BondoMan is an Android application that provides a comprehensive solution for users to manage and recap their financial transactions. Built with Kotlin, it offers a range of features designed to create, track, and analyze personal or business transactions.
Built for the fulfillment of IF3210 Platform-Based Development Project 1
- User Authentication: Secure login system with JWT authentication to protect user data.
- Interactive Dashboard: Navigate through different features like Transaction Menu, Scan Menu, Graph Menu, and Settings Menu with visual cues on the navbar for active menu items.
- Transaction Management: Add, edit, and delete transaction records with attributes such as title, category (Income, Expenditure), amount, and location.
- Transaction History: Offline-accessible transaction history using Room Database implementing the Repository Pattern.
- Google Maps Integration: Interactive map display for transaction locations, allowing users to open locations directly in Google Maps.
- Scan Receipts: Digitize transaction details by scanning receipts, with options to retake scans or save them to the transaction list.
- Graphical Summary: Visualize transaction summaries through graphs, with support for both portrait and landscape orientations.
- Export Transactions: Save transaction lists as .xlsx or .xls files for external use and archiving.
- Email Integration: Send transaction lists via GMail, attaching the spreadsheet as a file.
- JWT Expiry Check: Background service to check for JWT expiry, with automatic logout or re-login as defined behavior.
- Network Sensing: Detect internet connectivity and prompt users when offline, ensuring the app remains functional without an active connection.
- Randomize Transaction Feature: A special function in the Settings Menu to add randomized transactions to the list.
- Twibbon: A special scanning feature that integrates a twibbon image into the captured image.
Ensure you have Android Studio installed to build and run the application. You'll also need an Android device or emulator with at least Android API level 29.
- Clone the repository:
bash git clone https://github.com/yourusername/transaction-recap-app.git - Open the project in Android Studio.
- Build the project and run it on your Android device or emulator.
After logging in, you will be presented with a dashboard containing all features. Navigate using the navbar to add transactions, view summaries, or adjust settings.
Insufficient input validation is a security risk where an application fails to properly validate input coming from outside the application (like user input, files, network inputs, etc.). This can lead to various security vulnerabilities, including SQL injection, cross-site scripting (XSS), and buffer overflows, which attackers can exploit to manipulate the system.
In the context of mobile apps, insufficient input validation could allow malicious input to affect the backend server or other parts of the application. It could also result in improper output being displayed to the user, potentially leading to information leakage.
Security misconfiguration happens when an application is not securely configured, or when secure settings are not defined, implemented, and maintained as defaults. This can happen at any level of an application stack, including the network, platform, web server, application server, database, and application itself.
In mobile apps, this might involve misconfiguring security headers, having unnecessary services running on the device, or failing to properly configure and patch issues promptly.
Insecure data storage refers to vulnerabilities where sensitive data is not securely stored, potentially leading to unauthorized access and data breaches. In mobile applications, this often relates to storing sensitive information unencrypted on the device's persistent storage (like using SharedPreferences in Android without proper encryption).
The risk is that if a device is compromised, an attacker could easily access and extract sensitive data, such as personal details, credentials, or financial information.
Analysis from the OWASP for BondoMan Application
- M4: Insufficient Input/Output Validation
- Login page - email validation, and credentials validation
- Transactions edit and create - type validation
- [Tambahin lagi]
- M8: Security Misconfiguration
- Token Expiration Service - Time-based expiration checking, using token bearer
- Login Service - Service to handle login logic
- Bill Service - Uploading Bills into the backend server
- Network Service - Service to handle network configuration
- M9: Insecure Data Storage
- Using Encrypted Shared Preferences to store sensitive data like tokens and authorization so that other users can't easily access
Perbaikan yang sudah dilakukan adalah input field yang diberikan hint, menjadi lebih besar, dan juga tidak fixed-height.
| NIM | Name | Features |
|---|---|---|
| 13521089 | Kenneth Ezekiel | Login, Logout, JWT Expiration, Network Sensing, Broadcast Receiver |
| 13521151 | Vanessa Rebecca | Header navbar, CRUD Transactions, View Transactions |
| 13521171 | Alisha Listya | Scan bill, Transactions graph, Settings, Save and send transactions, Twibbon |