Mridul Gupta Supervisor :- Prof

MONITORING SYSTEM

Enrolment Number : - 9911103487 Name :- Mridul Gupta Supervisor :- Prof. Himanshu Mittal

December - 2014

Submitted in partial fulfillment of the Degree of

Bachelor of Technology

Computer Science Engineering

DEPARTMENT OF COMPUTER SCIENCE ENGINEERING & INFORMATION TECHNOLOGY

JAYPEE INSTITUTE OF INFORMATION TECHNOLOGY, NOIDA

(I)

TABLE OF CONTENTS

Chapter No. Topics Page No.

Student Declaration II

Certificate from the Supervisor III

Acknowledgement IV

Summary V

List of Figures VI

List of Tables VII

Chapter-1 Introduction Page No to Page No

1.1 General Introduction 11-12

1.2 List some relevant current/open problems. 13

1.3 Proposed Solution 14

1.4 Novelty/benefits 15

Chapter-2 Background Study Page No to Page No

2.1 Literature Survey 16-31

2.1.1 Paper 1 16-17

2.1.2 Paper 2 18

2.1.3 Paper 3 19-21

2.1.4 Paper 4 22-23

2.1.5 Paper 5 24-25

2.1.6 Paper 6 26-27

2.1.7 Paper 7 28-29

2.1.8 Paper 8 30-31

2.2 Results of literature survey 32-34

Chapter 3: Analysis, Design and Modeling Page No to Page No

3.1 Requirements Specifications 35

3.2 Functional and Non Functional requirements 36-37

3.3 Design Documentation 38-40

3.3.1 Use Case diagram 38

3.3.2 Control Flow Diagram 39

3.3.3 Sequence Diagrams 40

3.4 Risk Analysis and Mitigation Plan 41-42

Chapter-4 Implementation and Testing Page No to Page No

4.1 Implementation details and issues 43-46

4.1.1 First Phase Implementation 43-44

4.1.2 Final Phase Implementation 45-46

4.2 Testing

4.2.1 Testing Plan 47

4.2.2 Component decomposition and type of testing required 48-51

4.2.3 Limitations of the solution 51

Chapter-5 Findings & Conclusion Page No to Page No

5.1 Findings 52

5.2 Conclusion 52

5.3 Future Work 53

References ACM Format Page No to Page No

54-56

Appendices Page No to Page No

57-59

Brief Bio-data (Resume) of Student 60-62

(II)

DECLARATION

I hereby declare that this submission is my own work and that, to the best of my knowledge and belief, it contains no material previously published or written by another person nor material which has been accepted for the award of any other degree or diploma of the university or other institute of higher learning, except where due acknowledgment has been made in the text.

Place: Noida Signature:

Date: 29/12/2014 Name: Mridul Gupta

Enrollment No: 9911103487

(III)

CERTIFICATE

This is to certify that the work titled “Child Monitoring System” submitted by “Mridul Gupta” in partial fulfillment for the award of degree of B.Tech of Jaypee Institute of Information Technology University, Noida has been carried out under my supervision. This work has not been submitted partially or wholly to any other University or Institute for the award of this or any other degree or diploma.

Signature of Supervisor :

Name of Supervisor : Prof. Himanshu Mittal

Designation : Assistant Professor

Date : 29/12/2014

(IV)

ACKNOWLEDGEMENT

I would like to place on record my deep sense of gratitude to Prof. HIMANSHU MITTAL, faculty, Jaypee Institute of Information Technology, India for his generous guidance, help and useful suggestions.

I express my sincere gratitude to Prof. Himanshu Mittal, Dept. of Computer Science & Engineering, Jaypee Institute of Information Technology , India, for his stimulating guidance, continuous encouragement and supervision throughout the course of present work.

I also wish to extend my thanks to Prof. Himanshu Mittal and other classmates for their insightful comments and constructive suggestions to improve the quality of this project work.

Signature of Student :

Name of Student : Mridul Gupta

Enrolment No : 9911103487

Date : 29/12/2014

(V) SUMMARY

As penetration rates of smartphones, tablet PCs, and other devices for internet access increase, the number of children using mobile phones and accessing the internet will rise. The children do not possess the knowledge to differentiate between good or bad. And that’s where parents come in. Agreements or rules about children’s use of mobile phones are not made in all families, and even where they are made, they are not always followed. We created an application which fetched the database from different applications in the mobile.

For example:-

1. The call details from the target mobile are fetched. In this the caller id, duration of the call, the type of the call (incoming or outgoing) and frequency of call is added in the log file. 2. The contact list of the target mobile is also fetched. 3. The message history, date and time of message of the target mobile is added in the log file. 4. The browsing history of the mobile is also fetched and added to the log file. 5. Chat details from the database of Social chat apps are also fetched. 6. These details are then mailed attached with log files to the email of the user. 7. The application is divided in two parts, pro and basic versions. In basic versions some limited functionalities are provided and in pro all the functionalities are available.

______

Signature of Student Signature of Supervisor

Name: Mridul Gupta Name : Prof. Himanshu Mittal

Date : 29/12/2014 Date : 29/12/2014

(VI)

LIST OF FIGURES

Figure Title

1 Use Case Diagram 2 Control Flow Diagram 3 Sequence Diagram 4 Implementation Snapshots

(VII)

LIST OF TABLES

Table Title 1 Risk Analysis 2 Testing Plan 3 Testing Required 4 Test Cases

Chapter 1:Introduction

1.1 General Introduction

"Kids that can't even talk will walk up to a TV screen and try to swipe it like an iPad or an iPhone."

What is the extent of technology use in primary-aged children?

