Programming Mobile Systems Activities&Case

                                                                                                                 Only module 1

Activities 1

1. Who is the current leader in mobile device sales?

1.谁是目前移动设备销售的领导者？

According to recent reports in IDC Tracker(4 August 2022),Samsung is one of the market leaders in mobile device sales(24.1%),followed closely by Apple(18.8%).Other notable brands include Huawei(14.6),Xiaomi(11.0%),and OPPO(8.4%).

根据IDC Tracker最近的报告，三星电子是移动设备销售的领导者，其次是苹果公司。其他竞争对手包括华为、小米和OPP0等。

2. What is the current Operating System shipment leader?

2.当前的操作系统出货量领导者是什么？

According to recent reports in IDC Tracker(4 August 2022),at the time of writing Android in the previous quarter has 83.8% of device shipments followed by iOS (16.2%) .

根据IDC Tracker最近的报告，在撰写本文时，上一季度Android的设备出货量占83.8%，其次是iOS（16.2%）.

3. Should you always target your applications to the leader in market share? Give a few reasons for your answer.

3.您是否应该始终将您的应用程序定位于市场份额的领导者？给出你的答案的几个理由。

Yes, I think targeting the applications to the leader in market share is necessary. Targeting the leader in market share will bring greater visibility, larger customer base and increased credibility to the application although positioning your app as a market share leader may leads to limited market potential, bringing stiff competition and limit the ability to innovate base on some factors like complacency.

Activities 2

1. What was the earliest smartphone?

1. 最早的智能手机是什么？

According to Wikipedia, the first smartphone was the IBM Simon,which was released in 1993.

2. What technology was used and where/when was it used for the first mobile payment system?

2. 第一个移动支付系统使用了什么技术以及何时何地使用？

The first mobile payment system was used in 1997 in Helsinki,Finland.The technology used was SMS(Short Messaging Service) which allowed customers to purchase a soda from a vending machine by sending a text message to the machine.

3. What is the main difference between 3G and 2G networks?

3. 3G和2G网络的主要区别是什么？

The main technological different between 3G and 2G networks was that 3G used packet switching instead of circuit switching. This meant that instead of allocating specific circuits (radio frequencies) for a conversation, the conversation could be broken into packets so that many conversations could be transmitted on the same circuit.

4. What is the main difference between 4G and 3G networks?

4. 4G和3G网络的主要区别是什么？

The main difference between 4G and 3G networks is that the packets became IP packets which 
meant that mobile devices were just another device on the Internet. This meant that the Internet 
routing protocols and voice calls were just another collection of data packets finding their way across the Internet.

Activities 3

1. Can GPS operate with less than four satellites visible?

1.GPS能在不到四颗卫星的情况下运行吗？

Yes it can but accuracy is reduced. An exception is if the GPS receiving device has an accurate clock then it is only necessary to have three satellites for a position reading that is as accurate as four satellites. One of the things you will soon notice if you program the GPS on your device is that you will require clear sight of the satellites and GPS accuracy is dependent on lack of obstructions between the satellite and your device. GPS is not very accurate inside buildings, particularly large concrete or metal buildings.

2. How accurate is it?(GPS)

2.它有多准确？（GPS）

Accuracy is dependent on a number of factors. If four satellites are in unobstructed view then the 
accuracy can be within a few metres. However there are other contributing factors:
▪ Atmospheric effect will impact accuracy. Wikipedia states that signal impacts from the ionosphere are the major cause of inaccuracy
▪ Increased accuracy can result from accurate altitude readings, e.g. in a ship or airplane
▪ Very accurate clocks in the receiving device can increase accuracy
▪ Accurate radio reception analysis, e.g. in military equipment, can more accurately measure the 
arrival of the GPS signal. Devices to do this are currently expensive but may appear in consumer 
equipment at some time.

3. Does the user have to be making a phone call to determine the location?

3.用户是否需要打电话来确定位置？

No. If the phone is turned on, then it stays in contact with cell towers even when no phone call is taking place.
4. How accurate is it?(Mobile phone tracking)

4.它有多准确？（手机跟踪）

There are several levels of tracking. The cell network tracking in Australia can provide information about in which cell the phone is active. A cell in a city may be as small as a square kilometer but in regional area to can be much larger. There are also GPS tracking software apps that use the phone GPS to transmit fairly accurate information about its location. For example, there is an app for providing information with a triple-zero call in Australia. Wikipedia also mentions “Forward-link” technology which allows improved tower based tracking but this is not implemented in Australia at the time of writing.

