Category Archives: General

Android hackers writing malware attack apps using App Inventor

There is no problem with using App Inventor to write your own apps and share them with others. The problem is that App Inventor makes it easy to write any app – and malware authors have begun to use App Inventor to create apps that are malware and might do bad things.

“App Inventor doesn’t give malicious apps any special powers nor access to exotic exploits to attack your phone. But it does make the production of Trojanized apps enormously easy. With only a basic understanding of Android programming, an attacker can churn out tons of malicious apps. More apps means more confusion, and more opportunities for attack.”

Source: Mobile Threat Monday: Android Attackers Use App Inventor for Evil | PCMag

2/3rds of programming projects expected to use “low code” tools by 2025

App Inventor is a “low code”, visual software development tool. Such “drag and drop” programming tools enable non-programmers (and programmers) to create many types of applications without the details of traditional programming code.

This leads to an important issue – will less trained/less experienced programmers inadvertently introduce security problems in their applications?

Gartner predicts that by the end of 2025, over 65% of development projects will use low-code builders. The field of low-code continues to expand. But what security implications does low-code introduce? Low-code refers to tools that enable application construction using visual programming models. Adopting drag-and-drop components instead of traditional code, no-code and low-code platforms enables non-technical folks to construct their own workflows without as much help from IT. Yet, handing power to citizen developers with less security training can be risky. Plus, low-code platforms may hold compromised propriety libraries or leverage APIs that may unknowingly expose sensitive data to the outside world. There’s also the possibility that low-code could increase shadow IT if not governed well.

How to Mitigate Low-Code Security Risks

Apologies for lack of updates

Sorry for the lack of updates and posts to this web site. I have had a lot going on – and right now, we are in process of moving across the state. Eventually things will be settled down. I completed several interesting App Inventor projects but have lacked time to get them posted here. Hang in there – I intend to be back! web site has a new, cleaner and simpler look

I have redesigned the web site to feature this clean and simple look, with less clutter than I had on the prior design. Do not be alarmed – its the same web site as before!

The following is a cross-post from my older web site on App Inventor:

This web site – – is no longer the primary web site for our App Inventor tutorials. However, that web site will remain there indefinitely as many people link to it, including search engines and my own e-books 🙂

The new, short and easy to remember URL is as in “Learn 2 Code”

Unfortunately, for reasons I will not get into, it is not possible to integrate the two web sites together. So will remain “as is”, and is the  primary focus point.

I am looking into having Learn2C automatically cross post to the web site but that has not yet been implemented. But I’d like to do that for those that already follow the web site.

My apologies for not doing a lot of updates during 2018. I have already written some new code examples (Bluetooth LE anyone?) and am working on more in that area. These tutorials will appear once I have completed the entire series of example programs. There are also other items in the works that I cannot talk about yet.

The most popular programming languages

There are many surveys of programming language popularity. Many of the popular surveys have problems with the survey methodology such that they likely produce erroneous estimates of programming language popularity. For example, one survey looks at how many times each programming language is looked up on Internet search systems.

The chart, below, comes from GitHub and bases popularity on the number of “pull requests” that are made to the GitHub software repository. Using this method, JavaScript is the most popular programming language, followed by Python, Java, Ruby and PHP.

Python has become a standard for use by non-computer science students. Whether your college studies be in mechanical engineering or geology, there is a good chance you will learn Python for data analysis projects.

Java is now an old programming language, but still used especially for Android programming. It’s popularity for desktop applications is starting to diminish.

Ruby become popular about ten years ago. Ruby is based on a concept of “frameworks” that provide pre-made program skeletons which you adapt to make your own application. Ruby is very popular for quickly creating web-based applications.

PHP pre-dates Ruby – PHP is a script language that runs on the server side of a web application. PHP is very easy to learn and couples easily with MySQL databases, making the combination a great solution for web-based, database-backed applications.

Finally we get to the “C” derived languages including C, C++ and Microsoft’s cousin C# (a very powerful language with great development tools.). C dates back to about 1970 or so.

C++ was developed in the 1980s and added object oriented programming to C and has since expanded in many ways. C and C++ are commonly “compiled” into machine instructions for each CPU and are used for high performance applications, including operating systems, video games and media applications.

C# has features resembling Java and C++ – but in a more modern design. In some ways, C# is where some wish C++ had gone 🙂


Interested in JavaScript programming?

A follow up to my earlier post asking about interest in other programming languages.

How about JavaScript? JavaScript is widely used in web development, can be programmed with a text editor and tested with a browser – you do not need to download and install development software.

Another plus, if you do choose to download an Integrated Development Environment, you can then package your JavaScript apps within PhoneGap and run them on Android and iOS devices. Thus, JavaScript is another way to write apps for Android (and iOS) that goes beyond App Inventor.

My thinking is this topic could be of interest to those wishing to leverage their App Inventor programming on to other types of programming. The idea would be to create tutorials that leverage what you know about App Inventor (hopefully!) and translate that into JavaScript.

