I'm starting to research about Android Auto, I want to do my thesis on this.
I want to know if it is possible to obtain from the Android Auto certain information that is important for the thesis project, such as:
bluetooth connections,
phone connections (identifiers, contacts, call logs, SMS),
mass storage devices,
and navigation infomation.
It is a project whose objective is to help researchers obtain important information in court cases.
I will be very grateful any information you can provide to me.
Android Auto is really just another app, but enables a projected experience of the Android system to an Auto supported vehicle dashboard. Architecturally, what 3rd parties are allowed to build on is just a shell/template. The real activities etc are in the Android Auto process, and connected to the car.
When a 3rd party app is being shown, Android Auto just shuttles methods (onCreate, onResume, etc) back and forth between the processes. The information you’re asking about when used while Auto is connected would still be found through the mobile device and not independently within the Android Auto app itself.
Related
I would like to create logfiles of the activities on my Android phone.
The goal is to be able to trace back any suspicious activities of apps and check if the phone's been hacked.
In this question someone suggested using a proxy server.
But using a proxy changes the ip used and a lot of services (i.e. Netflix) block mobile traffic coming from either server ip's or home ip's when making mobile requests.
The question is already 3.5 years old so maybe the options have changed.
As for the network traffic an option to setup a local proxy on the device itself with a possibility to set logging rules would work though.
How could you setup a local proxy on an Android device?
However this is only the first part as to find possible suspicious activities. But without logging the actual phone activities it will be difficult (or impossible) to actually find out which malicious code or app is doing this.
How can we log activities on Android?
I think when loggin all user activities like touch events etc. and all calls between apps would suffice.
Can this be done without rooting the device? And if not how would one do this on a rooted device?
I would prefer to have this device independent, but I use an Oneplus 6 with Oxygen OS.
My company has written an android driver app (for making deliveries) from which the driver can select a 'call' button to dial the customer they are delivering to. I know how to change the intent to auto dial the number instead of the user having to manually initiate the call but I would like to know if there is a way of somehow locking the dialler down in some way.
Best solutions would be to either a) ensure that the phone returns to the drivers app after the call hangs up, or b) disabling the number pad on the dialler so they cannot call any other numbers.
I have searched through the available dialler apps on play store to see if there was anything suitable but I could not find anything. I have searched the forums (which is how I found the ACTION.CALL intent) but not really found a solution yet.
The app is written with PHP and javascript.
Any suggestions would be very helpful.
Thanks in advance,
Ant.
Is this on their personal phone, or on a device you give them? If its a personal phone, no. If its a device you give them- what you really want is a kiosk app. You could install your own softphone that doesn't allow dialing (although you should probably add a 911 button for emergencies) and block the user from installing any other dialers via DeviceManager apis (you'd have to be the device owner, but as its a device you physically control that's no problem).
Of course doing kiosk mode is really diving through deep apis that almost nobody uses. I wouldn't recommend it without an android expert on your team.
Outisde of kiosk mode and a complete lockdown of your device- no there is no way. Because the dialer is just an app, there's no way to force it to have certain features.
I'd like to automatically import my activities from my Garmin Fenix3 into a database (without the need to manually download the TCX files). Two options came to my mind to solve this task:
A Server based app which gets connected to the Garmin Connect API and is notified (via RESTful APIs) by GarminConnect each time an activity has been uploaded - is my understanding correct, that I need for this use case the $5,000 expensive Garmin API licence?? http://developer.garmin.com/garmin-connect-api/overview/
Create an Android App which gets notified by the installed Garmin Android Connect App each time a new activity has been created - how can I achieve this? From my understanding, the Connect IQ Mobile SDK For Android can be used to create an Android App which interacts with your own application on the Garmin Device itself (which is not needed for my scenario, I just want to automatically "download" the activities created by the default Fenix3 apps).
Any help is highly appreciated - thanks.
I can answer now my own question. It is NOT possible to access the recorded data automatically unless you pay the $5,000 for the Garmin API licence (this is soooo ridiculous Garmin!!!). The Connect IQ Mobile SDK approach will NOT do this job, confirmed by the Garmin Support Team.
The only way to get your data is by manually downloading the FIT or TCX file from https://connect.garmin.com . Keep in mind though that the Running Dynamics (which are captured and calculated by the HRM-Run sensor) are NOT included in these files!
Vertical Oscillation
Vertical Ratio
Left/Right Balance
Avg Ground Contact Time
Training Effect
This is a very big disappointment Garmin! In which century are you guys still living? The data generated by the user belongs to the user and it should be easy accessible! Keeping the data locked in your safe will not really attract more users to the connect platform... But time will tell.
I'm currently doing some research about my project, a smartphone tracking native application, and I have four questions. Links to any material I can read up will be greatly appreciated, and the most useful/comprehensive response will be accepted.
The primary target smartphones are the Android, Blackberry and iPhone models.
For starters I found out here Uniquely Identify an Android Handset that IMEI can be used to uniquely identify Androids but I think I once read that it can be faked. I don't know about the iPhone and Blackberry.