Activities 4

1. Can you think of a use of a mobile device “free-fall” detector? Any problems?

1.你能想到使用移动设备的“自由落体”探测器吗？有什么问题吗？

A “free-fall” detector can detect acceleration due to the earth’s gravity. So if the phone is in free fall, by using some calculations an app can compute that somebody has dropped (or thrown) the 
telephone or the person holding it. Possible actions the app could take are to turn off any delicate hardware while the free fall is detected as is implemented in some laptop computers. Note that the accelerometer will also be able to detect the end of the free-fall, e.g. when the device hits the ground. It may be too late at this point to save the hardware but if the device is still working the information may be logged for reference by the device manufacturer.

2. Can you think of another use of accelerometers in mobile devices?

2.你能想到在移动设备中再使用加速度计吗？

You may have already seen how some games use the accelerometer as a controller. Other uses include monitoring the user’s motion, e.g. counting steps or monitoring driving ability. The accelerometer can also be used to determine the way the device is being held (landscape, portrait, upside down or any angle in between). This can be done by comparing the accelerometer readings with the knowledge that gravity produces 9.8m/s2 true vertical acceleration at ground level. It is also possible to use accelerometers with image stabilisation techniques. This works as a camera moves during frame exposure or between frames in a video, the accelerometer can give feedback to image processing software so that it can adjust the image. There would be many other interesting applications that you may think of.

Activities 5

1. What is the latest version of Android? Which version runs on most devices?

1.最新版本的安卓系统是什么？哪个版本可以在大多数设备上运行？

The latest version of Android is Android 13,which was released in May 2022.The version that runs on most devices currently is Android 12.

2. What was the name of the company that originally developed Android?

2.最初开发安卓系统的公司的名字是什么？

Android Inc. Most of the main people from this company stayed with Google after they purchased it.

3. Why is memory management an important feature of Android (and other Mobile Operating Systems)?

3.为什么内存管理是安卓系统（和其他移动操作系统）的一个重要功能？

Memory management is a critical feature of Android and other mobile operating systems because mobile devices often have limited resources,particularly memory.Effective memory management is essential to ensure that apps run smoothly and do not crash due to insufficient memory.
Android and other mobile operating systems use a range of tools and techniques to manage memory.One critical aspect of memory management is garbage collection,which involves freeing up memory that is no longer in use by the application or the system.Mobile operating systems also use techniques such as memory paging and memory compression to optimize the use of available memory. Effective memory management is particularly important in mobile devices because they have limited amounts of memory compared to desktop or laptop computers.Mobile devices also tend to have more limited processing power and smaller batteries,so memory
management plays a critical role in maximizing performance and battery life. In addition to improving performance and maximizing battery life,effective memory management also helps to improve overall system stability and prevent crashes and other issues caused by insufficient memory.Overall,memory management is a critical feature that ensures mobile devices remain usable and reliable even with their limited resources.

Activities 6

1. What is the latest version of iOS?

1.iOS的最新版本是什么？

As of February 19, 2023,the latest version of iOS is iOS 16.3.1.

2. What is the relationship of iOS to OS X, the Apple desktop computer OS?

2.iOS和苹果台式电脑操作系统OS X之间的关系是什么？

 IOS and OS X share the same kernel but have different application frameworks. An app written for OS X will not run on iOS.

3. What is “Jailbreaking” and why is it used?

3.什么是“越狱”？为什么要使用它？

Jailbreaking means bypassing (hacking) the Apple restrictions on the iOS software. In Wikipedia 
this is phrased in kinder terms as “adding functionality not allowed by Apple”. There are various 
commercial and quality reasons why Apple does not allow certain functionality for users. By restricting the features of iOS Apple can provide a quality of service not possible with the open environment of other systems. On the other hand, this may restrict functionality desired by the
users. As an example, one of the Jailbreaking purposes is to install different operating systems on Apple hardware. This would mean apple would have no control over the applications deployed and any problems experienced by the user may reflect badly on Apple.

