Tugas Besar IF3210 - Pengembangan Aplikasi Piranti Bergerak
Purrytify is a music player application developed as the final project for the Mobile Application Development course (IF3210) at Institut Teknologi Bandung. This Android application provides a comprehensive music player experience with features for music playback, library management, and user authentication.
- Overview
- Features
- Tech Stack
- Setting Up
- Screenshots
- Task Allocation
- OWASP Security Analysis
- Acknowledgements
The Purrytify project focuses on developing a music player Android application that allows users to listen to, manage, and share their music libraries. The application provides a comprehensive set of features including user authentication, music playback, library management, and profile handling.
- Building an interactive and intuitive music player interface for Android
- Implementing local storage for songs and their metadata
- Creating user authentication with JWT token management
- Developing background services for continuous music playback
- Building a comprehensive library management system
- Implementing network sensing and offline capabilities
- Enhancing audio experience through customizable audio routing and device selection
- Extending music availability with online song streaming and download capabilities
- Improving music sharing through URL and QR code integration
- Creating a responsive design that adapts to various screen sizes and orientations
- Adding personalized recommendations based on user preferences and listening history
- Implementing advanced features like sound capsule creation and notification controls
- Three navigation menus: Home, Library, and Profile
- Visual indication for active menu
- Dynamic header based on current menu
- Authentication system with JWT token management
- Secure token storage using EncryptedSharedPreferences
- API integration with backend server
- Recently played songs display
- New uploads section
- Single-tap playback functionality
- All Songs view with complete song collection
- RecyclerView implementation for efficient list handling
- Song playback on selection
- Full player view with detailed song information
- Play/pause, next/previous functionality
- Duration tracking with seekable progress bar
- Mini player for continuous playback while browsing
- Song upload from external storage
- Metadata extraction using MediaMetadataRetriever
- Form for editing song details (title, artist, artwork)
- Room Database storage for song metadata
- User profile data display
- Statistics for uploaded songs, liked songs, and listened songs
- Settings and account management
- Like/unlike functionality for songs
- Dedicated section for liked songs in Library
- Synchronized status across the application
- JWT expiration checking
- Automatic token refresh
- Persistent music playback
- Internet connectivity detection
- Offline mode support
- User notifications for connection status
- Audio output device discovery (built-in speaker, Bluetooth, wired headset)
- Real-time device connection/disconnection detection
- Device selection dialog with visual device type indicators
- Automatic fallback to available devices when the current device disconnects
- Persistent device selection across app sessions
- Browse and stream music from remote server
- Buffering indicators for loading songs
- Integration with existing player UI
- Continuous playback even when navigating between screens
- Download functionality for offline listening
- Download progress indicator
- Download management (pause/resume/cancel)
- Storage optimization and management
- Create and save custom sound snippets
- Audio trimming with visual waveform representation
- Export audio segments in various formats
- Share sound capsules with other users
- Media notification with song information
- Playback controls in notification area (play/pause, next/previous)
- Album artwork display in notification
- Lock screen media controls
- Generate shareable links for songs
- Deep linking support for direct song access
- Social media integration
- Copy-to-clipboard functionality
- QR code generation for song sharing
- Scanner integration for receiving shared songs
- Visual confirmation of successful shares
- History of shared content
- Dynamic layout adjustments for different screen sizes
- Orientation change support (portrait/landscape)
- Adaptive components for various device densities
- Consistent UX across different Android devices
- User profile image upload and editing
- Display name and bio customization
- Password change functionality
- Profile visibility settings
- Personalized song recommendations based on listening history
- Genre-based recommendation categories
