Quick version:
How could I trigger the event related to an screen touch in a given coordinate, regardless of device state?
Longer Version: My Problem:
I have users that are unable to touch the device (they lack body movement, due to cerebral palsy or strokes). I am then in the process of creating a device that monitorates other types of input (for instance muscle contraction, or even throat humming, among others).
The important part is that I have a circuit that emits a single command.
These commands must then be intercepted by the Android device, and execute its associated command, as if the user was normally operating the device.
Note the following: I will not have any Activity running. The purpose of the application is to interface the sensor with the device, and thus, I cannot make use of View elements.
I suppose what I want to perform is to create a mouse-like element for Android.
But I have not come with any way to either have an application be executed inside my own (where I would provide an automated moving "target" for the user to issue a command/click) or a way to perform an MotionEvent or KeyEvent.
While my research so far yielded no response, I would like to ask the following: Am I forgetting any part or directive of the system that could allow me to perform my task?
The final outcome, is a Service, this service is merely waiting for a signal, this is captured by a Receiver... this is where I am stuck.
You are going to have a very hard time injecting Events from your app into any other app, due to security reasons.
However, you might have better luck in native land, C/C++. So hopefully your sensor-wrapper will end up as a .SO lib which can be included in other projects...
Because what you're trying to do kinda sounds like what Espresso can do (it's a JUnit test suite that can inject Motion/Touch/KeyEvents into views)
However, you can compile your own image with some added accessibility apps that might get you there. But your idea is really not going to be applicable to just about any off-the-shelf android device.
I am going to input an answer here, to show alternatives for people that might have similar issues.
From the get go, the device is a stand alone object, that issues GET requests to an internal webserver in the Android device (I am using PAW server as of today, 26/10/15), and I can issue some simple commands.
Likewise, I am planning to to an Activity with a WebView, and a cursor that keeps on moving, and when the signal is received, it uses the onTouchEvent of the focusable object under it (still studying.)
I do understand the security "flaw" from what I am trying to do, but even a USB HID (Universal Serial Bus - Human Interface Device) wont work on what I am planning so far, due to the needs of the user.
Well, you can insert events while testing because Robolectric, espresso and all the others runs simulations. The best way to do the same in a real device would be sandboxing an app inside yours. That way, your app will act as the OS for the others. But that would be costly and the performance would not be good.
Another alternative is doing the same Xposed does. Xposed intercepts system calls to allow modding the OS without flashing anything, so maybe you could use the same hook (or Xposed itself) to add your listening feature. This will require root, but sounds a lot easier than sandboxing every app in the device or building a custom rom.
Have you looked into Android's accessibility features for developers? http://developer.android.com/guide/topics/ui/accessibility/services.html
Also keep in mind that you can use Android as a USB host to external devices, such as homemade trackpads, joysticks, etc (with a bit of hacking probably).
http://developer.android.com/guide/topics/connectivity/usb/host.html
As for what might be available on the OS already, take a look at the Accessibility menu in the Settings. Hope this helps!
Related
I'm currently working on an app for this kind of device:
link. I want the user to be able to set a timer to shutdown and boot (NOT reboot) at a specific time during the week.
I did a lot of researches but I have't found the answer to my question. Everybody says that's impossible to boot using a timer since the device is supposed to be off. However, in the settings of the device, there is an option "Timer Switch Machine" which allow to do that (as describe in the link above). So I think there is a way to hack this functionality throw my app, if the device is rooted. But I don't know how to do that.
Does anyone have an idea?
This functionality is not part of the AOSP. That means first you have to gain access to the source code (or alternatively talk to someone who has access to it).
You might be able to find the corresponding code by decompiling System apps (especially the app which contains the option).
Otherwise you'd have to find a contact to the developer (probably via the manufacturer).
If you have the sources, the easiest way to hook into it is normally using xposed.
But depending on the actual implementation (e.g. if it's a shell call) there might be a better way.
