I am hoping to implement some security for an Android app to prevent people from using the code unless it was installed on the correct device by the company. My first choice would be to make sure the app was installed through the Google Play Store, but this app will not be available there.
I have determined that one security measure that will work for my use case is checking some of the information in the Build class. I am concerned that there could be the possibility that some of the fields in the class may not stay the same, even if the same model of device is always used.
What portions of the Build class are subject to change for a specific model of device and what fields should never change?
In the end all of these system configs are just .xml files residing on the device somewhere around /data/system/sysconfig which you can modify in any way you want if you have write access (aka root) so I would recommend starting from making sure that the user running your app does not have root privileges. There are some FOSS libraries for it, you can start from there.
Related
Is there a way I can get the hierchary view/layout of other running android apps? If that's not possible, could I possibly unpack the app's .apk file and get the information there? For example, there's a setting in developer options that allows you to get the bounds of every elememt on the screen like so
EDIT
I have come to realize that this is not allowed and goes completely against the Android SDK. I apologize for this error and will look more closely in the future.
I have found out that Google blocks any of this because it would require me to inject my own code into other apps, which is not allowed due to malicious behavior in past apps.
I am developing a custom Antivirus app, which will need Storage Permission, Root Access and having a custom Recovery like TWRP installed.
For granting Storage Permission, I can easily use ContextCompat or EasyPermissions. I would rather use EasyPermissions, since it is way easier for me.
Well, I searched almost the whole internet to find any library to check for Root Access. I literally found two libraries by Stericson. Now I have the RootTools and RootShell on my Android Studio Project. I can handle for Root Access. For those two permissions (Storage, Root): I can handle it.
Now, I know that somewhere in /dev/block can have the recovery image. But how can I determine, which one is installed? I mean, if my Antivirus App fails to scan and deletes critical files without even noticing it, then Android can say "goodbye". That's why I want to check if a custom Recovery (for example: TWRP) is installed or not, so it can recover deleted files.
Is there any dependency for it to check custom recovery or other way? I would really need it because I can't have all these reports on me saying that I made an app telling about it, that I damaged someone's device and need to pay for example, $200 away. Look, if I get a report saying that my app damaged that preloader / bootloader file on someone's device, then I would need to send any motherboard / phone replacement to that one, that got damaged. I would need to ask that person the address to send the replacement. Really, if I get a report coming from telling me that any kind of system or other image got broken, I'm outta here!
I'm trying to install Kik Messenger twice. I have two accounts and don't like to log out because I lose all of my conversation history. I'm currently using Titanium backup's profile feature, which is a very nice fix, but it's still a pain having to switch back and forth between profiles. I might be looking for "perfect" when perfect doesn't exist. I am completely new to modding apks and Android in general, all of my work on this so far has been "trial and error". Anyways, here's what I have:
I have the Google Play version of Kik installed on my phone. I have extracted that app and modified the package name successfully using apktool. However, when I try to install, I get an error saying something about duplicate provider authority. So I did some research and learned that I'm supposed to edit this part of the AndroidManifest. So I have played around with that a little bit and after I change the authorities, I am able to install the modded app. However, it crashes immediately.
Does anyone know how to fix this problem with the provider/authorities?
The issue you're hitting is that the app has registered certain classes to handle particular events. These need to be unique across all installed apps and point to existing classes in the app that will perform some activity with the supplied information.
You bypassed the safety check when installing by changing the defined handlers in the Manifest but that didn't really fix it as they still need to actually point to a valid, working class that can handle the requests/events.
You would need to decompile, rename the classes involved and all references made to them and recompile the whole app to really fix the problem. However, I'd assume that it would likely be against the license. If the code is open source then it wouldn't be too big a task to rename some classes & packages then build the app. If it's closed source then it is a harder task.
What you can do is either set up your device to use multiple accounts (the OS not the app) as each user has a separate data storage and preference location that should allow you to have two configurations. Or you can request that the developers include some sort of multiple account handling or easy account swap feature.
I am just wondering how to enable/disable 3G/2G using the Android SDK and not just intenting to the 3G settings page. Thanks. Also is there a way to do the same thing, but with GPS. Thanks!
There is no exported to the SDK functionality to switch between 2G and 3G. For a given device you could probably figure out the private functionality, but it wouldn't work unless the app was signed with the system key.
You can disable the radios though, by turning on airplane mode.
And you might be able to make a shortcut to open the appropriate settings activity directly, instead of going through a few levels of menus to get there.
If you make your own build, you can presumably add the capability you really want, but that's likely not useful to anyone but yourself.
Edit: further detail - to understand how it works, look at the settings menu code (default version, a given device will differ):
http://android.git.kernel.org/?p=platform/packages/apps/Phone.git;a=blob;f=src/com/android/phone/Settings.java;hb=HEAD
Edit: AOSP is no longer served from kernel.org. A browsable mirror of
the current phone repository is at
https://github.com/android/platform_packages_apps_phone however due to
evolution of code organization there is no longer a Settings.java
there. One might either use git to reconstruct the version above from
this repository, or else try to figure out where the code has migrated
to in current releases.
You would need to find out the implementation specific set of NT_MODE_ constants you wish to toggle between. And you need to be able to write to secure settings, which requires being signed with the system key. Unless it's a custom build, you probably don't have access to that.
You cannot enable or disable any of these from an SDK application.
So, I have found a bug in a specific sdk that causes it to fail on some Android phones after re-installing a new version of an app which uses the sdk (via adb install -r, and presumably when a user gets an update that has been pushed to the Android market). Is there any way to force an application's data to automatically be cleared upon update of the app? I realize there are different ways that data could be stored, but I just need to essentially simulate an invocation of the "Clear Data" button that'd you find when browsing to the application in the "Manage Applications" section of the Settings (i.e. I just want all data gone).
I am an Android noob and am doing minimal Java coding on this project, so I am basically looking for the simplest solution here. I suppose I could settle on storing a "currentVersion" to disk and then checking it upon launch every time to see if the real current version matches the version that was written to disk on the last launch. Is that the only real way to do this? If so, what's the simplest way to do so?
Thanks!
Is there any way to force an application's data to automatically be cleared upon update of the app?
No, at least for my definition of "automatic".
I suppose I could settle on storing a "currentVersion" to disk and then checking it upon launch every time to see if the real current version matches the version that was written to disk on the last launch. Is that the only real way to do this?
I'd name it lastKnownVersion, but otherwise this approach seems sound and probably is your only viable option.
If so, what's the simplest way to do so?
Ummm...do exactly what you said. Use Java I/O (storing the file somewhere inside of getFilesDir()), or SharedPreferences.
Bear in mind, though, that your users may get rather frustrated if you blow away their data on an app update. Personally, I'd rather we find a better solution to your original problem ("I have found a bug in a specific sdk that causes it to fail on some Android phones after re-installing a new version of an app which uses the sdk").