Three Layer Architecture, Can we do it using Flex?

Similar Messages

• HT5622 i have intered my visa security pin code ronge three times how can i use it again

  i have entered my visa security code wronge three times. how can i reset &use it again?

  Thanks for that. Much more constructive than the last comment. It's only the restriction code I can't recall, not the access passcode. So I can currently access the device, just not age restricted content. Does that's make a difference? I also wondered if anyone knew how many attempts you get to try to get it right. Now tried 21 times and so far nothing bad has happened but I am concerned I'll eventually be completely locked out of the device. That doesn't seem in the spirit of things though. Surely it's foreseeable that a child could repeatedly try to guess the code so I can't see that it would be right to lock the device down completely in that circumstance, particularly if the access code is being typed in correctly every time.
  Thanks

• How to use $FLEX$ for DFF segment

  We have below requirement for “Add'l Salary Admin. Details” DFF.
  we have three segments:
  Current Additional Amount -first segment
  Additional Allowance Change % - second segment
  New Additional Allowance - third segment
  e.g.
  Now first segment has fixed value, Assume it is 2000 AED
  And in second segment if value is 3
  Then third segment should show the value: 2000 + 2000 * 3/100
  Third segment is dependent on segment1 and segment2.
  I think, we can achieve this by using $FLEX$
  But I need your guide line, how can we do that?

  below solution is only possible solution.
  Hi,
  Keeping the default SQL statement on its place, use table based value set for segment3 which contains all values from 0 to let say 1,000,000 (such that your calculated values falls in the range).
  Try it. It segment3 will now calculate on the basis of values of segment1 & 2.
  Regards
  Ayaz
  Thanks for everyone's input.

• Three tier architecture using oracle dev suite 10g & oracle database 9i

  hi ,
  I am trying to build a software which will manage the database of a hospital through usual form design .
  The tools I am using for these are
  (1) oracle server database 9i (2) oracle developer suite 10g (3) windows xp professional service pack 2 .
  I have designed the form modules in developer suite , created the tables in the database , connected those tables to the form modules using dml statements, now data can be inserted , updates and deleted through the form design . I have also deployed the forms using "run forms through web" and thereby other computers connected to the main computer through lan can also access the software using the web port address and the name of form to be used , these computers are not having oracle developer suite or oracle database installed , but they can access the software through the browser .
  In this scenario my question is that , is this a three tier architecture as oracle database is the first tier , oracle developer suite is the middle tier where I am puting all the bussiness logics and oc4j instance is used to connect the database and the dev suite , and for user interaction we have the browser as the third tier ?
  or this is a two tier architecture ? if this is a two tier architecture please let me know how can I implement a three tier architecture using oracle developer suite 10g and oracle server database 9i .
  Thanks a lot for showing ur interest to read this

  You need Oracle Application Server to deploy the forms when you go live.
  What you are currently using OC4J which came in the developer suite. It is used only for development purpose and can not have capacity to handle higher load.
  3 tier arch
  1. Thin Client :-> Browser
  2 Middle tier -> Oracle Appln Server /OC4j(in ur case)
  3 Database Tier -> Oracle Database
  Rajesh

• Can Ink Slide be used for professional Architectural drawings?

  Can this product be used as a tool to measure and scale architectural drawings?  Are there any licensed Architects using Ink and Slide professioally?  Thank you for your help!

  Hi George-
  Thank you so much for your answer.  My daughter earned her M.Arch in May and has started working towards her license.  We gave this to her for Christmas, but we are not architects and could not make the determination about the functionality and suitability professionally.  It is a really cool tool, but may not be something that will useful for her professionally.
  Thanks again,
  Georjeanne

• Can Firefox Hello be used for three or more way calling or is it only for person to person?