Primary-age children are connected, mobile and social. We see the evidence of this every day with our own eyes – children appear to be going online younger and younger, with the rapid uptake (and almost hypnotic appeal) of tablets and other touch screen devices. But anecdotal evidence is also supported by research findings.

 The vast majority (95 per cent) of eight to 11 year olds had accessed the internet ‘in the last four weeks’, with almost all having accessed the internet at some point in their lives.  Thirty-seven per cent of eight to nine year olds and 51 per cent of 10 to 11 year olds have – at some time – accessed the internet via a handheld mobile device.  While the majority in this age group accesses the internet at home, increasing numbers are using technology at school and at a friends’ house, away from direct parental supervision.

The most popular activities include playing games, private messaging, posting comments and posting their own status updates. In other words, they ‘like’, they post, and they share just the same as their older counterparts. And they value it, very much. In fact, the proportion of eight to nine year olds who rated the internet as ‘very important’ had doubled since 2009.

What are the main issues arising from high internet usage?

Around one fifth of eight to 13 year olds reported seeing or experiencing something on the internet in the last year that bothered them. Also, we saw a slight rise in the number of children aged eight to nine years reporting that they had been cyberbullied (up from one per cent in 2009 to four per cent in 2012). Around 10 per cent of 10 to 11 year olds and 17 per cent of 12 to 13 year olds also reported that they had been cyberbullied.

What do parents need to be aware of?

 Parents need to talk to their children about staying safe as soon as they start becoming active in the online world.  They need to monitor children’s time online.  They need to find out what is the child up to online.  Parents need to model the kind of positive online behavior they would like their children to use.

1.2 Current Problem

40% of children access the internet from mobile phones and the rate of usage increases as children get older. Frequency of use is extremely high in India, with 18% accessing the mobile internet more than 11 times per day and over a third of children accessing it more than six times a day. Overall, 7% of children use their mobile as the main device to access the internet. However, a high proportion of children with smartphones use them as their primary access to the internet, with 56% in Japan, 42% in India and 41% in Paraguay.

Use of social networking services and microblogging via mobile phones by children is not yet mainstream. Overall, 29% of child mobile phone users’ access social networking and microblogging sites using their phones (Figure 5-1-1). Egypt has the highest proportion with 47%, while Japan, Paraguay and India have rates of 21%, 17% and 14% respectively. The overall proportion of parents who use their mobile phones to access such sites is only 12% (Figure 5-1- 1). In each country children surpass their parents: 30% of parents in Egypt use their phones to reach these sites, with 9% in Japan, 4% in Paraguay and 3% in India. Moreover there is no correlation between parents’ and children’s use of social networking and microblogging sites, indicating that parental use does not influence children’s use of such sites.

Agreements or rules about children’s use of mobile phones are not made in all families, and even where they are made, they are not always followed.

1.3 Proposed Solution

The proposed solution includes making an application to monitor children and their daily online activities. The application will keep a list of activities that the children performed during the day and send the report to their respective parents/guardians.

It's frightening how easy it is for children to stumble upon inappropriate content, whether they're using your phone for just a few minutes or their own device. While the latest versions of Android and iOS includes app restriction features and marketplace filtering, that's not enough for many parents. This is where child monitoring system steps in, allowing parents to monitor their child’s daily activities, his contact details, monitor calls, SMS and Internet activity.

Just as we prepare our kids for life in the real world, we should prepare them for life in the online world.

Features:  Fetching Contacts  Fetching SMS  Fetching browser information  Fetching messaging details  Creating Log File  Sending mail through SMTP

1.4 Novelty/Benefits

Also rules about children’s use of mobile phones are not made in all families, and even where they are made, they are not always followed.

The child monitoring system will make logs of child contacts, child browsing history, messages and call history. The application will run in the background of the mobile and will not be easily detectable by the child. After the end of the day the log file will be send to the parent mobile using SMTP.

The parents can then check the log file and see if the child was cyber bullied or was involved in any non-desirable activity.

Chapter 2: Background Study

2.1 Literature Survey

2.1.1Paper 1

Title: Multi-platform Strategies, Approaches and Challenges for developing Mobile applications

Authors: Parag Gokhale, Sachchidanand Singh, Business Analytics Division IBM Software Lab, Pune, India

Year of Publication: 2014

Publishing details: International Conference on Circuits, Systems, Communication and Information Technology Applications (CSCITA)

Weblink: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6839274&url=http%3A%2F%2Fieeexplo re.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6839274

Summary: The three choices for developing mobile applications are Native, Web, and Hybrid apps. All the major mobile operating systems (iOS, Android, Windows, etc.) provide a Software Development Kit (SDK) to develop Native apps using respective, proprietary programming interface. Native apps provide the best possible user experience since it can utilize all of the operating system features.

The native application development offers the ultimate user experience and performance for mobile applications, the trade-off is often a fragmented set of development tools and multiple

16 versions of an application to serve the same user need – because different versions must be made for each type of device or operating system. Hybrid apps attempts to bridge the gap between the Native and the Web apps. It uses the power of web delivery and the finesse of Mobile user experience. User interface looks and feels like Native apps and has access to device features like Camera and GPS which are not available to pure Web apps.

There are two deployment options for hybrid apps on mobile. First is Local Hybrid Application which wraps HTML and JavaScript rendering in a manner similar to the structure of a native application. The communication with its server typically uses REST APIs[10]. Second is Server Hybrid Application which, on the other hand a web application uses built-in browser and the server may detect the client to be a hand-held device and adjust form-factor for its response[10].

