Kallala, Author at Web and Mobile App Development | Custom Application Development Company

Serious threats from Heartbleed Bug

Posted on April 30, 2014August 7, 2025 by Kallala

What is Heartbleed(CVE-2014-0160 ) issue?

Heartbleed is a serious vulnerability through which attacker can easily steal the sensitive data like login credential, card number and other encrypted information used in online banking and e-commerce site. It was found In early April, and available in the software library OpenSSL which is considered as most secure and used by many web application for secure transaction.

How this bug works?

Heartbleed virus was basically tricking the computer with fake information. The computer then responded to hackers by giving them the stored memory. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to spy on communications, take information straightforwardly from the services and users and to imitate services and users.

Things to worry about?

Many cyber experts consider that Heartbleed is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet. Why it so?

Open SSL(secure socket layer) basically provides communication security and privacy through encryption functionality over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). As this bug available to this layer so It has been undermine around half a million secure websites, email, instant messaging and likely a variety of other programs and applications

Discovered in early April, Heartbleed lets attackers steal data from computers whereas recent report showed that it can also access to forum and chat-rooms which is very hard to penetrate.

The big problem is that it is undetectable and you don’t know it is happening. If your Gmail was hacked and they tell you to change your password and you do, the hacking still doesn’t go away.

Heartbleed.com had attacked their own server from attackers perspective and they found that the bug can able to steal sensitive data without using any privileged information or credentials, which make situation more severe.

Typically, OpenSSL implementations are present on servers running Apache and nginx. Unfortunately, Apache remains the dominant web server today with more than half of the internet’s active sites running on it and nginx has about another 14%. The Heartbleed bug was introduced in December 2011. The bug affects OpenSSL version 1.0.1 which was released in March 2012 through to 1.0.1f which hit on Jan 6 of this year.

What to not worry about?

Heartbleed has no effect on

DOD classified networks, and minimal effect on DOD unclassified sites.
Common access cards and the PIN numbers associated with them
The products which do not include OpenSSL in their server
Applications which use OpenSSL 1.0.1g, OpenSSL 1.0.0 branch, OpenSSL 0.9.8 branch and OpenSSL 0.9.7 branch.

How we stopped it?

To address this vulnerability, we followed the steps mentioned below.

Step#1 : We checked the version of openSSL in server.

# yum info openssl.

Step#2 : Then, we updated the version of it to the version which is not affected by Heartbleed.

# yum update -y openssl

Step#3: After updating OpenSSL, reboot the services using the library or server itself.

To combat with such type of bugs or vulnerabilities, you require an expert and accomplished QA engineers. You can also offshore QA Services which provides you savvy and smart solution to your goal. Andolasoft also launched free security testing where you can check your web app health report at no cost.

Like this blog? I’d love to hear about your thoughts on this. Thanks for sharing your comments.

How To Monetize IOS App Through Apple In-App Purchase Integration

Posted on April 22, 2014August 7, 2025 by Kallala

What Is In App Purchase?

Apple’s In-App purchase lets you the ability to sell items within your free or paid app which includes premium content, virtual goods, upgrade features and subscriptions. Apple takes 30% of the commission and you receive 70% of the purchase price.

Each purchase is associated with a product type. The product types are:

Consumable Products:

Consumables are In-App Purchases that must be purchased each time the user needs that item.

Non-Consumable Products:

Non-Consumables are In-App Purchases that only need to be purchased once by the user and are available to all devices registered to a user.

Auto-Renewable Subscriptions:

Auto-Renewable Subscriptions allow the user to purchase episodic content or access to dynamic digital content for a set duration time. At the end of each duration, the subscription will renew itself, until a user opts out.

Non-Renewable Subscriptions:

Non-Renewing Subscription allow the sale of services with a limited duration. Non-Renewing Subscriptions must be used for In-App Purchases that offer time-based access to static content.

Free Subscriptions:

Free Subscriptions are an extension of Auto-Renewable Subscriptions that permit the delivery of free subscription content to Newsstand-enabled applications.

