I am building an app with jQuery Mobile and Phone Gap Build and I'm unsure of the best way to implement a few security features and my attempts so far have failed. This app is aimed at iOS and Android, using Phone Gap 3.4.0 and jQuery Mobile 1.4.2.
There are 2 features I need;
First, I need the app to close/reset on app suspend. Meaning, when someone leaves the app to go to the home page, changes apps, turns off the screen, etc. the app pushes you back to the login screen. So far I have tried things like:
For Android:
document.addEventListener("pause", onPause, false);
function onPause() {
initialize();
navigator.app.exitApp();
}
For iOS in the config.xml:
<preference name="exit-on-suspend" value="true" />
This only works sometimes. When testing on Android, the app will exit when you go home or change apps, but only for the first 10 times or so, then it stops. I assume this is due to the fact that after the app is used frequently Android stops suspending it because it is actively used?
iOS testing for this feature has been limited so far.
Second, There is a bug where when you re-open the app, and you are at the login screen, the user can press the back button and revisit pages previously visited without logging in.
To remedy this I have tried clearing all auth tokens, user names, etc. (which are only stored in variables anyway) at every possible turn and it still happens.
As I stated above, I may be going about this the wrong way and there is an easier/better way to accomplish what I want.
Related
I have an app I have building that is giving navigation from a location to a location. Contstantly tracking where the user is using GPS data in order to give good Directional information. Currently if a user switches from our app to another app or goes to the Android home screen, after one minute Android turns off our app for performance reasons.
I have tried using an Isolate but like flutter this gets shutdown. Next step were to use a kotlin service to handle background things but i wanted to check if anyone had done this in dart yet?
Also this is not an app that will be in the play store or on public devices. It is going on special devices that we control and are less worried about memory usage as this will be the main app ran on them.
as mentioned above in the comment by #galloper background_fetch is the thing you need, it has a method called BackgroundFetch.registerHeadlessTask(backgroundFetchHeadlessTask); where backgroundFetchHeadlessTask is a function that will keep running even when the app is close, i used this in my app to stream location info to server.
About Android (6.0 to the last version)
I'm developing an app and we want that the user, once he accepts all the terms, don't be able to kill the process or force stop the app. Honestly, I'm completely lost right now, because on the last versions of android, and specially some brands like Xiaomi, we are having a lot of trouble with it, and we don't know how to act right now.
In the case that it could not be possible, could at least get an alert whenever the user is killing the app?
Thanks!!
It is not possible to prevent the user from killing an app. Android is a unique system where the app has no direct control over its lifecycle but the system has. The system can (and will, when required) kill the app or any of its processes at its own will. To make your app aware of these changes, the android framework provides for various callbacks such as onPause, onStop and onDestroy which are called in succession when the user kills the app.
Side Note : There is no guarantee that onDestroy() will be completely executed when the app is killed. Do not place essential code there.
Of course, you can block or try to prevent the user from closing your app by overriding the back, home and recent buttons but it is highly recommended not to do so. Even if you do so successfully, the user has other means to close your app such as rebooting their phone.
So what to do?
You are looking for a kiosk mode app. Kiosk mode is used for single purpose phones such as at a restaurant or for a cab driver. Kiosk mode apps lock down the user to only a specific app (or a specific set of apps).
For normal apps, it is not possible to prevent the user from force closing your app. You can only get alerts by checking for lifecycle changes as described above. Moreover, it is not at all recommended to change the natural behavior of the hardware buttons on android. The user can still find a way to close your app. If your app is doing something really essential which should proceed in the background, consider using a service for that instead. Also, the user can uninstall your app at anytime if they find your app being too intrusive and you won't be able to do anything in that scenario.
Tl;dr: Use kiosk mode to prevent the user from exiting the app. This will only allow the user to access your app(s) in their device.
Usually you cannot! Even if you try to disable some buttons, user can always stop app or restart device. In addition at times, the OS will stop the App. Your responsibility as a programmer is to program around this, and give the user the feel that it never stopped. If you are doing background monitoring, you will need to use service. Users will still be able to stop service. Having said that, you can set your app as a Device Administration app, see here, which may disallow stopping, but unless you are distributing internally to a company, noone will install.
