Develop Reference

Android : All app can access my password in AccountManager

here's my problem :
I have a programme that need a password to work so I thought I could make an AccountManager. I took the code from this tutorial and it works just fine : I have a new account in setting->accounts !
BUT to test if it was safe I did another programme (lets call it Prog2 and the firt one Prog1) with the same code and supprise, I have full access to the password of the account I created with Prog2 with Prog1.
I know that it's possible to secure the account cause I tried with google and facebook accounts and I could not have access to their password.
Here's my code :
PS : if at the end of a String there is a '1' it's because I changed it in Prog1 and not in Prog2 to test if these variable had some effect
Authenticator
public class Authenticator extends AbstractAccountAuthenticator {
private String TAG = "CoderzHeavenAuthenticator";
private final Context mContext;
public Authenticator(Context context) {
super(context);
// I hate you! Google - set mContext as protected!
this.mContext = context;
}
#Override
public Bundle addAccount(AccountAuthenticatorResponse response, String accountType, String authTokenType, String[] requiredFeatures, Bundle options) throws NetworkErrorException {
Log.d("CoderzHeaven", TAG + "> addAccount");
final Intent intent = new Intent(mContext, AuthenticatorActivity.class);
intent.putExtra(AuthenticatorActivity.ARG_ACCOUNT_TYPE, accountType);
intent.putExtra(AuthenticatorActivity.ARG_AUTH_TYPE, authTokenType);
intent.putExtra(AuthenticatorActivity.ARG_IS_ADDING_NEW_ACCOUNT, true);
intent.putExtra(AccountManager.KEY_ACCOUNT_AUTHENTICATOR_RESPONSE, response);
final Bundle bundle = new Bundle();
bundle.putParcelable(AccountManager.KEY_INTENT, intent);
return bundle;
}
#Override
public Bundle getAuthToken(AccountAuthenticatorResponse response, Account account, String authTokenType, Bundle options) throws NetworkErrorException {
Log.d("CoderzHeaven", TAG + "> getAuthToken");
// If the caller requested an authToken type we don't support, then
// return an error
if (!authTokenType.equals(AccountGeneral.AUTHTOKEN_TYPE_READ_ONLY) && !authTokenType.equals(AUTHTOKEN_TYPE_FULL_ACCESS)) {
final Bundle result = new Bundle();
result.putString(AccountManager.KEY_ERROR_MESSAGE, "invalid authTokenType");
return result;
}
// Extract the username and password from the Account Manager, and ask
// the server for an appropriate AuthToken.
final AccountManager am = AccountManager.get(mContext);
String authToken = am.peekAuthToken(account, authTokenType);
Log.d("CoderzHeaven", TAG + "> peekAuthToken returned - " + authToken);
// Lets give another try to authenticate the user
if (TextUtils.isEmpty(authToken)) {
final String password = am.getPassword(account);
if (password != null) {
try {
Log.d("CoderzHeaven", TAG + "> re-authenticating with the existing password");
//authToken = sServerAuthenticate.userSignIn(account.name, password, authTokenType);
} catch (Exception e) {
e.printStackTrace();
}
}
}
// If we get an authToken - we return it
if (!TextUtils.isEmpty(authToken)) {
final Bundle result = new Bundle();
result.putString(AccountManager.KEY_ACCOUNT_NAME, account.name);
result.putString(AccountManager.KEY_ACCOUNT_TYPE, account.type);
result.putString(AccountManager.KEY_AUTHTOKEN, authToken);
return result;
}
// If we get here, then we couldn't access the user's password - so we
// need to re-prompt them for their credentials. We do that by creating
// an intent to display our AuthenticatorActivity.
final Intent intent = new Intent(mContext, AuthenticatorActivity.class);
intent.putExtra(AccountManager.KEY_ACCOUNT_AUTHENTICATOR_RESPONSE, response);
intent.putExtra(AuthenticatorActivity.ARG_ACCOUNT_TYPE, account.type);
intent.putExtra(AuthenticatorActivity.ARG_AUTH_TYPE, authTokenType);
intent.putExtra(AuthenticatorActivity.ARG_ACCOUNT_NAME, account.name);
final Bundle bundle = new Bundle();
bundle.putParcelable(AccountManager.KEY_INTENT, intent);
return bundle;
}
#Override
public String getAuthTokenLabel(String authTokenType) {
if (AUTHTOKEN_TYPE_FULL_ACCESS.equals(authTokenType))
return AUTHTOKEN_TYPE_FULL_ACCESS_LABEL;
else if (AUTHTOKEN_TYPE_READ_ONLY.equals(authTokenType))
return AUTHTOKEN_TYPE_READ_ONLY_LABEL;
else
return authTokenType + " (Label)";
}
#Override
public Bundle hasFeatures(AccountAuthenticatorResponse response, Account account, String[] features) throws NetworkErrorException {
final Bundle result = new Bundle();
