I want to read the whole AndroidManifest.xml file content. Is there any way to read its content?
AndroidAnnotations processor has the code, that does exactly that. Note, that instead of copying/reimplementing that code you might be better off writing a plugin for Android Annotations main processor (their code already has few examples of such plugins, such as OrmLitePlugin). The library itself is rather popular, so there is a good chance, that your users might have it in their setup and may even pass the path to AndroidManifest.xml to it via an option. So even if the above code fails, you would have a backup plan, that requires zero to little user's effort.
Related
I'm building an app with android studio with another developer. Is there any way in which I can make it so that both my partner and I can work on the project at the same time on different computers (both Windows computers)? I know there is a similar question, but I am looking for a more detailed explanation on how to do it.
My suggestion: Use Version Control preferably git.
This will help both of you to develop Apps without any problems of copying & pasting and manually making changes in all files one-by-one.
Note: Want to use git but do not want to open source your code (since Github allows creating private repository but with some Payment), then use Bitbucket, you can create private repositories for FREE!
EDIT: Github now provides unlimited private repositories.
Hope it helps!
Take a look at git. I will help you and your partner to work on the same project on a different computer (Windows, Mac, Linux...).
https://www.atlassian.com/git/tutorials/comparing-workflows
As others have indicated, you should use a version control system like git for this. This will give you the following features (among others):
The ability to share code between people
Essentially keeps a backup of your code on an external server
Keeps a history of revisions to files (so you can "back out" changes if you need) as well as differences between your local file and the version on the server
Allows you to merge changes between you and people working with you
How you do this will depend on which version control system you use, but some version control providers will allow you to also set up what's known as "Continuous Integration" - basically, if you or your partner check code in, it'll immediately start a build. If this is available to you, I strongly recommend using it. The advantage of that is that it'll give you quick feedback if you did something that'll prevent it from building for the other person (e.g. if you forgot to check in a file or something). This'll prevent a lot of frustration and wasted time. (This happens a lot more often than you'd think; you don't want the other person to have to spend half an hour trying to get the app to build again when they download your code only to find out that you forgot to check in a file).
I also strongly recommend integrating your stuff with each other as often as possible as well as practicing regular "re-baselines" (i.e. downloading each others' stuff and merging it with what you have locally). The longer you wait to integrate your stuff with each other the more complicated it'll become, and waiting too long greatly increases the risk of introducing bugs when merging or forcing unnecessary rework.
I'm writing a Android app for encrypting texts, and I wonder if I can use a extension language to write additional algorithms outside the app instead of writing them inside the app and recompile the source. After doing some researches, Lisp seems to be a good language to use, and I've come up with a few choices:
Write my own lisp. This seems to be viable, but I always have trouble with writing a new program, and debugging is very time-consuming. It won't be my first choice.
Use lisp written by others. I've been searching Java-lisp repos on Github, and I found some small projects that may be useful, but lack some important features I want to include. I can add more to others' projects and use, but because of the reason above, this is not a good choice either.
Use Clojure. This seems to be a good choice, because Clojure is a well maintained and supported language. The only problem left is how to integrate it into my app.
Number 3 is my preferred choice now, but I want to ask you to help me choose. Other solutions are also welcome. Thanks!
I'm developing an Android library which provides ways to reach into various system services and gather data for analysis. My classes make use of various system service managers (like WifiManager) to gather the data.
I'd like to structure the manifest of my library such that it doesn't grab all the possible permissions that all of these features require. Instead, I'd like to leave it up to the app consuming that library to declare only the permissions that it will need, which might be a smaller subset of what's used by the library.
This actually works in practice, because the manifests all get merged together during the build process, so the app ends up with the permissions it needs to use the features of the library. However, since the <uses-permission> tag isn't in the library's manifest, the code is all lit up with warnings from Android Studio.
Is there a way to annotate my library code such that the permission check is ignored?
Of course I can simply turn off the "Constant and Resource Type Mismatches" inspection in my Android Studio settings, but that won't help anyone else who's trying to use the library. I tried finding a reference to this inspection in the documentation (so I could kill it with #SuppressWarnings but haven't found it yet.
Is this even a worthwhile approach?
…or should I, instead, have the library grab all the permissions it needs, which would force a consumer of the library to turn off the ones it doesn't need using the tools:node="remove" property in its manifest? The problem here is that, as I add features to my library, my library's consumers would repeatedly have to circle back and explicitly remove those new permissions as well. I feel like that's not a great model and I'd rather leave the permission requests to my consumers.
