Portugal Posts English

EMEL will block Gira applications made by students, while it renews its own | Lisbon

The Lisbon Mobility and Parking Company (EMEL) will carry out the long-awaited improvement of its application (app) which allows access to the Gira shared bike system, thus trying to eliminate the many flaws reported by users. To do this, it hired a specialized company, which will charge more than 19 thousand euros, and which should present a new version in the coming weeks. And one of the prerogatives of the work to be developed is to block the possibility of access to the system by any external entity that intends to develop an improved version of the app. An imposition that will end up dictating the end of mGira, an application developed, at the end of 2023, by Afonso Hermenegildo, a 19-year-old student and which has proven to be a success among users.

To PÚBLICO, however, the young man reveals a mixed feeling of, on the one hand, understanding for the reasons that led EMEL to invest in strengthening the system’s security, but, on the other hand, disappointment in the chosen option, which excludes the community of programmers to work freely on its permanent improvement. At the beginning of the year, Afonso received an invitation from the municipal company to do an internship there, but his academic duties ended up forcing him to decline the proposal. Five months later, he sees his app out of play. Closing access to Gira codes will also prevent the operation of Gira+, another application, created after mGira, the result of the work of other students. EMEL’s objective is to close all doors.

Although this mission is not specified in the contract published on the Base portal, where all public procurement acts are announced, it is recognized in the proposal prepared by Boldint SA, the company chosen to carry out the work, through a direct award. “EMEL wants to mitigate unauthorized access and also provide an adequate experience for users”, reads the presentation of the proposal made by the company. “The expectation is that, at this stage, we can present an immediate mitigation and a short-term solution to overcome the limitations and protect EMEL services used improperly”, the document explains.

Without ever naming the solution created by Hermenegildo, a second-year student of the Information Systems and Technologies course at Universidade Nova IMS, the specifications requested by EMEL from the specialized firm recognize, however, that this is the main target of this action of “immediate mitigation”, which should have practical effects by the end of this month.

“A user has developed his own unofficial version that is being well received by the community, but is exploiting an unauthorized set of EMEL resources”, says the presentation of “upgrade from the app” and that it also intends to “analyze and correct any security flaws”. This will culminate, in addition to immediate actions to prevent access to the system by third parties, with “blocking services behind a protected architecture”. In other words, we want to prevent further appinformal s emerge.

At the end of last December, Afonso Hermegildo explained to PÚBLICO that the idea to develop the application came to him in October, on the daily routes he took between Benfica, where he lives, and Campolide, where Nova IMS is located, where he studies. “A app [Gira] I really like being closed and not having the Login of the person made when we open it. Sometimes it doesn’t send the request to let the bikes be picked up and we have to close the app and open it again. I’ve had to go out and come back in at least five times just to get a bike out,” he said, explaining that this led him to think about solving these problems. Access to mGira, with versions for Android and iOS, is done using the credentials of the official account secured by EMEL. A app has a daily average of 600 users.

“A little disappointed”

Now heard again by PÚBLICO, Afonso Hermenegildo says he is not surprised by the decision of the capital’s municipal company to invest in strengthening its security. But he still reveals disappointment with the path chosen to put it into practice. “What is happening is somewhat natural, it ends up being inevitable, because EMEL wanted to correct the system’s vulnerabilities. When I met with them, after creating mGira, they made me understand that this would be their objective. But I am a little disappointed that this was the route chosen, closing off access to the community, which could always make its contribution, despite public resources being spent”, he says.

For the student, the most sensible solution would have been for EMEL to move forward with improvements to its apphowever, maintaining free access to its API (Application Programming Interface), the device through which different applications can communicate with each other. “This capability could happen through an authentication system, for tokens, which guarantees the security of the system. This is very common, even among large technology companies, such as Facebook or Google, which have public APIs, to allow the programming community to access and improve systems, detecting problems”, explains the student, who has been programming since he was 12. years.

EMEL’s option thus ends up being much more conservative. And even surprising, considering that, initially, right after the creation of mGira, and the immediate success it became, it even revealed another opening. They invited Afonso Hermenegildo to a meeting, and ended up offering him an internship at the company. A proposal that the young man ended up not embracing, as he was committed to his studies. “We talked about the possibility of, based on what I did, giving my input in improvement. But what they told me at the time was that they would be working on a new version of their application to be used by all their customers. It wasn’t just for Gira,” he explains.

Questioned by PÚBLICO about its intention to block applications developed by third parties and about the entry into operation of the new official version of app of Gira, EMEL made little concrete progress. He acknowledged, however, that “specific constraints were identified” in its application, which he attributed to the “growth of users of the Gira network”. And he assured that “he has been implementing measures with a view to stabilizing and resolving the identified constraints”, with the contract now being signed as part of this effort.

The article is in Portuguese

Tags: EMEL block Gira applications students renews Lisbon