root
/
public
mirror of https://github.com/01-edu/public.git
14
27
Fork 0
Code Releases Wiki Activity
Browse Source

docs(secure-messenger):fix audit and readme

pull/2048/head
miguel 1 year ago committed by MSilva95
parent
1ea237f809
commit
6a23c27a06
2 changed files with 74 additions and 34 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 40
      subjects/mobile-dev/secure-messenger/README.md
  2. 68
      subjects/mobile-dev/secure-messenger/audit/README.md

40
subjects/mobile-dev/secure-messenger/README.md
unescape_control_characters View File

@ -1,36 +1,30 @@
# Secure Messaging App
## Secure Messaging App
### Introduction
Messaging apps have become an essential part of our daily lives, allowing us to easily communicate with friends, family, and colleagues. Over the years, they evolved significantly, from simple text messaging to video calling and more. However, as messaging apps have become more popular, concerns about privacy and security have also increased. Many messaging apps have been criticized for their lack of security and the potential for users private data to be compromised.
Messaging apps have become an essential part of our daily lives, allowing us to easily communicate with friends, family, and colleagues. Over the years, they evolved significantly, from simple text messaging to video calling and more. However, as messaging apps have become more popular, concerns about privacy and security have also increased. Many messaging apps have been criticized for their lack of security and the potential for users' private data to be compromised.
### Instructions
### Objective
Build a secure mobile messaging app using `Flutter` and `Firebase` (or similar technologies). It should support both iOS and Android. The app should have **biometric authentication**, **end-to-end encryption**, and other security features to protect user data. Users should be able to send text messages, images and videos.
Build a secure mobile messaging app using Flutter and Firebase (or similar technologies). It should support either iOS, Android or both. The app should have biometric authentication, end-to-end encryption, and other security features to protect user data. Users should be able to send text messages, images, and videos, and create or join group chats.
**Make sure you implement the following features:**
### Instructions for Flutter and Firebase as a reference:
Set up a new Flutter project and integrate Firebase authentication and Cloud Firestore as a backend. Use the Firebase Console to create a new Firebase project, add appropriate configuration files.
To enable user authentication implement Firebase Authentication and secure sign-in. Users should be able to sign up, log in, and log out of the app using email and password authentication. Additionally, implement biometric authentication using the local_auth package to allow users to log in using their fingerprint or face ID.
Implement end-to-end encryption for secret chats using the encrypt or webcrypto packages. Use a symmetric encryption algorithm like RSA, and generate a new public and private key pair for each pair of users for each secret chat. The public keys should be securely shared between the sender and receiver.
### Implement the following features:
- User profiles: Users should be able to create a profile with a profile picture, username, and other information.
- Search users: Users should be able to search for other users by username or other information.
- Add contacts: Users should be able to add contacts by searching for their username or scanning a QR code.
- Messaging: Users should be able to send text messages, images, and videos, with features such as read receipts, typing indicators, and the ability to edit or delete messages.
- Secret chats: Users should be able to start encrypted one-on-one chats with the same functionality as regular chats with one exception: all messages have to be encrypted using an end-to-end algorithm.
- **Login/Signup**: Implement a login/signup page and the necessary functionality for user authentication and account creation.
- **User profile**: Users must be able to create a profile with a profile picture, username, and other information.
- **Search users**: Users must be able to search for other users by username or other information.
- **Add contacts**: Users must be able to add contacts by searching for their username or scanning a QR code.
- **Messaging**: Users must be able to send text messages, images, and videos. Apart from that you must implement these features:
- **read receipts**
- **typing indicators**
- **edit** or **delete** messages.
- **Secret chats**: Users must be able to start encrypted one-on-one chats with the same functionality as regular chats with one exception: all messages have to be encrypted using an end-to-end algorithm.
### Bonus:
Group messaging: Users should be able to create or join group chats with multiple users having at least the same functionality as regular chats.
- **Group messaging**, where users are able to create or join group chats with multiple users having at least the same functionality as regular chats.
Push notifications: Users should receive notifications of new messages or friend requests using the firebase_messaging package.
- **Push notifications**, where users can receive notifications of new messages or friend requests using the firebase_messaging package.
## Suggested Packages for Flutter and Firebase:
#### Suggested Packages for Flutter and Firebase:
- firebase_auth
- cloud_firestore

68
subjects/mobile-dev/secure-messenger/audit/README.md
unescape_control_characters View File

@ -1,23 +1,69 @@
#### Functional
> In order to run and hot reload app either on emulator or device, follow the [instructions](https://docs.flutter.dev/get-started/test-drive?tab=androidstudio#run-the-app)
> In order to run and hot reload the app either on emulator or device, follow the [instructions](https://docs.flutter.dev/get-started/test-drive?tab=androidstudio#run-the-app)
###### Was the app committed within the required time period?
###### Does the app run without crashing?
###### Does the app run without crashes?
###### Does the app contain a `login/signup` page?
###### Sign up withing your email. After signing up, try to log in to the messenger, can you authenticate?
##### Signup as new user, and login to your account.
###### After successful log-in, enable boimetric authentication via either fingerprint or face recognition and try to log in.
###### Can you successfully authenticate?
###### Search for any other user and try messaging them. Do messages appear on other user's app?
###### Does the app have a user profile feature?
###### Check whether messages are encrypted using other user's public key.
###### Can users create a profile with a profile picture, username, and other information?
###### Can you update your profile information including name, picture, username?
##### Generate a QR code of your profile in the app.
###### Generate QR code of your profile via app, does it contain information about you and your profile?
###### Does it contain information about the user and his profile?
###### Try sending video, audio, images via chat. Does the recipient get all the files correctly?
###### Does the app support biometric authentication for user login?
###### Create secret chat. Messages should be encrypted end-to-end, meaning messages must only be visible to users, but not on the backend of the app.
##### Try to enable biometric authentication via either fingerprint or face recognition and try to login using one of them.
###### Was it possible to login using biometric authentication?
###### Is there a search feature that allows users to search for other users by username or other information?
###### Can users add contacts by searching for their username or scanning a QR code?
##### Search for any other user and try to create a chat and send him a message.
###### Do messages appear in another user's app?
##### Try sending video, audio, images in the chat.
###### Does the app support sending text messages, images, and videos?
###### Does the other user get all the files correctly?
###### Does the app indicate if the message has been read by the recipient? Can you see read receipts for your sent messages?
###### Can you see typing indicators when someone else is composing a message to you?
###### Can users edit the messages they have sent?
###### If a user edits a message, does the updated version replace the original message for all participants?
###### Can users delete the messages they have sent?
###### If a user deletes a message, is it removed from the conversation for all participants?
##### Check if the app include a secret chat feature where messages are encrypted end-to-end, meaning that the messages must only be visible to users, but not on the backend of the app.
###### Can users start encrypted one-on-one chats in secret chats?
###### Are all messages in secret chats encrypted using an end-to-end algorithm? (Ask the student to show you if necessary)
###### Does the app support both iOS and Android platforms?
#### Bonus
###### +Does the app provide appropriate error handling and error messages?
###### +Are there any additional security features implemented in the app to protect user data?
###### +Does the app have proper documentation and user guides available for users?
###### +Is the app responsive and user-friendly, providing a smooth user experience?

Write Preview
Loading…
Cancel
Save