Nowadays it feels natural, that we have internet access and we can get access to our data with various devices, anywhere in the world. Because of that, there are more and more applications released, that provides almost the same services on multiple platforms, a well-known example is Facebook. If we use this kind of applications, we expect that our data is being synchronized between the devices, but from the developer point of view, this is not easy to carry out. Because the application components are communicating on the internet, safety is particularly important.
Most of the cross-platform applications need some kind of access management, therefore the users have to register an account. Partly people do not like to fill out long registering forms, partly because almost everyone has an account on some kind of social media, therefore it is worthy to provide the possibility for the users to sign in using a third-party login system.
Firstly, I studied some of the required technologies for cross-platform applications on Java EE and Android platform, then I designed and implemented a pilot application. The application consists of a mobile and web client and a web service that helps synchronizing the users’ data. Although I implemented every component in Java language, I realized the communication between the components in a platform independent way, thereby the web service would be able to work together with different kinds of clients. I studied the most critical security risks facing web applications, and I searched solutions and best practices to minimize these risks, these solutions among other things are token-based authentication, storing passwords using a salted hash function and encrypted communication. For authenticating the users, firstly I implemented my own login system, then integrated Facebook and Google sign-in, in such way, that they work together with each other and with my own system, and even the integration of more social login systems is possible.