For now, this is just an idea. Looking for feedback!

Learn Javascript programming?

If you have already learned App Inventor programming, what new things would you be interested in learning?

For example, would you be interested in Javascript tutorials that help you translate your App Inventor skills into programming Javascript or some other programming language? Possibly for mobile apps but perhaps for desktop apps or web apps?

What App Inventor features or techniques would you like to learn about for App Inventor? I do not write custom apps here but instead try to identify generic features and methods that might be useful to know across many different types of apps.

Leave a comment with your thoughts. Thanks!


Sorry for lack of recent posts!

Just wanted everyone to know that I am still alive!

I’ve had some other things occupying my mind for a long time as a result of having experienced in life not one – but six – traumatic brain injuries. Bleh. Traumatic brain injuries or TBI as they are known in health care, happen when you have head injuries that jostle your brain around. I do not recommend having head injuries!  For me these head injuries included a skull fracture plus being knocked out four times in falls or bike crashes (which broke bike helmets and bones) and other bad whacks on the head… Amazingly, I’ve managed to space these head injuries out over my entire life too, for good measure, or something.

They tell me the effects of TBI are seen as cumulative – that is, a TBI + a TBI + a TBI is worse than having a single TBI.

The issues I was dealing with are now largely over and resolved and I am starting to get lots of things done again. Yay!

I’ve have a list of App Inventor projects I’d want to get to and will hopefully resume those projects near the end of this month.

Anyway, I’m okay, I’m fine, I’m still here!

Keep on programming!

Part 4: Protecting yourself from online tracking

Today we understand everything we do online is tracked, recorded in databases, analyzed by software to determine detailed aspects of our lives and then used for marketing and propaganda purposes. In some cases, this information is used against our own interests.

We can minimize online – and offline – tracking by paying attention to when we are being tracked and taking steps to disable the tracking.

For example, I am typing this in a coffee shop. Until today, access to their WiFi has been open. But today they require I enter a name and email address. Providing this information provides them with a way to link my retail store purchase here with online activities (since it is a chain, it also provides a way to track my travels). I gave them a fake name and an email address that I created 30 minutes ago, specifically to avoid trackers like this.

I mention this because the key is to be mindful of when you are being tracked and pro-actively taking steps to reduce data surveillance.

Pro-actively seek out privacy settings and set them to restrictive options. Avoid giving out real contact information for places who have no need for your real contact information. Create a fictitious email and phone number for these situations. Mostly, think! Be aware of when someone is asking for information that they do not actually need – and do not give it to them.

Plus, use the right online tools with the best settings to avoid tracking.

Use the Best Browser or Plugins to Stop Tracking

Facebook (and Google and more) track you as you move about the online web using many methods including “cookie files” deposited on your computer, hidden single pixel images that link to Facebook, and through their ad network. In 2017, an estimated 44% of all online ads seen anywhere on the web were served through the Facebook ad network. Each of these ads provides an opportunity for Facebook to track which web sites you visit, which pages you visit, and even which products you may have viewed online.

The best way to avoid this tracking is to use a browser that supports privacy enhancements.

The Epic Privacy Browser has privacy features built in – as a feature. Give it a try! Plus the organization behind Epic provides a proxy server when you wish to surf anonymously.

The Firefox browser from Mozilla supports several “add ons” that reduce tracking of your online behavior.

In the Firefox browser, click on the 3 small horizontal bars at upper right of the address line to display Firefox options. Click on Add-ons. Then click on Get Add-ons at upper left, then page all the way to the bottom to find “See more add-ons”. Using the Search box, search for and install each of these add-ons:

  • Ghostery
  • Privacy Badger
  • Adblock Plus (or other ad blocker)
  • Cookie Autodelete

These add-ons work to disable tracking features used by web sites and ad networks. To some extent they overlap in their functionality, but that is okay. Cookie Autodelete automatically deletes tracking cookies when you leave a page. After installing this add on, click on the icon that appears at the right of the Address bar and make sure you have “Auto-clean enabled” set.

Once enabled, Cookie Autodelete removes all cookie files generated by pages you visit, a few seconds after you have left the page. It is common to discover that individual pages drop 30 to 100 cookie-based trackers on your browser.

Sometimes you may not want cookies automatically deleted. For example, sites that keep you logged in between visits will lose the login connection when their cookie files are deleted. To prevent auto deletion of those sites, when you visit such sites, click on the “Whitelist” option to add the domain name to a list of sites that will not have their cookie files cleaned.

Each of these add-ons can be “Enabled” or “disabled” for individual web sites. Occasionally a page may nor format correctly or the web site may say that it will not work with ad-blockers. When that happens, disable the add-on for that individual page or site and refresh the page.

Smart phone and tablet apps

The Facebook and Messenger apps are nasty and default to enabling numerous “Permissions” to access most everything on your device.These apps are privacy nightmares.

My recommendation, if possible, is to uninstall these apps and not use them on your portable device. These apps are basically enhanced surveillance tools.

