CCE-ANDROID

CCE School Edition — Android

A native Android WebView shell around the existing CCE Software v1.0 web app (Continuous & Comprehensive Evaluation for Maharashtra schools). The HTML/CSS/JS you already built lives unmodified under app/src/main/assets/www/ — this project just wraps it in a hardened native app so it can be distributed as an APK / installed on school tablets and phones.

Project layout

CCE-School-Android/
├── app/
│   ├── build.gradle                  # release signing, minify, R8 config
│   ├── proguard-rules.pro
│   └── src/main/
│       ├── AndroidManifest.xml       # allowBackup=false, no cleartext, etc.
│       ├── java/.../MainActivity.kt  # hardened WebView shell
│       ├── res/xml/                  # network security + backup config
│       └── assets/www/
│           ├── index.html            # your CCE_School_Edition.html
│           └── xlsx.full.min.js
├── keystore.properties.sample        # copy → keystore.properties, fill in
├── .github/workflows/android-build.yml
└── gradlew / gradlew.bat

Building

  1. Open the project root in Android Studio (Giraffe/Koala or newer), let it sync, and press Run — this is the easiest path and needs no extra setup.
  2. Or from the command line:
    ./gradlew assembleDebug     # unsigned debug APK
    ./gradlew assembleRelease   # release APK (needs keystore.properties, below)
    

Release signing

Release builds are only signed if keystore.properties exists at the project root (it’s git-ignored on purpose — never commit a real keystore or its passwords).

cp keystore.properties.sample keystore.properties
# edit keystore.properties with your real keystore path + passwords
keytool -genkey -v -keystore release.keystore -alias cce-release \
  -keyalg RSA -keysize 2048 -validity 10000
./gradlew assembleRelease

CI

.github/workflows/android-build.yml builds a debug APK on every push/PR to main and uploads it as a workflow artifact, so you get an installable build from GitHub without needing a local Android Studio setup.

Security notes

This wraps a client-side web app in a WebView, so it’s worth being precise about what “secure” does and doesn’t mean here.

What this project actually hardens:

What this does not and cannot protect against, and you should plan around rather than assume away:

Permissions

Only INTERNET and ACCESS_NETWORK_STATE are requested — no storage, camera, contacts, or location access, since the app doesn’t need any of those.