So, I have this old app, and problem is that app is accessing old backend URL, which no longer exists.
How do I change this url without recompiling app? Is there any app which can redirect traffic of other apps to specific URL?
On Windows, Fiddler can do that.
My phone is not rooted so using hosts file to remap domain is not an option.
What you are asking for is man in the middle application.
On google play there are a plenty of them, and some of them know how to modify request.
For example here: is mentioned that this application can modify request.
Related
I am looking for a way to read the system logs of a connected device via a web application. Basically, I want the user to be able to connect their iphone, android, tablet etc and be able to see what is occurring on their device at the system/consoleLog level. Similar to adb logcat. This would be a via a web application and not on software installed locally. Is this feasible using react/nodejs? What technologies should I consider using?
There're several components you need for achieving this.
Backend
File Monitoring (Native Node.js fs.watch)
Real-time update (Socket.io)
Frontend
Any framework you're comfortable with, I'm using React.js with socket.io client
What you are trying to do is possible, but in a very limited sense.
Your users will be required to manually upload their log files to your web application.
You can "ask" them to do this by using the FileReader api in javascript. Here is a demo page.
As you can see you must manually select a file to be uploaded and give the website. To programmatically set the path of a log file and try to call it without the user noticing is not possible.
The reason for this is anything you make that is served via a web application will run in the sandbox of the users browser.
For obvious security reasons a browser won't let random websites read/write to local files of a persons phone without explicit permission.
Node.js won't help you here because in order to use the functions Node.js has such as accessing local system files the app would have to be installed locally and not running in a "browsers sandbox".
I hope this helps. If you want more examples of the filereader api let me know and I can write something up for you.
To build an Instant App it is required to setup App Links. One of the steps requires to verify that you are the owner of the website you are linking your app to.
Is it possible to create an Instant App if I don't have any website but still want to have ability to send a link to my Instant App to a friend, share in on social media etc?
Basically the idea is to implement "share" feature in the app that will generate a link that will be leading to the instant app.
Instant Apps requires a link to a domain via App Links as Instant Apps are triggered/launched via a URL. There would be no way to launch an Instant App without connecting it to a domain. It's not necessarily required to host an actual website at that domain (aside from hosting the /.well-known/assetlinks.json file) although it is recommended (so that if a non-Instant App enabled device reaches that URL it actually shows something meaningful).
There's nothing to stop you registering and using some arbitrary domain and verifying it via App Links for the functionality you describe. You can use Firebase Hosting to very quickly set up hosting for free and add your assetlinks.json file (and of course there a multitude of other options to host that file as well).
Our Android app will be used in a place without internet. We have one server with limited internet there.
Can user download the app from the server instead of google play, the way we can use ios cache server?
If we keep a copy of app in the server and install from it, how can we update the app with latest version?
Thanks.
You can host the apk file on the server and download it to the devices for installation. However, you first need to enable third party source installation for the devices.
Link how to here,
https://www.cnet.com/how-to/how-to-enable-third-party-app-installation-on-most-android-phones/
In terms of the update, you can always update the apk file anytime but you might need a separate system to notify the users/devices about the update. Probably by using SMS.
I'm developing an app and I use volley to fetch data from server in background . Can anyone see the urls I have used in my app?
If yes then how? and how can I prevent anyone from seeing them?
Yes, people could see what URLs are used. Specifically:
Users can decompile your app, and read the URLs from the decompiled source. Use an obfuscator such as Proguard to make this more difficult.
Users can also attach a debugger to your app at runtime, again revealing the data. Remember that the user has full control over the device and anything running on it.
Users can use a network traffic sniffer, eg Wireshark, or a firewall which logs all traffic, in order to see what your app is requestion. Make sure you're using HTTPS in order to make this harder. Make sure you also implement HTTPS correctly, especially, this means to not simply accept all certificates.
You cannot completely prevent people from seeing the URLs your app is using, since the app is running on the user's device, where the user can do anything he wants with it. You can only make it harder.
See also:
How to avoid reverse engineering of an APK file?
Android - Get the URL of a file being downloaded, which I answered a while back.
Yes, for example you can open chrome developer console and look at requests that are being made from your app if you are developing web app. In case of mobile app, everyone also can sniffer internet traffic, for example connecting to your own wifi router and listen to traffic, or use special tools like portswigger.
You cant prevent your urls from being revealed anyway, but you can use https in order to hide data you send.
Hope this ll help.
Is it possible to update application from itself in Android? The app in question is a system app, so I can execute privileged commands. Also note that I don't want to show any notification to user, so everything should work in the background.
It is actually pretty easy for an app to update itself, the hard part is doing it without putting up a prompt to the user. The app needs to download the APK, then send it to the PackageManager API to install it. Android will then put up the install prompt. There is a library to handle that part:
https://gitlab.com/fdroid/update-channels
As for doing it with prompting, the app needs privileged access. If the device is rooted, the app can request root access. The app can also be flashed as a "priv-app" so that it has privileged access. Or you can do it like F-Droid: flash the Privileged Extension as a "priv-app", and make your app send install/uninstall requests to Privileged Extension.
Otherwise, you need to download binary code, and dynamically load it, like #yusuf-x said. Be aware that Google is working to make that impossible in each new release of Android.
Use the Java ClassLoader to dynamically load code that was push or pulled down. – Yusuf X just now edit. I've used this for just such a purpose on Android.
Fdroid is an open source application repository.
Their client app can install/update/delete apps from the fdroid repository, including itself.
See the code for the installer part of the client app here:
https://gitlab.com/fdroid/fdroidclient/tree/master/app/src/main/java/org/fdroid/fdroid/installer