CMSC-23-Pre-Final-Exam_240521_085717.pdf

Full Transcript

CMSC 23 - Reviewer Dominic B. Abelarde

ASYNCHRONOUS PROGRAMMING Future
A multithreaded model that’s most A result of an asynchronous
applicable to networking and computation
communications Two States
It is a non-blocking architecture ○ Uncompleted
Multi related operations can run Returns an uncompleted
concurrently without waiting for other tasks future
to complete That future is waiting for the
function’s async operation to
Difference of Async and Sync finish or throw an error
Asynchronous and Synchronous ○ Completed
methods offer advantages for different Operation succeeds
stakeholders Future completes with a
○ Async for Users value
○ Sync for Developers Completes with an error
Async
○ Multithreaded Complete with Value
○ Non-Blocking ○ Future // T can be any data
○ Increases throughput type or void
Sync ○ E.g Future / Future
○ Single-Threaded
○ Blocking Complete with Error
○ Slower and More Methodical ○ Asynchronous operation performed
by the function fails for any reason,
the future completed with an error
When to use Async?
Working with Features: Async & Await
Used in programming independent
tasks. To define an async function, add sync
Responsive UI before the function body
Await keyword works only in async
functions
Why Asynchronous Code Matters
We need it for some operations that we
need in our mobile application such as: STATE MANAGEMENT
○ Fetching Data over a Network State
○ Writing in a Database ○ Information that can be read
○ Reading from a File when the widget is built and
changed over a lifetime of the app
Asynchronous in Dart ○ setState() allows us to set the
properties of the state object
Asynchronous computations usually provide
that triggers the redraw of the
a Future as a Result
UI
Uses the Async and Await keywords
○ State of an app is everything
that exists in memory when the
app is running. This includes the
app’s assets, variables, UI,
animation state, textures, and

1
CMSC 100 - Reviewer

fonts.
State Management Notes:
○ Most popular and necessary You can use State and setState() to manage
processes in the lifecycle of an all of the state in your app
application There is also no clear-cut, universal rule to
○ Flutter is declarative distinguish whether a particular variable is
○ Flutter builds its user interface to ephemeral or app state
reflect the current state of your
application Provider Packages
It is an easy to use package that wraps
around InheritedWidgets that makes it
easier to use and manage
Widget listens to changes in the state and
update it as soon as they are notified
Flutter pub add provider
Types of Provider:
○ ListenableProvider
○ ChangeNotifierProvider
Types of Conceptual States ○ ValueListenableProvider
Ephemeral State ○ StreamProvider
○ Called the UI State or Local State ○ FutureProvider
○ The state you can neatly contain in a
single widget ListenableProvider
○ No need to use state management ○ Used for listenable objects. It will
techniques on this kind of state just listen, then ask widgets depending
use a StatefulWidget and the on it and affected by the state
method setState() change to rebuild
○ Examples:
Current page in a PageView ChangeNotifierProvider
Current progress of a ○ Similar to ListenableProvider but for
complex animation objects and calls
Current selected tab in a ChangeNotifier.dispose automatically
BottomNavigationBar when needed
○ notifyListeners()
App State Method specific for
○ Called the Shared State ChangeNotifier
○ The state when you want to share This method is called
many parts of your app anytime the model
○ Examples: changes in a way that might
User Preferences change your app’s UI
Login Info
Notifications in a Social ValueListenerProvider
Networking App ○ Listens to a ValueListenable and
Shopping Cart in an exposes the value
E-Commerce App
Read/Unread State of Articles StreamProvider
in a new App ○ Listens to stream, exposes the latest
value emitted, and asks widgets

2
CMSC 23 - Reviewer Dominic B. Abelarde

dependent on the stream to rebuild. ○ Screen
FutureProvider Contains the screens to be
○ Takes a Future class and updates the shown in the app.
widgets depending on it when the
future is completed

PACKAGES, PLUGINS, BACKGROUND TASKS
Context.watch()
○ Listens to the changes on the
provider model Packages
Open Source
Context.watch() Use the command flutter pub add
○ Returns the provider model without to place the package
listening to it. into your mobile app