Never miss an update from us. Join 10,000+ marketers and leaders.

Join for free

The Free Subscription In-App Purchase type is implemented in the same way as an Auto-Renewable Subscription, just without any charges to the user. Free Subscriptions do not have expiration, but the user can turn off the subscription at any time.

You can use any one of the above as best suit to your application.

For example, integrating InApp purchase for Non-consumable type product.

In Non-consumable products type, user has to pay only once. Then the content or items will be available to all the device against that user’s apple ID.

What To Do Before Integrating In App Purchase To Your Application?

Connect to iTunes
Then create an unique App ID for your application and enable in-app purchases for that.
Update the app with created bundle ID and code signing in Xcode with corresponding provisioning profile.
Create the app using the AppID you’ve registered. Then goto Manage Applications in iTunes Connect.
Make sure you have set up the bank details for your app as it is necessary for supporting In-App purchase.
Then Add a new non-consumable product for In-App purchase.
Last step is to create a test user account using Manage Users option in iTunes connect page of your app.

Lets write the code

First include StoreKit Framework into the app.Then write the following code in ViewController.h file

#import <UIKit/UIKit.h>
#import <StoreKit/StoreKit.h>
 
@interface MyViewController : UIViewController
<SKProductsRequestDelegate,SKPaymentTransactionObserver>
 
{
 
}
-(IBAction)PurchaseButtonClicked:(id)sender;
 
- (void) completeTransaction: (SKPaymentTransaction *)transaction;
- (void) restoreTransaction: (SKPaymentTransaction *)transaction;
- (void) failedTransaction: (SKPaymentTransaction *)transaction;
 
@end 
Write the following code in ViewController.m file

-(IBAction)PurchaseButtonClicked:(id)sender {
    SKProductsRequest *request= [[SKProductsRequest alloc]
initWithProductIdentifiers: [NSSet setWithObject: @"your_product_ID"]];
    request.delegate = self;
    [request start];
}
- (void)productsRequest:(SKProductsRequest *)request didReceiveResponse:(SKProductsResponse *)response
{
   [[SKPaymentQueue defaultQueue] addTransactionObserver:self];
 
   NSArray *myProduct = response.products;
   NSLog(@"%@",[[myProduct objectAtIndex:0] productIdentifier]);
 
   //Since only one product, we do not need to choose from the array. Proceed directly to payment.
 
   SKPayment *newPayment = [SKPayment paymentWithProduct:[myProduct objectAtIndex:0]];
   [[SKPaymentQueue defaultQueue] addPayment:newPayment];
 
   [request autorelease];
}
 
- (void)paymentQueue:(SKPaymentQueue *)queue updatedTransactions:(NSArray *)transactions
{
 for (SKPaymentTransaction *transaction in transactions)
   {
      switch (transaction.transactionState)
      {
         case SKPaymentTransactionStatePurchased:
              [self completeTransaction:transaction];
              break;
         case SKPaymentTransactionStateFailed:
              [self failedTransaction:transaction];
              break;
         case SKPaymentTransactionStateRestored:
              [self restoreTransaction:transaction];
         default:
              break;
      }
    }
} 
 
- (void) completeTransaction: (SKPaymentTransaction *)transaction
{
    NSLog(@"Transaction Completed");
    // You can create a method to record the transaction.
    // [self recordTransaction: transaction];
    // You should make the update to your app based on what was purchased and inform user.
    // [self provideContent: transaction.payment.productIdentifier];
    // Finally, remove the transaction from the payment queue.
    [[SKPaymentQueue defaultQueue] finishTransaction: transaction];
}
 
- (void) restoreTransaction: (SKPaymentTransaction *)transaction
{
    NSLog(@"Transaction Restored");
    // You can create a method to record the transaction.
    // [self recordTransaction: transaction];
    // You should make the update to your app based on what was purchased and inform user.
    // [self provideContent: transaction.payment.productIdentifier];
    // Finally, remove the transaction from the payment queue.
    [[SKPaymentQueue defaultQueue] finishTransaction: transaction];
}
 
