Is there a way to lock every app i give to the end user with a unique password so that only i can generate a valid password to unlock that app and a copy of that app should not unlock with same password aswell.
I don't wanna setup online server for that. I need my app to be unlocked offline.
You can generate password on a first Application start using current time of system and Android Id, for example. Then you should show to user this time (that can be shown to them in some non-readable format) and his Android id. Then user sends you (or reads by phone, etc), this two lines and you combine them in a password using the same algorithm as phone did.
If the password can be long - create md5 hash of string, consisting of needed data. If it should be short - decrease the length of md5 or make some algorithm that will take only needed length from the whole password.
Related
I have an app which allows to remotely lock other phones named "Parental Lock".
In the app, users can put a password for a time to their "children"s phone.
The problem is when the time specified by the "parent" ends, I want to remove the password given by the "parent" and restore the original one if there was.
For now, when the time ends, I am removing the password via device manager from the phone but to restore the old password put by the user itself long before, I must get the password info.
The get the password, the password itself had to be encrypted in first place (with yet another password, brr).
And the rule #1 says: never ever encrypt passwords, use hashing algorithms with a salt to store them.
i would like to write an android application which requires the user to have the screen-pin activated and use the entered pin as a key to unlock the app. (this key is used for low-security encryption)
is there any way to get at least a hash of the entered pin? how can i proof/ensure that the screen-pin is activated and this will stay that way? is it possible to get a notification when the pin is entered and therefore the unlock-key for my app has changed?
I have an app that sends user location data to the server using webview load html. Since the users are truck drivers I do not expect them to know to login using password and user name every time they use app , so my solution is to for each user to make an app with it's own user name and password embedded into the app using the id field sent to the php page .
`enter code here`url="http://mywebsite.php?id=16"+"&longitude="+longitude+"&latitude="+latitude+"&brzina="+speed+"&vreme="+cal.getTime()+"&datum="+date;
What I am changing in url is the id field sent to php page .
Is there a way for me to automate the creation of Android apps without compiling app every time I have to provide a new app to the driver .Let 's say I am given a list of drivers with their id numbers I put this some were and I get for 15 drivers 15 android apps all with the different id part in url .
Do you need to know the ID before they connect for the first time?
If not, you can store a GUID on the phone, which is created on first time run. as an identifier. And when the GUID comes in to the server for the first time, you log them as a new user with that ID, and from then on, know its them again.
for generating a GUID I recommend the UUID class
and storing/retrieving it, maybe the SharedPreferences Class.
Alternatively, give them a GUID in an ini file, which your app runs off. (which you know the ID before hand.)
I want to lock my application with a password which the user has set in the applications settings.
Each time the main acitivity of my app is going to be shown, a password dialog should be shown instead. I know how to do that, but i wonder... :
How do I store the password the user has set? I can't store it in SharedPreferences because you can delete SharedPreferences in your phone's settings. I thought about a textfile which holds the password, but this file can be deleted, cant it?
Any ideas?
You cannot protect against the password being deleted one way or another, so you need to step back and consider why you have a password in the first place. Most likely you're using the password to protect data the app has access to, rather than the actual app itself (since protecting the app from running is not going to be effective against an attacker that has physical access to the device.
If your password is to protect data, you only need to ensure that an attacker cannot access the data due to deleting a password store. One way to do this is to use the password as an encryption key (or part of a key) that obscures the data -- thus there's not even a password to delete.
One option is to put the password in the same file as where you have the other information (I reckon you want to protect the settings/data of the user). Just do not start the app when that file is missing or corrupted. What you have accomplished then, is that the information is rendered unusable if someone tampers with the data. Sign / encrypt your data file(s).
Another solution could be to store the password (hash!) on a webserver.
Suppose, I have created an android mobile application.
What I am looking for is, once the user purchases my application from my website,
he will input his IMEI number.
I want to generate a simple registration code, which can be emailed to him after purchase is successful.
The user will then enter the code in the application, application will internally fetch the IMEI number and validate the registration code.
How can I generate such registration code?
Are there algorithms/ tools available which can help me do this?
Thanks,
Aseem Chiplonkar
Depending on what you are going to be developing your site in, you may want to take a look into GUID's or something of that sort...Read more Here
What you can do is once you have received the IMEI from the user you can apply an algorithm on it (you can, for example, shuffle the string and add some salt on it) and them generate a hash of it.
Send this hash do the user and when he/she types this hash on you app you will fetch the IMEI , apply the same algorithm and calculate the hash. If the hash matches the one you sent them your app will be activated.
I would use Sha256, but you can also use any other hash function you like.
You can also apply a Base64 algorithm to the hash to make it easier to type.