  Can Firefox Hello be used for three or more way calling or is it only for person to person?

  hello again, i've asked in the development channel for firefox hello about this issue: multiparty video-conferencing is on the long-term roadmap but it might still take a lot of engineering (firefox hello is based on the webrtc standard which is a peer-to-peer protocol between two machines only - multiparty calls might be a rather tricky thing to figure out on this basis)

• How to install oracle applicatons in a three tier architecture

  Hi,
  i want to install oracle apps in a three tier architecture?
  application tier -- middle tier
  database tier -- database tier
  Any steps or a meta link document
  Regards
  Sudharshan

  Hi,
  http://download.oracle.com/docs/cd/B34956_01/current/acrobat/120oaig.pdf
  Pages 2-10 and Pages 2-19 don't specify this ???
  They indicate only having to install with rapidwiz 1 time (as root user if appl/ora accounts setup) ??It is mentioned in Page 1-2
  Release 12 utilizes the conf_<SID>.txt file in certain situations, for example where the database has not yet been created. The configuration file is also employed in multi-node (distributed) installs, where you only need to enter the install information once, on one machine, and can then copy the configuration file to other machines as required.
  If you are installing in an environment where different machines are used to support the database and Applications tiers (as is typically the case), you would run Rapid Install on each machine in turn, starting with the database machine.
  Regards,
  Hussein

• Pessimistic locking in a three-tier architecture

  Hello,
  we use a three-tier architecture to edit data in a database (Oracle 10g) with a rich-client application and we want to use pessimistic locking.
  The client is communicating with a stateless bean on the application server (Jboss 4.2.3).
  This bean-facade has methods for reading, writing and locking records that are transferred to the client encapsulated in entity beans.
  The client controls the transactions as JPA-User-Transactions.
  The methods in the container managed bean have the transaction attribute REQUIRED.
  Before doing any modification on the client a method setLock() is called in the bean to lock the records in the database.
  The lock is implemented with query hints:
  Query query = em.createQuery("select e from Person e WHERE e.id = 252");
  query.setHint(QueryHints.PESSIMISTIC_LOCK, PessimisticLock.LockNoWait);
  So much for this theroy...
  Practically we can set a lock on a record in the database.
  But removing the lock is working when changing and committing the record only.
  The record remains locked if performing a rollback or a commit without any changes.
  Any idea what's missing in our implementation?
  Our approach should work - theoretically...
  Thanks in advance for any hint
  Best regards,
  Martin Kubitza
  T&P, Bochum/Germany

  Thank you for the hint on JPA - we are analyzing this now.
  Meanwhile we tried something "easier": Optimistic locking
  Optimistic locking works well with a version-column and the @VERSION annotation. But we get a problem with the @OptimisticLocking(type = OptimisticLockingType.ALL_COLUMNS annotation (see Optimistic Locking with OptimisticLockingType.ALL_COLUMNS
  We are using Eclipselink V1.1 and (now) a bean managed transaction type)
  Martin Kubitza
  T&P, Bochum/Germany

• Question about three-tier architecture for MI

  Hi,
  my question is just for the right understanding. If we speak about three-tier architecture of MI is it right, that the following is meant:
  Client = Presentation Tier
  Middleware = Application Tier/Logic Tier/Business Logic Tier
  Backend = Data Tier
  Thank you and regards,
  Florian

  Hi Florian,
  ICF (Internet Communication Framework) is actually a framework provided by any WebAS. MI makes use of this to receive/send the data from/to the client. It is referred to as ABAP Sync Service in MI terminology. Data comes in the form of HTTP stream. A service is created to provide this functionality. It performs the same job as of the J2EE engine in the earlier versions. The advantage being that an intermediate component between the client & middleware is not necessary anymore, because ICF is part of the WebAS itself.
  You can have a look at this in the sicf transaction, provide the service name as MJC, under this u can see that there are 3 services which MI uses - mi_host, mi_service & mi_mds.
  You can set these parameters in the mobileengine.config file to make the client connect to ABAP Sync Service.
  MobileEngine.Sync.Gateway.Service=/sap/bc/MJC/mi_host
  MI.Sync.ProtocolVersion=251500
  I am in the process of writing a blog, please wait for it.
  Regards,
  Nameeta

