“I want to walk around campus and check my email on my phone. I don’t want to have to think about it.” That about sums up Joseph Paul Cohen’s motivation for creating the UMB Autologin app, now available for free on the Android market.
Without Cohen’s app, students who want to connect to the wifi network from their cell phones have to re-enter their user name and password, in a browser window, whenever they move to a different building on campus.
Cohen, a computer science (CS) Ph.D. student, was tired of repeatedly logging on throughout the day, so he created an app to automate the process for Android phones.
When installed, the app automatically connects to the UMB-Student network when it’s within range, bypassing the need to open a browser and reenter a username and password.
“You put your credentials in the settings page of the app, and then they stay there,” Cohen explained. “Then when your phone encounters one of the UMB captive portals, it sends the credentials and logs you in.”
Cohen based his app on a similar one he found on the Android market, created for the Starbucks wireless network. It took him about six hours to write the code.
“This app caters to the people who say to themselves: ‘I don’t need to spend an extra 30 dollars a month on a data plan, when I can just use the wifi for free.’ It makes it easier for them to make that choice,” Cohen said. “People who have a data plan don’t care, but the people who constantly run into this issue – they’re excited.”
“Holy crap, it’s useful,” said Christian deTorres, an instructional technologist at UMass Boston and an alumnus. “If the University can’t or won’t remove the need for the app, they should at least have the help desk point frustrated students to it, albeit with the caveat that it is not official or supported. And best of all, it’s a mobile app developed by one of our own students.”
DeToress does have some reservations. Although he personally doesn’t think the app is un-secure, he says that theoretically it could be used for phishing. “Cohen makes the source code available,” deToress said. “But how do we know the compiled version available on the Google Play store doesn’t contain additional elements?”
Addressing these concerns, Cohen responded, “if there was something like that in the app, would I put my name all over it? Everyone takes that risk with every app.”
Cohen also pointed out that the same issue exists with the system that the university currently has in place. The captive portal login page for the UMB-Student network doesn’t use a signed certificate. This is the reason that most browsers warn users before loading the login page.
“Anyone can pretend to be the login page,” Cohen said.
Cohen is facing some resistance from the campus IT department. CS students can create their own webpages on the department’s website (www.cs.umb.edu), where they often post their resumes and projects. When Cohen uploaded the autologin app to his webpage on the CS server, IT asked the CS department to take his page down.
Cohen removed the app from the page and made it available on the Android marketplace instead. Despite his cooperation, Cohen’s page on the CS website is still down two weeks later.
The Mass Media contacted IT Security Administrator Robert Sarao, who replied that “there will be no comments whatsoever on this issue at this time.” The office of community relations also did not comment.
It is not clear when Cohen’s page will go online again, and why it was taken down in the first place.
Cohen’s history with the IT department is complicated. When the university introduced the Enterasys wireless security system in 2010, Cohen started a petition against it. Enterasys was a login agent that students had to install on their computers in order to connect on campus. It was poorly received by the majority of the campus community, and was discontinued after a year.
The link for Cohen’s app is http://umbautologin.github.com/.