Activities 7

There are two cross-platform development environments:
 
- Cordova
- Xamarin
 
  1. Describe each system in terms of programming language and how they can target multiple platforms.

1.用编程语言来描述每个系统，以及它们如何针对多个平台。

Cordova is based on JavaScript, CSS and HTML standards which are also part of modern web browsers. Since most mobile devices implement web libraries to access the Web, Cordova can capitalise on standard software. Cordova is the underlying library for the ionic framework programming we will be using in this unit.
Xamarin is a C# environment where applications are written once in C# and interface with various wrapper libraries that convert to the native environments (e.g. Java for Android and Objective-C for iOS). There is only a small overhead in the translation, probably less than the scripting language overhead introduced by Cordova.

2. What do they cost?

2.它们要花多少钱？

Cordova is free. Xamarin has a licencing fee. The reason Xamarin was not considered for this unit is that the licensing fee for students was time limited when development of materials started.

3. Using your experience in programming, which of these do you think will be the most difficult to develop applications?

利用您的编程经验，您认为哪一个是最难开发应用程序的？

From my perspective, I think Xamarin will be the most difficult to develop application while Cordova is simpler. Indeed, in general, scripting languages are easier to learn and use for programming.In addition, like most scripting language, they are less precise and less programming errors are detected before run-time than with properly typed languages such as C#.

Activities 8

1. What are the relevant Australian legislation (laws) for mobile app privacy?

1.澳大利亚关于移动应用程序隐私的相关法律（法律）是什么？

Privacy Act 1988 – this Act contains a set of Australian Privacy Principles (APP) that apply to 
specific classes of information. For example, APP7 applies to direct marketing.

2. The above reading lists five types of data as ‘personal information’. Can you think of some others?

2.以上阅读列出了五种类型的数据为“个人信息”。你能想到其他的人吗？

Personal information examples are listed on page 3: photographs, IP addresses and device IDs, contact lists, biometric information (voiceprint, fingerprint, etc.) and location information. Note that this definition says personal information is information that can uniquely identify a person. Other types of information that may be classified as ‘personal information' could include:
• identifiers like license numbers, student ID, passport number, Medicare number
• phone number, e-mail address
• office or home address
• financial accounts such as credit card, tax number or bank account

3. List the ways that implementing good privacy systems may make your app more popular.

3.列出实现良好的隐私系统可能会使你的应用程序更受欢迎的方法。

The studies from "Mobile privacy A better practice guide for mobile app developers" show the attitude of users to various privacy issues. These are issues that repel users from websites and mobile apps. In general, the more transparent your privacy policy and the less data you request, the more acceptable your app will be.

4. Describe in point form what the reading defines as a PIA should contain.

4.以点的形式描述阅读定义为PIA应该包含什么。

A PIA is a Privacy Impact Assessment which is designed as a systematic way to find and address privacy concerns for your app.

Based on the studies Mobile privacy A better practice guide for mobile app developers, A PIA: 
• describes how personal information flows in a project 
• analyses the possible privacy impacts on individuals’ privacy
• identifies and recommends options for managing, minimising or eradicating these 
impacts
• analyses the project’s effect on individual privacy
• helps find potential solutions and manage privacy impact through this analysis
• can make a significant difference to the project’s privacy impact and still achieve 
or enhance the project’s goals, and
• encourages good privacy practice and underpins good risk management.

Activities 9

1. If your app has a website, should your privacy policy cover the website as well?

1.如果你的应用程序有一个网站，你的隐私政策也应该包括这个网站吗？

This will depend on the interaction between your website and the app. A very simple app and 
website may be able use the same policy. However, if the website has its own interfaces (e.g. via 
browser) or if the website communicates with other apps or servers then there are other 
considerations. Your app’s privacy policy should cover all possibilities from the app user’s point of view. If the app has a small interaction with a complex server then the app’s privacy policy may have less to consider than the server’s. However, the Website may pass on information to other apps so this must also be addressed by the app’s privacy policy.

2. The reading mentions ‘trading personal data’ for benefits. Can you think of reasons this may be attractive to the user?

2.阅读中提到了“用个人数据”换取福利。你能想到这可能会吸引用户的原因吗？

The examples shown include trading contact details for extended warranties, product information 
distributed as e-mail or website access, access to forums, software updates or other useful 
information. All of these will have value to many users.