- (void) failedTransaction: (SKPaymentTransaction *)transaction
{
    [activityIndicator stopAnimating];
    if (transaction.error.code != SKErrorPaymentCancelled)
    {
      // Display an error here.
      UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Purchase Unsuccessful"
      message:@"Your purchase failed. Please try again."
      delegate:self
      cancelButtonTitle:@"OK"
      otherButtonTitles:nil];
      [alert show];
      [alert release];
     }
 
    // Finally, remove the transaction from the payment queue.
    [[SKPaymentQueue defaultQueue] finishTransaction: transaction];
}

That’s it, now your app is integrated with the inApp purchase with non-consumable subscription.

Note: Please review Apple Guidelines (https://developer.apple.com/appstore/resources/approval/guidelines.html) before publishing the app to the app store.

Andolasoft has expertise in iOS application development and other iOS integration.

Like this blog? I’d love to hear about your thoughts on this. Thanks for sharing your comments.

Apple’s iBeacon scores over NFC

Posted on March 3, 2014August 7, 2025 by Kallala

iBeacon is a new technology developed by Apple for its operating system iOS7. This technology allows mobile apps to detect when an iPhone is near a small wireless sensor called a beacon. The Beacon can transmit Push Notifications to an iPhone and vice versa using Bluetooth Low Energy (BLE).They can also be used by the Android operating system.

Advantages of iBeacon:

Compatibility: Most of the mobile phones are compatible with Bluetooth.
Range: Range of the iBeacon is upto 50 meters.
Low power consumption: It consumes less minuscule amounts of energy and allows device batteries to last longer.

Where we use iBeacon?

You can track your locations both indoors and outside
Get discounts, coupons, special offers from stores as you just pass by.
Provide the right context to determine directions to what you really need – office in a building, store in the mall, nearest exit
Allow for mobile-payment platforms to pay automatically when you leave the store

Why iBeacon become NFC competitor?

Here, I have discussed the major reasons why Apple’s iBeacon Might Kill NFC:

Range:
https://itunesconnect.apple.com/WebObjects/iTunesConnect.woa/wo/0.0.9.3.5.2.1.1.3.1.1
NFC only works in close proximity and its range up to 8 inches, whereas iBeacon’s range is up to 50 meters. NFC-enabled devices require an NFC chip to transmit data, whereas iBeacon requires only iPhone support BLE.

Availability:
BLE is available in almost every smartphone devices on the market, however not every phone comes provided with a NFC chip.

Cost-effectiveness:
iBeacon is a Bluetooth technology which is inbuilt in pretty much 100% of smartphone devices, so from customer perspective it’s cost is zero. Whereas we need to buy an additional NFC chip for mobile devices.

Affordability:
iBeacons are slightly more expensive than NFC chips. But, iBeacon is more affordable and its range is up to 50 meters. So, we need one beacon for a 1,700 square feet store and its estimated comes $99 (Estimate is currently offering pre-orders of three beacons for $99). If you would like to use NFC for the same area, you need around 10-cent NFC tags for each product of the store and it would cost you around $100,000 for 1 million product.

Apple has found a smart way to wirelessly transmit data over short distances using BLE. BLE can solve these micro-location data challenges in ways that NFC can’t duplicate. iBeacon is a promising step towards a very important and lucrative industry and coupled with fingerprint technology for privacy and security. The technology is currently used in retail, healthcare industry and education sector.

SEE ALSO: Useful features of iOS 7

Want add to this topic? Comment here.

What’s new in Android 4.4 ‘KitKat’ for Developers

Posted on January 22, 2014August 7, 2025 by Kallala

Google released the latest version of Android (version 4.4), known as KitKat on 31st Oct 2013. It is designed to work on a wide variety of devices. The new version of Android has got a lot of exciting features for both users and developers.

Some of the new features in the latest version of Android for developers to learn and explore are:

Screen Recording

The screen recording feature of Android 4.4 lets you capture video of your app and save it as an MP4 file. The recording can done at any device-supported resolution and then shared directly from the device to a computer for post-production.

