Tugas Besar IF3210 - Pengembangan Aplikasi Piranti Bergerak
Purrytify is a music player application developed as the final project for the Mobile Application Development course (IF3210) at Institut Teknologi Bandung. This Android application provides a comprehensive music player experience with features for music playback, library management, and user authentication.
- Overview
- Features
- Tech Stack
- Setting Up
- Screenshots
- Task Allocation
- OWASP Security Analysis
- Acknowledgements
The Purrytify project focuses on developing a music player Android application that allows users to listen to, manage, and share their music libraries. The application provides a comprehensive set of features including user authentication, music playback, library management, and profile handling.
The main objectives of the Purrytify project include:
- Building an interactive and intuitive music player interface for Android
- Implementing local storage for songs and their metadata
- Creating user authentication with JWT token management
- Developing background services for continuous music playback
- Building a comprehensive library management system
- Implementing network sensing and offline capabilities
- Three navigation menus: Home, Library, and Profile
- Visual indication for active menu
- Dynamic header based on current menu
- Authentication system with JWT token management
- Secure token storage using EncryptedSharedPreferences
- API integration with backend server
- Recently played songs display
- New uploads section
- Single-tap playback functionality
- All Songs view with complete song collection
- RecyclerView implementation for efficient list handling
- Song playback on selection
- Full player view with detailed song information
- Play/pause, next/previous functionality
- Duration tracking with seekable progress bar
- Mini player for continuous playback while browsing
- Song upload from external storage
- Metadata extraction using MediaMetadataRetriever
- Form for editing song details (title, artist, artwork)
- Room Database storage for song metadata
- User profile data display
- Statistics for uploaded songs, liked songs, and listened songs
- Settings and account management
- Like/unlike functionality for songs
- Dedicated section for liked songs in Library
- Synchronized status across the application
- JWT expiration checking
- Automatic token refresh
- Persistent music playback
- Internet connectivity detection
- Offline mode support
- User notifications for connection status
- Add to queue functionality
- Custom playback order
- Queue management
- Random song playback
- Toggle functionality
- Multiple repeat modes (off, repeat all, repeat one)
- Persistent repeat settings
- Security analysis and improvements
- Implementation of best practices
- Search functionality in Library
- Filtering by song title and artist
- Real-time results
- Accessibility Scanner implementation
- UI improvements for better accessibility
- Support for users with disabilities
- Language: Kotlin
- Storage: Room Database for song metadata
- UI Components: RecyclerView, Navigation Components
- Media Handling: MediaPlayer, MediaMetadataRetriever
- Networking: Retrofit/OkHttp for API requests
- Token Management: EncryptedSharedPreferences
- Background Processing: Services and BroadcastReceivers
To set up the Purrytify application:
- Clone the repository
git clone https://github.com/Labpro-21/if3210-tubes-mad-2025-if3210-2025-mad-cat.git-
Open the project in Android Studio
-
Build and run the application on a device or emulator with minimum API Level 29 (Android 10)
-
Use these credentials to log in:
Email: {your-nim}@std.stei.itb.ac.id
Password: {your-nim}
| Task | Responsible |
|---|---|
| Login/Authentication | 13522140 |
| Song Upload/Management | 13522139, 13522140 |
| Home Screen | 13522140 |
| Library Screen | 13522140 |
| Music Player | 13522140 |
| Mini Player | 13522140 |
| Profile Screen | 13522140 |
| Room Database Implementation | 13522140 |
| JWT Background Service | 13522121 |
| Network Sensing | 13522139 |
| Liked Song | 13522121, 13522140 |
| User Management | 13522139, 13522140 |
| Queue (Bonus) | 13522139 |
| Shuffle (Bonus) | 13522140 |
| Repeat (Bonus) | 13522140 |
| OWASP (Bonus) | 13522121 |
| Search (Bonus) | 13522121, 13522139 |
| Accessibility Testing |
| Name | NIM | Hours |
|---|---|---|
| Jonathan Emmanuel Saragih | 13522121 | 40 |
| Attara Majesta Ayub | 13522139 | 50 |
| Yasmin Farisah Salma | 13522140 | 90 |
We found a few potential security issues related to input validation in our app:
- The API responses from the server aren't always checked properly by the program
- When the user upload a song, users can enter any text for song titles and artist names
- The audio files from external storage could be corrupted and can damage the program
How to improve:
- Added validation for song titles and artist names (no empty fields, character limits)
- Added proper error handling for API responses with try-catch blocks
- Checking the audio files before uploading the song (correct format, size limits)
- Use Room's parameterized queries to prevent SQL injection
We identified these configuration issues in our initial implementation:
- HTTP connections instead of HTTPS
- Too many app permissions requested in the manifest
- Debug logs in production code
- Exposed components in the manifest
How to improve :
- Switched all API communication to HTTPS
- Removed unnecessary permissions and implemented runtime permission requests
- Added build variants to remove logs from release builds
- Protected sensitive components with proper permissions
There are several types of sensitive data that was handled in our program:
- User email and user profile
- Song history and liked songs
- JWT authentication tokens
How to improve the insecure storage :
- Not storing sensitive data in external storage or logs
- Clearing temporary files after use
- Using EncryptedSharedPreferences for token storage to improve security
- Mobile Application Development Course Lecturer, Bandung Institute of Technology, 2025
- Mobile Application Development Teaching Assistants, Bandung Institute of Technology, 2025