Sous Chef

<img src="/app/src/main/res/drawable/carrot_3.png" align="left" width="200" hspace="10" vspace="10">

Sous Chef is able to find a collection of recipes for the user, given a list of ingredients on hand and dietary preferences. This application uses the Spoonacular API to retrieve recipes. Sous Chef can used via downloading it from this repo and building the APK.

This Android app was developed and tested on a Pixel 6 with API>31. For the best performance, use API 31 at a minimum.

This application was created as coursework for a undergraduate cyber security class between 4 people.

Features

Sous Chef allows the user to:

• Save staple ingredients to their 'pantry'
• Select between 8 dietary preferences and common allergies
• Capture and store pictures of physical recipes
• Save to storage recently viewed or favorite recipes
• Create timers to assist in the cooking process
• View necessary recipe information, including:
  • Detailed list of ingredients
  • Step by step instructions
  • Total cooking time

Security Model

Permissions

Our app requires permissions for accessing the internet, using the camera, and posting notifications. Internet permissions are default and are required for the app to function properly. The camera is used as a side feature and is only requested once the user accesses the gallery. If the user were to never click on the gallery or reject the permission request, the app would still function well, following the principle of least privilege. Notification permissions are requested and used in the same way.

Component Protection

Intent hijacking is prevented by the use of explicit intents wherever applicable. All activities declared in the manifest (aside from the MainActivity) are set to have the exported attribute set to false, preventing them from being opened by outside applications and misusing granted permissions.

Protection of Sensitive Information

User information is meant to be non-sensitive information, namely the user’s recipe information and recipe gallery. This data is saved in the application’s persistent storage which is not able to be accessed by other applications. While it is not under greater encryption, the protection granted by the Android OS is sufficient due to the nature of the data. HTTPS calls through the Spoonacular service are encrypted through the default TLS configuration, protecting the transfer of information through the internet into the application. The stored recipes are kept in a SQLite database that uses parameterized queries. The only information used to query the database is the titles of recipes generated by the Spoonacular API, so the user cannot inject malicious SQL.

Assumptions

We assume for the security of our app that the following are true:

• The user will not input any data that is more sensitive than a list of ingredients.
• The recipe API (Spoonacular) can be trusted.
• The OS can be trusted.
• The user’s device is not rooted. With our security measures and these assumptions in mind, we conclude that our application is secure for the general user.

Screenshots