Consumer
○ Calls the provider of a new widget
and delegates its build.
○ It is specifically rebuilds a specific
widget
○ It has a builder that has 3
parameters:
Context -> for build
method
Name of Model ->
Instance of the
Package Components
ChangeNotifier
○ Pubspec.yaml
Child -> Optimization
The metafile that declares
the package name, version,
Different State Management Packages author, and other
Provider information.
Riverprod ○ Lib
setState Public code in the package
InheritedWidget and InheritedModel
Redux Package Type
BLoC/Rx
Dart Packages
GetIt
○ General Packages written in
MobX
Dart
Binder
○ This package might contain Flutter
GetX
specific functionality and have a
dependency on the Flutter
Framework, restricting their use to
Section your Code into 3 Different Flutter only.
Folders
○ Model Plugin Packages
Contains the data ○ It is a type of package
structure/classes ○ Specialized Dart package that
○ Provider contains an API written in Dart
Contains the functions/logic

3
CMSC 100 - Reviewer

code combined with one or more Endorsed Federated Plugin
platform-specific implementations. ○ Implementation for a specific
○ Can be written for Android, iOs, platform is added to the plugin and
web, macOS, Windows or Linux. is automatically available to the app.

Foreign Function Interface (FFI) Non-Endorsed Federated Plugin
Plugin Packages ○ Need to manually add the
○ Specialized Dart package that dependencies for a platform then it
contains an API written in Dart code is non-endorsed
combined with one or more
platform-specific implementations Background Process
○ This are the foreign function ○ Implementing Dart Code, even
interfaces though your app is not the currently
○ Used to call native C APIs, and to active app
read, write, allocate, deallocate ○ Example:
native memory Notifications
Sensors
Creating your own package
○ Use flutter create Isolates
-template=package ○ Dart’s model for multithreading,
though an isolate doesn’t share
memory with the main program
Implement the Package ○ Used by creating callbacks and
○ Add the functionality inside the main callback dispatchers
lib/.dart
WorkManager Plugin
Federated Plugins ○ This plugin enables persistent
Ways of splitting support for different background processing that
platforms into separate packages. keeps tasks scheduled through
It uses one package for iOs, another for app restarts and system reboots
Android, for the web, and for IoT devices ○ https://pub.dev/packages/workmana
It allows a domain expert to extend an ger
existing plugin to work for the
platform they know best
DATA PERSISTENCE AND NETWORKING
Federated Plugins Requirements
○ App-Facing Package Data Persistence
Package that users depend
on to use the plugin The capability to have data that the app
○ Platform Package uses or relies on to continue to be
One or more packages that available regardless of changes to the
contain platform-specific app’s state as it moves through the app
implementation of code cycle.
○ Platform Interface Package Different Types of Persistent Data in
Links the app-facing packing Android:
to the platform package ○ App-Specific Storage
○ Shared Storage
○ Preferences

4
CMSC 23 - Reviewer Dominic B. Abelarde

○ Databases is uninstalled
○ Network Connection

App-specific Storage Network
○ Store files that are meant for ○ Store data on the web with your
your app’s use only, either in own network server.
dedicated directories with an internal
storage volume or different Data Persistence in Flutter
dedicated directories with external
storage. Using SQLite
○ Internal storage is used to save Read and Write Files
sensitive information that other Store key-value data on disk
apps shouldn’t access.
○ No permission needed for internal USING SQLite
storage. ○ Uses the sqlite and path plugin
○ Files are removed when the app ○ Uses SQL statements in insert,
is uninstalled. delete, update, queries compared to
other local persistence solutions
Shared Storage
○ Store files that your app intends to Read and Write Files
share with other apps such as ○ Uses the pathprovider
media, documents, and other files. ○ Pathprovider is a
○ Should use the MediaStoreAPI or platform-agnostic way to access
Storage Access Framework and commonly used locations on the
must include permissions in device’s file system
reading and writing to the external ○ Temporary (cache) and Documents
storage. Directory
○ Files are not removed when the
app is uninstalled. Store key-value Data
○ Uses the SharePreferences
Preferences Plugin
○ Store private, primitive data in ○ Limitations that it can only save
key-value pairs. primitive data types (String,
○ This uses the SharedPreferences StringList, Int, Double, Bool)
API to save values. ○ Not Designed for storing large
○ This enables you to save and amounts of Data
retrieve persistent key-value
pairs of primitive data. Categories of Storage Locations
○ This can be any primitive data: ○ Internal
booleans, floats, ints, longs, and ○ External
strings.
○ Files stored in preferences are Flutter Networking
moved when uninstalled. ○ Uses the HTTP package
○ In the Android Manifest, it must
Databases include the permission for INTERNET
○ Store structure data in a private
database JSON and Serialization
○ Files are removed when the app ○ Serialization refers to the process to

5
CMSC 100 - Reviewer

converting object to string while Make sure things work
deserialization is from string to an Systematic + Automated
object QA
○ Manual Serialization Types of Testing
○ Code Generation Libraries ○ Unit Testing
Manual Serialization ○ Widget Testing
○ Use the built in library ○ Integration Testing
dart:convert
○ Use the jsonDecode() returns a
Map Unit Testing
○ Use the.fromJson() to ○ Easiest method to test an
construct a new object with the data application. It is based on ensuring
from the map structure. the correctness of a piece of code. It
○ Use the toJson() converts an object does not reflect the real
to a map instance. environment.

