Peer Review Response - TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC GitHub Wiki

Peer Review Response

Peer review link: https://tar-acai-f3a.notion.site/Peer-review-of-Mobile-Authentication-c9ee5b52fa2e4f6db78e26ea8fe6939b

Code Review

The unused code has been removed from the project. We changed the library for making HTTP POST requests at the last minute before the iteration 3 deadline, but we forgot to delete the classes that we had used with the previous library. We have also removed TODO's from the code if they were no longer necessary.

Installation Test

We are currently working on the possibility of making the backend publicly available, which would eliminate the need to setup a local backend with ngrok and thus make it more convenient to test the authentication app's features. We already have a domain for it and we will try to get it working before the final demo.

Acceptance tests

  • UC3: PIN 2 view
    The PIN 2 view exists in the project, but the signing feature has not been implemented so the view is currently unused because retrieving information such as card holder's name, citizenship etc or creating an authentication token do not require PIN 2.
  • UC6: biometric authentication
    This feature will not be implemented. It was a relatively low priority feature that we hoped to implement when we started with this project, but so far we have not had time to start implementing it. It may be implemented after the software project course has already ended.
  • UC7: application closes automatically
    This feature was implemented and tested at the time of the peer review. We are not sure why it didn't work for the peer review team (maybe there could be an issue that Android OS works differently for phones that are made by different manufacturers - our team has tested with Samsung, OnePlus and Xiaomi phones).
  • UC8: authenticating to a website
    The user is not asked for PIN 1 if it is saved because the application prioritizes the speed of the authentication process. Otherwise the saving feature would become pointless. The user is not required to save PIN 1 in order to use the application for authentication purposes because it is always possible to enter it manually as well without application saving it.
  • UC10: authenticating to an application
    Similarily to the UC7 there seems to be somekind of a misunderstanding here because the test mobile app is included in the project (TestMobileApp folder) and at the time of peer review it should have been possible to use it for authentication purposes. It is important to note that for it to work the backend must be running (as described in the TestMobileApp readme) and the TestMobileApp must have access to the internet as well.
  • UC11-UC12: giving a signature
    This feature has not been implemented as of yet.
  • USN8: google talkback support
    This feature has not been implemented in order to focus on higher priority tasks and issues.
  • USN12: returning error codes We have defined different error codes in the project wiki, but haven't really implemented them in the application because the application has gone through major changes in each iteration and we would have had to redo this part each time as well. For the moment we have mostly used comments in the code to explain why or where something could go wrong.

Additional issues:
The bug that caused the application to crash when opening the settings menu while already being in the settings menu has been fixed.