Sadly I know little to nothing about mobile app development and I am tasked with thinking through privacy considerations a user could have when using a mobile website vs its app equivalent.
For example, when a user browses our mobile website we can collect the following data:
IP
User agent
OS information returned from Javascript, including screen resolution
Cookies from the domain
Of course, this list isn't exhaustive.
So what can easily be collected from a user of a mobile app? (assuming no extra permissions were enabled)
IP
What's the equivalent of a user agent?
What OS/device info is available?
Do apps have "cookies"?
What else?
APMK, we can Collect the below data
Device location.
Device Name.
Device Version.
OS (Android/iOS/Windows)
Cooikes if we are using webview ..etc
I think your question requires more clarifications and answer to the following questions:
Do you have access to the source code ? If yes, you can track basically anything that's in the app using 3rd party tracking services like Google Analytics or other similar stuffs (even your own implementation). If not, do you have access to the API that's used by the application ? If yes, you can probably detect the OS since almost all request have a User-Agent attached to them, platform specific, but from the API requests you can't have much info.
I think the problem should be put the other way around, what do you want to track from a mobile app ? And I can tell you from my experience that there's almost nothing that can't be tracked from mobile apps if you have access to the source code. Regarding the permissions, off-course you won't be able to access something for which you didn't request any permissions, but you can check if the permission is granted anyway (maybe some other part of your app requested those permissions).
Also just a reminder, if you develop apps for EU, make sure you're GDPR compliant, the sanctions can be quite huge for a non-GDPR compliant app.
Yes there is an App where you can find all the info of the Particular info https://play.google.com/store/apps/details?id=com.quixom.deviceinfo
Check it out
Related
I am working on a mobile application and would like to inform users when an update is available, if that user's device is not managed by an MDM. If the device is MDM-configured, we don't expect the end user will be able to update the app without the configuration being changed by the administrator. To provide a better user experience, we want to provide relevant information. To do this, I'd like ideas to determine if an app (written in Kotlin/Swift) can poll for this type of information.
I saw some things in the Android Docs about checking for Restrictions Providers, but I think this is the wrong avenue. I'm not very familiar with this, so correct me if I'm wrong.
I am trying to create an android application for mobile device management.
I want to deny the internet access of a particular 'xyz' network to smart phone users unless they have my certain android application installed on their smart phones. Only those users, who have the application installed on their device should be able to access my 'xyz' network. What should I look into to achieve this? I am not sure what to google to find an answer. :)
If this is about security, it sounds like this would only secure the network from Android users and leave a gaping security hole for any other device. Or are you looking for an alternative to protecting WiFi with the standard clickwrap agreement before you can use the internet? Maybe it would help if you clarify your use of the term 'network'. The only other use I can think of is malware, so please clarify.
I suggest using standard internet security protocols for logging in - a password on a site secured with SSL, which the browser can remember. If it's specialty content, access it directly through the app where enhanced security can be handled automatically.
I need to know how we detect the event of an Android app making a request to the Android Framework for sensor data. Also, if it is possible the Android Framework responding to the said request. I am trying to create a service that will be able to log this information for security or privacy purposes. Is this possible? What is the ideal way to go about it? If it is not possible, do we know why not? Is there an alternative solution?
I am trying to create a service that will be able to log this information for security or privacy purposes
I fail to see how spying on application activity regarding sensors will be "for security or privacy purposes".
Is this possible?
You are welcome to build your own ROM mod that has a revised version of Android, one that contains security vulnerabilities that would allow an app to monitor the sensor requests and responses between another app and the OS. Or, your ROM mod can do the logging directly, through an altered version of the framework.
Otherwise, no, this is not possible from an ordinary SDK application. I do not have enough experience with root-requiring frameworks like Xposed to know whether this is possible using them, though, again, that would require root.
Been researching it for a couple of days, and it seems quite impossible (though highly desired).
I'm Looking for a way to anonymously identify users on our website as they later on run our mobile apps (both iphone and android, actually). At the very basic level, I'd simply generate a UID when someone visits our site, plant a cookie on their device, and then retrieve it later when our app is run. This simple implementation seems to be impossible, because the apps don't get access to the same cookie-base as the browsers (which makes sense, privacy-wise).
Also thought about using HTML5 for this purpose, which doesn't seem to provide any solution.
I Tried going the other way around and using the device id as identifier. However, seems like device id won't be available to the web server when someone visits our site.
There seems to be a perfect disconnect between data accessible from the browser, and accessible from the device itself in native apps.
Has anyone ever found a solution for this scenario?
As of my experience what you seek is almost impossible to achieve for a third party developer.
As you mention, the web browser - by default - doesn't have file-system access from the javascript context (which is where your web app will most likely run) and the cookies infrastructure isn't exposed to the application context.
What you could do is to write a plugin to the browser which might enable this one way or another. But then there is the technicality that the browsers on mobile devices usually don't support plugins and even if they did; you can't force your web app users to install the plugin :-(
Yet another, and if possible even more unlikely solution would be to try to influence the device browser project (WebKit or whatever project you wish to target) community to implement the functionality for you (good luck) :-)
A third solution and perhaps even the ethically more correct one would be to allow the user to identify him/her self optionally when using your device client application. Your client iPhone/Android application would then have a "Identify me as a client user"-button. This would of course require you to allow the user to choose a key (an e-mail address?) of his/her own when entering the web app. You'd likely need to store the key on the web server opposed to the client browser cookies.
Hope this gives you some further ideas.
Cheers
Here are some things I think would work (untested):
You can check if the user has a google account login in the browser and on the phone.
Another way would be to have them log in in both apps
Register a special url-handler which opens your android-app with an user-identifier which gets called by the webapp (see this question)
Edit: I over-read the IPhone part - #1 and #3 those answers are Android only (I think).
a customer ordered us a tablet application, but they need a lot of access restriction to lock device functions such as:
Permit datas transfer only inside the application not outside
Restricted user access on the device (something close to admin and normal user permissions)
A framework/API that permit to create an internal mail reader/sender
Public API of iOS makes impossible to fulfill those requirements. I was wondering if Android makes life easier when there are those kind of restriction.
UPDATE: To make understand better the field of use. I'm talking about an application that "force" the device to be used just only with that application for an Enterprise use. The app is just like a CRM but the device should be blocked in some functions to make users only work with them and NOT playing or use facebook, market etc.
Not sure you can achiev all of those, but you should look into the device policy for android here and here.
1) Not sure what you mean by point 1. If you mean controlling all data transfer from the device, you might be a in a bind considering the only way to get a firewall running on android is by rooting the device. Perhaps you could look into writing a custom launcher/home like KidZone that only shows approved apps? - Not nearly as secure, though.
2) Honeycomb, so far, doesn't have multi-user support - though you can have multiple google accounts registered. The custom launcher could help in this regard though.
3) I don't see the point of doing this unless they already have a custom mail infrastructure in place. Otherwise just go with exchange.
Permit datas transfer only inside the application not outside
Do not request the INTERNET permission.
Restricted user access on the device (something close to admin and normal user permissions)
You would have to implement this yourself.
A framework/API that permit to create an internal mail reader/sender
I have no idea what this means.