Code Generation Libraries Widget Testing
○ Use json_serializable or built_value ○ Ensuring the correctness of widget
○ Json_serializable creation, rendering and interaction
allows the user to make with other widgets as expected. It
regular classes serializable by goes one step further and provides a
using annotations real-time environment to find more
○ Built_value bugs.
provides a higher level way
of defining immutable value Integration Testing
classes that can also be ○ Involves both unit testing and
serialized to JSON. widget testing along with external
components of the application like a
Firebase database or web service. It
○ Backend-as-a-Service (BaaS) app simulates or mocks the real
development platform that provides environment to find all bugs early.
hosted backend services such as
realtime database, cloud storage, Test-Driven Development (TDD)
authentication, crash reporting, ○ A software development approach
machine learning, remote where tests are written before the
configuration, and hosting for your actual code
static files.
App Releasing
Change Icon
TESTING, DISTRIBUTION AND Change App Name
MONETIZATION Sign the App
Release Config
Flutter Testing
Testing is an important phase in the Change Icon
development cycle. It ensures that the ○ Go to pubspec.yaml
application is of high quality. ○ Flutter pub get
It requires careful planning and execution. flutter_launcher_icons

6
CMSC 23 - Reviewer Dominic B. Abelarde

○ Then add these lines. ○ Introduced Asset Packs and
Dynamic Features

Monetization
Ads
In-App Purchases
Payments

Change App Name Ads
○ Go to Android Manifest ○ Easily integrate with Google AdMob
○ Change Android label and Ad Manager ads directly in your
Flutter app.

In App Purchases
○ Built in-app revenue with Google
Play and App Store support for
Flutter.

Sign your App In Payments
○ You need to create a keystore. ○ Seamlessly accept payments with
○ Keystore is used to verify the multiple providers in your Flutter
ownership of an application by app.
providing a digital signature.
○ You need to configure the reference
from the app
○ Configure the gradle file inside the MOBILE SECURITY
app. Mobile Security
○ The process of developing,
Releasing adding, and testing security
○ Type in the terminal: flutter build features within the application
appbundle to prevent security vulnerabilities
○ If you want an apk: flutter build apk against threats such as unauthorized
access and modification
Android Application Package (APK)
○ The file that is to be installed on a Open Worldwide Application Security
device Project (OWASP)
○ Contains all of the app’s file and ○ A Nonprofit foundation that
code inside works to improve the security of
○ Signed with app’s certificate software
○ Community-led open source
Android Application Bundle (AAB) projects including code,
○ Publishing format that includes documentation, and standards
all your app’s compiled code and ○ Over 250+ local chapters worldwide
resources and defers APK ○ Tens of thousands of members
generation and signing to Google ○ Industry-leading educational and
Play training conferences
○ Introduced in 2018

7
CMSC 100 - Reviewer

OWASP Top 10 Mobile Risks 2024 ○ Harm the victim by destroying or
1. Improper Credential Usage manipulating the victim’s critical
2. Inadequate Supply Chain Security data.
3. Insecure Authentication/Authorization
4. Insufficient Input/Output Validation (7) Insufficient Binary Protection
5. Insecure Communication ○ There is sensitive information in the
6. Inadequate Privacy Controls app/code itself
7. Insufficient Binary Protections
8. Security Misconfiguration (8) Security Misconfiguration
9. Insecure Data Storage ○ Example: you did not change the
10. Insufficient Cryptography default password or the system is in
development mode
(1) Improper Credential Usage
○ Hardcoded Credentials (9) Insecure Data Storage
○ Insecure Credential Transmission ○ Storing data in plain text
○ Insecure Credential Storage ○ Shared to all
○ Weak User Authentication
(10) Insufficient Cryptography
(2) Inadequate Supply Chain Security ○ Weak Encryption Algorithms
○ Lack of Security in Third-Party ○ Insufficient Key Length
Components ○ Improper Key Management
○ Malicious Insider Threats
○ Inadequate Testing and Validation Flutter Testing
○ Lack of Security Awareness
Flutter Security Strategy is based on 5 Key
Pillars:
(3) Insecure Authentication / ○ Identity
Authorization What risk happened
○ Presence of Insecure Direct Object ○ Detect
Reference (IDOR) vulnerabilities Where the risk happened
○ Hidden Endpoints ○ Protect
○ User Role or Permission Protect the data
Transmissions ○ Respond
Action to secure data
(4) Insufficient Input/Output ○ Recover
Validation Retrieve the data that has
○ SQL Injection been damaged
○ Inadequate Output Sanitization
Code Obfuscation for (7) Insufficient
(5) Insecure Communication Binary Protection
○ No Secure Sockets Layer/Transport ○ Process of modifying an app's
Layer Security binary to make it harder for
humans to understand. This
(6) Inadequate Privacy Controls hides function and classnames
○ Impersonate the victim to commit a in your compiled Dart code
fraud,
○ Misuse the victim’s payment data,
○ Blackmail the victim with sensitive
information or