• Servlets in three tier Architecture

  Hi
  We plan to use a three tier architecture with
  Client --- Applet (JDK 1.2)
  Middle tier -- WebServer and servlets
  Database Server -- Oracle 8i
  Our application should have data entry for several (5 - 12 ) tabs each consisting of around 15 fields . A few Jtables will also be used .
  Arounf 5 to 10 validations or queries are required to be done with the database in the applet. Around 300 entries will be made by 12 different users in a day.
  Is it advisable to use the above architecture ?
  Is it required to use Enterprise JavaBeans ?
  Will the use of servlets bring down the performance?
  Overall is our architecture feasible for the requirement ?
  We will be greatfull to your suggestions
  Please also mail to [email protected]
  N.Suresh

  Hello,
  We plan to use a three tier architecture with
  Client --- Applet (JDK 1.2)
  Middle tier -- WebServer and servlets
  Database Server -- Oracle 8i
  Our application should have data entry for several (5 - 12 ) tabs each consisting of around 15 fields . A few Jtables will also >be used .
  Arounf 5 to 10 validations or queries are required to be done with the database in the applet. Around 300 entries will be made >by 12 different users in a day.Have you considered using Business Components for Java to develop your application? From what you have described about your application BC4J seems to be the ideal candidate.
  Is it advisable to use the above architecture ?I see not limitation with your architecture. The only thing to keep in mind is that you should use applets only if you absolutely need to. Overall development and maintenance is much easier if you are just using servlets and JSPs.
  Is it required to use Enterprise JavaBeans ?See below.
  Will the use of servlets bring down the performance? No.
  Overall is our architecture feasible for the requirement ?If you had not needed applets then I'd have recommended the following:
  Scenario #1
  Client --- Browser
  Presentation Server -- Standard WebServer(Apache,OAS etc) running Servlets, JSPs talking to BC4J classes available on the local classpath
  Database Server -- Any Oracle Database
  Simplicity and ease of maintenance are some of the benefits of the above model. The limitation in the above scenario is that you cannot have a thin remote client(Java application or applet).
  If you want a remote client then I'd recommend:
  Scenario #2
  Client --- Browser|Applet (if you know you have a small number of users then you can go for a client side Application too)
  Presentation Server -- Standard WebServer(Apache,OAS etc) running Servlets, JSPs
  Application Server -- Standard AppServer (VisiBroker|OAS|JServer) running BC4J components as EJB session beans or CORBA server objects
  Database Server -- Any Oracle Database
  In this scenario the servlets|JSPs will be going over IIOP to talk to the application server. On the client side, the BC4J framework ensures that the network traffic is minimized and also the client side Java application or applet is as thin as it can be.
  Whether you go with scenario#1 or scenario#2 the cool thing about using BC4J is that you have to write your business logic only once and then you can deploy it in multiple platforms(local,EJB,CORBA) and access it from different clients(JSP,Servlets,Java,XML...) without modifying your business logic.
  Hope this helps.
  Please let me know if you have any questions.
  Regards,
  Arun
  null

• Three tier architecture questions

  Hello,
  My question is in regards to using Toplink in a three tier architecture situation. If I wish to send an object A which has a collection of Bs and B has a collection of C ( A nested object structure with two or more levels of indirection). Is the best solution to have the named query be part of a unit of work so that even if on the client side somebody unknowingly were to make the modification to one of the entity objects ( a POJO) the shared session cache would not be affected ?
  This is assuming the client side HTTP layer and the RMI/EJB layer are on different JVMs.
  Some of the other suggestions I have heard is to retrieve it from the shared session cache directly and if in case I need to modify one or more of the objects do a named query lookup on that object alone and then proceed to register that object in a unit of work and then commit the changes.
  Also the indirection would have to be utilised before the data objects are sent to the Servlet layer I presume ?(That is if I do a a.getAllOfBObjects() on the servlet side I would get a nullpointer exception unless all of B were already instatiated on the server side). Also when the objects are sent back to the server do I do a registerObject on all the ones that have changed and then do a deepMergeClone() before the uow.commit() ?
  Thanks,
  Aswin.

