

Logotype_RH_Mobile_AppPlatform_RGB_Black

Following the success of our Hosted offering, we have taken the next step in the advancement of our product. Let’s take a moment to recap on a couple of key technology choices we made over 5 years ago that have proven to be visionary decisions for the architecture of a mobile platform.

  1. Node.js was chosen a long time ago (in Node years) at the beginning of 2011. Our flexible Node.js-powered  Mobile Backend-as-a-Service (MBaaS) lets you build fast and lightweight event-driven business logic and microservices that can interact with enterprise systems or cloud services on one side, and mobile apps on the other.  We have seen the exponential adoption rate of Node.js since then and over 200K modules in the NPM ecosystem. We have also grown our team of top notch Node.js expert Engineers.
  2. Another key technology decision was  the use of Linux containers for the deployment and execution of cloud apps and microservices in the MBaaS. This allowed us to have greater flexibility to build Application Lifecycle Management capabilities to manage code between development environments and cloud resources.

Without a doubt technology decisions that have been key to the success of Red Hat Mobile Application Platform (RHMAP).

 

Fast-forward to today, our team has done it again! In RHMAP 4.0 we are incorporating industry-leading Container management capabilities with OpenShift Enterprise by Red Hat, leveraging both docker containers and Kubernetes orchestration. All of this is running on a foundation of Red Hat Enterprise Linux (RHEL) 7.2. The MBaaS becomes the first Mobile Backend-as-a-Service in the market fully supported from the ground up starting with RHEL, Red Hat Software Collections, and taking our expertise in the use of containers to the next level with Docker and Kubernetes.

Continue reading “Launching Red Hat Mobile Application Platform 4.0, enterprise mobility to the next level”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!