There is no problem with using App Inventor to write your own apps and share them with others. The problem is that App Inventor makes it easy to write any app – and malware authors have begun to use App Inventor to create apps that are malware and might do bad things.
“App Inventor doesn’t give malicious apps any special powers nor access to exotic exploits to attack your phone. But it does make the production of Trojanized apps enormously easy. With only a basic understanding of Android programming, an attacker can churn out tons of malicious apps. More apps means more confusion, and more opportunities for attack.”
Source: Mobile Threat Monday: Android Attackers Use App Inventor for Evil | PCMag
App Inventor is a “low code”, visual software development tool. Such “drag and drop” programming tools enable non-programmers (and programmers) to create many types of applications without the details of traditional programming code.
This leads to an important issue – will less trained/less experienced programmers inadvertently introduce security problems in their applications?
Gartner predicts that by the end of 2025, over 65% of development projects will use low-code builders. The field of low-code continues to expand. But what security implications does low-code introduce? Low-code refers to tools that enable application construction using visual programming models. Adopting drag-and-drop components instead of traditional code, no-code and low-code platforms enables non-technical folks to construct their own workflows without as much help from IT. Yet, handing power to citizen developers with less security training can be risky. Plus, low-code platforms may hold compromised propriety libraries or leverage APIs that may unknowingly expose sensitive data to the outside world. There’s also the possibility that low-code could increase shadow IT if not governed well.
How to Mitigate Low-Code Security Risks
Yesterday, a WordPress plug in ran “amok” and used up all available system memory, causing this and all of my other web sites to become “unavailable” between about 2130 UTC and 0000 UTC. You would have seen a “503 Service Unavailable” error when accessing any of the web sites.
I had to remove plug ins one by one from each of my web sites until finding the errant plug in. Then I disabled WordPress until the process was suspended and then restarted WordPress.
At the recommendation of my ISP, I installed a WordPress Cache plug-in which temporarily stores accessed pages as HTML static web pages, which load very fast – versus being generated by the WordPress software and database each time the page is loaded. This, however, coupled with another small change, broke https security giving a “page is not secure” error, and display formatting errors in Firefox. I believe I have that fixed today.
NOTE: You can access this web site as https://appinventor.pevest.com or https://coldstreams.com/appinventor
If you access via appinventor.pevest.com , I have configured the web server to change the URL over to https://coldstreams.com/appinventor
For some reason, the appinventor.pevest.com/URL form is not working to correctly redirect to the sub URL part of the path. Since I did not see what is causing this problem, the simplest fix for now was to point to the coldstreams.com/appinventor folder, which is where the web site’s WordPress installation exists.
Update December 26, 2019: The DNS has been updated (or is still in process of being updated) so that appinventor.pevest.com now directs to the new server – yay!
On December 18, 2019, my Internet web hosting provider that runs the appinventor.pevest.com web site announced they are shutting down in February 2020!
Over the past week I have been working to move all of the files, software and databases to a new web host. The good news is that most of the transfer has been completed!
This post you are reading right now is on the new web host, however, the final appearance of this page and some items still need to be updated.
Continue reading appinventor.pevest.com now running on new server →
Two readers alerted me to problems downloading the source code on the Downloads page on this web site, and the source code for my book on App Inventor graphics and animation.
A software update on the server appears to have changed how some default file directories were appended to filenames.
The problem appears to now be fixed. Thank you very much for letting me know of this problem.
MIT has announced that the App Inventor for iOS (Apple iPhone and iPad) has entered beta testing. The Beta test program is currently limited, but is expected to expand in the summer, with a public release next summer.
Source: MIT App Inventor for iOS Enters Beta Testing | Explore MIT App Inventor