  Aswin,
  If your client is remote to the EJB tier then all persistent entities are detached through serialization. In this architecture you do not need to worry about reading and modifying the shared instance as it never the one being changed on the client (due to serialization).
  Yes, you do need to ensure that all required indirect relationships are instantiated on the server prior to returning them from the EJB call.
  Yes, you do need to merge the changes of the detached instance when returned to the server. I would also recommend first doing a read for the entity being merged (by primary key) on the new UnitOfWork prior to the merge. This will handle the case where you are merging into a different node of the cluster then where you read as well as allowing you to check for the case where the entity no longer exists in the database (if the read returns null then the merge will result in an INSERT and this may not be desired).
  Here is an example test case that does this:
      public void test() throws Exception {
          Employee detachedEmp = getDeatchedEmployee("Jill", "May");
          assertNotNull(detachedEmp);
          // Remove the first phone number
          PhoneNumber phone = detachedEmp.getPhoneNumber("Work");
          assertNotNull("Employee does not have a Work Phone Number",
                        detachedEmp.getPhoneNumber("Work"));
          detachedEmp.removePhoneNumber(phone);
          UnitOfWork uow = session.acquireUnitOfWork();
          Employee empWC = (Employee) uow.readObject(detachedEmp);
          if (empWC == null) { // Deleted
              throw new RuntimeException("Could not update deleted employee: " + detachedEmp);
          uow.deepMergeClone(detachedEmp);
          uow.commit();
       * Return a detached Employee found by provided first name and last name.
       * Its phone number relationship is instantiated.
      public Employee getDeatchedEmployee(String firstName, String lastName) {
          ReadObjectQuery roq = new ReadObjectQuery(Employee.class);
          ExpressionBuilder builder = roq.getExpressionBuilder();
          roq.setSelectionCriteria((builder.get("firstName").equal(firstName)).and(builder.get("lastName").equal(lastName)));
          Employee employee = (Employee)session.executeQuery(roq);
          employee.getPhoneNumbers().size();
          return (Employee)SerializationHelper.serialize(employee);
      }One other note: In these types of application optimistic locking is very important. You should also make sure that the locking field(s) are mapped into the object and not stored only in the TopLink cache. This will ensure the locking semantics are maintained across the detachment to the client and the merge back.
  Doug

• 3 Layer architecture with program and website

  Hello I hope someone can help me. I'm creating a solution wich holds a program and a website in a 3 layer architecture. Whilst trying to access the data from the database things get dodgy. I'll try to explain my problem.
  I use the following projects: 
  1. InternalProgram: the application
  2. Website: the website ^^
  3. BlCommon: wich holds the business logic common to both the site and the internal program
  4. DAL: the data acces layer wich holds the database and classes to acces the information wich it holds.
  5. Runner: A project to "translate" the dataobjects from the business logic and the DAL database layer. Simply to avoidi circular dependancy
  I can show the products from my database in a form inside my internalprogram layer with no issues. The chain I use is the same when I try to acces the same product data in the website layer. However the website layer returns the following error:
  An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code
  Additional information: An attempt to attach an auto-named database for file C:\<myPathToDatabase>\Database.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.
  My connection string is relative: 
  Data Source=(LocalDB)\v11.0;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True
  My code requests a list of products:
  public static List<ProductDO> GetAllProducts()
  using (SqlConnection connection = getConnection())
  using (SqlCommand command = new SqlCommand("select id, afbeelding, naam, omschrijving, prijs from Producten", connection))
  connection.Open();
  using (SqlDataReader reader = command.ExecuteReader())
  List<ProductDO> productsDO = new List<ProductDO>();
  while (reader.Read())
  ProductDO productDO = new ProductDO(
  Convert.ToInt32(reader["id"]),
  reader["afbeelding"].ToString(),
  reader["naam"].ToString(),
  reader["omschrijving"].ToString(),
  Convert.ToDouble(reader["prijs"]));
  productsDO.Add(productDO);
  return productsDO;
  That list is sent to the the businessLayer wich converts it to a list of products after converting it from productDO
  The code to convert from productDO to product:
  public static Product convertFromDo(ProductDO productDO)
  Product product = new Product(productDO.Id, productDO.AfbeeldingsLocatie, productDO.Naam, productDO.Omschrijving, productDO.Prijs);
  return product;
  the code to get the list of products
  public static List<Product> GetAllProducts()
  List<Product> allProducts = new List<Product>();
  List<ProductDO> allProductsDO = DataAccess.GetAllProducts();
  foreach (ProductDO pdo in allProductsDO)
  allProducts.Add(convertFromDo(pdo));
  return allProducts;
  the code to display the list of products in my winform: this code works fine
  List<Product> allProducts = Product.GetAllProducts();
  foreach (Product p in allProducts)
  labelAllProducts.Text += p.Naam + Environment.NewLine;
  however when i do the same thing in my website layer:
  List<Product> allProducts = Product.GetAllProducts();
  foreach (Product p in allProducts)
  labelAllProducts.Text += p.Naam + "<br />";
  it crashes on the dataacces layer line: connection.open();
  Can someone plz help me out?
  Thx

