December 7, 2015

Two CityU Apps Took Down from App Store 两款 CityU 应用下架通知

On 07 Dec, 2015. In an email regarding my two Apps from City University of Hong Kong:

VPSA, Dean of Students and Director of SDS are concerning the security of this kind of app because it’s possible that the apps may store the username and password and perform any action on behalf of any user in any of CityU’s Enterprise Systems.

My intention on these Two App is only to provide a better booking experience for CityU students and staffs. I have not done or tried to store any usernames or passwords or users. This project is competely open source on Github and directly built then published without adding any lines of codes.

However, to avoid any unhappiness likely to occur to me, I will no longer make CityU Sport Facility or CityU Library available on App Store. This is also to avoid ethic and potential security issues.

I am sorry for any inconvenience to University and current users. This project will be only for technical exchanges.

Xinhong LIU 2015-12-07 17:08

2015 年 12 月 7 日. 根据香港城市大学发的邮件:

(翻译:)VPSA, Dean of Students and Director of SDS 关注这类应用的安全问题因为这类应用可能会保存用户名和密码,或是以用户的名义在学校的企业系统中进行一些操作。

我写这两个应用的初衷是为了给城大师生一个更好的订场和图书馆体验。在此期间,我从未试图收集用户的 EID 和密码或是图书馆的 PIN。 这个项目完全在 Github 上开源,上传至 App Store 的过程中本人没有修改过一行代码。

然而,为了避免将来在我身上发生任何不愉快的事情,我决定将 CityU Sport Facility 和 CityU Library 两款应用从苹果官方 App Store 下架。这个举动同时也是为了避免道德和潜在的安全问题。

校方和用户们如有不便很抱歉。从现在开始这两款应用只做技术交流之用。

刘心鸿 2015 年 12 月 7 日 下午五点零八分

© xinhong 2017