result.putBoolean(KEY_BOOLEAN_RESULT, false);
return result;
}
#Override
public Bundle editProperties(AccountAuthenticatorResponse response, String accountType) {
return null;
}
#Override
public Bundle confirmCredentials(AccountAuthenticatorResponse response, Account account, Bundle options) throws NetworkErrorException {
return null;
}
#Override
public Bundle updateCredentials(AccountAuthenticatorResponse response, Account account, String authTokenType, Bundle options) throws NetworkErrorException {
return null;
}
}
AuthenticatorService
public class AuthenticatorService extends Service {
private Authenticator authenticator;
public AuthenticatorService() {
super();
}
public IBinder onBind(Intent intent) {
IBinder ret = null;
if (intent.getAction().equals(android.accounts.AccountManager.ACTION_AUTHENTICATOR_INTENT))
ret = getAuthenticator().getIBinder();
return ret;
}
private Authenticator getAuthenticator() {
if (authenticator == null)
authenticator = new Authenticator(this);
return authenticator;
}
}
AuthenticatorActivity
public class AuthenticatorActivity extends AccountAuthenticatorActivity implements OnClickListener{
public final static String ARG_ACCOUNT_TYPE = "ACCOUNT_TYPE1";
public final static String ARG_AUTH_TYPE = "AUTH_TYPE1";
public final static String ARG_ACCOUNT_NAME = "ACCOUNT_NAME1";
public final static String ARG_IS_ADDING_NEW_ACCOUNT = "IS_ADDING_ACCOUNT1";
public static final String KEY_ERROR_MESSAGE = "ERR_MSG1";
public final static String PARAM_USER_PASS = "USER_PASS1";
private final String TAG = this.getClass().getSimpleName();
private AccountManager mAccountManager;
private String mAuthTokenType;
String authtoken = "12345678910"; // this
String password = "1234510";
String accountName;
public Account findAccount(String accountName) {
for (Account account : mAccountManager.getAccounts())
if (TextUtils.equals(account.name, accountName) && TextUtils.equals(account.type, getString(R.string.auth_type))) {
System.out.println("FOUND");
return account;
}
return null;
}
#Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.act_login);
Log.d(TAG, "onCreate");
mAccountManager = AccountManager.get(getBaseContext());
// If this is a first time adding, then this will be null
accountName = getIntent().getStringExtra(ARG_ACCOUNT_NAME);
mAuthTokenType = getIntent().getStringExtra(ARG_AUTH_TYPE);
if (mAuthTokenType == null)
mAuthTokenType = getString(R.string.auth_type);
findAccount(accountName);
System.out.println(mAuthTokenType + ", accountName : " + accountName);
((Button)findViewById(R.id.submit)).setOnClickListener(this);
}
void userSignIn() {
// You should probably call your server with user credentials and get
// the authentication token here.
// For demo, I have hard-coded it.
authtoken = "12345678910";
accountName = ((EditText) findViewById(R.id.accountName)).getText().toString().trim();
password = ((EditText) findViewById(R.id.accountPassword)).getText().toString().trim();
if (accountName.length() > 0) {
Bundle data = new Bundle();
data.putString(AccountManager.KEY_ACCOUNT_NAME, accountName);
data.putString(AccountManager.KEY_ACCOUNT_TYPE, mAuthTokenType);
data.putString(AccountManager.KEY_AUTHTOKEN, authtoken);
data.putString(PARAM_USER_PASS, password);
// Some extra data about the user
Bundle userData = new Bundle();
userData.putString("UserID", "25");
data.putBundle(AccountManager.KEY_USERDATA, userData);
//Make it an intent to be passed back to the Android Authenticator
final Intent res = new Intent();
res.putExtras(data);
//Create the new account with Account Name and TYPE
final Account account = new Account(accountName, mAuthTokenType);
//Add the account to the Android System
if (mAccountManager.addAccountExplicitly(account, password, userData)) {
// worked
Log.d(TAG, "Account added");
mAccountManager.setAuthToken(account, mAuthTokenType, authtoken);
setAccountAuthenticatorResult(data);
setResult(RESULT_OK, res);
finish();
} else {
// guess not
Log.d(TAG, "Account NOT added");
}
}
}
#Override
public void onClick(View v) {
userSignIn();
}
}
AccountGeneral
public class AccountGeneral {
/**
* Account name
*/
public static final String ACCOUNT_NAME = "CoderzHeaven1";
/**
* Auth token types
*/
public static final String AUTHTOKEN_TYPE_READ_ONLY = "Read only1";
public static final String AUTHTOKEN_TYPE_READ_ONLY_LABEL = "Read only access to an CoderzHeaven account1";
public static final String AUTHTOKEN_TYPE_FULL_ACCESS = "Full access1";
public static final String AUTHTOKEN_TYPE_FULL_ACCESS_LABEL = "Full access to an CoderzHeaven account1";
}

