Please, I need analyze Android apps accessibility behavior for auditing purposes. That is, I don't have source code access so I need external methods to view his response. I tried some tools as Accessibility Insights, but they're clearly insufficient, so I want to try self made tools.
Anybody can tell me where start finding info about? Google Developers only had info about make accessible apps, but I need info about p.e. how Talkback discovers links, buttons, controls and so on.
Related
I have seen so many apps that provide auto tapping feature. But they don't provide some specific customization so I decided to create a one. I have seen many tutorials that offers auto tapping, but they are supposed to be used in the same app. But I want to create an auto tapping app that can click on other app's View. I am an intermediate java developer but new to Android studio, so I don't know much about Android APIs. Is there any class or package which can provide this feature. For more clearance, I want to do auto tap, when the color at the specific location on screen, (213, 120) for instance, becomes green.
Thanks in advance!
I am not an expert on the subject, I have experience as a BackEnd developer, I am new to the Android world, just like you I am interested in building an app to automate some farming mechanics in Android games with specific behaviors, so I investigated on the subject and the solution you are looking for is the AccessibilityService API, from Android 8.0 (API level 26) it includes several functionalities to make touches without the need for Root, I leave you links with examples of some open source repos that can guide you.
https://developer.android.com/guide/topics/ui/accessibility/service#continued-gestures (Doc)
https://github.com/nestorm001/AutoClicker (Old and abandoned project, but has the functionality of touches)
https://github.com/pylapp/SmoothClicker (A more mature App but need root, it can be helpful to guide you in how to build the UI)
For the detection in the change of the pixel I still do not have a concrete answer, I keep looking, maybe obtaining a dump of the screen every X time and validate the pixels on that is the way but it is still uncertain if it is the way to go.
Something like How to record screen and take screenshots, using Android API?.
I know that you can get a bitmap dump of the screen if you have the activity, but it's not the case, however some class in the following package may be helpful https://developer.android.com/reference/kotlin/android/graphics/package-summary.
I'm currently working in my own implementation, when I have something to show I will gladly share it.
I am making my application accessibility compliant. for this providing correct data to the accessibility framework by giving android:contentDescription="your string" in xml.
Also I have Seen the Android Developer guide on Making Applications Accessible for an overview of what steps you need to take to ensure your application works correctly with accessibility services.
Now problem is testing these all in each and every screen taking more time. my app has 30 screens and each time to go to any module will take almost 15-20 mins when talk back is on.
can anyone suggest tool/ better way to test app?
#unof is right, one tool you can use is lint to show you some warnings for missing content description.
I'm also experimenting with the Google Accessibility Test framework, it can help you to automate some of your tests:
https://github.com/google/Accessibility-Test-Framework-for-Android
Besides that also a good advice is to use an emulator that supports talk back, I'm using Genymotion with Gapps installed and is much easier/faster for some cases than using the actual device, if you are going to test multiple gestures, I'll recommend using Genymotion remote control feature:
https://docs.genymotion.com/Content/03_Virtual_Devices/Emulating_sensors_and_features/Remote_control.htm
it's very handy in situations when you need to track your network request while using the two fingers for scroll as accessibility requires.
Still is a manual task you will have to do, so try to tweak it.
Go to the Accessibility settings and increase the speed at which the text is spoken:
http://developer.android.com/design/patterns/accessibility.html#tools
It's also helpful to learn some of the gestures, and to explore the TalkBack settings:
https://support.google.com/accessibility/android/answer/6006589?hl=en
I hope it helps!
Currently involved in a University project and could use any help from members regarding rootkits designed for Android.
I have little knowledge of Android malware and the project so far has got us decompiling apks to view the java class files (if readable) and the AndroidManfiest.xml file. I have also managed to root a phone in the uni lab using various adb commands and pushing files over to it.
What I would like to know is if it's relatively easy to spot malicious rootkit code within a class file? Is there something I can look out for? Is it a case of getting su status or does it involve adding users? Assume to next stage would be to then contact a server so the developer has remote access..
Also, is there a system or service that can process an apk to spot if it contains a rootkit (not just malicious)?
reply:
hi sorry about late reply - tried responding immediately but wasn't allowed as I'm new, but then forgot!
Thanks for the info! I appreciate that I may sound naive, but I guess I have to be seeing as I don't know anything about rootkits or the way they work..
You're right, they are not asking about 3rd party scanners, that was just my interest. So on that topic, are you saying there are scanners out there that specifically look for rootkits in a sample? Or is this detection all part of the overall AV service they offer.. If specific to rootkits alone, then I would really like to know which ones, so i can research them..
Also, with regards to exploitation of a bug - I assume you mean a bug within the Android OS? Would this mean that when patch updates are pushed out from Google then the rootkit is unable to function?
Thanks
A mallicious rootkit tries its best to get certain access, secretly. So any generalisations you make about how it does its business will probably be already worked around by any good rootkit.
"setting su status" is hardly worthy of being called a 'rootkit', that's just 'using root permissions' that you seem to have given the app. A rootkit would look for a way to actually get this without permission, by exploiting some sort of bug.
Systems of services that spot those things are commonly called virus and/or mallware scanners. Yes they exist.
Not to be negative, but this seems like a naive post about the subject, and probably not a good start for a project: I'd say using a 3rd party malware scanner is probably not wat is asked?
You could, for instance, look for known exploit-methods. One that for some reason comes to mind is the overflow, but that's just a random thing. Read up on rootkits, their methods, heuristics to find them etc.
I am using a phone without LED notifications. I would like to dev an app to simulate that, however first, with root, I would like to get access to the notifications system on the OS level (so it can be app-agnostic), to get the notifications.
How can I do so, or where can I read up more about this?
Thank you!
Despite this being old and already having an answer accepted, I want to offer an alternative solution since I think the end goal can be achieved. With all due respect to Mark, I think the direction the question is a little misleading, but the end goal is attainable.
If you are looking for something that would allow you to make an app that listens for notifications and then performs some action based on them regardless of the source app (or could be tailored to specific apps), then I think you can do this without writing firmware or rooting using an Accessibility Service. Accessibility Services would allow access to notifications as they come in, allowing your app to do something with them. You would be able to filter by the source package, get the notification contents, and a lot of other things.
There is a lot I could say on it, but it is still rather new to me, so I'll provide a couple of links to get started.
Accessibility Services page: http://developer.android.com/guide/topics/ui/accessibility/services.html
I would also recommend trying it out for yourself. I came across a small project file that I was able to copy and run on my own as a proof-of-concept. If you run this, you'll be able to see in the log that you really can read notifications: https://gist.github.com/qihnus/1909616
Don't forget to enable the accessibility feature for the app after you install it in your phone's accessibility settings.
You have to write your own firmware. This is not possible from an SDK application, rooted or not.
I want to know how to control system resources and services like bluetooth, SMS, phone contacts etc.
Honestly, i want to know how or what to do to control sms usage based on user behavior, block incoming call or change it to auto vibrate mode without user noticed like that.
Actually, I want it for my assignment about context aware access control paper.
I choose Android for implementation but i am afraid i
couldn't submit my paper in time if i study android from the beginning and all by myself.
No offense but I want to avoid errors.
I feel my head becomes swollen whenever "force close error" show as I need it urgent.
As Willytete said developer site is the best one for you
There you can find
Application Fundamentals
Download the Android SDK and start programing
The first program tutorial where you can start Hello World
Notepad Tutorial where it give you a lot of ideas
List of Sample Apps, where there is a lot of codes
Getting the Samples, it explain how to use this.
You will get all the information from developer site that you needed, while move from beginner to an expert