Keystore Woes

We have taken down the listing for our original app. The current incarnation of Project Student Housing is available here.

Obviously, unlisting an old app only to publish the new version is problematic for all of our legacy users, as they will never receive the bug fixes as an update. They have to navigate the confusing process of uninstalling the original app and download a (seemingly identical) version on the Google Play Store. Far from ideal.

However, we had no choice, having lost the original keystore used to sign the APK. Without understanding the necessity of signing all future versions of the same app with the same keystore, the original was overridden in the process of generating new signed APK with a new keystore with the same name assigned to the same location on our local drive.

After our class on reverse engineering apps from the APK file, the necessity of a unique keystore/app pairing is obvious – to prevent the app from being cloned and launched on the Google Play Store without our authority. However, I personally feel that Android Studio should further highlight the importance of saving keystores in a secure location at the time of generation. It is too tempting to save a keystore within the application itself, which (as is the case for this class) gives anyone with access to our public Github repo to publish a clone. To a beginning developer this vulnerability is not so obvious.


The updates themselves were quite simple, if extremely important. The Google Maps API Key has been updated to fix our grey screen issue that was preventing users from viewing listings. As our core functionality, this was a grave problem.

The app also checks that new listings are within proximity of Tufts University, and that all input fields have been filled out. Users were posting incomplete listings incongruous with the rest of our data on Firebase.

The users have spoken, and want two added features head and shoulders above the rest. First, pictures of the listings. Second, contact information for the landlords. We are committed to implementing at least both of these before the end of the semester. A system for rating properties would be great, but demands implementing user registration so that a single individual cannot flood a property with positive or negative reviews.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s