As the Google documentation tell,AccountManager is not an encryption service.
See here
It's betcome an isue with rooted device. Or "you should store a cryptographically secure token that would be of limited use to an attacker" (from Google documentation)
Read this too
EDIT :
If you have access with your Program2 it's because you use (or not at all) the same keystore to sign your apk. An application with the same signature can access to the accountManager field

Service and interface

In my project i user Firebase Database. With it i read data frmo db the following way:
public void getSoftwareRecords() {
final List<Software> softwareList = new ArrayList<>();
databaseReference = firebaseDatabase.getReference("software");
getSoftwareRecordsListener = new ValueEventListener() {
#Override
public void onDataChange(DataSnapshot dataSnapshot) {
for (DataSnapshot snapshot : dataSnapshot.getChildren()) {
softwareList.add(snapshot.getValue(Software.class));
}
Log.d(TAG, "Software from server count: " + softwareList.size());
onSoftwareTransactionListener.onSuccessSyncListOfSoftware(softwareList);
}
#Override
public void onCancelled(DatabaseError databaseError) {
Log.e(TAG, "Cant read software list from database: " + databaseError.getDetails());
// TODO describe error #102 for documentation
onSoftwareTransactionListener.onFailureSyncListOfSoftware("Ohh.");
}
};
databaseReference.addValueEventListener(getSoftwareRecordsListener);
After, this method i want to call in IntentService. As u notice, there is no return value = void. So, the question is how i can user service and interface together?
Service (as i wanted to use it):
public class ReadSoftwareListService extends IntentService implements Database.OnSoftwareTransactionListener {
private static final String TAG = ReadSoftwareListService.class.getSimpleName();
public static final String ACTION = "...";
public static final String RESULT_CODE = "RESULT_CODE";
public static final String RESULT_VALUE = "RESULT_VALUE";
private Intent in;
public ReadSoftwareListService() {
super("ReadSoftwareListService");
}
#Override
public void onCreate() {
super.onCreate();
}
#Override
protected void onHandleIntent(Intent intent) {
in = new Intent(ACTION);
Log.d(TAG, "ReadSoftwareListService:: onHandleIntent");
Database database = new Database(com.google.firebase.database.FirebaseDatabase.getInstance());
database.getSoftwareRecords(); // <- this is a method from code above.
}
#Override
public void onSuccessSyncListOfSoftware(List<Software> softwareList) {
Log.d(TAG, "ReadSoftwareListService:: onSuccessSyncListOfSoftware");
Bundle bundle = new Bundle();
bundle.putInt(RESULT_CODE, Activity.RESULT_OK);
in.putExtras(bundle);
// bundle.putSerializable(RESULT_VALUE, softwareList);
LocalBroadcastManager.getInstance(this).sendBroadcast(in);
}
#Override
public void onFailureSyncListOfSoftware(String message) {
Log.d(TAG, "ReadSoftwareListService:: onFailureSyncListOfSoftware");
Bundle bundle = new Bundle();
bundle.putInt(RESULT_CODE, Activity.RESULT_CANCELED);
bundle.putString(RESULT_VALUE, message);
in.putExtras(bundle);
LocalBroadcastManager.getInstance(this).sendBroadcast(in);
}
And reciever:
public final BroadcastReceiver softwareListReceiver = new BroadcastReceiver() {
#Override
public void onReceive(Context context, Intent intent) {
Log.d(TAG, "softwareListReceiver:: onReceive");
Bundle bundle = intent.getExtras();
int resultCode = bundle.getInt(RESULT_CODE);
if (resultCode == Activity.RESULT_OK) {
Log.d(TAG, "RESULT CODE == OK");
// softwareListAdapter.updateData(bundle.getParcelableArrayList(RESULT_VALUE));
} else {
Log.d(TAG, "RESULT CODE == CANCEL: " + bundle.getString(RESULT_VALUE));
}
}
};