2.1.2 Paper 2

Title: Security Testing in Android Networks – A Practical Case Study

Authors: Ray Hunt (Adjunct Associate Professor, University of South Australia, Adelaide, Australia)

Year of publication: 2013

Publishing details: ICON 2013

Web link: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6781950

Summary: This paper talks about different vulnerabilities in an android mobile. Vulnerabilities like data leakage and file stealing. Before making an android app ourselves we should be aware of the security flaws of the android operating system. Attacks in Bluetooth environment by the way of the bluemaho and bluediving exploits are talked about which focus on traffic injection, spoofing, sniffing, unauthorized access and DOS attacks. Then, an exploit named android file stealer was demonstrated in which by just entering the url of the website a file gets downloaded and uploads them to the attacker server. Oddly enough this glitch was not present until android 4.1. Also, there is an app store malware and image stealer, which disguises itself as a weather application and uses GPS of the mobile but actually searches for images in the memory in the background. Lastly, the Spambot engine. Once the app is started it runs correctly and displays various “Quotes” which can be read. However, this app has some hidden malware and while the quotes are being read, the malware examines the victim’s contact list and establishes a spambot such that every person on the contact list is now spammed.

2.1.3 Paper 3

Title: A Review of Computer forensic &Logging System

Authors: Mayank Saxena, Nikhil Kumar Singh, Satyendra Singh Thakur, Parmalik Kumar Department of Computer Science and Engineering Department of Computer Science and Engineering Patel College of science & Technology Bhopal, M.P, INDIA.

Year of Publication: 2013

Publishing details: International Journal of Advanced Research in Computer Science and Software Engineering

Weblink: http://www.ijarcsse.com/docs/papers/january2012/V2I1023.pdf

Summary Computer forensics use the science of forensics to hunt a crime scene for evidence of what happened, by whom it happened, and who did what to whom. In the case of computer forensics, the crime scene is the machine that was hacked, the victim is the entity to which the computer belongs, and the hacker is the criminal.

Log files are considerable sources for determining the health status of a system and used to capture the events happened within a computer system and networks. Many logs within an association contain records associated with computer security which are generated by many sources, including operating systems on servers, workstations, networking equipment and other security software’s, such as antivirus software, firewalls, intrusion detection and prevention systems and many other applications. In Cyber forensic, log files are like the black box on an 19 airplane that records the events occurred within an organization’s system and networks. Logs are composed of log entries that play a very important role in evidence gathering and each entry contains information related to a specific event that has occurred within a system or a network.

Multiple Log Sources – Logs can be found on many hosts throughout the organization that should be required to conduct log management throughout the organization.

Heterogeneous Log Content – Log file capture certain pieces of information in each entry, such as client and server IP addresses, ports, date and time etc.

Inconsistent Timestamps- Usually every application who generates logs uses the local timestamps i.e. the timestamps of the internal clock. If the host’s clock is not synchronized or inaccurate, then log file analysis is more difficult, especially when the environment has multiple hosts.

Multiple Log Formats-

Many of the log source types use different formats for their logs, such as comma-separated or tab separated text files, databases, syslog, Simple Network Management Protocol (SNMP), Extensible Markup Language (XML), and binary files.

Log Generation- The first tier contains the hosts that generate the log data. Some hosts run logging client applications or services that make their log data available through networks to log servers in the second tier.

Log Analysis and Storage- The second tier is composed of one or more log servers that receive log data or copies of log data from the hosts in the first tier.

Log Monitoring- The third tier contains consoles that may be used to monitor and review log data and the results of automated analysis. Log monitoring consoles can also be used to generate reports.

2.1.4 Paper 4

Title: Effective Risk Communication for Android Apps

Authors: Christopher S. Gates, Jing Chen, Ninghui Li, Senior Member, IEEE, and Robert W. Proctor

Year of Publication: 2013

Publishing details: 5th International Conference on security and Social Networking 2013

Weblink: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6684532&refinements%3D42919 44246%26matchBoolean%3Dtrue%26queryText%3Dandroid+application+installation

Summary: The ubiquitous usage of these mobile devices poses new privacy and security threats. Our entire digital lives are often stored on the devices, which contain contact lists,email messages, passwords, and access to files stored locally and in the cloud. Information security and privacy are issues for users of all types of electronic devices. With regard to smartphones, users are more concerned with privacy on their phones than on computers, and they especially worry about the threat of malicious apps.However,although people are shown the permissions an app requests before it is installed, they do not understand them well.

Users make many decisions that affect the overall state ofsecurity of any system with which they interact. For security and privacy, most of these decisions relate to the risk to which the individual or system is exposed. Consequently,improving security decisions by users involves taking into consideration factors that influence a user’s risk perception and decision making

The Android system’s in-place defense against malware consists of two parts: sandboxing each app, and warning the user about the permissions that the app is requesting.Specifically, each app runs with a separate user ID,as a separate process in a virtual machine of its own, and by default

22 does not have the ability to carry out actions or access resources which might have an adverse effect on the system or on other apps without requesting permission to do so from the user..

The risk communication mechanism for permissions relies on the assumption that a user understands and makes an informed decision when presented with a list of permissions requested by an app. For most permissions, risks must be inferred because they are not explicitly stated in the description . When browsing a specific app from the Google Play website, a user is able to see details about the app via a series of tabs at the top of the page.

2.1.5 Paper 5 Title: Machine Learning for Android Malware Detection Using Permission and API Calls

Authors: Naser Peiravian and Xingquan Zhu

Year of Publication: 2013

Publishing details: 2013 IEEE 25th International Conference on Tools with Artificial Intelligence

Weblink: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6735264&url=http%3A%2F%2Fieeexplo re.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6735264

Summary: The Google Android mobile phone platform is one of the most anticipated smartphone operating systems on the market. The open source Android platform allows developers to take full advantage of the mobile operation system. malware applications commonly use following three types of penetration techniques for installation, activation, and running on the Android system.

