There is no problem with using App Inventor to write your own apps and share them with others. The problem is that App Inventor makes it easy to write any app – and malware authors have begun to use App Inventor to create apps that are malware and might do bad things.
“App Inventor doesn’t give malicious apps any special powers nor access to exotic exploits to attack your phone. But it does make the production of Trojanized apps enormously easy. With only a basic understanding of Android programming, an attacker can churn out tons of malicious apps. More apps means more confusion, and more opportunities for attack.”
App Inventor is a “low code”, visual software development tool. Such “drag and drop” programming tools enable non-programmers (and programmers) to create many types of applications without the details of traditional programming code.
This leads to an important issue – will less trained/less experienced programmers inadvertently introduce security problems in their applications?
Gartner predicts that by the end of 2025, over 65% of development projects will use low-code builders. The field of low-code continues to expand. But what security implications does low-code introduce? Low-code refers to tools that enable application construction using visual programming models. Adopting drag-and-drop components instead of traditional code, no-code and low-code platforms enables non-technical folks to construct their own workflows without as much help from IT. Yet, handing power to citizen developers with less security training can be risky. Plus, low-code platforms may hold compromised propriety libraries or leverage APIs that may unknowingly expose sensitive data to the outside world. There’s also the possibility that low-code could increase shadow IT if not governed well.
MIT has announced that the App Inventor for iOS (Apple iPhone and iPad) has entered beta testing. The Beta test program is currently limited, but is expected to expand in the summer, with a public release next summer.
I have redesigned the Learn2c.org web site to feature this clean and simple look, with less clutter than I had on the prior design. Do not be alarmed – its the same web site as before!
The following is a cross-post from my older web site on App Inventor:
This web site – appinventor.pevest.com – is no longer the primary web site for our App Inventor tutorials. However, that web site will remain there indefinitely as many people link to it, including search engines and my own e-books 🙂
The new, short and easy to remember URL is Learn2C.org as in “Learn 2 Code”
Unfortunately, for reasons I will not get into, it is not possible to integrate the two web sites together. So appinventor.pevest.com will remain “as is”, and Learn2C.org is the primary focus point.
I am looking into having Learn2C automatically cross post to the appinventor.pevest.com web site but that has not yet been implemented. But I’d like to do that for those that already follow the appinventor.pevest.com web site.
My apologies for not doing a lot of updates during 2018. I have already written some new code examples (Bluetooth LE anyone?) and am working on more in that area. These tutorials will appear once I have completed the entire series of example programs. There are also other items in the works that I cannot talk about yet.
Anti-virus software makers are detecting malware that attempts to exploit the security vulnerabilities identified as Spectre and Meltdown. Since code must execute on the computer to exploit these vulnerabilities, anti-virus software is being updated to detect such malware attacks. Of course, some such malware may yet get through our defenses and could end up on machines.
My view is that for most of us, its just another form of malware. We all need to be pro-active about avoiding malware by taking appropriate steps such as installing code we know to be good, using anti-virus software, and keeping our systems generally update. Meltdown and Spectre are just two more exploits that hackers can use.
Steve Gibson of Gibson Research Corporation has provided a downloadable program that says whether or not your Windows PC has been updated with fixes for Spectre and Meltdown. The program also offers, if possible, options to disable the security protections (such as you find the updates cause your computer to run slower).
Intel says it has identified a problem with its firmware update that was causing Intel processors to become unpredictable. Intel is now telling customers to discontinue Intel processor firmware updates until they release and fixed update soon.
Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners
By Navin Shenoy
As we start the week, I want to provide an update on the reboot issues we reported Jan. 11. We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed.
Based on this, we are updating our guidance for customers and partners:
We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.
We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.
We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date.
I apologize for any disruption this change in guidance may cause. The security of our products is critical for Intel, our customers and partners, and for me, personally. I assure you we are working around the clock to ensure we are addressing these issues.
I will keep you updated as we learn more and thank you for your patience.
Navin Shenoy is executive vice president and general manager of the Data Center Group at Intel Corporation.
Note – Intel processor firmware updates are generally provided to end users (people like us) by the manufacturer of our computer or system motherboard. Many of us have probably not seen this firmware update yet. The Intel firmware updates are separate from operating system updates that have been created for Android, Linux, Mac OS X and Windows.
In early January, two security exploits were revealed, both of which take advantage of ways that processors work to improve their performance. This video looks at the SPECTRE exploit; the other exploit is called MELTDOWN. Rather than speculative execution, it exploits a feature of Intel processor known as “out of order” execution to gain access to protected system memory. MELTDOWN is not covered in this video, however.
A high level look at the concepts of compilers, interpreters, byte codes and Just-in-Time compilation, as ways of converting our programs into executable programs or machine instructions processed by the CPU.
The first video provided a high level look at computer system architecture.
The second video introduced the concepts of the CPU or processor.
This video introduces the conversion of our high level programs into machine executable code. Note that this video does not cover specifically how App Inventor blocks code is converted into an executable program.
The fourth video, relying on the information covered in the first 3 videos, will explain the ideas behind the SPECTRE exploit.
App Inventor is a “high level” programming language. That means we create programs without having to know about the underlying operating system or hardware components of our device. The software engineers that create operating system software are “low level” programmers who must be familiar with the details of the hardware.
To understand the SPECTRE and MELTDOWN exploits, we need to have a basic understanding of computer systems – particularly the CPU or processor – and how it operates.
This video is a high level, simplified introduction to the basic elements of a computer system. I emphasize “simplified”! I have an Intel processor manual from a couple of years ago that has over 3,400 pages!
A future video will look at how high level programs are converted into “machine instructions” that are processed by the CPU. After that, we will look at how SPECTRE works to read memory that should be protected.
Be sure to Click Subscribe on Youtube!
In the above video, I did not define “RAM” memory and what it means. RAM means “Random Access Memory”. A typical modern PC has 8 to 16 gigabytes of RAM memory. Many smart phones have 4 to 6 gigabytes of RAM memory. While both RAM and FLASH are types of memory, they are not the same thing.
This short video introduces types of memory used in computers, smart phones and electronic devices including ROM, PROM, EPROM, EEPROM, FLASH, RAM (both DRAM and SRAM), and a brief history of the now very old “magnetic core” memory.
The major difference between ROM, PROM, EPROM, EEPROM/FLASH is that these memories retain their stored values even if power is turned off.
RAM memory, however, loses its content if power is turned off. Some times a battery backup unit is attached to RAM to keep the memory “alive” even if the overall system power is turned off. RAM memory is otherwise fast to use and has become remarkably inexpensive.
“DRAM” means “dynamic RAM” and “SRAM” means “static RAM”.
Most of our devices use DRAM because it is cheaper and each bit takes up less circuit space (than SRAM) so more memory can be packed into a smaller space. The reason it is called “dynamic” RAM is because the memory must be continuously refreshed. Each bit is stored as a tiny capacitive charge. Because the charge slowly bleeds off, the charge must be periodically refreshed – if not, the values stored in memory will gradually fade away (so to speak).
A special circuit continuously reads and then rewrites each bit so that the charge stored at each bit location is refreshed and does not fade away.