If you really wanted to use IntentService here, you can go add ResultReceiver as a callback. Example:-
Intent intentService = new Intent(context, YourIntentService.class);
intentService.putExtra(StockService.REQUEST_RECEIVER_EXTRA, new ResultReceiver(null) {
#Override
protected void onReceiveResult(int resultCode, Bundle resultData) {
if (resultCode == StockService.RESULT_ID_QUOTE) {
...
}
}
});
startService(intentService);
Alternatively you can use Custom AsyncTask by passing interface as one of parameters.
Hope this helps.
Note: Vote up if you like this.

Withings API integration in android

I am building Android App which shows Withings user's activity data in my Application.
But when I am trying to call refresh_token url:
https://oauth.withings.com/account/request_token?oauth_callback=******&oauth_consumer_key=******&oauth_nonce=******&oauth_signature=CcMrI7JaI8M5tEenye3s95wx%2BZ4%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1477386344&oauth_version=1.0
Then I am getting Invalid Signature response like below:
{
"status":0,
"message":"Invalid signature :\n CcMrI7JaI8M5tEenye3s95wx+Z4= .. \n{\"oauth_callback\":\"******\",\"oauth_consumer_key\":\"ce54bd6c671546ef8f8d394c0db4bd86688289d5f7fb39f371c5ebce4d01\",\"oauth_nonce\":\"f339febe0fdf4b53b953501e45a049db\",\"oauth_signature\":\"CcMrI7JaI8M5tEenye3s95wx+Z4=\",\"oauth_signature_method\":\"HMAC-SHA1\",\"oauth_timestamp\":\"1477386344\",\"oauth_version\":\"1.0\"}\n{\"base_string\":\"GET&https%3A%2F%2Foauth.withings.com%2Faccount%2Frequest_token&oauth_callback%3D******%26oauth_consumer_key%3D******%26oauth_nonce%3Df339febe0fdf4b53b953501e45a049db%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1477386344%26oauth_version%3D1.0\"}\n{\"key\":\"******\",\"secret\":\"******\",\"callback_url\":null}"
}

First of all you can use the scribe lib
On my sample code I have an Authentication Activity that has an WebView that the user uses to verify the app. Then that Authentication Activity sends back to the MainActivity the response.
On my example I am storing locally on a DB the authenticated user to not ask every time the credentials.
Also I am sending the access token to python server that will get all data stored on Withings Cloud to save it to my Server DB and represent them on a Graph Activity. {I have removed that part}
Because of the copy paste maybe something is missing but most of the code is here
public class WithingsApi extends DefaultApi10a {
private static final String AUTHORIZATION_URL ="https://oauth.withings.com/account/authorize?oauth_token=%s";
private static final String apiKey = "API_KEY";
private static final String apiSecret = "API_SECRET";
#Override
public String getRequestTokenEndpoint() {
return "https://oauth.withings.com/account/request_token";
}
#Override
public String getAccessTokenEndpoint() {
return "https://oauth.withings.com/account/access_token";
}
#Override
public String getAuthorizationUrl(Token requestToken) {
return String.format(getAUTHORIZATION_URL(), requestToken.getToken());
}
public static String getKey(){
return apiKey;
}
public static String getSecret(){
return apiSecret;
}
public static String getAUTHORIZATION_URL() {
return AUTHORIZATION_URL;
}
}
#SuppressLint("SetJavaScriptEnabled")
public class AuthenticationActivity extends Activity {
final String LOGTAG = "WITHINGS";
#Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_authentication);
final WebView wvAuthorise = (WebView) findViewById(R.id.wvAuthorise);
wvAuthorise.getSettings().setJavaScriptEnabled(true);
wvAuthorise.setWebViewClient(new MyWebViewClient(wvAuthorise));
MainActivity.service = new ServiceBuilder().provider(WithingsApi.class)
.apiKey(WithingsApi.getKey())
.apiSecret(WithingsApi.getSecret())
.build();
new Thread(new Runnable() {
public void run() {
MainActivity.requestToken = MainActivity.service.getRequestToken();
final String authURL = MainActivity.service.getAuthorizationUrl(MainActivity.requestToken);
wvAuthorise.post(new Runnable() {
#Override
public void run() {
wvAuthorise.loadUrl(authURL);
}
});
}
}).start();
}
class MyWebViewClient extends WebViewClient{
WebView wvAuthorise;
MyWebViewClient(WebView wv){
wvAuthorise = wv;
}
#Override
public void onPageFinished(WebView view, String url) {
getUSERID(url);
}
}
private void getUSERID(final String url) {
try {
String divStr = "userid=";
int first = url.indexOf(divStr);
if(first!=-1){
final String userid = url.substring(first+divStr.length());
Intent intent = new Intent();
intent.putExtra("USERID",userid);
setResult(RESULT_OK,intent);
finish();
}
else
{
//...
}
} catch (Exception e) {
Log.e(LOGTAG,e.getMessage());
//...
}
}
}
public class MainActivity extends FragmentActivity {
public static OAuthService service;
public static Token requestToken;
String secret, token;
Token accessToken;
String userId = "";
private UsersDataSource datasource;
private TextView nameTV;
#Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
_mainActivity = this;
nameTV = (TextView) findViewById(R.id.nameTitleTextView);
nameTV.setText("--");
getCredentials();
}
#Override
protected void onActivityResult(int requestCode, int resultCode,
Intent intent) {
super.onActivityResult(requestCode, resultCode, intent);
if (requestCode == AUTHENTICATION_REQUEST) {
if (resultCode == RESULT_OK) {
Bundle extras = intent.getExtras();
if (extras != null) {
userId = extras.getString("USERID");
getAccessTokenThread.execute((Object) null);
}
}
}
}
#Override
protected void onResume() {
datasource.open();
super.onResume();
}
#Override
protected void onPause() {
datasource.close();
super.onPause();
}
private void getCredentials() {
try {
datasource = new UsersDataSource(this);
datasource.open();
List<User> users = datasource.getAllUsers();
if (users.isEmpty()) {
startAuthenticationActivity();
} else {
// TODO load all users and if isn't anyone correct
// startAuthenticationActivity
secret = users.get(0).getSecret();
token = users.get(0).getToken();
userId = users.get(0).getUserId();
Log.i(LOGTAG, "secret : " + secret);
Log.i(LOGTAG, "token : " + token);
Log.i(LOGTAG, "userId : " + userId);
try {
service = new ServiceBuilder().provider(WithingsApi.class)
.apiKey(WithingsApi.getKey())
.apiSecret(WithingsApi.getSecret()).build();
accessToken = new Token(token, secret);
loadData();
} catch (Exception ex) {
startAuthenticationActivity();
}
}
} catch (Exception ex) {
Log.e(LOGTAG, "try on create" + ex.getLocalizedMessage());
}
}
private void startAuthenticationActivity() {
Intent intent = new Intent(this,
ics.forth.withings.authentication.AuthenticationActivity.class);
startActivityForResult(intent, AUTHENTICATION_REQUEST);
}
AsyncTask<Object, Object, Object> getAccessTokenThread = new AsyncTask<Object, Object, Object>() {
#Override
protected Object doInBackground(Object... params) {
accessToken = service
.getAccessToken(requestToken, new Verifier(""));
secret = accessToken.getSecret();
token = accessToken.getToken();
return null;
}
#Override
protected void onPostExecute(Object result) {
// authentication complete send the token,secret,userid, to python
datasource.createUser(token, secret, userId);
loadData();
};
};
}
UPDATE
OAuthService class is from Scribe
Token class is from Scribe
UserDataSource class is a DB Helper Class more here