1.Repackaging This approach normally starts from popular legitimate Apps and misuse them as malware.The developers normally download popular Apps, disassemble them, add their own malicious codes, and then re-assemble and upload the new App to official or alternative markets.

2.Updating This technique is difficult to detect. In this technique the developer needs to include an update component that will download malicious code at runtime.

3. Downloading

This is the traditional attack technique, malware developer need enticing users to download interesting and attractive Apps,indulging them in downloaded more and more of these kind of apps.

APK: Android Application Package file. Each Androidapplication is compiled and packaged in a single file thatincludes all of the application code (.dex files), resources,assets, and manifest file.

Android Security Approach-Android security model highly relies on permission-based mechanism. There are about 130 permissions that governaccess to different resources. An Android application requires several permissions to work. Google also categorizes Android permissions into four threat level:- Normal Permission,Dangerous Permission,Signature Permission,System Permission.

Android Permission Settings Every Android application package (APK) has an Android-Manifest.xml file in its root directory. Manifest file declares which permissions the application must have in order to access protected parts of the API and interact with other applications.

Android API Calls The Android platform provides a framework API that Apps can use to interact with the underlying Android system. most Apps use a large number of APIs, it motivates us to use API calls of each application as feature to characterize and differentiate malware from benign Apps.

2.1.6 Paper 6

Title: Studying the Effectiveness of Android Application Permissions Requests

Authors: Kevin Benton, L. Jean Camp, Vaibhav Garg Year of Publication: 2013

Publishing details: 5th International Conference on security and Social Networking 2013

Weblink: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6529497&url=http%3A%2F%2Fieeexplo re.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6529497

Summary: Due to the prevalence of privacy-invasive spyware and malware in traditional computing environments, newer platforms have shifted towards a permissions-based model Under this, applications must explicitly request access to classes of sensitive information such as location, contacts, etc. These requests should clearly indicate the types of sensitive information accessible to an application.

Many traditional software vendors would only describe information collection in the end-user license agreements (EULA) . Additionally, more malicious vendors would simply omit this activity from the EULA, so even a full analysis of the EULA would not protect the user from data theft.

1. The Broken State of EULAs and Privacy Notices

Users often make security decisions based on prior peer behaviors but, then an application’s perceived popularity should impact installation decisions more than EULAs and privacy policies.In summary, the free-form EULAs and privacy policies in use today are ineffective at signaling the privacy implications of installing a piece of software (or using a website) to the majority of users.

2. Permission Based Applications

The default permissions completely sandbox the application so it cannot read any of the user’s data, access device peripherals (e.g. GPS), or send information over the network. In order to perform any of these tasks, the application declares upon installation its intent to access these items. The platform then prompts the user to grant or deny the permissions.

The Android Market interface may need to be modified to stress permissions or make them easier to understand for users.

2.1.7 Paper 7

Title: Considering Context Events in Event-Based Testing of Mobile Applications

Authors: Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana, Nicola Amatucci Year of Publication: 2013

Publishing details: IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops

Weblink: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6571621&url=http://ieeexplore.ieee.org/ie l7/6570842/6571592/06571621.pdf?arnumber=6571621

Summary: Context awareness of mobile apps yields several new challenges for mobile app testing too, since an app should be tested in any environment and under any contextual input . However, a considerable part of mobile app testing literature omits to consider the context-awareness issue, rather focuses on specific mobile problems such as testing in variable network conditions , security testing , performance testing , or GUI testing .

The user can be considered as a part of the context of an app , in event-based testing the application behaviour will have to be checked in response to several types of context event, such as:  User events produced through the GUI;  Events coming from the external environment and sensed by device sensors (such as temperature, pressure, GPS, geomagnetic field sensor, etc.);  Events generated by the device hardware platform (such as battery and other external peripheral port, like USB, headphone, network receiver/sender, etc.);  Events typical of mobile phones (such as the arrival of a phone call or a SMS message);  Events like the arrival of an e-mail or socialnetworks notifications, that are related to the factthat modern mobile phones are more and moreInternet connected.

To solve the problem of dynamic recognition of the context event classes which the app is able to sense and react, we adopted two different solutions. Indeed, the set of context events that the app is able to sense and react to includes two distinct subsets. The former subset includes events that can be sensed by listeners and managed by the relative handlers defined by the running component itself. This set can be deduced by Java reflection techniques,since Android apps usually dynamically declare listeners at run-time and code static analysis would not suffice. Thelatter subset includes events that may be managed by other app components and notified by means of Intent Messages. This set can be obtained by means of static analysis of the Android Manifest xml file of the application by searching for intent-filter tags reporting the set of Intent Messages to which any component of the application is sensible.

The more the app uses data from the context, the more the improvement becomes relevant.

2.1.8 Paper 8

Title: Hack Android Application and Defence

Authors: Xudong Wu, Xin Li Year of Publication: 2013

Publishing details: 3rd International Conference on Computer Science and Network Technology

Weblink: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6967202&queryText%3DAndroi d+Application

Summary: Android is an operating system which is based on Linux and is open source, which is mainly used for smart mobile devices, such as smart phones and pads.

Malware usually pretends some interesting application to allure uses to install it. After it is installed and started, it will steal user’s personal information and leak it to remote destination for evil purpose, and some malware will start paid service while the user not knows. Other’s attack methodsincluding utilizing the vulnerability of Android’s authorizationmanagement to promote malware’s permission to do evil activities and so on.