3. The reading mentions the minimum requirements for a privacy policy. Which one of these do you think that dubious or lazy app developers would not include?

3.阅读中提到了隐私政策的最低要求。你认为可疑的或懒惰的应用程序开发者不包括哪一个？

All of these may be deliberately avoided because of the less honest intentions of app developers. 
For example, the list in the reading has the following deliberate avoidance motivations which 
correspond to each point:
• Your contact details may be deliberately left out so the user has difficulty in finding you.
• You may collect data without telling the user you are collecting it
• You may secretly send data to a server
• You may on-sell user data or use it for unscrupulous activities
• By not telling users how to get their data corrected or deleted, you make it difficult for them to 
request this even though you are required to do this by law
• By not telling users how to make a complaint you make it difficult for them to find out how to 
do it.
• Many people are concerned about their private data being stored offshore where there are 
different privacy laws. For example, if your data is stored on many US-based cloud systems 
the US government legally has complete access.

4. When does the reading recommend that notice and consent be obtained?

4.阅读建议获得通知和同意？

The reading recommends consent be obtained before the app is downloaded. This is before the 
app executes so that no data can be obtained. It is also before the user can see what the app is doing and become warry of its action. Note that as soon as the app is executed it can silently obtain much private information, such as location data, contacts data and other device information.

Activities 10

1. Explain the concepts of opt-in and opt-out as applied to privacy in a mobile app.

1.解释在移动应用程序中应用于隐私的选择加入和选择退出的概念。

Opt-in and opt-out are about the default privacy arrangements for an application. Opt-in means you deliberately accept some arrangement, perhaps by clicking on an agreement. Opt-out means you accept an arrangement by default and have to go about opting out of the arrangement. Opt-out is considered less desirable because you may not know what the default arrangement is and you may also have difficulty in finding the opt-out mechanism. On the other hand, opt-out may be considered annoying when the user wants to get started straight away without interruptions.

2. How could you handle data deletion on a server for users who do not use the app for a long time and possibly have deleted it without your knowledge?

2.对于长时间没有使用应用程序的用户，并且可能在你不知情的情况下删除，你如何处理服务器上的数据删除？

Most privacy agreements have a clause that says data will be deleted if a server is not accessed 
for a certain time period. They may or may not provide an e-mail warning before the data is deleted. Some may provide ways to back up the data as well. This time limit will cater for the case an app is deleted because, from a server’s point of view, it will not know if the app is deleted or has just not been used for a long time.

Activities 11

1. Why do you think the first recommendation is to make a single person responsible for security?

1.你认为为什么第一个建议是让一个人对安全负责？

Making a single person responsible for security means all of the security aspects are considered by a single person. This is desirable because there are so many aspects to security, multiple people responsible will miss some aspects. It also provides a single point of contact for users and authorities when privacy issues are raised.

2. The second reading identified some extra threats (wireless networks, device theft). How do you think you could count them?

2.第二次阅读发现了一些额外的威胁（无线网络、设备盗窃）。你认为你能怎么数出来呢？

The threat of wireless networks is eavesdropping by devices in range of the wireless network that intercepts your apps communications with servers or other devices. The point here is that your app on its mobile device is reliant on the owners or maintainers of the wireless network to secure data on the network. This is not reliable so you should take your own precautions to secure data received or transmitted by your app. This means using secure communications channels like HTTPS protocol or encrypting files for data transfer.Device theft is an issue when a thief can access the data on the device using another app. Even if your app has its own security implemented, data may be stored on the device in unencrypted files. Server credentials are particularly sensitive because they could be used to recover server data as well the data stored on the device. To improve security the data on the device should be encrypted as well.

3. List the privacy concerns that you must monitor after the app is released.

3.列出你在应用程序发布后必须监控的隐私问题。

 After the app is released you must be able to react to evolving security threats. This may involve 
providing patches to your app. Such threats will come from many different sources, including the 
device hardware, the device operating system, the libraries you have used for your app development and any server-side software that may require client app updates. There is also the possibility that a user will discover vulnerabilities in your own design that you were not aware of when the app was released. To maintain the user’s trust you must react to these threats in a systematic way.

Activities 12

1. Search for the latest child privacy information. What are some of the issues that are outstanding now as you read this?

