ubuntu-phone team mailing list archive

[Simos Xenitellis <simos.lists@xxxxxxxxxxxxxx>]

On Fri, Jun 5, 2015 at 12:07 AM, Krzysztof Tataradziński <
ktatar156@xxxxxxxxx> wrote:

> Hello,
> I don't have to much knowledge about programming, so here's my question:
> how can we know that unofficial bank webapp don't send our login and
> password somewhere else also (i. e. to creator of that webapp)?
>
>
You can check the source code of the installed webapp. Most probably the
webapp was created
using the WebApp generator (https://developer.ubuntu.com/webapp-generator/)
or from the SDK, so the code would be quite simple to understand.
There are a few ways to do this, here is my preference:

1. Install the Terminal app (this one,
https://uappexplorer.com/app/com.ubuntu.terminal).
2. Start the Terminal app. It may ask you to set a PIN code for your code
if you have not done already.
3. Use the keyboard to navigate to /opt/click.ubuntu.com/  The command is:

cd /opt/click.ubuntu.com/

4. Type 'ls' in order to see the list of installed apps and scopes.
In my case, the directory for a bank webapp that I installed is:
"eurobank.nikos".

5. Change into the webapp directory and type 'ls':

cd eurobank.nikos
ls -l

There is a link called 'current', so enter that directory as well.

cd current
ls -l

You will get a list of files, including a *.desktop file.

6. Let's see the source of the desktop file,

cat Eurobank-mbanking.desktop

Each line is a different field, and the interesting one is that one that
starts with "Exec=".
There, you can see the URL that is used to access the mobile website.
If unsure, post the line or even the file here.
That URL should be the proper bank URL. If not, report it ASAP (for
example, here).

Simos