  Regarding the first error where is your db residing? can you use the full path to it instead and try, example:
  Data Source=(LocalDB)\v11.0;AttachDbFilename=C:\User\MyApp\Database.mdf;Integrated Security=True
  You say its crashing on connection.Open() what is the error you getting?
  Fouad Roumieh

• Advantages of 3-layer architecture over 2-Layer

  Dear All,
  Can anyone please explain me the advantages of 3-Layer architecture ( Core-Distribution-Access) over 2-Layer Architecture ?
  Thanks and Regards.

  The CDA model (Cisco's 3 Layer Hiearchical model) is typically used in a medium to large network - although, it can also be used in a small network, it just might not be financially feasible depending on the company's budget. The 3 layer architecture will also help allocate resources better throughout the network. For instance, the core can do its job and ensure high speed packet delivery, the distribution switches can focus on things like routing between VLANs (or subnets) and QoS, while the access layer can focus on delivering data to the end users. This model also allows much better scalability than the two layer model.
  The collapsed core architecture (2 layer) is mostly used in small networks. It may be used for perhaps, a small branch office. It takes the above CDA model and collapses it into 2 layers. Either the core/distribution and access model or the core and distribution/access model. Depending on the size of the network, it might be a wise financial decision to take this route instead of the 3 Layer Architecture. Although, from a technical standpoint, the 3 layer model is the way to go.
  Here is a link that may provide some more insight:
  http://www.cisco.com/global/AP/switching/deploy_manage.shtml

• Can time machine be used to back up one external drive to another external drive?

  I use the photography program Lightroom to organize and develop digital photos.  All my photos are stored on my iMac internal drive.  The internal drive is almost full so I want to move my photos to a new external drive.  At present, I have an external drive devoted to backing up my iMac using time machine.  I have no need to change this arrangement.  I would like to use a new external drive to serve as the primary location for my pictures, which I will move from the internal drive.  Then I would like to backup that drive to a third external back up drive.  Can time machine be used to automatically back up the second drive to the third drive as well as for continuing to provide ongoing backups to my internal drive as it is currently doing?
  Thank you in advance for your assistance.

  Jeffery t wrote:
  Thanks for the links, but I don't see in the pondini links, the scenario I am asking about.
  Time Machine can easily back up multiple internal and/or directly-connected external drives and partitions simultaneously (but Time Machine cannotback up data that's on a network).
  From the first link.
  Jeffery t wrote:
  ... Please note that my iMac internal drive is backing up to external drive number 1 using time machine.  I want my pictures on external drive two and those backed up to external drive three.  So are you saying that if I have 500 GB of pictures on drive number 2, I will need a third drive that is at least 1 TB?
  the confusion starts in your above statement...
  There should be Only One Time Machine Drive.