Android Adding Account with AccountManager

Hey guys im trying to add an account with androids accountManager, I keep getting this stack trace below.
Guys I cant post all of my code cause I break the limit that Stack Overflow allows me to enter. so ill only post snippets of code you request cause there is WAY more code for this. Sorry for the messy code im just messing around with it till I can get it to work then ill clean it up.
FATAL EXCEPTION: main
Process: com.example.rapid.rapid, PID: 6168
java.lang.SecurityException: uid 10335 cannot explicitly add accounts of type: com.example.rapid.rapid
at android.os.Parcel.readException(Parcel.java:1620)
at android.os.Parcel.readException(Parcel.java:1573)
at android.accounts.IAccountManager$Stub$Proxy.addAccountExplicitly(IAccountManager.java:890)
at android.accounts.AccountManager.addAccountExplicitly(AccountManager.java:716)
at com.example.rapid.rapid.LoginActivity$1$1.onResponse(LoginActivity.java:174)
at com.example.rapid.rapid.LoginActivity$1$1.onResponse(LoginActivity.java:140)
at com.android.volley.toolbox.StringRequest.deliverResponse(StringRequest.java:60)
at com.android.volley.toolbox.StringRequest.deliverResponse(StringRequest.java:30)
at com.android.volley.ExecutorDelivery$ResponseDeliveryRunnable.run(ExecutorDelivery.java:99)
at android.os.Handler.handleCallback(Handler.java:739)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:158)
at android.app.ActivityThread.main(ActivityThread.java:7237)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1230)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1120)
LoginActivity.java
public class LoginActivity extends Activity {
private static final String TAG = "LoginActivity";
public final static String ARG_ACCOUNT_TYPE = "com.example.rapid.rapid";
public final static String ARG_AUTH_TYPE = "AUTH_TYPE";
public final static String ARG_ACCOUNT_NAME = "com.example.rapid.rapid";
public final static String ARG_IS_ADDING_NEW_ACCOUNT = "IS_ADDING_ACCOUNT";
public static final String KEY_ERROR_MESSAGE = "ERR_MSG";
public final static String PARAM_USER_PASS = "USER_PASS";
private static final int REQUEST_SIGNUP = 0;
private AccountManager mAccountManager;
public static final String ACCOUNT_TYPE = "com.example.rapid.rapid";
private static final String CONTENT_AUTHORITY = "com.example.rapid.rapid";
private static final String PREF_SETUP_COMPLETE = "setup_complete";
private static final long SYNC_FREQUENCY = 60 * 60; // 1 hour (in seconds)
private String mAuthTokenType;
private boolean mInvalidate;
private AlertDialog mAlertDialog;
#InjectView(R.id.loginEmailWrapper)
TextInputLayout _loginEmailWrapper;
#InjectView(R.id.loginPasswordWrapper)
TextInputLayout _loginPasswordWrapper;
#InjectView(R.id.loginEmailInput)
EditText _loginEmailInput;
#InjectView(R.id.loginPasswordInput)
EditText _loginPasswordInput;
#InjectView(R.id.loginPasswordVisibility)
ImageView _loginPasswordVisibility;
#InjectView(R.id.btn_login)
Button _loginButton;
#InjectView(R.id.link_signup)
TextView _signupLink;
#Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
/*Uncomment this to make this screen of the app fullscreen.
requestWindowFeature(Window.FEATURE_NO_TITLE);
getWindow().setFlags(WindowManager.LayoutParams.FLAG_FULLSCREEN,
WindowManager.LayoutParams.FLAG_FULLSCREEN);*/
setContentView(R.layout.activity_login);
ButterKnife.inject(this);
mAccountManager = AccountManager.get(this);
boolean setupComplete = PreferenceManager
.getDefaultSharedPreferences(this.getApplicationContext()).getBoolean(PREF_SETUP_COMPLETE, false);
String accountName = getIntent().getStringExtra(ARG_ACCOUNT_NAME);
mAuthTokenType = getIntent().getStringExtra(ARG_AUTH_TYPE);
if (mAuthTokenType == null)
mAuthTokenType = AccountGeneral.AUTHTOKEN_TYPE_FULL_ACCESS;
if (accountName != null) {
_loginEmailInput.setText(accountName);
}
_loginButton.setOnClickListener(new View.OnClickListener() {
#Override
public void onClick(View v) {
Log.d(TAG, "Begin Login process...");
showAccountPicker(mAuthTokenType, false);
if (!validate()) {
onLoginFailed();
return;
}
final String email = _loginEmailInput.getText().toString();
final String password = _loginPasswordInput.getText().toString();
final String accountType = getIntent().getStringExtra(ARG_ACCOUNT_TYPE);
_loginButton.setEnabled(false);
final ProgressDialog progressDialog = new ProgressDialog(LoginActivity.this,
R.style.Theme_IAPTheme);
progressDialog.setIndeterminate(true);
progressDialog.setMessage("Authenticating...");
progressDialog.show();
// Response received from the server
Response.Listener<String> responseListener = new Response.Listener<String>() {
#Override
public void onResponse(String response) {
String authtoken = null;
boolean newAccount = false;
try {
Log.i("tagconvertstr", "[" + response + "]");
JSONObject jsonResponse = new JSONObject(response);
boolean success = jsonResponse.getBoolean("success");
if (success) {
String trainer_name = jsonResponse.getString("trainer_name");
authtoken = jsonResponse.getString("token");
//String name = jsonResponse.getString("name");
//Intent intent = new Intent(LoginActivity.this, UserHomeActivity.class);
//intent.putExtra("name", name);
//intent.putExtra("username", username);
//LoginActivity.this.startActivity(intent);
//Intent intent = new Intent(LoginActivity.this, UserHomeActivity.class);
//LoginActivity.this.startActivity(intent);
//startActivityForResult(intent, 1);
String accountName = AccountManager.KEY_ACCOUNT_NAME;
String accountPassword = password;
//final Account account = new Account(email, "com.example.rapid.rapid");
if (getIntent().getBooleanExtra(ARG_IS_ADDING_NEW_ACCOUNT, true)) {
Log.d("rapid", TAG + "> finishLogin > addAccountExplicitly");
authtoken = AccountManager.KEY_AUTHTOKEN;
String authtokenType = mAuthTokenType;
Account account = rapidAuthenticatorService.GetAccount(ACCOUNT_TYPE);
AccountManager accountManager =
(AccountManager) getSystemService(Context.ACCOUNT_SERVICE);
if (accountManager.addAccountExplicitly(account, null, null)) {
// Inform the system that this account supports sync
ContentResolver.setIsSyncable(account, CONTENT_AUTHORITY, 1);
// Inform the system that this account is eligible for auto sync when the network is up