8
CMSC 23 - Reviewer Dominic B. Abelarde

Obfuscation Examples of Mobile Analytics
○ Android/iOS/macOS supported ○ Advertising KPIs
○ Linux/Windows not supported ○ Funnel Analysis
○ Web - minified ○ App performance and usage
○ flutter build apk --obfuscate ○ Heatmaps
--split-debug-info=/ ○ Retention rates
/ ○ Click-through rates
○ Conversion rates
○ Response rates to push notifications
and marketing campaigns
GROWTH, ANALYTICS, AND BEYOND APPS
AND PHONES
Types of Mobile Analytics
Growth of Mobile Development ○ Mobile Advertising
○ Market Size amounted to 228.98 ○ App monetization
billion USD in 2021 ○ Performance analysis
○ Projected to have a Compound ○ In-app engagement
Annual Growth Rate of 14.3% from ○ Mobile analytics for product teams
2024 - 2030 (est. 567.19 billion ○ Mobile analytics for marketing teams
USD) ○ Mobile analytics for UI/UX teams
○ Gaming Application segment of ○ Mobile analytics for technical teams
mobile applications held the largest
revenue share of 34.0% in 2023.
Key Mobile Metrics
○ Android mobile apps were large but
○ Mobile Downloads
iOS generated 62.0% of the
○ Uninstalls
revenue.
○ Heatmaps and user session
○ Asia Pacific dominated the market
recreations
and accounted for over 32.0% of the
○ Session length and depth
revenue share in 2023.
○ Retention Rate
○ Key players in the mobile market are
○ Churn Rate
Apple Inc., Google LLC, Microsoft
○ Sessions
Corporation, Amazon Inc. and
○ Session Intervals
Gameloft SE
○ Factors that Drive the Mobile
Application Market Future of Mobile Application
Smartphone Proliferation Development
Increase Internet Penetration ○ 5G
Growing use of technologies The focus of 5G is speed. It’s
such as Machine Learning & not just faster than 4G.
Artificial Intelligence Allows users to connect to
different networks, connect
with wearables, devices, and
Mobile Analytics
machines.
○ Measuring and analyzing data
Information transfer of
generated by mobile platforms
milliseconds, and reducing
and properties
latency which provides a
better user experience.

9
CMSC 100 - Reviewer

○ AR and VR move beyond gaming such as an electrocardiogram
AR and VR, Augmented and also can be used to be
Reality and Virtual Reality used as
which imposes artificial
images and objects on ○ Security
real-life objects. more information is online so
However, AR and VR are no there is a fear of consumer
longer solely for gamers; security and privacy.
these technologies are
rapidly expanding to other
industries, including travel,
real estate, and retail.

○ AI. AI everywhere
Artificial Intelligence can
stand out in facial and
speech recognition -
biometric markers.
AI can be used to improve
user safety and data security
in fraud detection.

○ Blockchain goes beyond
cryptocurrency
Blockchain goes beyond
cryptocurrency, blockchain is
essentially a digital ledger
that securely records
transactions.
This is now often used in
mobile wallets and p2p
(person to person) payment
systems. This can improve
speed and security.

○ Wearables are more
sophisticated
Wearables can be watches,
earbuds, and other smart
devices.
These wearables can fulfill a
range of functions from voice
activation for phone calls, to
helping the number of steps.
Not only smart devices can
be used to do these trivial
things but they can also be
helpful in health monitors

10