• Can a nook be used with os7

  Can a Nook be used with Apple products?  I don't want network or virus problems.

  Android is the most malware-prone, insecure platform there is - but millions of users seem to survive without dropping like flies!
  I can't answer Q.1 but as for Q2:
  How safe is your smartphone? (Android is the top malware collector)
  A major source of malware, apart from sites like Facebook and Hotmail, is the Android Marketplace:
  More than 50 applications available via the official Android Marketplace were initially found to contain a virus.
  Analysis suggests that the booby-trapped apps may have been downloaded up to 200,000 times. The apps are also known to be available on unofficial Android stores too. Once a booby-trapped application is installed and run, the virus lurking within, known as DroidDream, sends sensitive data, such as a phone's unique ID number, to a remote server. It also checks to see if a phone has already been infected and, if not, uses known exploits to bypass security controls and give its creator access to the handset. This bestows the ability to install any code on a phone or steal any information from it.
  Remote removal of the booby-trapped apps may not solve all the security problems they pose. The remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection.
  Moreover, more than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.
  http://www.bbc.co.uk/news/technology-13422308
  The data being leaked is typically used to get at web-based services such as Google Calendar.
  The open nature of the Android platform was a boon and a danger, and as Facebook have already discovered it is also a very attractive criminal playground.
  http://www.bbc.co.uk/news/technology-12633923
  Smartphones and social networking sites are likely to become the next big target for cyber criminals, according to a security industry report.
  Symantec's annual threat analysis warns that the technologies are increasingly being used to spread malicious code
  Users of Facebook, Twitter and Google's mobile operating system, Android, are said to be particularly vulnerable.
  In several cases, the security holes were exploited and used to install harmful software on Android handsets - suggesting that criminals now view smartphone hacking as a potentially lucrative area, and Android is still in the firing line:
  http://www.bbc.co.uk/news/uk-15600697
  Android: it's getting worse: Juniper found a 400% increase in Android malware from 2009 to the summer of 2010.  We have since seen exponential grow in Android malware over the last several months. The Juniper Global Threat Center found that the months of October and November are shaping up to see the fastest growth in Android malware discovery in the history of the platform. The number of malware samples identified in September increased by 28% over the number of the known Android malware samples. October showed a 110% increase in malware sample collection over the previous month and a striking 171% increase from what had been collected up to July 2011.
  July 2012: Smartphones running Google's Android software have been hijacked by an illegal botnet, according to a Microsoft researcher.
  Botnets are large illegal networks of infected machines - usually desktop or laptop computers - typically used to send out masses of spam email.
  Researcher Terry Zink said there was evidence of spam being sent from Yahoo mail servers by Android devices:  http://www.bbc.co.uk/news/technology-18720565
  One question Juniper always get when discussing our research is if Apple’s iOS is more or less secure than Android? Maybe, but it’s not necessarily because of the security or lack of vulnerabilities in the platforms themselves. The main reason for the malware epidemic on Android is because of different approaches that Apple and Google take to police their application stores. Android’s open applications store model, which the lacks code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware. There is still no upfront review process in the official Android Market that offers even the hint of a challenge to malware writers that their investment in coding malware will be for naught.
  http://globalthreatcenter.com/?p=2492
  At least six different varieties of malware were discovered hidden in applications that were distributed through a Chinese download service.
  Several pieces of malware were also found on iPhones, however only devices that had been "jailbroken" to bypass Apple's security were affected.
  The company's process of pre-vetting all new applications is believed to have spared its devices from a major attack.
  (Apple closed out 2011 with a commanding 52.1 percent share of mobile devices tracked browsing the Web, while Google's Android had just 16.2 percent.)
  And most recently this:
  Millions of people are using Android apps that can be tricked into revealing personal data, research indicates.