1.搜索最新的儿童隐私信息。当你读到这篇文章的时候，有哪些突出的问题？

A majority of child websites/apps do not
• Taylor privacy messages to a child viewer (i.e. they assume adult readers). This is an issue 
because, as explained in the text, the website/app developer is responsible for finding out 
whether the user is responsible enough to make privacy decisions. Writing privacy information 
in adult terms is more likely to result in the user not responding or deliberately ignoring the 
message.
• Prevent a child from being re-directed from the site, i.e. to a less trustworthy site with lower 
standards. This can be hidden in advertisements for example. This means that a website/app 
developer should take measures to help protect child users.
• Have ineffective age verification. The suggested method is to have active verification rather 
than just a notice saying you should leave the website or stop using the app. ‘Active’ means 
verification questions that will help confirm the child’s age. A weak one of these is “What year 
were you born?” which would require a child who wanted to bypass detection to compute the 
correct year, which in turn indicates some maturity at least in mathematics development.

2. Search for the Health Information Privacy on the OAIC website. Besides traditional healthcare providers, who need to be aware of the healthcare information privacy requirements?

2.在OAIC网站上搜索健康信息隐私。除了传统的医疗保健提供者之外，谁还需要了解医疗保健信息的隐私要求呢？

There are many health requirements. The ones that seem to be currently under discussion are:
• Visible privacy policy for traditional medical practitioners. For example, does your doctor have 
a prominently displayed privacy policy when you see her? While this example is not really an 
app developer issue, you can see how privacy is not treated well when it is required to be by 
law (APP 1 in this case)
• Disclosure of health information is also an issue. For example, disclosing a patient’s 
information for the direct marketing is only be allowed after consent is given. Remember, 
health information includes data such as heart rate, body temperature, motion detected 
activity and other data collected by mobile apps and wearable devices attached to them. If 
your app collects this information you have to obtain consent to give it to anyone else.
• The ability to view and correct any data you have collected is also a right for your users.
• The ability to delete information collected by an app or any other means is a right. If you do 
not allow deletion when requested by a user you are breaching the regulations.
• Government identifiers such as Medicare numbers are tightly controlled and their privacy is 
also regulated.

3. Search for the Financial Information on the OAIC website. Besides the tax file legislation and the Credit Providers legislation, what financial information needs protection and how is it protected in Australia?

3.在OAIC网站上搜索财务信息。除了税务档案立法和信贷提供者立法，哪些财务信息需要保护，在澳大利亚如何保护？

The main issue appears to be compliance by small businesses to the Privacy Act. This includes the customer’s personal information and its viewing, correct and deletions as listed above. However, it also includes credit information and tax file number legislation requirements. The crediting reporting concern is with credit ratings and their privacy. Credit ratings are provided by various companies and their use is tightly regulated. As an app developer, it is unlikely you will need to interface with a credit rating provider unless you were directly working for them.

4. Can you think of another type of information that has special protection in Australia (or will have soon) that may have implication for an app developer?

4.你能想到另一种在澳大利亚有特殊保护的信息（或者很快）会对应用开发者有影响的信息吗？

If you look at the “Speeches” section of the reading you will see the commissioner is concerned 
with cross-border privacy. This is the transfer of data across national borders. The example given was that data stored in the USA was accessible by the US National Security Agency (NSA). This means companies such as Facebook who store users’ data in USA cloud-based servers expose their users to access by the NSA. For people resident in other countries, this means that laws for those countries, e.g. in Europe, were being breached. As an app developer, this means you may have to consider what country your data is physically saved when it is not saved on the mobile device.
The second issue identified, was “meta-data”. At the time of writing, there were proposals to force telephone companies to save meta-data for two years. If your app used the Internet then the telephone company was required to save meta-data about your app’s communication with web servers. It was not clear exactly what metadata was collected. However, at the time of writing it appears that it will be the Internet provider’s responsibility to save this information, not the app developer.
The final issue was that maintaining privacy is not about what individual pieces of data are saved. When there are lots of individual pieces of data in different places, new software techniques can be used to make connections between those pieces of data to identify users when no individual piece of data could be used to do it.