What's the most reliable way to uniquely identify the smartphone device, if any? Can MAC addresses work or is it possible to spoof that? Can IMEIs truly be faked?
Is it possible to "lock" the device with a custom error message remotely via its unique identification, once the device is reported as stolen? This lock state will remain on the phone even when disconnected from the network, until it is reconnected to the network and unlocked remotely once again.
Assuming such a remote phone lock is possible, can such be reversible by the thief? The native app will run in stealth mode so that it cannot be uninstalled.
Can a cross-platform solution work in this case, or will I have to develop various native apps per platform?
EDIT:
Some more context. As Till rightly said, Apple's "Find my Phone" does this exact thing already (I am just finding out about it, but it looks like a perfect fit already). The user who is choosing to install the app is informed that the phone will be uniquely identified if they do install the app. As for locking the device, "Find my Phone" does it (I gather). Now I need to know how that might be possible on the two other platforms.
With regards the iPhone side of things:
You aren't allowed to uniquely identify the iPhone like that. Apple have just forbidden it unless you get the user's permission first. So if they refuse you permission, your app won't function and you'll need to find another way.
No, you can't do that.
See 2. Also you can't run an app in "stealth mode"
See 2.
Only the network operators can talk to the handsets on an IMEI level. The IMEI number IS the MAC address of GSM networks. However, you can't access that unless you have control of the network. Sure you can get the IMEI from the user, but you can't use that to locate the phone. On CDMA networks this address is called the MEID number.
But there are other ways:
You can get location data on either platform with the users' permission. This is the way you should think about developing your application. You'll want to assign a UUID to a user once they download and install your application on their phones. You can then have the phones report to a server every so often (heartbeat). As long as the phone is powered on and connected to a network, the user would be able to locate the phone.
You can also get the phones IP address on the network, among other things -- such as contacts, messages, files, cache data etc..
On Android it's pretty easy to implement this kind of functionality as a service that could would only be visible on the packages page. Further, if you have root access, you can write whatever kind of rootkit you want such that it hides itself from the system. Same with a jailbroken iPhone. I am not as knowledgeabe about iPhone services though.
Either way, the only cross platform compatibility you'd be able to exploit would be perhaps the way data is sent and received from the server. You could use some standard such as JSON to send and receive data (and hence the same server). Although, both platforms have JSON and Apache libraries, the other parts of the apps or services themselves will need to be completely and dependently developed for each platform (UI, Internal Content Handeling, Syscalls, Permissions, etc).
You can remotely lock, wipe, factory reset, etc. Android devices using the security and device administration Android system interface. This still requires the user to grant permission and it asks them an a more.. obnoxious.. way so that they know what exactly they are agreeing to when they give an app device administration permission. If you ever use an exchange server for business or school, it's likely you'll run into this.
I am unsure about remote iPhone device administration on a jailed system.
If you really want something that can't be removed lest you do a factory reset, you'll need to know a thing or two about Unix programming, and a lot about the operating systems that their respective SDK's don't (and probably shouldn't) tell you. You'll need to be comfortable poking around sources and even reverse engineering if called for. If you're still interested, you'll want to hang around the circles that work on custom phone firmware and software for the iPhone, and Android (and Blackberry). I would start with Android. It's probably the easiest since the sources for the AOSP are easily and legally available.
I was reading this
http://developer.android.com/guide/topics/wireless/bluetooth.html#QueryingPairedDevices
which is allot of help on how to pair,connect to a bluetooth device.
I have a situation where I have several BT devices that are in Non-Discover mode always. I know the MAC and the PIN of these devices. IS there a way in Android Dev to manually add devices to the PAIRED list so i can just use the connect as a client.
I understand this maual is written allot for V3. i think i will need to do this on 2.0 ; 2.1- has anybody done this before?
Basically these devices I want to connect to are power saving modules I used pre built BT modules to monitor daylight, another one humidity, etc.. every 3hrs or when interrupted and runs of a single battery for months. So turning off divcory on server saves immense power and prevents other people trying to connect and waste battery.
Not sure what you mean by "manually": Do you mean "manually" as in GUI/user interaction, or "manually" as "I do it in my own application code"?
Some suggestions though:
If you can make your BT devices discoverable at all, you could do it this way:
Make your BT device discoverable
Let Android search for and find the device and then initiate a connection
Android will ask for the PIN for pairing with the device; enter the PIN.
Once pairing was successful, Android stores the pairing information for future use, so that you can
Make your BT device invisible again.
From then on your app should be able to connect to the BT device at any time without further pairing operations.
If the said is not an option for you, maybe you want to go another way:
In current Android versions there are different API routines implemented which are neither documented nor exposed in the normal SDK. A hack kind of solution may be to use some of these "hidden" ("#hide"...) APIs, either via reflection or via modification of your SDK installation.
But be aware that this is always a hack and it may work on a specific device with a specific version of Android and is likely to break your app on another device and/or any other Android version.
Having said that, here comes some reference:
Example of how to access "hidden" bluetooth API.
Then, have a look at the source code for android.bluetooth.BluetoothDevice, e.g. here.
In there, public boolean createBond(){...} may do what you want.