  Scientists tested 13,500 Android apps and found almost 8% failed to protect bank account and social media logins.
  These apps failed to implement standard scrambling systems, allowing "man-in-the-middle" attacks to reveal data that passes back and forth when devices communicate with websites.
  http://www.bbc.co.uk/news/technology-20025973
  And this:
  Freezing an Android phone can help reveal its confidential contents, German security researchers have found.
  The team froze phones for an hour as a way to get around the encryption system that protects the data on a phone by scrambling it.
  Google introduced the data scrambling system with the latest version of Android called Ice Cream Sandwich.
  The attack allowed the researchers to get at contact lists, browsing histories and photos.
  http://www.bbc.co.uk/news/technology-21697704
  Update from May 2013:
  Malware targeting mobile devices is rapidly growing in both the number of variants found in the wild and in their complexity and sophistication, but the only platform being actively targeted is Google's Android, which researchers now say is resembling Windows on the desktop PC.
  http://appleinsider.com/articles/13/05/14/mobile-malware-exploding-but-only-for- android
  And in early June 2013 a highly toxic trojan began attacking the Android platform:
  According to reports:
  Obad.a exploits previously unknown Android bugs, uses Bluetooth and Wi-Fi connections to spread to near-by handsets, and allows attackers to issue malicious commands using standard SMS text messages.
  By exploiting this vulnerability, malicious applications can enjoy extended Device Administrator privileges without appearing on the list of applications which have such privileges," Unuchek said. "As a result of this, it is impossible to delete the malicious program from the smartphone after it gains extended privileges."
  More information here:
  http://arstechnica.com/security/2013/06/behold-the-worlds-most-sophisticated-and roid-trojan
  A recent study on smartphone malware has found that 92 percent of nefarious mobile software is targeted at Google's Android platform, and the amount of attacks are growing:
  The latest data released in June 2013 by Juniper Networks reveals that Android malware has grown at a "staggering rate" over the last three years. In 2010, it accounted for just 24 percent of all mobile malware, while as of this March the platform accounts for nearly all of it.
  In the last year alone, the total number of malicious apps has grown 614 percent to 276,259. The annual Mobile Threats support also identified more than 500 third-party Android application stores worldwide that are known to host mobile malware.
  http://newsroom.juniper.net/press-releases/juniper-networks-finds-mobile-threats -continue-ram-nyse-jnpr-1029552
  The far reaching vulnerability, discovered by San Francisco's Bluebox Security, involves "discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature."
  Android apps (packaged as an "APK") are signed with an encryption key (just like iOS apps) to prevent a malicious party from changing the code. Signed apps are expressly designed to enable the system to detect any tampering or modification.
  However, due to the newly discovered Android flaw, a rogue developer can trick the system into thinking that a compromised app is still legitimate, giving it system wide access to do virtually anything.
  "A device affected by this exploit could do anything in the realm of computer malice, including become a part of a botnet, eavesdrop with the microphone, export your data to a third party, encrypt your data and hold it hostage, use your device as a stepping stone to another network, attack your connected PC, send premium SMS messages, perform a DDoS attack against a target, or wipe your device," a representative of the company wrote AppleInsider:
  http://appleinsider.com/articles/13/07/03/security-flaw-opens-all-modern-android -devices-to-zombie-botnet-takeover
  The problem (with Android) is: that committee design has failed to make Android a good platform for either users or for developers. By not making any hard choices and giving people what they said they wanted, Google simply abandoned the future to cling tenaciously to the past.
  Rather than conceptualizing and engineering really new solutions to historical computing problems as Apple did with iOS, Google has only attempted to wrest control away from iOS via volume shipments and has effectively sent mobile computing back in time into the 1990s, resulting in the same malware, spyware, viruses and usability issues of Windows.
  http://appleinsider.com/articles/13/07/14/editorial-googles-android-haunted-by-s teve-jobs-warnings-on-app-signing-security
  The Department of Homeland Security considers the malware threat from Android so serious that they issued a public warning on July 23, 2013:
  http://info.publicintelligence.net/DHS-FBI-AndroidThreats.pdf