Prepare release for low resource language speech recognition android app
cesine opened this issue · comments
We need to prepare a new release that supports runtime permissions and uses URL connections instead of Apache http client.
- verify user can record training utterances
- verify user can register
- verify activities
- verify uploads
- verify user can add new utterances
- verify user can record video
- verify user can add images
- verify user can add audio
- verify key signing for both lib and app
Test using
- tablet
- 4.1
- 4.2
- 4.4
- 5.x
- 6.x
- 7.x
- 8.x
Test upgrade using
Bug list
- icons arent showing in the menu (needed to use app instead of android)
- turning off audio is not intuitive (this was because the icon wasnt showing and the ifRoom wasnt being respected)
- playback audio doesnt work
- icon isnt the kartuli icon?
- graceful retries after asking for permissions
- Add your own words is in english
- Welcome is in english
- Recognizer doesnt copy to clipboard?
Last steps
- edit config to go to the main acra db
Created FieldDB/AndroidFieldDB#14
We rejected Kartuli Speech Recognizer, with package name com.github.opensourcefieldlinguistics.fielddb.speech.kartuli, for violating our Malicious Behavior or User Data policy. If you submitted an update, the previous version of your app is still available on Google Play.
This app uses software that contains security vulnerabilities for users or allows the collection of user data without proper disclosure.
Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.
- VulnerabilityAPK Version(s)Past Due DateSSL Error Handler
For more information on how to address WebView SSL Error Handler alerts, please see this Google Help Center article.
10November 30, 2016
Next steps
To correct the issue, please update your apps code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise.
SQL Injection
Your app(s) are using a content provider that contains a SQL Injection vulnerability.
To address this issue, follow the steps in this Google Help Center article.
10November 23, 2018
If an affected ContentProvider needs to be exposed to other apps:
You can prevent SQL Injection into SQLiteDatabase.query by using strict mode with a projection map. You must use both of these features to ensure that your queries are safe.
-
Strict mode protects against malicious selection clauses and https://developer.android.com/reference/android/database/sqlite/SQLiteQueryBuilder#setStrict(boolean)
-
projection map protects against malicious projection clauses.
-
You can prevent SQL Injection into SQLiteDatabase.update and SQLiteDatabase.delete by using a selection clause that uses "?" as a replaceable parameter and a separate array of selection arguments. Your selection clause should not be constructed from untrusted inputs.
To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours to make sure the warning is gone.
While these vulnerabilities may not affect every app that uses this software, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known security issues, even if you're not sure the issues are relevant to your app
Updated version 15:
Security & privacy
No issues identified
Automated testing
completed in FieldDB/AndroidLanguageLessons#16