ContentResolver.setSyncAutomatically(account, CONTENT_AUTHORITY, true);
// Recommend a schedule for automatic synchronization. The system may modify this based
// on other scheduled syncs and network utilization.
ContentResolver.addPeriodicSync(
account, CONTENT_AUTHORITY, new Bundle(),SYNC_FREQUENCY);
newAccount = true;
}
if (newAccount) {
TriggerRefresh();
PreferenceManager.getDefaultSharedPreferences(getApplicationContext()).edit()
.putBoolean(PREF_SETUP_COMPLETE, true).commit();
}
Log.d("rapid", TAG + "> ALL SETUP!");
// Creating the account on the device and setting the auth token we got
// (Not setting the auth token will cause another call to the server to authenticate the user)
//mAccountManager.addAccountExplicitly(account, null, null);
//mAccountManager.setAuthToken(account, authtokenType, authtoken);
} else {
Log.d("rapid", TAG + "> finishLogin > setPassword");
//mAccountManager.setPassword(account, accountPassword);
Log.d("rapid", TAG + "> done setting account password");
}
//setAccountAuthenticatorResult(intent.getExtras());
//setResult(RESULT_OK, intent);
Toast.makeText(getBaseContext(), "Login Successful", Toast.LENGTH_LONG).show();
Intent intent = new Intent(LoginActivity.this, UserHomeActivity.class);
intent.putExtra("trainer_name", trainer_name);
startActivity(intent);
} else {
progressDialog.dismiss();
onLoginFailed();
}
} catch (JSONException e) {
e.printStackTrace();
}
}
};
LoginRequest loginRequest = new LoginRequest(email, password, responseListener);
RequestQueue queue = Volley.newRequestQueue(LoginActivity.this);
queue.add(loginRequest);
}
});
_loginPasswordInput.addTextChangedListener(new TextWatcher() {
#Override
public void beforeTextChanged(CharSequence s, int start, int count, int after) {
//_registerPasswordVisibility.setVisibility(s.length() > 0 ? View.VISIBLE : View.GONE);
}
#Override
public void onTextChanged(CharSequence s, int start, int before, int count) {
}
#Override
public void afterTextChanged(Editable s) {
//_registerPasswordVisibility.setVisibility(s.length() > 0 ? View.VISIBLE : View.GONE);
//_trainerNameWrapper.setBackgroundColor(Color.parseColor("#0000ff"));
}
});
_loginPasswordVisibility.setOnTouchListener(mPasswordVisibleTouchListener);
_signupLink.setOnClickListener(new View.OnClickListener() {
#Override
public void onClick(View v) {
// Start the Signup activity
Intent intent = new Intent(getApplicationContext(), RegisterActivity.class);
startActivityForResult(intent, REQUEST_SIGNUP);
}
});
}
public static void TriggerRefresh() {
Bundle b = new Bundle();
// Disable sync backoff and ignore sync preferences. In other words...perform sync NOW!
b.putBoolean(ContentResolver.SYNC_EXTRAS_MANUAL, true);
b.putBoolean(ContentResolver.SYNC_EXTRAS_EXPEDITED, true);
ContentResolver.requestSync(
rapidAuthenticatorService.GetAccount(ACCOUNT_TYPE), // Sync account
CONTENT_AUTHORITY, // Content authority
b); // Extras
}
private View.OnTouchListener mPasswordVisibleTouchListener = new View.OnTouchListener() {
#Override
public boolean onTouch(View v, MotionEvent event) {
final boolean isOutsideView = event.getX() < 0 ||
event.getX() > v.getWidth() ||
event.getY() < 0 ||
event.getY() > v.getHeight();
// change input type will reset cursor position, so we want to save it
final int cursor = _loginPasswordInput.getSelectionStart();
if (isOutsideView || MotionEvent.ACTION_UP == event.getAction())
_loginPasswordInput.setInputType(InputType.TYPE_CLASS_TEXT |
InputType.TYPE_TEXT_VARIATION_PASSWORD);
else
_loginPasswordInput.setInputType(InputType.TYPE_CLASS_TEXT |
InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD);
_loginPasswordInput.setSelection(cursor);
return true;
}
};
/**
* Show all the accounts registered on the account manager. Request an auth token upon user select.
*
* #param authTokenType
*/
private void showAccountPicker(final String authTokenType, final boolean invalidate) {
mInvalidate = invalidate;
final Account availableAccounts[] = mAccountManager.getAccountsByType(AccountGeneral.ACCOUNT_TYPE);
if (availableAccounts.length == 0) {
Toast.makeText(this, "No accounts", Toast.LENGTH_SHORT).show();
} else {
String name[] = new String[availableAccounts.length];
for (int i = 0; i < availableAccounts.length; i++) {
name[i] = availableAccounts[i].name;
}
// Account picker
mAlertDialog = new AlertDialog.Builder(this).setTitle("Pick Account").setAdapter(new ArrayAdapter<String>(getBaseContext(), android.R.layout.simple_list_item_1, name), new DialogInterface.OnClickListener() {
#Override
public void onClick(DialogInterface dialog, int which) {
if (invalidate)
invalidateAuthToken(availableAccounts[which], authTokenType);
else
getExistingAccountAuthToken(availableAccounts[which], authTokenType);
}
}).create();
mAlertDialog.show();
}
}
/**
* Get the auth token for an existing account on the AccountManager
*
* #param account
* #param authTokenType
*/
private void getExistingAccountAuthToken(Account account, String authTokenType) {
final AccountManagerFuture<Bundle> future = mAccountManager.getAuthToken(account, authTokenType, null, this, null, null);
new Thread(new Runnable() {
#Override
public void run() {
try {
Bundle bnd = future.getResult();
final String authtoken = bnd.getString(AccountManager.KEY_AUTHTOKEN);
showMessage((authtoken != null) ? "SUCCESS!\ntoken: " + authtoken : "FAIL");
Log.d("udinic", "GetToken Bundle is " + bnd);
} catch (Exception e) {
e.printStackTrace();
showMessage(e.getMessage());
}
}
}).start();
}
/**
* Invalidates the auth token for the account
*
* #param account
* #param authTokenType
*/
private void invalidateAuthToken(final Account account, String authTokenType) {
final AccountManagerFuture<Bundle> future = mAccountManager.getAuthToken(account, authTokenType, null, this, null, null);
new Thread(new Runnable() {
#Override
public void run() {
try {
Bundle bnd = future.getResult();
final String authtoken = bnd.getString(AccountManager.KEY_AUTHTOKEN);
mAccountManager.invalidateAuthToken(account.type, authtoken);
showMessage(account.name + " invalidated");
} catch (Exception e) {
e.printStackTrace();
showMessage(e.getMessage());
}
}
}).start();
}
/**
* Get an auth token for the account.
* If not exist - add it and then return its auth token.
