CMSC 23 Layouting iOS Apps

Questions and Answers

Study Notes

Layouting iOS Apps in Flutter

• Use the Cupertino package for creating iOS UI elements in Flutter.
• Essential for operations like data fetching, database writing, and file reading.

Asynchronous Programming in Dart

• Asynchronous operations return a Future, representing a computation that may not have completed.
• The async keyword marks functions that will use asynchronous capabilities.
• The await keyword is used to pause execution until the Future completes.

Future State Management

• A Future can be in two states: uncompleted or completed.
  • Uncompleted: Occurs immediately when an async function is called; waiting on completion.
  • Completed: Indicates the async operation finished, either successfully (with a value) or with an error.

Differences Between Async and Sync

• Async (Asynchronous):
  • Multi-threaded and non-blocking, allowing multiple operations to overlap.
  • Generally improves throughput and efficiency.
• Sync (Synchronous):
  • Single-threaded and blocking, causing operations to wait for the previous one to finish.

When to Use Async

• Useful for managing ephemeral (UI) states which can be easily handled without extensive state management techniques.
• Recommended for scenarios where state updates are needed based on user actions.

Types of Providers in Flutter

• ListenableProvider:
  • Used with listenable objects; triggers rebuilds in dependent widgets upon state changes.
• ChangeNotifierProvider:
  • Designed for ChangeNotifier objects, facilitating state management by invoking dispose to free resources.

Data Persistence in Flutter

• Use SQLite with the sqlite and path plugins for persistent storage that remains available during app state changes.
• Leverage local storage options based on use-case needs, whether for sensitive data or general app files.

Different Types of Persistent Data

• App-Specific Storage:
  • Utilizes internal and external storage for application-specific files.
• File Reading/Writing:
  • Access common file locations through the path_provider package.

Types of Testing

• Unit Testing:
  • Validates the correctness of small code pieces; does not emulate real-world environment interactions.
• Widget Testing:
  • Ensures correct widget creation and rendering, allowing for real-time interaction testing.

App Releasing Tips

• Change App Icon:
  • Edit pubspec.yaml and run specific commands to configure the icon path.
• Change App Name:
  • Adjust the application name in the Android Manifest file.

Flutter Security Considerations

• Emphasis on five pillars: Identify, Detect, Protect, Respond, Recover.
• Risks to address:
  • Insecure credential handling (storage, transmission).
  • Dependency vulnerabilities in third-party components.
  • Insufficient input/output validation (e.g., SQL injection).
  • Secure communications through protocols like SSL.

Obfuscating Flutter Code

• Utilize obfuscation tools during build to enhance code security:
  • Command example: flutter build apk --obfuscate --split-debug-info=//

App State and State Management

• notifyListeners() method triggers UI updates in a Flutter app when the model state changes.
• Utilizes ChangeNotifier for managing shared state across the app.
• Essential for applications requiring dynamic UI updates based on model changes.

Flutter State Providers

• ValueListenableProvider: Listens to a ValueListenable and exposes its value for UI updates.
• StreamProvider: Monitors a stream, exposing emitted values, and prompts associated widgets to rebuild.

Security Concerns

• Sensitive information in app/code should remain protected.
• Code Obfuscation is the technique used to modify binary code, making it difficult to understand.
  • Hides function and class names within compiled Dart code.

OWASP Mobile Risks 2024

• Improper Credential Usage: Involves hardcoded credentials, insecure credential transmission/storage, and weak user authentication.
• Inadequate Supply Chain Security: Risk from third-party components, malicious insiders, and lack of security awareness.
• Insecure Authentication/Authorization: Risks include insecure direct object references and hidden endpoints.
• Insufficient Input/Output Validation: Vulnerabilities such as SQL injection and inadequate output sanitization.
• Insecure Communication: Lack of secure communications protocols, leading to data vulnerabilities.
• Inadequate Privacy Controls: Potential for fraud through impersonation and misuse of payment information.

Flutter Security Strategy

• Consists of five key pillars: Identify, Detect, Protect, Respond, and Recover.

Mobile App Market Growth

• Mobile app market size was USD 228.98 billion in 2023, expecting a CAGR of 14.3% through 2024-2023.
• Key growth areas include mobile advertising, app monetization, performance analysis, and in-app engagement.

Wearable Technology

• Sophistication of wearables includes devices such as watches and smart earbuds.
• Capabilities extend beyond basic tasks to health monitoring and smart home integration.

Consumer Concerns

• Increased online information exchange raises fears regarding consumer security and privacy risks.

Description

This quiz focuses on layouting iOS applications using the Cupertino package in Flutter. It covers essential operations necessary for mobile applications, including data fetching and database interactions. Prepare to test your understanding of iOS app development in Flutter.