I want to build an Android Application in which the user gives permission to my server-side script to read their files.
Seems pretty straight-forward, I've made an app where the application can access the user's files.
However, giving access to the server is a lot harder, thanks to OAuth2.0 which has me confused as hell.
Is it even possible to build what I want, and if so, how can I achieve this? Links to tutorials are also accepted.
This is the library I used at a previous job and it saved me a lot of the hassle in dealing with the Google API directly. Just be sure to follow the authentication part carefully as you need the .ovpn file in order to access your drive.
Related
I am trying to build an android telegram client using the famous TDLib. Unfortunately, I could not find any good tutorials or documentation about using this library in android. But, I've understood how the library works from the Java examples.
The problem is when implementing the library, I've to pass the api_id and api_hash to TDLib. I think these variables must be unknown to others, as this can reused for malicious purposes.
As the documentation does not provide any best practices about storing the api_id and api_hash, How can I make them unavailable to the public and securely manage it in the android app?
From the developer of TDLib
On Android the values can't be accessed without root permissions if
they are stored in any reasonable way. From the other side, they can
be extracted from the app's memory with root permissions. So you can't
do much besides storing them in the apps binary and obfuscating them
in any simple way.
and he says, if someone extracts the key and uses it for a malicious purpose, only the user is blocked
I just read these topics:
Is there a way to get the source code from an APK file?
How to avoid reverse engineering of an APK file?
...and realized that you can't develop an android program without being possible for its .apk file to be reverse engineed.
You can use Proguard and tricks but still your code will not be completely hideable.
So if you want to make an app completely close-source what you have to do?
For example, what Facebook and Snapchat and Messenger (e.g) did so their source codes are not accessible?
Also, another question: if you upload your app on google play, then a user can get your .apk?
Thanks in advance!
Every app may be reverse engineered.
The difference is only time needed to do it.
Proguard is a minimal solution whish requires minimal efforts and provides a level of protection that is enough in most cases.
You may also use other obfuscation tools (for example, DexGuard).
Another way is making shared libraries with Android NDK and using it. Reverse engineering of native binaries is usually more difficult than Java classes.
Probably the only way to completely protect your algorithms is to remove them from user's device - move to a server. In that way application will do a requests, but computation will be performed on your server.
As for extracting APK - it is possible, as Giorgos Pippos wrote.
From what I know, there are programs you can use to extract an apk from your phone. For example APK Extractor is listed in the Play Store.
You can use this kind of apps to get the apks you want.
I've spent hours trying to work out how to use SDK. It seems so long winded and has about 20 dependencies but absolutely no examples of usage.
Does anyone know where I could find some examples to learn from. Dropbox was just a case of downloading the SDK and using it. Google drive only seems to have javadoc which is only helpful as a reference if you already know what you are doing.
I'm trying to do what I consider to be the most simple operations. upload, download, delete, create.
I had the same problems originally, finding a SDK that actually worked for Google Docs.
In the end I ended up implementing it on my own using raw HTTP requests, as also suggested in the other answer linked to by Alain. My implementation only handle file transfers and file management, but it is quite straightforward to implement, and works perfectly for Google Drive files also. I basically just implemented what I needed from the Google Documents List API version 3.0 found here: https://developers.google.com/google-apps/documents-list/
It took a little time, but was well worth it, and much more lightweight since I didn't have to include on all the dependencies of the various Google API's.
Google has now a tutorial called Quickstart: Run a Drive App on Android.
The Drive API are at https://developers.google.com/drive/v2/reference/
If your goal is to let users open files directly from the Drive app for Android using your app, see Integrate with the Android Drive App.
I'm trying to put a text document with highscores inside a bucket on the google cloud storage. So far, so good.
Now I want my app to open this textfile in the bucket, check if there is a new highscore, adapt the file and write it back into the bucket.
I´m trying to find example code, since that makes more sense to me for understanding than the apis, but I´m not able to find it.
The answers I get are all, it´s just simple get and put callbacks, but since it ain't simple for me, I was hoping somebody has a link to an example for an android app using google cloud storage and reading and writing online.
I found this information, but would love to see an example for android in eclipse: http://code.google.com/intl/nl-NL/appengine/docs/python/googlestorage/functions.html
If I'm creating an app in Eclipse, can I use the bucket in the google cloud? Or don't I or future users have access to that bucket for read and write?
Look at the Google api client libraries for java. Google storage has a Json Api (currently in beta and you must email to get turned on). The client libs are fairly straight forward once you get your head around it. All google apis are accessed in the same manner. You can use the Android Tasks example to learn from and apply it to Google Storage Api.
http://code.google.com/p/google-api-java-client/wiki/APIs#Tasks_API
Since you want to change files, I would advise to use Google Appengine's Blobstore or either save images as BlobProperty in GAE. CloudStorage is more for static files, I believe.
I've never made a game for a mobile so I'm not really sure what the proper convention for level info is. Basically I'm thinking that I include an xml file that I add to local diskspace for the app then load the level details (item positions, etc) from that xml file, this way when I have to update the game, add more levels, I only have the users download a small xml file. Is this method secure or are there other ways of doing this?
The security features on the BlackBerry can be pretty complicated, check out the second half of this article for a good summary of the various security features available:
http://programming4.us/mobile/2694.aspx
Here are some official BlackBerry docs on the topic too:
http://docs.blackberry.com/en/smartphone_users/deliverables/1487/Security_26381_11.jsp
FYI, most of this information concentrates on protecting data from unauthorized users, or from other malicious apps. Personally I wouldn't be too concerned about a sophisticated hacker changing my XML, unless I was giving away prizes for achievements!
Regarding file access:
Every Android App runs in it's own sandboxed environment with it's own system username. Data downloaded or residing in it's directory can not be read from other apps.
Google Developers on Security is worth reading.
In code, you can easily use
this.getFilesDir()
From within an activity subclass.
If a device is rooted or someone uses the adb shell from the sdk to access the app data directory, of course, he will be able to manipulate it, I assume.