* If one exist - return its auth token.
* If more than one exists - show a picker and return the select account's auth token.
*
* #param accountType
* #param authTokenType
*/
private void getTokenForAccountCreateIfNeeded(String accountType, String authTokenType) {
final AccountManagerFuture<Bundle> future = mAccountManager.getAuthTokenByFeatures(accountType, authTokenType, null, this, null, null,
new AccountManagerCallback<Bundle>() {
#Override
public void run(AccountManagerFuture<Bundle> future) {
Bundle bnd = null;
try {
bnd = future.getResult();
final String authtoken = bnd.getString(AccountManager.KEY_AUTHTOKEN);
showMessage(((authtoken != null) ? "SUCCESS!\ntoken: " + authtoken : "FAIL"));
Log.d("udinic", "GetTokenForAccount Bundle is " + bnd);
} catch (Exception e) {
e.printStackTrace();
showMessage(e.getMessage());
}
}
}
, null);
}
private void showMessage(final String msg) {
if (TextUtils.isEmpty(msg))
return;
runOnUiThread(new Runnable() {
#Override
public void run() {
Toast.makeText(getBaseContext(), msg, Toast.LENGTH_SHORT).show();
}
});
}
}
rapidAuthenticator.java
public class rapidAuthenticator extends AbstractAccountAuthenticator {
private String TAG = "rapidAuthenticator";
private final Context mContext;
public rapidAuthenticator(Context context) {
super(context);
// I hate you! Google - set mContext as protected!
this.mContext = context;
}
#Override
public Bundle addAccount(AccountAuthenticatorResponse response, String accountType, String authTokenType, String[] requiredFeatures, Bundle options) throws NetworkErrorException {
Log.d("rapid", TAG + "> addAccount");
final Intent intent = new Intent(mContext, LoginActivity.class);
intent.putExtra(LoginActivity.ARG_ACCOUNT_TYPE, accountType);
intent.putExtra(LoginActivity.ARG_AUTH_TYPE, authTokenType);
intent.putExtra(LoginActivity.ARG_IS_ADDING_NEW_ACCOUNT, true);
intent.putExtra(AccountManager.KEY_ACCOUNT_AUTHENTICATOR_RESPONSE, response);
final Bundle bundle = new Bundle();
bundle.putParcelable(AccountManager.KEY_INTENT, intent);
return bundle;
}
#Override
public Bundle getAuthToken(AccountAuthenticatorResponse response, Account account, String authTokenType, Bundle options) throws NetworkErrorException {
Log.d("udinic", TAG + "> getAuthToken");
// If the caller requested an authToken type we don't support, then
// return an error
if (!authTokenType.equals(AccountGeneral.AUTHTOKEN_TYPE_READ_ONLY) && !authTokenType.equals(AccountGeneral.AUTHTOKEN_TYPE_FULL_ACCESS)) {
final Bundle result = new Bundle();
result.putString(AccountManager.KEY_ERROR_MESSAGE, "invalid authTokenType");
return result;
}
// Extract the username and password from the Account Manager, and ask
// the server for an appropriate AuthToken.
final AccountManager am = AccountManager.get(mContext);
String authToken = am.peekAuthToken(account, authTokenType);
Log.d("udinic", TAG + "> peekAuthToken returned - " + authToken);
// Lets give another try to authenticate the user
if (TextUtils.isEmpty(authToken)) {
final String password = am.getPassword(account);
if (password != null) {
try {
Log.d("udinic", TAG + "> re-authenticating with the existing password");
authToken = sServerAuthenticate.userSignIn(account.name, password, authTokenType);
} catch (Exception e) {
e.printStackTrace();
}
}
}
// If we get an authToken - we return it
if (!TextUtils.isEmpty(authToken)) {
final Bundle result = new Bundle();
result.putString(AccountManager.KEY_ACCOUNT_NAME, account.name);
result.putString(AccountManager.KEY_ACCOUNT_TYPE, account.type);
result.putString(AccountManager.KEY_AUTHTOKEN, authToken);
return result;
}
// If we get here, then we couldn't access the user's password - so we
// need to re-prompt them for their credentials. We do that by creating
// an intent to display our AuthenticatorActivity.
final Intent intent = new Intent(mContext, LoginActivity.class);
intent.putExtra(AccountManager.KEY_ACCOUNT_AUTHENTICATOR_RESPONSE, response);
intent.putExtra(LoginActivity.ARG_ACCOUNT_TYPE, account.type);
intent.putExtra(LoginActivity.ARG_AUTH_TYPE, authTokenType);
intent.putExtra(LoginActivity.ARG_ACCOUNT_NAME, account.name);
final Bundle bundle = new Bundle();
bundle.putParcelable(AccountManager.KEY_INTENT, intent);
return bundle;
}
#Override
public String getAuthTokenLabel(String authTokenType) {
if (AccountGeneral.AUTHTOKEN_TYPE_FULL_ACCESS.equals(authTokenType))
return AccountGeneral.AUTHTOKEN_TYPE_FULL_ACCESS_LABEL;
else if (AccountGeneral.AUTHTOKEN_TYPE_READ_ONLY.equals(authTokenType))
return AccountGeneral.AUTHTOKEN_TYPE_READ_ONLY_LABEL;
else
return authTokenType + " (Label)";
}
#Override
public Bundle hasFeatures(AccountAuthenticatorResponse response, Account account, String[] features) throws NetworkErrorException {
final Bundle result = new Bundle();
result.putBoolean(KEY_BOOLEAN_RESULT, false);
return result;
}
#Override
public Bundle editProperties(AccountAuthenticatorResponse response, String accountType) {
return null;
}
#Override
public Bundle confirmCredentials(AccountAuthenticatorResponse response, Account account, Bundle options) throws NetworkErrorException {
return null;
}
#Override
public Bundle updateCredentials(AccountAuthenticatorResponse response, Account account, String authTokenType, Bundle options) throws NetworkErrorException {
return null;
}
}
Manifest
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.rapid.rapid">
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />
<uses-permission android:name="android.permission.WRITE_SYNC_SETTINGS" />
<application>
<service android:name="com.example.rapid.rapid.rapidAuthenticatorService">
<intent-filter>
<action android:name="android.accounts.AccountAuthenticator" />
</intent-filter>
<meta-data android:name="android.accounts.AccountAuthenticator"
android:resource="#xml/authenticator" />
</service>
</application>
</manifest>
Authenticator.xml
<selector xmlns:android="http://schemas.android.com/apk/res/android">
<account-authenticator xmlns:android="http://schemas.android.com/apk/res/android"
android:accountType="com.example.rapid.rapid"
android:icon="#drawable/logo"
android:smallIcon="#drawable/logo"
android:label="rapid"
android:accountPreferences="#xml/prefs"/>
</selector>