- "Discover Weekly" style playlist generation
- Similar artist and song suggestions
- Add to queue functionality
- Custom playback order
- Queue management
- Random song playback
- Toggle functionality
- Multiple repeat modes (off, repeat all, repeat one)
- Persistent repeat settings
- Security analysis and improvements
- Implementation of best practices
- Search functionality in Library
- Filtering by song title and artist
- Real-time results
- Accessibility Scanner implementation
- UI improvements for better accessibility
- Support for users with disabilities
- Language: Kotlin
- Storage: Room Database for song metadata
- UI Components: RecyclerView, Navigation Components
- Media Handling: MediaPlayer, MediaMetadataRetriever
- Networking: Retrofit/OkHttp for API requests
- Token Management: EncryptedSharedPreferences
- Background Processing: Services and BroadcastReceivers
- Audio Management: AudioManager, BluetoothAdapter
- Media Session: MediaSession, NotificationCompat.MediaStyle
- Data Sharing: Intent, ContentProvider, FileProvider
- Image Processing: ZXing for QR code generation and scanning
- Download Management: DownloadManager
- Audio Processing: AudioTrack, WaveformView
- Responsive Design: ConstraintLayout, MotionLayout
- Recommendation Engine: Collaborative filtering algorithm
- Data Persistence: DataStore for preferences
To set up the Purrytify application:
- Clone the repository
git clone https://github.com/Labpro-21/if3210-tubes-mad-2025-if3210-2025-mad-cat.git-
Open the project in Android Studio
-
Build and run the application on a device or emulator with minimum API Level 29 (Android 10)
-
Use these credentials to log in:
Email: {your-nim}@std.stei.itb.ac.id
Password: {your-nim}
| Task | Responsible |
|---|---|
| Login/Authentication | 13522140 |
| Song Upload/Management | 13522139, 13522140 |
| Home Screen | 13522140 |
| Library Screen | 13522140 |
| Music Player | 13522140 |
| Mini Player | 13522140 |
| Profile Screen | 13522140 |
| Room Database Implementation | 13522140 |
| JWT Background Service | 13522121 |
| Network Sensing | 13522139 |
| Liked Song | 13522121, 13522140 |
| User Management | 13522139, 13522140 |
| Queue (Bonus) | 13522139 |
| Shuffle (Bonus) | 13522140 |
| Repeat (Bonus) | 13522140 |
| OWASP (Bonus) | 13522121 |
| Search (Bonus) | 13522121, 13522139 |
| Accessibility Testing |
| Task | Responsible |
|---|---|
| Audio Routing/Device Selection | 13522121 |
| Online Songs | 13522140 |
| Download Online Songs | 13522140 |
| Sound Capsule & Export | 13522139 |
| Notification Controls | 13522140 |
| Share Songs via URL | 13522140 |
| Share Songs via QR | 13522140 |
| Responsive Pages | 13522121 |
| Edit Profile | 13522140 |
| Song Recommendations | 13522139 |
| Name | NIM | Hours |
|---|---|---|
| Jonathan Emmanuel Saragih | 13522121 | 40 |
| Attara Majesta Ayub | 13522139 | 50 |
| Yasmin Farisah Salma | 13522140 | 90 |
| Name | NIM | Hours |
|---|---|---|
| Jonathan Emmanuel Saragih | 13522121 | 60 |
| Attara Majesta Ayub | 13522139 | 60 |
| Yasmin Farisah Salma | 13522140 | 60 |
We found a few potential security issues related to input validation in our app:
- The API responses from the server aren't always checked properly by the program
- When the user upload a song, users can enter any text for song titles and artist names
- The audio files from external storage could be corrupted and can damage the program
How to improve:
- Added validation for song titles and artist names (no empty fields, character limits)
- Added proper error handling for API responses with try-catch blocks
- Checking the audio files before uploading the song (correct format, size limits)
- Use Room's parameterized queries to prevent SQL injection
We identified these configuration issues in our initial implementation:
- HTTP connections instead of HTTPS
- Too many app permissions requested in the manifest
- Debug logs in production code
- Exposed components in the manifest
How to improve :
- Switched all API communication to HTTPS
- Removed unnecessary permissions and implemented runtime permission requests
- Added build variants to remove logs from release builds
- Protected sensitive components with proper permissions
There are several types of sensitive data that was handled in our program:
- User email and user profile
- Song history and liked songs
- JWT authentication tokens
How to improve the insecure storage :
- Not storing sensitive data in external storage or logs
- Clearing temporary files after use
- Using EncryptedSharedPreferences for token storage to improve security
- Mobile Application Development Course Lecturer, Bandung Institute of Technology, 2025
- Mobile Application Development Teaching Assistants, Bandung Institute of Technology, 2025