It appears that they all rely on some very old Android API (21 for the most part, some are 22/23/24) which is not supported any longer.
Trying to build the projects results (depending on the project) in various errors, for example for BrokenCrypto:
$ ./gradlew build
FAILURE: Build failed with an exception.
* What went wrong:
A problem occurred configuring project ':app'.
> Could not resolve all dependencies for configuration ':app:_debugCompile'.
> Could not find com.android.support:appcompat-v7:21.0.3.
Searched in the following locations:
https://jcenter.bintray.com/com/android/support/appcompat-v7/21.0.3/appcompat-v7-21.0.3.pom
https://jcenter.bintray.com/com/android/support/appcompat-v7/21.0.3/appcompat-v7-21.0.3.jar
Required by:
BrokenCrypto:app:unspecified
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.
BUILD FAILED
Total time: 2.65 secs
It seems like the dependencies are not available any longer, which (I assume) is due to the fact that the corresponding Android versions are no longer supported.
This is only an example for BrokenCrypto and the exact build failure error message is different depending on the exact mobile project being built. This bug report is not about BrokenCrypto in particular, but rather to point out that all the mobile projects seem to be outdated and do not build anymore.
To Reproduce
Steps to reproduce the behavior:
Go to src/MobileShepherd/BrokenCrypto (or some other project in src/MobileShepherd/)
Make sure to use Java 8, as Java 11 or Java 17 are not supported at all and Gradle immediately fails with an error message along the lines of Could not determine java version from '17.0.6' before it even tries to build the project.
Set ANDROID_HOME to your Android SDK.
Execute ./gradlew build
See error.
Expected behavior
I expect the build to succeed.
It would also be great to have a README.md that describes how the projects are supposed to be built, what are the prerequisites, etc., similar to the main page of the repository which explains how to build the Docker container and fire up the server.
Desktop (please complete the following information):
OS: Ubuntu Linux 22.04
Further Information:
Java version used: 1.8.0_362.
As mentioned above, the build fails even earlier with modern Java versions.
Android SDK version used: Android SDK Platform 33 (revision: 2)
Additional context
It seems like the mobile apps were built around 7 or so years ago by @SeanDuggan. It is quite possible that the projects are simply no longer maintained and no longer work, but in this case, does it make sense to even keep them in the repository? I would love to get Seán's view about this. :slightly_smiling_face:
Describe the bug
SecurityShepherd contains several "mobile apps" in https://github.com/OWASP/SecurityShepherd/tree/dev/src/MobileShepherd.
Each of these mobile apps is built using Gradle.
It appears that they all rely on some very old Android API (21 for the most part, some are 22/23/24) which is not supported any longer.
Trying to build the projects results (depending on the project) in various errors, for example for BrokenCrypto:
It seems like the dependencies are not available any longer, which (I assume) is due to the fact that the corresponding Android versions are no longer supported.
This is only an example for
BrokenCryptoand the exact build failure error message is different depending on the exact mobile project being built. This bug report is not aboutBrokenCryptoin particular, but rather to point out that all the mobile projects seem to be outdated and do not build anymore.To Reproduce Steps to reproduce the behavior:
src/MobileShepherd/BrokenCrypto(or some other project insrc/MobileShepherd/)Could not determine java version from '17.0.6'before it even tries to build the project.ANDROID_HOMEto your Android SDK../gradlew buildExpected behavior
I expect the build to succeed.
It would also be great to have a
README.mdthat describes how the projects are supposed to be built, what are the prerequisites, etc., similar to the main page of the repository which explains how to build the Docker container and fire up the server.Desktop (please complete the following information):
Further Information: Java version used:
1.8.0_362. As mentioned above, the build fails even earlier with modern Java versions.Android SDK version used:
Android SDK Platform 33 (revision: 2)Additional context It seems like the mobile apps were built around 7 or so years ago by @SeanDuggan. It is quite possible that the projects are simply no longer maintained and no longer work, but in this case, does it make sense to even keep them in the repository? I would love to get Seán's view about this. :slightly_smiling_face: