Is it possible for an Android application to figure out what words phone's owner types most frequently on the phone? I assume this might not be the case due to privacy concerns, but decided to ask just in case.
The idea was for an app to "adapt" to user based on the analyzation of most used keywords.
Thank you in advance for any input.
This isn't possible unless the android device is rooted, as there are definitely security concerns with allowing an application to have a global key-input hook.
I believe, however, that the operating system itself already does this to an extent. I certainly do not have any definitive evidence, but I've come to notice that the auto-suggestion feature implemented in the standard keyboard suggests very peculiar things that only I would say.
Related
I'm a non-android-programmer who needs to employ/partner with an android developer or development team to implement a project. What I am interested in knowing is how difficult my requirements are likely to be to implement. I have already approached several developers but so far haven't got any answers beyond "sorry we don't have time now" or "we'll get back to you". I believe it would help me to find a developer if someone could give me some indication of how difficult this project will be to implement.
There are two main requirements. Firstly, the software should monitor usage of the device (it will be a tablet computer) so that usage is recorded and regularly transmitted to me (e.g. by automatic email of a datafile). By usage I mean I want to know (a) what apps are installed and when, and (b) what apps are in use (in the foreground) and when. Secondly, the software should be able to restrict usage of the device so that it can be configured to only be able to run certain apps, and only at certain times. At other times it should be unlockable. It doesn't need to be hacker-proof, just child proof.
Skeptics will want to know why I want malicious-sounding spyware written for me: my attentions are good - I'm a child psychologist and we are planning to run a study where we look at how very small children use tablet computers in an ordinary family setting. Basically I will be handing tablets out to parents of three-year-olds: the parents will know exactly what we have done to the tablets.
To avoid asking too vague a question, I guess I could specify even further: is this even possible without a rewrite of the operating system itself (in which case I guess this is a big job), or can this be done more simply? Perhaps there is already software or libraries available which do this?
Certainly it's feasible, and I don't see why it would be as expensive as has been suggested. The key is that you need this only to be child-proof: that's far easier than making it hacker-proof.
All you'd need is a system service to log and transmit various events, and a replacement home/launcher app to prevent launch of unwanted apps. Simples.
Currently involved in a University project and could use any help from members regarding rootkits designed for Android.
I have little knowledge of Android malware and the project so far has got us decompiling apks to view the java class files (if readable) and the AndroidManfiest.xml file. I have also managed to root a phone in the uni lab using various adb commands and pushing files over to it.
What I would like to know is if it's relatively easy to spot malicious rootkit code within a class file? Is there something I can look out for? Is it a case of getting su status or does it involve adding users? Assume to next stage would be to then contact a server so the developer has remote access..
Also, is there a system or service that can process an apk to spot if it contains a rootkit (not just malicious)?
reply:
hi sorry about late reply - tried responding immediately but wasn't allowed as I'm new, but then forgot!
Thanks for the info! I appreciate that I may sound naive, but I guess I have to be seeing as I don't know anything about rootkits or the way they work..
You're right, they are not asking about 3rd party scanners, that was just my interest. So on that topic, are you saying there are scanners out there that specifically look for rootkits in a sample? Or is this detection all part of the overall AV service they offer.. If specific to rootkits alone, then I would really like to know which ones, so i can research them..
Also, with regards to exploitation of a bug - I assume you mean a bug within the Android OS? Would this mean that when patch updates are pushed out from Google then the rootkit is unable to function?
Thanks
A mallicious rootkit tries its best to get certain access, secretly. So any generalisations you make about how it does its business will probably be already worked around by any good rootkit.
"setting su status" is hardly worthy of being called a 'rootkit', that's just 'using root permissions' that you seem to have given the app. A rootkit would look for a way to actually get this without permission, by exploiting some sort of bug.
Systems of services that spot those things are commonly called virus and/or mallware scanners. Yes they exist.
Not to be negative, but this seems like a naive post about the subject, and probably not a good start for a project: I'd say using a 3rd party malware scanner is probably not wat is asked?
You could, for instance, look for known exploit-methods. One that for some reason comes to mind is the overflow, but that's just a random thing. Read up on rootkits, their methods, heuristics to find them etc.
I've read numerous discussions lately about different forms of security for mobile devices outside of the typical password/pin code setup.
The articles talk about recognizing the touchscreen as a human input device and that security measures in apps ought to evolve for that as well.
One such concept involved a graphical keylock like one you would see on a safe. The would have to use multiple fingers to twist it to the correct combination. I haven't done any OpenGL stuff so I wouldn't really know how to develop that, has it been done, is it open source?
I did read this: Security Beyond a Username/Password? , but I am looking for other opinions.
Thanks for any suggestions and resources. Also please post resources instead of voting to close if it comes down to that.
I cann't say for all mobile devices, but iOS SDK provides UIGestureRecognizer class, you may create a subclass that UIGestureRecognizer that recognizes a distinctive gesture, character or some kind of gesture combination (in your case). I assume another mobile technologies also have similar methods to recognize keylock characters.
Hope it help you.
I am using a phone without LED notifications. I would like to dev an app to simulate that, however first, with root, I would like to get access to the notifications system on the OS level (so it can be app-agnostic), to get the notifications.
How can I do so, or where can I read up more about this?
Thank you!
Despite this being old and already having an answer accepted, I want to offer an alternative solution since I think the end goal can be achieved. With all due respect to Mark, I think the direction the question is a little misleading, but the end goal is attainable.
If you are looking for something that would allow you to make an app that listens for notifications and then performs some action based on them regardless of the source app (or could be tailored to specific apps), then I think you can do this without writing firmware or rooting using an Accessibility Service. Accessibility Services would allow access to notifications as they come in, allowing your app to do something with them. You would be able to filter by the source package, get the notification contents, and a lot of other things.
There is a lot I could say on it, but it is still rather new to me, so I'll provide a couple of links to get started.
Accessibility Services page: http://developer.android.com/guide/topics/ui/accessibility/services.html
I would also recommend trying it out for yourself. I came across a small project file that I was able to copy and run on my own as a proof-of-concept. If you run this, you'll be able to see in the log that you really can read notifications: https://gist.github.com/qihnus/1909616
Don't forget to enable the accessibility feature for the app after you install it in your phone's accessibility settings.
You have to write your own firmware. This is not possible from an SDK application, rooted or not.
Can you suggest me any good anti-crack approaches (other than a code obfuscation), considering that the paid apps on the Market are easily cracked, and the same goes for a basic server check after a PayPal transaction?
My idea is to have one (very important for the app) Java object saved on the server, and passed to the app each time when it starts. Do you think that this sounds good ?
Note that it is more like of a theoretical question, as I am not going to implement it in an app, I am more like seeking the knowledge for this rather than a concrete solution to a problem.
Any ideas would be appreciated, even ones that you are not very sure if they are good or not. Remember, the question is for Android apps. Thanks.
EDIT: I know that there can't be an unbreakable client side application, I am asking for a good option to prevent it other than a obfuscation
No. Code stored on the server and provided for execution on the device can be grabbed and stored elsewhere such as locally. (And that's probably going to be as hard for you to implement as it will be for the attacker to patch around)
Ultimately, you have to face the fact that preventing run authorization just isn't possible on a general purpose computing platform.
Unless you move actual functionality to execution on a server requiring an individually authorized account, all you can hope for with regard to code running on the user owned device is to achieve a higher than average shade of difficulty.