Android software hierarchy including several layers.Despite hardware layers, from top to down there are:

 Operating system layer, including linux kernel and drive.  Variables libraries and Android runtime environment layer, equal to middleware layer.  Application Framework layer provides APIs for application developers.  Application layer.

 AndroidManifest.xml in root directory, used to declare its permissions which is needed by this application.

 Classes.dex and user defined native library, which is the application’s execute file. Classes.dex stores Dalvik byte code.  Res directory in root directory, which stores application’s UI settings.  METE-INF directory in root directory, which is used to store the application releaser’s public key andapplication digital signature.

Dex file is composed by three parts: header part, indexpart and data part. Through header part we can know the index location and number and the start address of data.

1.Static Method

In this method the application’s execute files,that’s dex and/or apk files. The changing will happen before the installation or after the installation. Before the installation,we can change the package file:apk file; after installtion we must change the corresponding dex file in the directory dalvik cache which is in the target machine.

2. Dynamic Method

This method will change the memory mapped dex file while the application is running. In Android system, the instruction set of Dalvik can not change the application execute code.

3.Protection Method

A common method to protect this kind of attack is to to confuse the apk file to make it hard locate the attack point. If it can’t find the attack point then no effective attack will be happened.

2.2 Result of Literature Survey

2.2.1 Cost

Native apps often cost more to develop and distribute because of the distinct language and tooling ecosystems, which require more investment in developer skills if you need to develop for more than one platform. However, cost is dependent on many other factors as well, so native apps won’t be the most expensive option in every case. Building an excellent mobile web app also requires a high degree of developer expertise, so no matter which type of app you build, quality will always be expensive.

2.2.2 Code Reusability/Portability Perhaps the biggest weakness of native apps is their lack of portability to other platforms. The appeal of web apps is that you can have one codebase and run it on any major mobile platform. The appeal of hybrid apps is similar, because you are able to reuse a large amount of code for each platform. However, web apps aren’t 100% portable. Newer web standards aren’t always supported by the browsers on every device, so even web developers have to worry about compatibility issues. It should also be noted that native app web views are not the same as device browsers, and therefore have their own fragmentation issues.

2.2.3 Device Access

Although web apps can access some basic mobile device APIs, like the GPS for geolocation apps, they still have very limited hardware access. They don’t have support for Digital Rights Management (DRM), which is needed for many multimedia services, they can’t harness 32 background processing, and they can’t use secure storage outside of applications. There are some new standards currently being drafted by the W3C that will give web apps a few more capabilities for accessing device APIs, but for the next few years, hybrid apps and native apps will provide significantly more access to device APIs. Hybrid app frameworks have made a lot of progress getting access to most of the low level features, like the gyroscope and accelerometer.

2.2.4 UI Consistency Mobile web UI frameworks help web and hybrid apps build native-looking UI components, but differences still remain. The frameworks also have to stay up to date with major platform design updates like iOS 7. In iOS, a web or hybrid UI is especially apparent, because when UIWebView is used, the bitmap compositing does not happen in the hardware like it would for a native app. Subtle features like the bouncing effect at the bottom of a page on iOS can’t be completely recreated in JavaScript. That’s why the developers who built forecast.io (a web app that rivals native UX) recommend that you build an original UI for web apps, rather than trying to recreate the native UI and having your app look “wrong” to users.

2.2.5 Distribution

With app stores, native and hybrid apps are able to harness marketing tools such as rankings and featured placement all in a well-maintained system. Web apps, by contrast, don’t have to fulfill any app store requirements, and they are accessible through any compatible browser. The disadvantages for native and hybrid apps are the app store requirements and content restrictions. For web apps, the downsides are that you don’t get the marketing benefits of an app store. Web apps also have to be manually bookmarked if the user wants a shortcut on their homescreen.

2.2.6 Performance Native code will always be the most straightforward path to the snappiest performance. Hybrid app performance can be strong, but will sometimes suffer depending on how the tools build code to interface with the native OS. Web apps can have strong performance as well, if you have skilled web developers and use modern standards like appcache. Web and hybrid performance will also improve as mobile browsers get faster JavaScript engines. Other things that can help mobile web performance include using WebKit’s overflow scrolling to create scrolling divs, using tools like FastClick to speed up hyperlinks, and only animating GPU-accelerated properties. 33

2.2.7 Monetization

For web apps, you can make money through advertisements, subscriptions, or an app store for web apps, though the vast majority of app downloads still happen in the native platform stores. Native and hybrid apps have more options for monetization, including in-app purchases, platform-native ads, and the app purchase itself. However, to be in the high-profile native app stores, you need to hand over a percentage of your app download revenue to the company that owns the store (usually around 30%). There is also an initial fee to develop for the platform and deploy on the app store.

Chapter 3: Analysis, Design and Modelling

3.1 Requirement Specifications

Agreements or rules about children’s use of mobile phones are not made in all families, and even where they are made, they are not always followed.

3.2 Functional requirements and Non Functional requirements

Functional Requirements:

1. Fetching Contacts The contacts from the child mobile will be fetched and updated on a daily basis in the log file.

2. Fetching SMS The daily SMS from the child mobile will be fetched and updated in the log file on a daily basis.

3. Fetching browser information All the browsing history of the child will be retrieved in the log file that he or she visits.

4. Fetching messaging details The messaging applications that the child uses on his or her mobile, the messages will be retrieved from those applications and added to the log file.