If you can, uninstall these apps. If you cannot, then selectively set more restrictive permissions for each app. Definitely turn off the Mic permission. Back in 2014, Facebook said their app listened using the Microphone:

Don’t worry, though. Facebook says they’re respecting your privacy while they do this. While ambient audio is definitely being recorded, they’re not storing exactly what the microphone picks up. The new feature works just like Shazam does: it tries to match an audio fingerprint from your environment with one in its database. The goal is to figure out if you’re listening to particular song or watching a TV show like The Simpsons.

As a general rule, selectively turn off app permissions whenever you can. I found half of the apps installed on my phone ask for the “Location” permission. Many of these are specifically for tracking my location – for someone’s benefit but not mine – while some are for mapping functions and obviously, need Location permission.

41% of the top 2500+ apps in the Google Play Store act as Facebook trackers (similar to how web sites track things on behalf of Facebook). To block those apps from tracking you, go to the Google Play Store and install Adguard. Adguard is an app that works to block the Facebook trackers, not just in the browser but also from other apps. I am not sure but I think this or similar tools are available for the iPhone.

Also, install the https everywhere plugin which works to encrypt your online communications whenever possible.

Other Apps

Review the apps you have installed on your phone. Uninstall those that you are no longer using. Review the permissions of the apps that you are using – and consider setting those options to more restrictive levels.

Online Web Surfing

Use a privacy-enhanced browser, as described above.

However, your Internet Service Provider is also tracking everything you do online, and depending on which country you live in, your ISP can share your full online history with third parties.

To minimize ISP tracking, do not use their default Domain Name System or DNS lookup.

You can configure your computer to use DNS services provided by other parties, such as Open DNS, or even Google DNS. You should also set DNS settings for your phone and tablet devices (you may need to look up online how to do this – its not obvious in Android and the method varies depending on the version of Android.)

These DNS providers do collect data but they anonymize it so it is not connected to you specifically.

Offline tracking

How many stores have you visited that offered you a Loyalty Discount Card? Just fill out this little application – where they try to collect as much personal identification as possible. Our experience is the discounts are bogus – in fact most vendors using these seem to have raised prices – and then give a discount that drops prices to where they were before they introduced their discount card!

If you fill out and use a Loyalty card give them fake information. Do not give them your real phone number or real email address. Those two items are the data base keys that enables them to sell your retail store purchase history to offline data brokers.

Break the link between your online and offline store purchases, wherever possible.

Social Media

In addition to setting privacy and sharing options, do not accept friend requests from completely random people (there needs to be some connection to you or common interests, at least). “Random connections” are an obvious and simple way for someone to intentionally spy on you as they have access to your private, “Friends-only” posts and comments.

Limit your friends to those you know in real life, or those with which you have a substantial interaction or common interests.

Periodically clean up your Friends list. For years, we believed it was important to gather as many friends as possible. Our total friend count was a badge of honor and most us were anxious to add to our friends list. Because of social media filtering, however, we rarely see posts from most friends. Do we really need this many friends?

By reducing your friends list, your news feed can become usable again. It also reduces the amount of information linked to you via networked friend graph analysis.

Do delete old posts – especially those that may be controversial. The “half life of a Tweet” is said to be 15 minutes. That means, half of all views of a Tweet occur within 15 minutes of posting in online. Tweets that are weeks or months or years old are rarely viewed and there is little reason to keep them online. You can use a service like to automatically delete all tweets older than a specified number of days.


Do not upload Contact lists to Instagram, Facebook and so on. The primary purpose of these contact lists is for the provider to enlarge their database, identify people connections, and learn more about you.


In 2014, I noticed a lot of “Friends” were sharing what we now call propaganda. I knew  little about propaganda. Wasn’t propaganda what governments do during war time? Yes, it is, but propaganda is far bigger than that! We are surrounded by propaganda, which is based on specific methods designed to influence us. I started reading books and papers on the subject. I started a private blog to record my notes – I kept the blog private for a year and a half.

Eventually, one post shared on Facebook convinced me to make a public blog about social media propaganda – I first called it Occupy Propaganda – but later renamed it Social Panic. The blog is propaganda about propaganda! Specifically, about social media propaganda.

In the past two weeks, we all learned a lot about social media surveillance and propaganda. I think half the posts I made in 4 years were written in the past two weeks!

Everyone is now aware of social media’s surveillance and propaganda problems and I expect I will let my little Social Panic blog fade away.

And then I can return to more tutorials on App Inventor relate topics. I am working on something involving Fusion Tables, and possible a way to bring back functionality similar to the original TinyWebDB.

After Afterword

I said at the top of this post I wrote this while sitting in a coffee shop. At the table next to me, two people were using online tools to look up all kinds of information on their clients, figuring out how much they were worth, their current jobs, their future career growth trajectory – and how good looking they are (really). And talking about all of this while they did it – in a public cafe!

If you do not think online surveillance is widespread and potentially a problem, you are not paying attention!