So I've made myself a small "incremental game".
Note: For those who are not familiar with incrementals, you click on a button and it increases a value, a currency of sorts. You buy upgrades to autogenerate this currency after you've laboriously made enough by clicking/tapping manually, saving you the cost of buy a new mouse. Or a new phone, in this case.
Now, I've been testing around with it. New to Ionic and all. I've realized that on the android (I did Ionic run android from my CLI), if I hit the native "back" button on the phone, it pauses the app completely. My autogenerating is suspended. That's fine and all! It's intended after all.
The issue/problem comes when I hit the native "home" button. Which brings me to the home screen on an android as well as when my phone auto "sleeps". Whenever either of this happens, the autogenerating continues in the background, if you already bought upgrades. Which is the opposite of the intended function. It should stop!
So, coming from native android, java. I understand there's a lifecycle to apps.
QUESTION:
How is Ionic's like? And does it go into different states depending on the method of exiting the app? Is it different between iOS and Android? I've thus far fixed it for android but I don't know how to test if it works for the iOS...
Extra info: I'm currently using $interval to keep the game's main loop running. I autogen my currency once per second as well as save it into an sqlite database right after. (Both running at once per second). Also, I have no plugins installed! Using only services.
Okay. I've sort of figured that all this has something to do with the lifecycle. From what I know using my debugging tool, I'm tracking the app doing these two, "Resume" and "Pause" by typing in my controller:
document.addEventListener("resume", function() {
console.log("Resume!");
}, false);
document.addEventListener("pause", function() {
console.log("Pause!");
}, false);
I've figured out my issue using this. So I know that regardless of method of exiting the app, I will encounter "pause" and regardless of from which method you exit the app, it passes through "resume" state on the way back in. So using this two, I simply cancel my interval when it pauses and start it up again when it resumes!
I've got an app running jQuery 1.9.1, jQuery Mobile 1.4.2 and Phonegap 3.4.0.
It has a login screen so that when you first open the app, you input your info, it does an AJAX check and if all is well, stores your info and moves you past that page.
The ideal scenario, is that everytime the app is sent to the background (the user goes home or switches apps), and then restarts the app they have to login again.
Currently I am accomplishing this in iOS by setting the
<preference name="exit-on-suspend" value="true" />
preference in my config.xml. I am accomplishing the same thing in Android by using navigator.app.exitApp(); in a pause event listener.
This works well enough usually, but some older versions of android have a weird problem. While going home and restarting the app bring you to the login page, you can just hit the back button and it takes you to the last page you were on before you quit, and you are still logged in. I also have a function that destroys all user variables (rendering all pages useless) when the app pauses, but that also seems to be ignored. On older versions of Android (2.3 specifically), it seems that they are ignoring the pause event listener.
How do I fix that, or is there an all around better way of forcing login on restart?
Without knowing what other requirements you have or what behaviors you might expect from the home page, you could capture the back button event and prevent it from going anywhere.
//set a bit or note that you are on the login page
var onHome = true;
...
document.addEventListener("backbutton", backButtonTap, false);
function backButtonTap(e) {
if(onHome) {
e.preventDefault();
alert('Please Login');
}
}
Certainly not the only or perhaps the best way to handle it since the user appears to stay logged in, which you say is supposed to be wiped out, but it should at least prevent navigating away from the login page and going back.
I have a feature in my cordova app that lets user do something when user shakes the phone (I'm using shake.js for the purpose). The phone vibrates when it happens.
The problem is that, when I "alt tab" away from the app and it's in the background, the shake/vibrate combo still works. So the user might be using a completely different app and the phone would still vibrate.
Is there a way to detect that the app is in the background, or better yet, freeze the app somehow when it's going to the background?
I have this problem on Android (haven't tested it on iOS yet).
You can simply bind the pause event and you remove the shake feature from your app.
According to the documentation The (pause) event fires when an application is put into the background.
You can listen for the resume event to put back the shake feature.
As usual in the documentation you can find complete code examples.