5. Creating Log File The log file will be created in the mobile in a hidden locations in a loop of folders so that it is not easily detectable.

6. Sending mail through SMTP After the end of the day the log file will be sent in the mail through SMTP.

Non Functional Requirements:

1. SCREEN RESOLUTION & SCREEN FORM FACTORS

If you design your app for only low resolution screens, one of two things will happen if a user runs it on a high res screen phone – either the high res phone will not apply automatic pixel doubling in which case, your app will occupy a tiny area of the screen on the high res phone, or the high res phone will apply pixel doubling in which case your app’s UI might look odd in places where images and fonts are unnaturally large.

2. BATTERY USAGE

On mobile devices, the battery is a scarce and valuable resource. On a mobile phone in particular, the battery should remain maximally available for the phone application i.e. for making and receiving phone calls. Your application may therefore fall by the wayside if it drains too much battery. The definition of what constitutes ‘too much’ may vary depending on the nature of the application and the hardware capabilities of the platform it is running on.

3. INTERRUPTS, NOTIFICATIONS & MULTI-TASKING

When a phone call, SMS or some type of notification (such as a calendar notification) arrives, your mobile device will usually inform your application of this event. If the user chooses to respond to the event, the OS may either background your application or, in case of non-multi-tasking OS, simply terminate your application. In each case, the OS will usually give your application a chance to respond to the pause, background or termination event by invoking a handler method that you should implement.

3.3 Design Documentation

3.3.1 Use Case Diagram

3.3.2 Control Flow Diagram

3.3.3 Sequence Diagrams

3.4 Risk Analysis and Mitigation Plan

1 2 3 4 5 6 7 8 9 Risk Description Risk Probability Impact(I) RE Risk Mitigation Contingency Id of Risk Area (P) (P*I) Selected plan if yes plan if any. for mitigation on (Y/N) 1 The mail 0.3 H(5) 1.5 Yes The mail will sent through be sent in SMTP can encrypted be retrieved form to the in between. parent so that it is not retrievable by the hacker. 2 APIs to 0.6 M(3) 1.8 Yes There are share data some from some applications apps may with which not be messages can available. be retrieved. We will use those applications to monitor the child. 3 The mobile 0.4 M(3) 1.2 Yes Whenever the phone may mobile is switch off switched on, due to the battery application shortage. will check the time and send the mail at that moment.

4 Probability 0.1 H(5) 0.5 Yes The of user application uninstalling will run in the the background 41

application and the name of the application will be such that the child will not be able to know that its monitoring him/her. 5 The mail 0.6 H(5) 3.0 Yes The mail sent sent from will be from a the mobile main gmail may be account visible in through the inbox of SMTP and the user’s they will not mobile only. be visible in user’s mobile.

Chapter 4 : Implementation and Testing

4.1 Implementation Details and Issues

4.1.1 First Phase Implementation

4.1.2 Final Phase Implementation

Enter Email-Id

Testing

Enter the no. of hours you want the email to be recieved

4.2 Testing

4.2.1 Testing Plan

Name Responsibilities Anantdeep Singh  Fetch Contact Details  Fetch Browser Details  Fetch Call Logs  Fetch Social Chat Application Details  Fetch Mail Details  Research Work Mridul Gupta  Research Work  Creation of Log file  User Interface  Auto boot feature  Testing Rishabh Mehra  Research Work  Testing  Risk Analysis  Send E-Mail to parents via SMTP

Test Environment Software Items  Windows Operating System  Eclipse  Mail  Lint Testing Tool  Quadrant Testing Tool Hardware Items  Core i3 processor  4 GB RAM  Virtualization was enabled for intel atom HAX

4.2.2 Component decomposition and type of testing required

Type of Test Will Test Be Comments Software Component performed? Requirements Testing Yes Tested if all the functional and non- functional requirements are met. Unit Testing Yes Each module is tested independently for errors, so that no problems occur during the final phase. Integration Testing Performance Testing Yes Test of responsiveness Lint tool and stability under various workload. Stress Testing Yes It is tested if the Android 4.3,Android application performs 4.4.4,Android 4.0.2 under load or not. Compliance Testing Yes It is tested if the files are reaching the user’s mailbox on time or not. Load Testing No The application is meant to be used by a single user at a time only. Volume Testing Yes Carried volume testing on 4 devices with different size of data.

S. No. List Various Components (modules) Type of testing Technique for writing that require testing required test cases 1 Email Validation Unit Testing Black Box Testing 2 Internet Speed Unit Testing Black Box Testing 3 Android Compatibility Unit Testing Black Box Testing 4 5

1. Email Validation

Test Case id Input Expected Output Status 1 Anant Incorrect email id Pass 2 [email protected] Approved Pass 3 Rish.gmail.com Incorrect email id Pass 4 anant@gmailcom Incorrect email id Pass 5 [email protected] Approved Pass 6 [email protected] Approved Pass 7 Rishanab#gmail.com Incorrect Email id Pass 8 Rightorwrong67*^mail.com Incorrect Email id Pass 9 Pray345%ymail.com Incorrect Email id Pass 10 [email protected] Approved Pass

2. Internet Speed

Test Case id Input Expected Output Status 1 50 KBps Mail Sent Pass 2 30 KBps Mail Sent in some time Pass 3 20 KBps Mail Sent in some time Pass 4 3G Mail Sent Pass 5 2G Mail Sent Pass

3. Android Compatibility

Test Case id Input Expected Output Status 1 Android 2.3.4 Not Running Pass 2 Android 3.0 Not Running Pass 3 Android 4.0.1 Running Pass 4 Android 4.4 Running Pass

Lint Error Checking

Battery Power Test:

1. Normal use test: Start on a full battery and use the application for 6-12 hours and measure the battery level at the end of each ½ or 1 hour. You may use an automated testing tool to do this so as to keep the test running for the required time interval. This test will tell you how quickly your application drains the battery when in ‘normal’ use, with all the foreground and background features of the application running normally.

