I tried to use:
(new Instrumentation()).sendKeyDownUpSync(KeyEvent.KEYCODE_H);
but I want to use it on other applications so I would need the INJECT_EVENTS permission which is only for system-apps (or rooted devices).
So, is there any possibility to input text outside of my app without system-app permissions?
No. On purpose- they don't want you to be able to pretend to be the user to other apps for security reasons. (Also- the keyboard actually probably doesn't send key events- only hardware keyboards do. So even if it worked, you may not get the result you expect because an input connection isn't active and tied to an individual view). If you do find a way, expect google to patch it with the next release.
Related
With the new Android 12 operating system, the user now has the ability to completely disable microphone and camera usage from ALL apps. This is actually a good thing, letting users easily control privacy.
If an app starts and has permission to use the microphone and the camera AND the user has disabled all access to either of these hardware, Android 12 automatically pops up an alert asking the user to re-enable the microphone or camera, or to continue with the hardware disabled for the app.
Also, on creation, the app can simply check when starting to see if the needed hardware is enabled, and can also prompt the user further or handle the condition as the app sees fit.
But what if the user disables the microphone or camera while the app is running? I can't seem to find any interfaces for something like onMicrophoneEnabled() or even a Broadcast of such an event.
It's possible to check every time onResume() is called, but I was hoping there'd be a more elegant solution.
If anyone knows of something that my app can use to capture this when the user has made changes either way, please let me know.
After carefully reading the google docs (https://developer.android.com/training/permissions/explaining-access#toggles) on their implementation of the user enable/disable of the camera and microphone I discovered something very interesting:
Apps are explicitly forbidden from knowing if the user has done any of these actions. So of course there is no way to get notified of these changes: it is by design.
If the user turns off the camera this way, the app will still get a camera feed, but it will be black. Similarly the microphone will still work, but we'll get only silence. This is a feature--a way to ensure privacy.
The operating system will remind users that they have disabled the microphone or camera and provide a chance to re-enable the hardware, which is nice. But the app is completely in the dark (hehe).
Another way to think of it: Just like putting a piece of tape over your camera or your thumb over the microphone. Only this time it's done by the operating system. This way a spy program or some other nefarious software will still think it's working and not try to bypass or give up.
This also explains why testing during onResume() or onWindowFocusChanged() didn't work either. I was getting results that didn't align with the settings (they aligned with current permissions).
So to answer my question: There is no way to be notified. That is the point.
Background
Smart Lock feature allows to fully unlock the device under certain conditions, such as GPS location, connected Bluetooth, etc...
The problem
I'd like to make an app that does that, with other special conditions.
Given user's approval, is it possible to completely unlock the lock screen, even if it has a password, so that the user will continue as if he unlocked the device by himself?
What I've found
I know it's probably possible using accessibility service, to mimic user actions of entering the code or drawing the pattern.
There is probably a way to temporarily disable the lock screen, by using keyguard API (written here for example), but as I've read, those are deprecated and might not work on some devices and Android versions. I guess it also requires to have a foreground service for it to continue staying on this state.
The questions
Is there a better way? Is there a way to unlock the device, just like Smart Lock feature?
If so, how?
Is it true the Keyguard API is not recommended? What is there to worry about when using it? Or maybe it's completely safe to use, and can be used to fully unlock?
I'm creating an app, that heavily relies on LocationServices.
For now I'm asking user to turn them on, and everything works fine.
However, when user clicks "No", the whole point of this app goes to hell.
I can spam user to turn location services on from my Service, however I find this solution extremely non-elegant.
Is there a way to turn this setting on programatically? I don't care for additional permissions or so.
I did my research and I only got what I already did - ask user to turn on location services with a dialog etc.
Is there a way to turn this setting on programatically?
Fortunately, no, for obvious privacy and security reasons, except perhaps on rooted devices.
However, when user clicks "No", the whole point of this app goes to hell.
Then advise the user once (per run of your UI) that your app cannot function, and the user should uninstall your app.
Bear in mind that many more permissions will have this same sort of user-recovable behavior with Android M.
You simply cant , if that was possible then you can easily gather locations which is for some unethical reasons could be sold ... so for security reasons its not possible at all .
you can always force the user to click yes by making a really useful and helpful application that the user simply want to try and cant click no because it wont function at all ...
For start I must say that I´m new to Android.
I´m a Msc Student and for my Msc thesis I've to develop a system that collects all user inputs on the touchscreen, regardless of the applications that are being used, and it must be done in background.
The objective is to use that data to establish a user profile and then apply an algorithm that continuously compare the new inputs with that old ones to grant the legitimate user authentication.
In other words I've to develop a touchlogger, but not for malicious purposes.
My question is: Are the initial permissions, that a user accepts in the installation process, enough to allow my app to collect the touch inputs from other applications, or it will be blocked because of the sandbox?
Note: The system is to be used for a regular person in a regular device, so rooting the device must not be an option.
Thanks for your help.
Best Regards
This is not possible, especially in newer versions of Android.
This is because even though there are system overlays allow you to display things like chat heads over any other app, you cannot capture touch events and pass them down to the app below. So even if you manage to capture the events, you will end up rendering the device useless, as nothing below your layover will work.
I am developing an application where I have to change the screen lock password on a button click,can anybody tell me how can I do this.
If you are talking about the unlock pass word set in the device settings by the user then the answer is you can't.
If an application could change the unlock password/pattern without user interaction then these security features would be mostly useless. A rogue application could in theory lock the user out of their own device if this were possible.
Edit: if your aim is not to change this value without interaction but just to send them to the correct settings page. You might be able to do that some how. You'd want to look into what intents you can use to start the Settings Activities. But if you are developing this application for use by the general public I would strongly recommend you rethink having try to do anything with the users security settings. As a user if an application prompted and then sent me to the security settings page with the intention of having me change something in there I would immediately uninstall it.
Edit 2: I've never seen it until just now so I don't know for sure what they used to achieve that. Since it states that must be android 2.2+ though I would assume they are using the Device Administration APIs The docs seem to indicate that it can "Prompt user to set a new password." Which I would think means that it is just going to start the settings activity for them. It is not actually changing the password value by itself. This whole API is subject to user activation also. So even if you get installed on a device the user must explicitly "activate" your app before it is able to make use of any of the admin APIs
I am sure the only way this is possible is if you signed your APK with the device key. This way it could access API's that are limited to system applications. This isn't possible for a normal app, only one that is baked into a custom ROM or device manufacturer ROM when building Android from source.
I do not exactly understand what you are trying to do. If you wish to change the lock screen password programmatically, and your'e application is A device administration than you can call:
resetPassword method of DevicePolicyManager like this for example:
m_policyManager.resetPassword("bla bla", DevicePolicyManager.PASSWORD_QUALITY_SOMETHING);