CASE

Read carefully the specification below. The remainder of this part of the quiz
refers to this mobile application. 
An app is required for parents to track their children. The app has the following 
features: 
- There are two apps, the one that tracks (installed on the parent’s device) the 
one that is tracked (installed on the child’s device) 
- The app will send a message to the parent’s device every 30 minutes 
(configurable) showing the location of the tracked mobile device. 
- The parent can configure locations where the app will immediately send a 
message. 
- The app will interface with a public mapping software to show a history of the 
mobile device’s location on a map on the parent’s device. 
- The app is configurable: 
Period for sending messages 
Locations that prompt immediate messages 
Alarms on both apps (warning to child/parent) 
- The app does not: 
o have a channel for voice contact 
o prevent uninstall operations on the child’s device (the parent will have 
the last location) 
o implement a configuration interface on the child’s app (it’s on the parent’s 
app) 
(12 Marks) Consider all the privacy and security aspects of this system by 
explaining (3 marks each): 
a. Who is responsible for the privacy and security of the app (which aspects 
are allocated to whom)? 
b. How should transparency be applied (privacy policy, notice and consent) 
c. Are there data management issues? How should they be handled? 
d. How should the security of data be handled? 
Note that a. – d. overlap somewhat, so it is OK to mix answering each part. 
There are also many approaches for each of the issues above, but you will only 
need to describe one valid one. 
In answering the questions, you will see that the ‘Security and Privacy’ Topic is divided 
into four main sections that correspond to each of the a. – d. The additional section in 
the topic refers to specific applications (health, finance and children) that have their 
own legislated requirements. In this case, the child protection laws apply. 
The marking for this has 3 marks for addressing each of the 4 main sections in Topic: 
Security and Privacy in Module 1 but also the additional section where it applies (child 
protection in this case). In marking for each section, half will be for general 
understanding (so you can prepare before the quiz!), and half will be for the specific 
application to the case study. 
In answering the four parts follows. Note that you could take a different approach, and 
you may come up with other ideas in the quiz. The following is just example answers 
and optional answers. 
a. A developer is morally and legally responsible for the privacy of app users. That 
applies to employees as well as organisations. In this app, the developer is 
responsible for ensuring the privacy of the location information (both real-time 
and stored information). This includes accessibility by other apps and 
accessibly of data in transmission between the two apps above. It also applied 
to any temporary location, e,g, a server could be used to store and forward the 
location information. 
A developer, due to children being involved, is responsible for securing the 
child’s app so other people cannot access or modify the private information. For 
example, the child’s app may need a password to access its configuration, and 
this needs to be implemented by the developer. 
The physical security of the devices is not the developer’s concern; the users 
are responsible. 
There are other things that optionally be listed here, e.g. strength of the 
password (should the programmer enforce this or leave it to the user), should 
the programmer disable device location services that are accessible by other 
apps (is that the user or the other app developer) or the telephone network (is 
that the telephone network’s responsibility?), etc. 
b. The privacy notice should only be accepted by the parent, and it should be 
accepted for both apps in this case. This is complicated because we have not 
specified the age of the child. Theoretically, a child under 15 cannot accept a 
notice. A child 15 to 18 may be considered able to accept their own notice, but 
since this is an app tracking children, some sort of acknowledgement by a child 
over 15 would be advisable, even if not enforceable by law. This raises the 
question of when the child’s app should be visible or hidden on their device. 
If the app is hidden, then the purpose of the app may be changed, allowing one 
adult to install the app on another adult’s device without their knowledge. A 
solution could be to have periodic messages appearing on the child’s device 
notifying them that someone else has accepted the privacy condition. 
c. The general data management rule is that only enough data, as necessary,
should be stored on a device. The minimum amount in this example 
specification is that the recent locations of the child’s device are stored on the 
parent’s device but not on the child’s device. The data should not be stored on 
the child’s device or on a server, except perhaps in transit to the parent’s device. 
The length of time to store the data has not been specified, so the programmer 
should make a reasonable choice. For example, the last 100 locations or 
perhaps the last week’s locations could be chosen. You could also say that the 
user will be given the option. 
d. Securing data is related to the previous points. Data should be encrypted as it 
passes between the child and parent’s apps. Data on the parent’s and child’s 
app should be kept in sandboxed storage only accessible to the app. Any 
passwords (child or parent’s app) should be encrypted and stored on the 
device. You should also ensure data is deleted when the app is deleted. You 
should also ensure all the software components used in the app do not “leak” 
data to servers or other apps, i.e. there are no security issues with the 
development software.