2. Idle run test: Turn off the screen lock and power saver modes on the device. Then start on a full battery and keep the application running on its main, home or dashboard screen as appropriate, and measure the battery level at ½ or 1 hour intervals. This test will measure the battery drain due to such things as intentional or unintentional automatic screen refreshes, and due to the background threads or services running in your application.

3. Screen lock test: Perform test (2) again but with the device screen in locked mode. This will allow you to test if your application is consuming any CPU and/or network resources (and hence the battery) when it’s not viewable to the user. In this case, to avoid unnecessary battery drain, you should pause / stop any kind of screen activity such as automatic screen refreshes and also pause / stop background thread or services in this mode.

4.2.3 Limitations of the solution

 Google doesn’t save its mail database on the mobile phone itself. So, it was impossible for us to fetch the database of Gmail in our application.  The application slowed down a couple of times and hanged. The reason behind it is still unknown but we are working on it.  The interface of the log files is not very readable. We are working towards providing the customer with a better view in the log file.

Chapter 5: Findings and Conclusion

5.1 Findings

With the increase in hacking attempts on Gmail, google is also increasing its security features in all of its products. As for instance, we found during our research that google doesn’t save its mail database on the mobile phone itself. So, it was impossible for us to fetch the database of gmail in our application.

5.2 Conclusion

We created an application which fetched the database from different applications in the mobile.

For example:-

5.3 Future Work

Adding to the conclusion, we are working towards building a better interface of the application with enhanced data mining techniques to show a filtered view of the log files to the parent.

As for example the browsing history will be categorized in different domains like Media, Movies, Education, Bad Content, etc.

We are still looking for better ways to make the application install on other phones without letting the user know that the application being install on his phone.

Eg . Hiding the application with a useful software. Then the application will run on background.

References

1. ALICE TRUONG (5 December 2013) THIS POPULAR FLASHLIGHT APP HAS BEEN SECRETLY SHARING YOUR LOCATION AND DEVICE ID, Available at: http://www.fastcompany.com/3023042/fast-feed/this-popular-flashlight-app-has-been- secretly-your-sharing-location-and-device-id (Accessed: 19th December 2014).

2. Android () Improving Your Code with lint, Available at: http://developer.android.com/tools/debugging/improving-w-lint.html (Accessed: 21st December 2014).

3. Christopher S. Gates, Jing Chen, Ninghui Li, Senior Member, IEEE, and Robert W. Proctor (2013) Effective Risk Communication for Android Apps, 5th International Conference on security and Social Networking 2013: IEEE.

4. DAILY MAIL REPORTER ( 2 December 2011) Revealed: The 'secret' app installed on millions of mobile phones that records your keystrokes, your browsing and reads your messages Read more: http://www.dailymail.co.uk/sciencetech/article-2068225/Secret- app-installed-millions-Android-phones-reads-messages.html#ixzz3NHuzIT2X Follow us: @MailOnline on Twitter | DailyMail on Facebook, Available at: http://www.dailymail.co.uk/sciencetech/article-2068225/Secret-app-installed-millions- Android-phones-reads-messages.html (Accessed: 19th December 2014).

5. Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana, Nicola Amatucci (2013) Considering Context Events in Event-Based Testing of Mobile Applications, IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops: IEEE.

6. Kevin Benton, L. Jean Camp, Vaibhav Garg (2013) Studying the Effectiveness of Android Application Permissions Requests, 5th International Conference on security and Social Networking 2013: IEEE.

7. Lisa Phifer (18th March 2011) Top 10 Android Security Risks, Available at: http://www.esecurityplanet.com/views/article.php/3928646/Top-10-Android-Security- Risks.htm (Accessed: 20th December 2014).

8. Mayank Saxena, Nikhil Kumar Singh, Satyendra Singh Thakur, Parmalik Kumar Department of Computer Science and Engineering Department of Computer Science and Engineering Patel College of science & Technology Bhopal, M.P, INDIA. (2013) A Review of Computer forensic & Logging System, International Journal of Advanced Research in Computer Science and Software Engineering: IJAR.

9. Naser Peiravian and Xingquan Zhu (2013) Machine Learning for Android Malware Detection Using Permission and API Calls, 2013 IEEE 25th International Conference on Tools with Artificial Intelligence: IEEE.

10. Parag Gokhale, Sachchidanand Singh, Business Analytics Division IBM Software Lab, Pune, India (2014) Multi-platform Strategies, Approaches and Challenges for developing Mobile applications, International Conference on Circuits, Systems, Communication and Information Technology Applications (CSCITA): IEEE.

11. Ray Hunt (Adjunct Associate Professor, University of South Australia, Adelaide, Australia) (2013) Security Testing in Android Networks â€“ A Practical Case Study, ICON 2013: IEEE.

12. Xudong Wu, Xin Li (2013) Hack Android Application and Defence, 3rd International Conference on Computer Science and Network Technology : IEEE.

13. Shubham Mittal (17th February 2014) Android Application Security Testing Guide, Available at: http://resources.infosecinstitute.com/android-application-security-testing- guide-part-1/ (Accessed: 20th December 2014).

14. http://mashable.com/ () 38% of Children Under 2 Use Mobile Media, Study Says,Available at: http://mashable.com/2013/10/28/children-under-2-mobile-media- study/(Accessed: 30th september 2014).

