So I'm doing some research and am a little lost as I don't have any experience in regards to the dev side of applications. I've got a few questions and would greatly appreciate some help:
1) Is there any full device encryption for Android mobile devices? I didn't see any 3rd party apps that did this but I can't believe this would be the case unless...
2) Do 3rd party apps have permission to do such a things? If not, can they encrypt personal files/folders?
3) Where can I go to find out more about the permissions of 3rd party apps?
Thank you for your time!
#Anoob Best advice for encryption is to ask you a question. Storage of data can be encrypted if you are using sqlyte database. That said you need to decide where you are saving that data. Android devices have internal and external storage (SD CARD)
Permissions has changed with the introduction of API level 23. Prior to Sdk 23 apps on the play store set permissions when they were downloaded. So if you do a search to read about this topic try to keep this in mind and look at current articles if your looking for code. In conjunction to permissions you need to consider what your minimum Sdk will be.
Here is some advice before asking questions do a lot of reading but much more important develop a written list of search terms and always use "example" in your search if you are looking for code and include the word "android" Java is used in a lot of other development languages.
Here is a high quality site with a lot of good tutorials and code
Great Source
Welcome to Stack Overflow
Related
I know there's decompilers but decompilers doesnt work perfectly there will mostly some errors etc.
So like Whatsapp Plus, youtube vanced etc. How people modify apps? do they use decompiler,fix errors and then edit apps source code or do they use something else?
Some apps may have their source code available on GitHub, in which case you can fork the repository and apply your edits. Needless to say, you should always respect the license.
You can also submit bug reports to the maintainer, which would also be considered "good form".
If what you are truly trying to do is reverse engineer the app, you may find more info on hacker boards. I don't know many software developers who take kindly to having their hard work stolen.
Note that if you consider yourself capable of "fixing bugs" in apps that you haven't developed yourself, perhaps you would consider developing your own app.
In order for an app to be legally modified by a third party, the app must be open source (have the source code available to anyone), ex. Linux. However, the front-end source code of web apps, like youtube, can be viewed by anyone through browser developer tools. A decompiler can, sometimes, produce source code that produces the same result as the original, but is, most of the time, obscurified.
good morning,
how can i do a SSO valid between my 3 apps.
i have 3 apps that should be installed on same phone. like google apps or facebook
and if i'm logged on one of them then other apps bypass the auth part.
i'm looking for good practices
thanks for advices.
By default android runs each app on separated sandbox so apps can not access data from other apps. But you can run as many apps as you like under the same sandbox. In that case you can access any data from other apps (database, files, etc.)
This is only one way of sharing data and not the preferred way BTW. Another approached that highly encourage by android team is to create content providers and allow controlled access to other applications in platform. This is exactly the way you are accessing users contact database in android for example.
I don't explain how to do it here. there are plenty of resources on internet and several well explained youtube videos.
I have to develop a sample application to send, receive and delete voicemails on android phones, for this I need to know what mechanism is followed, in general, by other applications.
(I developed a sample using android.provider.VoicemailContract, which can insert an audio file (from SD card of phone) as voicemail. Then, my application reads and deletes the inserted voicemail with the help of android.provider.VoicemailContract.Voicemails contentprovider.)
I want to know how does voicemails work on android phone, i.e. the procedure, protocol kind of things. I googled but I did not find any relevant material. I am completely new to voicemails...I need to know all internal details.
Can anyone please describe or provide me some helpful links to understand exactly what procedure one should follow to develop such application...:/ :/
I know this is old, but I was curious too. According to this stack overflow question and answers, applications can add voicemails to a local phone's database, but cannot read any voicemails that other apps add. Also, only the local phone application can read all the voicemails.
I've never made a game for a mobile so I'm not really sure what the proper convention for level info is. Basically I'm thinking that I include an xml file that I add to local diskspace for the app then load the level details (item positions, etc) from that xml file, this way when I have to update the game, add more levels, I only have the users download a small xml file. Is this method secure or are there other ways of doing this?
The security features on the BlackBerry can be pretty complicated, check out the second half of this article for a good summary of the various security features available:
http://programming4.us/mobile/2694.aspx
Here are some official BlackBerry docs on the topic too:
http://docs.blackberry.com/en/smartphone_users/deliverables/1487/Security_26381_11.jsp
FYI, most of this information concentrates on protecting data from unauthorized users, or from other malicious apps. Personally I wouldn't be too concerned about a sophisticated hacker changing my XML, unless I was giving away prizes for achievements!
Regarding file access:
Every Android App runs in it's own sandboxed environment with it's own system username. Data downloaded or residing in it's directory can not be read from other apps.
Google Developers on Security is worth reading.
In code, you can easily use
this.getFilesDir()
From within an activity subclass.
If a device is rooted or someone uses the adb shell from the sdk to access the app data directory, of course, he will be able to manipulate it, I assume.
First, a bit of my background. I have been working on large web systems for over a decade, Android is something I have been looking at for the past two months; as you can imagine, the gap is quite wide :)
Looking at Android's Security and Permissions and Data Storage part of documentation, talking directly to developers, reading books and tutorials, it is pretty clear how entire model works. However, I was unable to find an answer whether SQLite and SharedPreferences files are secure enough to store delicate non-encrypted information (for example, OAuth tokens). Is it possible for someone to grab them in any way? Quoting Android's documentation:
Any data stored by an application will be assigned that application's user ID, and not normally accessible to other packages.
It's the not normally accessible part giving me additional grey hair :)
Thank you, helpful answers are appreciated :)
Is it possible for someone to grab them in any way?
That depends on the someone. As Mr. Burov indicates, users of rooted phones can get at whatever they want. Ordinary users and other applications can't, by default.
It's the not normally accessible part giving me additional grey hair :)
By default, files are secure. You can make them world-readable or world-writable if you choose.
Wouldn't it be possible to decompile apk file and find encryption key as well in that case?
That depends on who you are defending against. If you are defending against other apps, have the user supply the encryption key. If you are defending against the user, you're screwed, just as all implementations of DRM are screwed.
Well, there is a bunch of SharedPreferences editor apps on the market, so they're definitely not secure. Also on rooted devices database can pull off easily, since user have full access to the phones filesystem. Hence, if you want your app be totally secured, encrypt your data.