How do the various DND-5e character sheet apps compare? [closed]

I’m thinking about having my players use apps to keep track of their characters since they’re kind of new. How do the available character sheet apps compare in terms of:

  • Requiring additional source books be purchased in-app
  • Having poor performance or user interface
  • Having bad mobile apps in general
  • Not supporting either iOS or Android
  • Anything else relevant
  • Allowing the DM to view characters sheets

How to create two apps in MS Azure with the same Entity IDs? [migrated]

I am needing some technical inputs to overcome a technical challenge with regards to an MS Azure app.

Goes like this…

We have manually configured a non-gallery app in MS Azure which allows a third party party platform to SSO (SAML based) into their app. It works fine no issues. This app allows SSO for the third party platform’s Australia based staff.

However, I am now needing to configure another app for the same third party platform in order to support SSO for their New Zealand based staff. However, the ‘Entity ID’ that the third party has provided me for this second app is the same. The reply URL etc. are different.

In MS Azure all Australia and New Zealand staff are in the same Azure instance. My technical team is now faced with a big challenge as they are unable to create the second app (in MS Azure) as the ‘Entity ID’ for two apps is the same. How do I work around this uniqueness requirement? How do I configure two apps with the same ‘Entity ID’ in MS Azure?

Any help would be greatly appreciated.

Higher risk of no certificate pinning on mobile apps vs web apps?

Talking with people, it is frequently considered that having a mobile application without certificate pinning is a vulnerability. But i rarely see people mentioning it for web applications.

The question is, why is this issue only mentioned for mobile apps? Is there a higher risk derived out of this vulnerability on mobile apps?

Thinking about it, considering that the degree of difficulty is about the same for installing a rogue certificate on both pc and mobile, i would say that the vulnerability should exist in both cases, but in the case of web apps, there would be no remediation action since the hpkp which i think is the only way to achieve cert pinning is becoming obsolete.

Now none of the people i’ve talked with could give some reasonable explanations, so that’s why i wanted to see if there is indeed any good justification for the mobile cert pinning.

Secure Windows 10 Home admin’s data behind a password, even when user apps are running

Windows 10 Home’s default account lock system for the admin account is not completely secure because there are multiple free password recovery tools & ways available that can be used by a non-admin to reset/bypass the admin password.

How to secure Windows 10 Home admin’s data & installed programs behind a password, even when programs like Office, Chrome, etc. are opened and running in the background with some documents/pages opened in it?

Run Phone Apps in VM Anonymously and Security Risks of Virtualbox

Would it be possible to run phone apps that connect to the internet (eg. youtube, instagram, etc.) on an Android VM (or any sort of phone VM, doesn’t need to be android) in VirtualBox within a host OS such as Tails or Whonix so that they can be run at least pseudonymously? I was thinking using the android ISO.

I’m just concerned that this might not be anonymous enough and that there might be serious security issues with android in a VM.

One possible issue might be that VirtualBox is pretty vulnerable. However, as I understand it, the risk is mitigated if I run a VirtualBox inside a system that funnels all traffic through Tor–then there is little risk an attacker could see my IP correct? Are there other implications regarding VirtualBox vulnerability?

Any relevant responses would be greatly appreciated!

What do apps like TrueCaller, CallApp and Whoscall share with others?

I’ve downloaded the apps TrueCaller, CallApp and Whoscall. Then I realised they have privacy issues. Do they share one’s photos? Gmail? What can I do to remove my info from there? TrueCaller has had a security issue before and I fear in case of another, my own privacy might be at risk. I realized the name associated with my number became the same as my name in Gmail. Does it upload old contacts I’ve deleted long before I downloaded the app? Thanks.

Do mobile apps have their own certificate store?

When a mobile app is sending HTTPS requests, it verifies the server certificate against some kind of certificate store. My question is, would that certificate store be provided by the phone’s OS, or would it be packed with the app?

I know I can do certificate pinning, but first I want to know what’s the default.

If there’s any difference between Android and iOS, I’d want to know that.

Spying apps: Android mic and camera access

Can android lollipop 5.1.1 apps which have permission to access mic and camera access them when the app is not running?

I woke up to the news by the NYT that a popular app I had previously downloaded was solely developed to be used as a spying tool by a government. I did not research the app when I downloaded it and the app needed mic and camera access as it is a messaging app.

What can I do in the future to ensure my mic and camera are not running when I’m not running an app? It will not be practical to check if every app I download is trusted or not as even popular American apps could be potentially malicious.