15. https://play.google.com () Quadrant Standard Edition, Available at:https://play.google.com/store/apps/details?id=com.aurorasoftworks.quadrant.ui.standa rd&hl=en (Accessed: 25th December 2014).

16. http://developer.android.com/ () Improving Your Code with lint, Available at:http://developer.android.com/tools/debugging/improving-w-lint.html (Accessed: 25th December 2014).

Appendices

Project Plan as Gant Chart

Activities Aug Sept Oct Nov Dec Project Research

Functional and Design Specifications

Development Starts

Prototype

Testing

Final Documentation

Details of practice with new tool/technology

Android:

Android is a mobile operating system (OS) based on the Linux kernel and currently developed by Google. With a user interface based on direct manipulation, Android is designed primarily for touchscreen mobile devices such as smartphones and tablet computers, with specialized user interfaces for televisions (Android TV), cars (Android Auto), and wrist watches (Android Wear). The OS uses touch inputs that loosely correspond to real-world actions, like swiping, tapping, pinching, and reverse pinching to manipulate on-screen objects, and a virtual keyboard. Despite being primarily designed for touchscreen input, it also has been used in game consoles, digital cameras, regular PCs (e.g. the HP Slate 21) and other electronics.

Android is the most widely used mobile OS and, as of 2013, the highest selling OS overall. Android devices sell more than Windows, iOS, and Mac OS X devices combined, with sales in 2012, 2013 and 2014 close to the installed base of all PCs. As of July 2013 the Google Play store has had over 1 million Android apps published, and over 50 billion apps downloaded. A developer survey conducted in April–May 2013 found that 71% of mobile developers develop for Android. At Google I/O 2014, the company revealed that there were over 1 billion active monthly Android users, up from 538 million in June 2013.

Eclipse:

In computer programming, Eclipse is an integrated development environment (IDE). It contains a base workspace and an extensible plug-in system for customizing the environment. Written mostly inJava, Eclipse can be used to develop applications. By means of various plug-ins, Eclipse may also be used to develop applications in other programming languages: Ada, ABAP, C, C++, COBOL, Fortran,Haskell, JavaScript, Lasso, Natural, Perl, PHP, Prolog, Python, R, Ruby (including Ruby on Railsframework), Scala, Clojure, Groovy, Scheme, and Erlang. It can also be used to develop packages for the software Mathematica. Development environments include the Eclipse Java development tools (JDT) for Java and Scala, Eclipse CDT for C/C++ and Eclipse PDT for PHP, among others.

The initial codebase originated from IBM VisualAge. The Eclipse software development kit (SDK), which includes the Java development tools, is meant for Java developers. Users can extend its abilities by installing plug-ins written for the Eclipse Platform, such as development toolkits for other programming languages, and can write and contribute their own plug-in modules.

Lint:

The Android SDK provides a code scanning tool called lint that can help you to easily identify and correct problems with the structural quality of your code, without having to execute the app or write any test cases. Each problem detected by the tool is reported with a description message and a severity level, so that you can quickly prioritize the critical improvements that need to be made. You can also configure a problem's severity level to ignore issues that are not relevant for

58 your project, or raise the severity level. The tool has a command-line interface, so you can easily integrate it into your automated testing process.

The lint tool checks your Android project source files for potential bugs and optimization improvements for correctness, security, performance, usability, accessibility, and internationalization. You can run lint from the command-line or from the Eclipse environment.

Figure 1 shows how the lint tool processes the application source files.

Bio-Data (Resume)

MRIDUL GUPTA D-67 Anand Vihar Delhi-110092 59

+91 9013164932 [email protected]

CAREER OBJECTIVE To work hard with full determination and dedication to achieve organizational goals as well as personal growth.

EDUCATION Jaypee Institute of Information Technology, Noida 2011-2015 B.Tech, Computer Science  Completed 6 semesters with a CGPA of 6.9 (equivalent to 74%)

Vivekanand School 2011 Central Board Of Secondary Education (CBSE) Class 12th 84.40 percent

Vivekanand School 2009 Central Board Of Secondary Education (CBSE) Class 10th 89.33 percent  Project Work/Experience

I-VISION Web Designing Workshop Oct 2012 – Nov 2012  Learnt HTML, CSS3 and JavaScript.

Microsoft AppFest 2013 February 2013

Student, HCL Career Development Centre Jun 2013 – Jul 2013  I completed a 6 Weeks Training Course in Core Java.

Ethical Hacking & Cyber Forensic Workshop Organized by Bytecode Cyber Securities January 2014  Two days’ workshop about all the basics on Ethical Hacking.

Minor Project in Software Engineering and Web Technologies  Developed a social networking website based on books.

Minor Project in Information Security  Developed a dual password email account technique with added layer of email encryption.

Industrial Training at CMC Limited Jun 2014 – Jul 2014  I completed a 6 Weeks Training in Advanced Java.

Computer Skills

Languages: • C • C++ • Core Java • HTML5/CSS3 • PHP • SQL

Software Packages: • MS-Office (Word, Excel, PowerPoint) • Microsoft Visual Studio • Adobe Dreamweaver • Adobe Photoshop

Personal Profile

Name Mridul Gupta Mother’s Name Mrs. Mithlesh Gupta Date Of Birth 19th August, 1993 Languages Known English, Hindi Permanent Address D-67 Anand Vihar Delhi-110092 Hobbies Reading Books and Listening to Music

Traits

• I am a trustworthy person. • I am a critical thinker and an active listener. • I am a result oriented person and fully dedicated to my work. • I am an adventurous person.