Consider the following conversations on the subject —
Android: New permissions added behind my back after library updates (StackOverflow)
Hey, Where Did These Permissions Come From? (CommonsBlog)
In just randomly right-clicking around the issue I was able to choose the Suppress for method context command in Android Studio and it added the following annotation:
#SuppressWarnings( "ResourceType" )
So… yay! There's the answer to which annotation to use.
I'm still interested, though, in what people's thoughts are regarding the approach in general. Please feel free to hash that out in the answers section. ^_^
So I published my android app, I proguarded it, applied LVL and even changed some of the LVL code but offcourse, I found it cracked somewhere using a tool called Lucky Patcher. I am not going to ask how can I protect against 1 click tools like that, as I guess there is no single answer ( unless you have an idea and can point me toward).
I need to ask you to help figure out how my code was cracked. I understand that this tool takes APK file and removes licensing. Now given that, how can I take this APK file and reverse engineer it back to Java files to see how the tool cracked my code (so I fix it)
Please help me
Thanks
After Proguard, there's no way to decompile your code into humanly-readable Java.
While it makes the reverse engineering process more difficult, it's not impossible for a clever reverser to figure out the hidden algorithm.
As for tools,
Use android-apktool to decompile to smali and extract all the encoded xml resources.
Use dex2jar to translate Dalvik into jar
and finally jd-gui to see the resulting reversed java code
There's a lot of info here on how to go from a DEX file back to Java source. Also, have you looked at this blog post which addresses many of the ways to protect your source?
piracy is a big issue , and i don't think that any platform or OS can be fully protected from it .
however , google already made some tutorials regarding protection against it , for example:
http://www.google.com/events/io/2011/sessions/evading-pirates-and-stopping-vampires-using-license-verification-library-in-app-billing-and-app-engine.html
also:
http://android-developers.blogspot.co.il/2010/09/securing-android-lvl-applications.html
i think that you can also put some sophisticated obstacles using C instead of java.
also , as google suggests, consider using a different approach : make the core features free , and make the rest purchaseable via in-app billing . you can also add ads and a feature to remove them by in-app billing as well .
I was thinking about this and it seems like if you really wanted to secure your application from hackers there is really only 1 way to do it. You can implement all kinds of fancy methods of insuring your application is licensed and paid for as described in the google article but all it takes is a good hacker to decompile your application and find where the code is and then comment it out or change a function to always return true.
Instead, implement some portion of your application that is required for use in jni/ndk, and check for validation in that code. It doesn't have to be extremely complicated code but you can't just put something like a function (eg. checkValidity) as a user could easily comment the java call that calls into the ndk. Instead you should make some call to your ndk to actually do something that is non-trivial for your application to run -- something the user can't just comment out or switch out with a defined function that does the same thing. From within the ndk code do the verification of your application's integrity/licensing and if it fails kill the application or whatever you need to do.
In order to bypass this the hacker would need to re-implement the ndk code or reverse engineer it.. Which should be much more complicated and not worth while.
This obviously isn't a simple solution and still won't guarantee your application never gets hacked, but it should be much harder to break than the other methods..
I personally think that Obfuscation {Proguard, Dexguard} and native {.so} are pretty effective way to go if used properly.
It definitely deters less experienced 'players' and definitely complicates the life of even experienced 'players'
Don't simply copy/paste the Google android example codes....
Seeing as how there are no preprocessor directives (without jumping through some hurdles), I was wondering if there was an accepted way of doing the following:
Have an android app in the regular ol' android market that uses things like the camera, mic, etc.
Conditionally "swap out" certain features based on some build parameter.
Produce two APKs, one for each store
Ideally, I would want to keep the ANT gymnastics to a minimum ... and also ideally would not have to maintain two sets of files (ie. google_activity_layout.xml and amazon_activity_layout.xml).
edit: this answer looks interesting: https://stackoverflow.com/a/1813873/5416
I have been able to use XMLTask antlib to modify the AndroidManifest.xml as part of the -pre-build hook. I haven't used the mechanism you linked, but I would think that a combination of modifying the permissions and using the linked mechanism would achieve your goal. Since the permissions are checked at runtime vs. at compile time.
You can find the library here: http://www.oopsconsultancy.com/software/xmltask/
One thing to note, it will take some tinkering. My "ant monkey business" did take several hours of tinkering because of the way the apk is compiled together. If you are willing to run the full build a few times it should be less arduous and could probably just ad a completely new task to the beginning of the build.xml that is generated. Let me know if you have questions as I've been tinkering with this stuff a lot.