Let's say I make an app on Android, is there a way to access another app's database (in data/data/(other.app.package)/databases) with that app and read contents?
I have a rooted device.
The other app should allow you to do that by implementing ContentProvider.
Hitting another apps database directly is not the best idea.
Each application is executed with different UID, so if you will not have rooted phone it will be impossible to achieve.
Related
I'm trying to understand how applications are storing data without the use of a login system. Example, an android app starts you with 500 coins and you use some of them. You have not logged in at all and you delete the 'app data' in settings and uninstall and reinstall. The app still knows you only have 450 coins left for example. The app requires internet connection so I'm assuming they are storing the info on their server. If so, how are they uniquely identifying your device? In my reading so far it seems there is no full-proof way to uniquely identify a device every time.
I'm asking because I'm going to be working on an app where I don't want to require a login but I also don't want the player to simply reinstall and get to start over. So, my question is how does everyone handle this situation to work for both iOS and android?
Google offers Firebase, which is used for notifications, but makes use of a unique identifier for an application instance on a device (both on iOS and Android), they could be using this.
There are some more providers that offer a similar service (for example OneSignal).
Reference: https://firebase.google.com/
I'm building a mobile application for a company and I need to add in the company mobile application a button that go directly in a different application .
Anyone know a solution to embed 1 mobile app in other app???
Inside the code of your button, you can launch an explicit/implicit intent that can launch another application (authored by someone else). The application won't be running inside your application, but to the user, he/she will have the illusion that the other application running is part of your own. This is assuming of course that the second application is already installed on the user's phone. If it isn't installed, your button can just fetch the relevant application's installation page from Google Play for the user to install the app, and then run the application once installed.
In your application, you can also provide a content provider to keep your data. A content provider provider exposes a set of public CRUD interfaces to your data for other applications to access. This is how the contacts database is shared on Android for instance between many different applications, even non-Google applications.
Basically, you first need start at the beginning and educate yourself on the fundamentals of Android. If you start reading about intents and content providers, those constructs may not make any sense to you until you first learn about Activities, the Activity's lifecycle, stacks/tasks, and the way security generally works on Android. You may even want to look on Youtube, there are some very good highly rated Google I/O videos on there that talk about the fundamental concepts of Android.
I want that whenever any system or user application access the system contact app, my app get notified about that somehow. How can i do that ?
Sorry, but this is not possible from an ordinary SDK app. Any app can access the Contacts ContentProvider as they wish (assuming that they have permission), and there is no way for your app to find out about that.
You are welcome to create a custom Android fork that contains your desired capability and install that on whatever devices you are able.
I am creating an app where the user does some things during a game, and these actions are logged in a SQLite-database. At the end of the game the app presents these logs through a screen, which are read by the game administrators (like, physically read by the game administrators watching the screen). Is there some ways for the contestants to manipulate the database, and if not, what security measures prevent them from doing this?
The database is stored under /data/data/your.applications.package/databases. Normally this location could only be access by the user the Android OS created for the app. No other user is able to access this location unless the device is rooted. Then any user can access any location on the phone and manipulate the data.
So if you want to prevent users from cheating you need some way to check if the values in the database are untouched. Perhaps you can store some kind of fingerprint on a server to check this.
Yes, you can do it programatically, as long as you are the developer. Here is the Android docs for SQLiteDatabase.
Here are some links for working with SQLiteDatabases programatically:
From Android docs
From a blog
From another blog
The SQLiteDatabase in an application should be 'sandboxed' to that specific application, meaning that no other application should be able to get to that data, as long as the developer didn't provide access to it with a ContentProvider. So to answer your final question, no, there should not be a way for contestants to manipulate the database, except in ways that the developer has already allowed.
Yes, users can examine and change the database when connected over USB via ADB: http://developer.android.com/guide/developing/tools/adb.html#shellcommands
Update:
This only works on rooted devices or official Google Dev devices: Why do I get access denied to data folder when using adb?
Still, this would allow users to access database and change game results. So you can not rely on databse not being accessible..
Unless you issue the devices to users and you carefully watch what they do with them, to be secure against anyone determined, you need to digitally sign the entries in the database using a mechanism hidden in strongly obfuscated application code. And even that only makes it harder.
Note that using a server does not help unless a key part of the game logic itself is implemented in the server; if the user knows how to fake your signing mechanism to write fake database entries, they can also send fake reports to your server.
You can use Proguard to obfuscate your code.
Also have the database be unique with a particular id according to the device id with some sort of server callback, to validate the database.
Is there a permission to allow one app to read the (private) data/data//files/... files of another application? If not, how do backup programs like MyBackup work?
C
On a side-note, in the unlikely event that you're the one who's writing both applications, you can make them share the same sandbox by signing them the same way.
Is there a permission to allow one app
to read the (private)
data/data//files/... files of another
application?
No.
If not, how do backup programs like
MyBackup work?
They backup and restore only things with public APIs. That includes some data from the operating system and some things from applications specifically integrated with them.