Here, there were slightly fewer changes in the program (although they were not without them). Focusing on feedback, we removed some lectures from previous internships, added some, and modified some. Completely new materials have been prepared about building applications and functional programming.
imageAlexander Emelyanenkov (@Lumenist), iOS developer of Redmadrobot, joined the company after the first internship
“From the first internship, everything has changed quite significantly. For example, our current service level was written just when the first internship was going on, and then there were no ready-made solutions for a number of issues. This time we tried to give more examples and fresh cases from practice. Of the other changes, during the first internship they wrote in Objective C, during the second one it was possible to work in both Objective C and Swift. This time they wrote only in Swift, because the company completely switched to it.”
Homework and projects
The mechanics of homework was built as follows: the main obligatory part was supplemented by several optional tasks, for which additional points were awarded (and pluses in karma :)). We checked the tasks in groups, and this allowed even those who did not complete additional tasks or did not do everything, to find out the details.
Last time, both Android and iOS interns worked on one of Redmadrobot’s live projects.
iOS
Here, there were slightly fewer changes in the program (although they were not without them). Focusing on feedback, we removed some lectures from previous internships, added some, and modified some. Completely new materials have been prepared about building applications and functional programming.
imageAlexander Emelyanenkov (@Lumenist), iOS developer of Redmadrobot, joined the company after the first internship
“From the first internship, everything has changed quite significantly. For example, our current service level was written just when the first internship was going on, and then there were no ready-made solutions for a number of issues. This time we tried to give more examples and fresh cases from practice. Of the other changes, during the first internship they wrote in Objective C, during the second one it was possible to work in both Objective C and Swift. This time they wrote only in Swift, because the company completely switched to it.”
Homework and projects
The mechanics of homework was built as follows: the main obligatory part was supplemented by several optional tasks, for which additional points were awarded (and pluses in karma :)). We checked the tasks in groups, and this allowed even those who did not complete additional tasks or did not do everything, to find out the details.
Last time, both Android and iOS interns worked on one of Redmadrobot’s live projects.
Artem Kulakov (@Fi5t), Lead Android Developer Redmadrobot
“In general, the materials of lectures on security were similar to those of the second internship, I talked about both defensive and offensive. But there were also new features. At the first lecture, we examined what threats exist, attack vectors, what protection practices are adopted in our company, how effective this protection is, and what has appeared in new versions of the platform in terms of security. But security in Android is still a semi-mythical topic – the platform is open, and sooner or later you can get to everything if you want. Therefore, in the second lecture, I showed that everything we talked about in the first one actually breaks down. For clarity, I brought pieces of iron with which you can deploy an access point, intercept and decrypt traffic, sitting somewhere in a cafe – an antenna and a single-board computer.
In the security homework in the Android group, the interns were offered a pool of tasks of different difficulty levels to choose from. The guys had to coordinate and develop a library to ensure the security of mobile applications: decide who will write which component and how to connect it all together later. The point was to develop teamwork skills – so that the guys communicated like colleagues, and not typed code alone all the time. This time, Android developers had a special chat in Telegram, where they could ask questions to mentors and solve them “in dynamics”.
iOS is a more secure system, without a jailbreak, the user only has access to his “sandbox”, and it’s hard to get anywhere else. But we paid no less attention to the apple platform.
imageGrigory Matvievich (@fountainhead), iOS development group leader, Redmadrobot security expert
“We have analyzed what data and what besides data needs to be protected in mobile applications. We went through the risks from OWASP in detail, for example:
1. Incorrect use of the platform and SDK, ignoring system protection mechanisms (incorrect work with permissions to access data, camera, microphone, and so on);
2. Insecure data storage and accidental leakage;
3. Use of insecure connections and lack of certificate verification;
4. Unsafe scripts for authorization and authentication;
5. Incorrect use of cryptographic tools, including obsolete and self-written algorithms.
And in the “Securing mobile applications” block, we talked about specific implementations, most of which then had to be written independently when doing homework. We also looked at the iOS Security Model. Starting with how the operating system boot chain is organized, what the Secure Enclave is, how code signing works, what Sandbox is, how encryption works, and ending with how Application Transport Security functions to secure connections. We considered how access rights are regulated when distributing applications (entitlements, provision profile, certificates) and what are the ways to protect access to data (Touch ID, passcode, keychain, Data Protection API)”.
In general, we tried to convey to the guys the idea that the security of a mobile application is always built in a complex way. Sometimes the false impression can be created that a single “small” risk does not pose a big threat, but this is fundamentally wrong. The standard attack vector uses a lot of risks, and the slightest indulgence can lead to sad consequences.