As exception says, caller uid is different than the authenticator's uid. To add a account explicitly, caller and authenticator's uid should be same.
This should be same as your app id, i.e package name.
android:accountType="com.example.rapid.rapid"
Android Developer Documentation
This method requires the caller to have a signature match with the
authenticator that owns the specified account.

I had a similar problem, but got it fixed after I restarted the device. It might help to try it out.

How to get real time inbox and notifications from Facebook SDK android

I am developing an application that when it opens it get inbox and facebook notifications. I am able to get inbox and notification messages from Facebook in my android application every minute using Alarm Manager. But this consumes a lot of battery of the smartphone. Is there a way to get notifications and inbox in real time so It doesn't have to be requesting every minute?
This is my code:
MainFragment class
public class MainFragment extends Fragment {
private static final String TAG = "MainFragment";
private Activity context;
private Session.StatusCallback callback = new Session.StatusCallback() {
#Override
public void call(Session session, SessionState state, Exception exception) {
onSessionStateChange(session, state, exception);
}
};
private UiLifecycleHelper uiHelper;
private TextView InboxMessage,NotificationMessage,text1,text2;
private LoginButton authButton;
PendingIntent pi;
BroadcastReceiver br;
AlarmManager am;
#Override
public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
View view = inflater.inflate(R.layout.activity_login, container, false);
authButton = (LoginButton) view.findViewById(R.id.authButton);
authButton.setFragment(this);
authButton.setPublishPermissions(Arrays.asList("manage_notifications"));
InboxMessage= (TextView) view.findViewById(R.id.InboxTextView);
NotificationMessage= (TextView) view.findViewById(R.id.NotificationsMessageTextView);
text1= (TextView) view.findViewById(R.id.textView1);
text2= (TextView) view.findViewById(R.id.textView2);
context=this.getActivity();
onClickNotifications();
return view;
}
private void onSessionStateChange(final Session session, final SessionState state, final Exception exception) {
if (state.isOpened()) {
final Calendar TIME = Calendar.getInstance();
am.setRepeating(AlarmManager.RTC,TIME.getTime().getTime(), 1000*60, pi);
} else {
Log.i(TAG, "Logged out...");
text1.setVisibility(View.INVISIBLE);
InboxMessage.setVisibility(View.INVISIBLE);
NotificationMessage.setVisibility(View.INVISIBLE);
text2.setVisibility(View.INVISIBLE);
}
}
#Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
uiHelper = new UiLifecycleHelper(getActivity(), callback);
uiHelper.onCreate(savedInstanceState);
}
#Override
public void onResume() {
super.onResume();
uiHelper.onResume();
Session session = Session.getActiveSession();
if (session != null &&
(session.isOpened() || session.isClosed()) ) {
onSessionStateChange(session, session.getState(), null);
}
uiHelper.onResume();
}
public void onClickNotifications(){
br = new BroadcastReceiver() {
#Override
public void onReceive(Context c, Intent i) {
final Session session =Session.getActiveSession();
if(session.isOpened()){
String aaa=new String();
aaa="SELECT title_text,updated_time FROM notification WHERE recipient_id=me() AND is_unread=1";
Bundle params = new Bundle();
params.putString("q", aaa);
new Request(session,"/fql",params,HttpMethod.GET,new Request.Callback() {
public void onCompleted(Response response) {
try
{
GraphObject go = response.getGraphObject();
JSONObject jso = go.getInnerJSONObject();
JSONArray arr = jso.getJSONArray( "data" );
String splitting=arr.toString().replaceAll("\\\\|\\{|\\}|\\[|\\]", "");
String[] arrayresponse=splitting.split("\\,");
String s = "";
for (int i = 0; i < arrayresponse.length; i++) {
if (arrayresponse[i].length()>13){
if (arrayresponse[i].substring(1,13).equals("updated_time"))
s+="* "+getDate(Long.valueOf(arrayresponse[i].substring(15,arrayresponse[i].length())))+"\n";
else
s+=" "+arrayresponse[i].substring(14,arrayresponse[i].length()-1)+"\n\n";
}
}
text2.setVisibility(View.VISIBLE);
NotificationMessage.setVisibility(View.VISIBLE);
NotificationMessage.setMovementMethod(new ScrollingMovementMethod());
NotificationMessage.setText(s);
readMailBox(session);
}catch ( Throwable t )
{
t.printStackTrace();
}
}
}
).executeAsync();
}
else{
NotificationMessage.setVisibility(View.INVISIBLE);
Log.i(TAG, "Logged out...");
}
}
};
this.getActivity().registerReceiver(br, new IntentFilter("com.authorwjf.wakeywakey") );
pi = PendingIntent.getBroadcast( this.getActivity(), 0, new Intent("com.authorwjf.wakeywakey"), 0 );
am = (AlarmManager)(this.getActivity().getSystemService( Context.ALARM_SERVICE ));
}
private String getDate(long time) {
Calendar cal = Calendar.getInstance(Locale.ENGLISH);
time=time*1000;
cal.setTimeInMillis(time);
return DateFormat.format("dd-MM-yyyy hh:mm:ss aa", cal).toString();
}
public void readMailBox(Session session){
String aaa=new String();
aaa="SELECT timestamp,sender,body FROM unified_message where thread_id in (select thread_id from unified_thread where folder = 'inbox') and unread=1";
Bundle params = new Bundle();
params.putString("q", aaa);
new Request(session,"/fql",params,HttpMethod.GET,new Request.Callback() {
public void onCompleted(Response response) {
try
{
GraphObject go = response.getGraphObject();
JSONObject jso = go.getInnerJSONObject();
JSONArray arr = jso.getJSONArray( "data" );
String splitting=arr.toString().replaceAll("\\\\|\\{|\\}|\\[|\\]", "");
String[] arrayresponse=splitting.split("\\,");
String s = "";
for (int i = 0; i < arrayresponse.length; i++) {
if (arrayresponse[i].length()>10){
if (arrayresponse[i].substring(1,10).equals("timestamp"))
s+=getDate(Long.valueOf(arrayresponse[i].substring(13,arrayresponse[i].length()-4)))+"\n";
else if (arrayresponse[i].substring(1,5).equals("name"))
s+="* "+arrayresponse[i].substring(8,arrayresponse[i].length()-1)+"\n";
else if (arrayresponse[i].substring(1,5).equals("body"))
s+=arrayresponse[i].substring(7,arrayresponse[i].length())+"\n\n";
}
}
text1.setVisibility(View.VISIBLE);
InboxMessage.setVisibility(View.VISIBLE);
InboxMessage.setMovementMethod(new ScrollingMovementMethod());
InboxMessage.setText(s);
}catch ( Throwable t )
{
t.printStackTrace();
}
}
}
).executeAsync();
}
#Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
uiHelper.onActivityResult(requestCode, resultCode, data);
super.onActivityResult(requestCode, resultCode, data);
Session session =Session.getActiveSession();
List<String> permissions = session.getPermissions();
if (!permissions.contains("read_mailbox")) {
Session.NewPermissionsRequest newPermissionsRequest = new Session.NewPermissionsRequest(context, Arrays.asList("read_mailbox"));
session.requestNewReadPermissions(newPermissionsRequest);
readMailBox(session);
} else {
readMailBox(session);
}
}
#Override
public void onPause() {
super.onPause();
uiHelper.onPause();
}
#Override
public void onDestroy() {
uiHelper.onDestroy();
am.cancel(pi);
this.getActivity().unregisterReceiver(br);
super.onDestroy();
}
#Override
public void onSaveInstanceState(Bundle outState) {
super.onSaveInstanceState(outState);
uiHelper.onSaveInstanceState(outState);
}
}
In another words my question is: Is there a way to keep listening to inbox and notifications and automatically get new messages instead of requesting every minute?

The best and perhaps the latest way of fetching notifications is to use FQL Facebook Query Language) and for your AGAIN WITHOUT OPENING APP part. You have to write your notification method in a service and the update it using some timer.I used Alarm Manager for that case.so that once you attain permission from the user to view his noifications, you can then continously fetch them in the background using the service. here is my method that I used to fetch notifications and then there conversion into json aswell.
public void onClickNotifications(){
Session session =Session.getActiveSession();
if(session.isOpened()){
// session.requestNewPublishPermissions(new Session.NewPermissionsRequest(this, PERMISSION));
String aaa=new String();
aaa="SELECT title_text FROM notification WHERE recipient_id=me() AND is_unread=1";
Bundle params = new Bundle();
params.putString("q", aaa);
new Request(
session,
"/fql",
params,
HttpMethod.GET,
new Request.Callback() {
public void onCompleted(Response response) {
try
{
GraphObject go = response.getGraphObject();
JSONObject jso = go.getInnerJSONObject();
JSONArray arr = jso.getJSONArray( "data" );
for ( int i = 0; i < arr.length() ; i++ )
{
JSONObject json_obj = arr.getJSONObject( i );
adv.add(json_obj.getString( "title_text" ));
}
}
catch ( Throwable t )
{
t.printStackTrace();
}
}
}
).executeAsync();
}
else{
Toast.makeText(getApplicationContext(), "You are not logged in", Toast.LENGTH_LONG).show();
}
}