Full Screen Immersive Mode

Full-screen immersive mode in KitKat allows any app to go truly full-screen, hiding both the navigation and status bars and takes advantage of every last pixel on the screen of a smartphone or tablet. You simply need to do a swipe from the top or bottom of the screen, in order to display the system bars again. Basically, developers can hide the entire system’s interface while the user is engaged in their apps(like e-reader and other media apps and games).

Scene Transitions

Android 4.4’s new transitions framework allows app developers to define how one screen animate to another scene. Developers can use predefined transition types called TransitionManager that animate the properties that matters the most to your app.

Storage Access Framework

With the release of Android 4.4 KitKat, users now have a smoother way of accessing and creating documents in an app from a variety of cloud storage providers. Developers can add their own storage devices to Android without having to do it on a specific vendor by vendor basis.

New WebView & Chromium Features

KitKat includes new implementation of WebView based on Chrome for Android 3.0. It allows developers to use the latest compatibility features, performance standards and support in WebView to access their Web-based content. Chromium WebView supports many aspects of HTML5 as well as CSS3 and JavaScript.

New Near Field Communications Platform Support

One of the new features in Android 4.4 is Host Card Emulation (HCE) to support Near Field Communications (NFC) transactions. Apps can also act in a new “Reader Mode” to receive NFC functionality (like payment processing, building access, tickets etc.) as it uses an Application Identifier (AID) to route the different NFC function from the hardware in a device to the app.

Low-Power Sensors

Android 4.4 support for hardware sensor batching, a new optimization that can dramatically reduce power consumed by ongoing sensor activities. It can makes your app more efficient and it lets you track sensor events continuously.

RenderScript Takes Advantage of Device Hardware

RenderScript can now be accessed in kitkat 4.4 by a new C++ api in the android native developer kit. High hardware consuming tasks can now be integrated into an apps native code and it allow for support from multiple smartphone CPU and GPU cores.

Andolasoft has a team of experienced android developers who are skilled to develop innovative apps for all versions of android devices. We have developed Android Apps like KurrentJobs, EstateMobz and many more.

How To Create A Static Library Or Framework For IOS?

Posted on November 4, 2013August 7, 2025 by Kallala

A static library is a package of classes, functions, definitions and resources, which can be packed together and easily shared among projects. This facilitates reuse of code easier as you will have your own set of classes and utility functions.

Here are the steps to create your static library or framework

Step 1 : Create A New ‘Cocoa Touch Static Library’ Project

Choose template as Cocoa Touch Static Library.

Start with create new project >> iOS >> Framework & Library >> Cocoa Touch Static Library

Note: The name you entered in product field will be the name of your framework.
Example: ‘MyCompany’ will generate ‘MyCompany.framework’

Step 2: Create The Primary Framework Header (Recommended)

Usually, framework header is imported this way – <MyCompany/MyCompany.h>

Create an ‘.h’ file – ‘MyCompany.h’
If X-Code creates it for you, just delete the ‘.m’ file and import the inner classes used in ‘.h’ file
If you import only ‘MyCompany.h’ (#import <MyCompany/MyCompany.h>) then the rest of the files need not be imported

#import <Foundation/Foundation.h>

Now, add your new sources
Make the header ‘Public’

Public headers are copied to the .framework and can be imported using the framework

Select the header in the project explorer, then expand the Utilities pane (Cmd+Option+0) to modify the scope of header.
In the ‘Target Membership’ group select the checkbox next to the ‘.h’ file.
Then, change the scope of the header from ‘Project’ to ‘Public’.

You might have to uncheck and check the box to get the dropdown list. This will ensure that the header is copied to the correct location in the copy headers phase.

Step 3: Update The Public Headers Location

To avoid copying private headers to the framework check that the public headers are copied to a separate directory, e.g. $(PROJECT_NAME)Headers.
Select the project in the file explorer >> select the targets >> ‘Build Settings’ tab.
Set ‘Public Headers Folder Path’ to ‘$(PROJECT_NAME)Headers’ for all configurations by searching the ‘Public Headers Folder Path’. This folder must be unique if you are working with multiple Frameworks.

Step 4: Setup ‘Build Settings’

"Dead Code Stripping" => No (for all settings)
"Strip Debug Symbols During Copy" => No (for all settings)
"Strip Style" => Non-Global Symbols (for all settings)

Step 5: Make Sure That Framework Is Used As Dependent Target

Generate the basic skeleton of the framework in the static library target. Also include a simple post-build script.
Select your target in the file navigator and click the ‘Build Phases’ tab
Then, click ‘Add Build Phase’ >> ‘Add Run Script’ and paste the following script in the source portion of the run script build phase.

set–e
mkdir -p "${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.framework/Versions/A/Headers"
# Link the "Current" version to "A"
/bin/ln -sfh A "${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.framework/Versions/Current"
/bin/ln -sfh Versions/Current/Headers "${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.framework/Headers"
/bin/ln -sfh "Versions/Current/${PRODUCT_NAME}" "${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.framework/${PRODUCT_NAME}"
# The -a ensures that the headers maintain the source modification date so that we don't constantly
# cause propagating rebuilds of files that import these headers.
/bin/cp -a "${TARGET_BUILD_DIR}/${PUBLIC_HEADERS_FOLDER_PATH}/" "${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.framework/Versions/A/Headers"

Build your project

The build products directory is usually in-
(~/Library/Developer/Xcode/DerivedData/<ProjectName>-<gibberish>/Build/Products/…)

You will find the ‘libMyCompany.a’ static library, a headers folder, and a ‘MyComapny.framework’ folder which contains the basic skeleton of your framework.

I hope you enjoyed this topic, if you have any questions or comments please share below!

Auditnet® Is Now Available On Mobile (iPhone/iPad/Android)

Posted on October 18, 2013August 7, 2025 by Kallala

We are delighted to announce that AuditNet® is now available on Mobile both iPhone/iPad and Android. With this app, now the existing users can enjoy browsing and downloading the same rich content what they see on web app, also a new user will be able to register to the site. Now advertisers will get traffic from both web and mobile application. For last 12 weeks a dedicated team from Andolasoft (Mobile App Developers, UI Developers, Ruby On Rails developers and QA team) worked diligently to make it available on the app stores right on time. AndolaSoft team worked on UX/UI design, app development, testing, and deployment of app to the respective apps store.

Looking into current surge of iPhone, iPad and Android devices worldwide, AuditNet® started looking for a way to provide access to the audit templates to its mobile users to target rise in subscriptions. Hence, Andolasoft proposed a cost effective solution by developing a mobile app using Cross Platform technology – PhoneGap, on top of Ruby on Rails framework, enabling to run on both iOS and Android platform. The back-end uses RESTful API hosted on AWS for smoother performance.

About Auditnet:

AuditNet® serves the global audit community as the primary communication resource with an online digital network where auditors share resources, tools, and experience including audit work programs and other audit documentation. In 2009 AuditNet® launched Web-based training for fraud detection and prevention, IT audit, data analysis, audit software tools and techniques, enabling auditors to learn essential skills anywhere at any time. As a NASBA approved CPE sponsor AuditNet® now offers low-cost high-quality training for auditors and financial professionals, providing convenience while eliminating the need for travel.

Visit www.auditnet.org to know more.

About AndolaSoft:

Based in Silicon Valley, Andolasoft is a Web and Mobile app Development Company. Here, we do web applications using Ruby on Rails, PHP and CakePHP. We’ve expertize on Mobile App Development involving as iPhone, iPad, Android, PhoneGap andSencha.
With a team of 200+ expert developers, we deliver cutting-edge solutions within budget and on schedule. We have happy customers from across the USA, UK, Australia, Canada, Singapore, Switzerland and Brazil.

Visit andolasoft.com to know more

Author: Kallala