Is it possible to simulate a USB or Bluetooth device connected to Android?
I would like to make an app which is able to simulate an HID device locally. What I mean by this is: the app should make Android believe that an USB/Bluetooth HID device is connected. This would allow my app to inject touch events globally, I hope. Is there anyway to simulate a (virtual) device? Note that I don't really care about the device, I just want to use the built-in support for HID input.
I know a lot of people already asked about touch event injections but this approach seems to be a little bit different. I do not want to use this for testing purpose, so InstrumentationTestCase and the like won't help.
Rooting the device might be an option, although I can also imagine to ask my endusers to install a specifically signed app manually (according to https://stackoverflow.com/a/16737083/2923406 and https://stackoverflow.com/a/22902808/2923406 this works, but it would be device specific).
I am aware of:
Simulate a mouse input on android - This guy seems to do it in his own app, although his questions wasn't answered ;)
http://www.pocketmagic.net/2013/01/programmatically-injecting-events-on-android-part-2/#.U58SqfldVHV - Needs Root. Did anyone succeeded in using this? Also, the solution seems very device-specific again.
Bluetooth + simulating mouse - That's not what I want. The phone itself should not be an HID device, but use the (virtually created) one itself. Same for this:
https://stackoverflow.com/a/8174973/2923406
Note that I do not want to turn my phone into an HID device of any kind.
Simulating is a broad term. When I created my Bluetooth app I "simulated" a Bluetooth connection in two ways.
Way 1: Use a serial port UART converter and hook it up to a Bluetooth module transmitter.
Then you can use a terminal program like CoolTerm, to send your data.
Like so. In this case I coded in a string to send on successful connection with the device however you can make a infinite loop for testing purposes effectively not requiring your phone to be turned into a HID device.
Way 2 (not easy): Use your computers bluetooth in a server/client relashionship model.
This is harder to do. What you can do is convert your pc/mac into a server and the Android phone into a client or vice-versa. For this you will need to write external code which will need to be compiled separately on a jvm(java virtual machine). The procedure to do this can be found here. If you are using a Linux machine you have to separately download the Bluez module. I have not tried this on any other operating sytem other than Ubuntu, and it was a pain to get functional.
Hopefully that helped.
Yes, it's quite easy using the AOA2 protocol check this & this links for details ( you'll need to switch your device to the Accessory mode )
This may be possible (or at least be easier) using the Robolectric library, which simulates a full Android device locally. Although it is intended primarily for testing, the fact that it simulates a whole device locally - including Bluetooth and USB - means adding to it may be an easier approach.
In other words, you may be able to modify the classes it uses to simulate these abilities locally (i.e. in the IDE itself without an emulator or device) in order to simulate them on the device itself. After all, it does provide full simulations of these functions. You could simply change these Bluetooth and USB simulating classes to load onto the device itself rather than onto the local Robolectric test "device."
This is just an idea though - I can't confirm this will work - it just might be a good place for you to start.
I am currently working on a research project which involves people playing games on an Android device. I am hoping to be able to write an android app that records the accelerometer and touch events. I would like my users to be able to play games such as angry birds, whilst I record their touching data.
I understand that this type of data collection is possible from inside the app, but is it possible from outside the app? (perhaps via an app running in the background?)
If this is not possible, are there alternatives? (I believe I could theoretically go into the android OS source code and make this happen?)
I understand that this type of data collection is possible from inside the app, but is it possible from outside the app? (perhaps via an app running in the background?)
For touch events, no, for obvious privacy and security reasons. It used to be possible (research the term "tapjacking"), but current versions of Android finally blocked this behavior.
For accelerometer events, you can record those, because they are the same for all apps simultaneously. Bear in mind that your sampling rate may not exactly match that of the app being used.
I believe I could theoretically go into the android OS source code and make this happen?
Yes, though you would then need to turn that modified Android into a ROM mod and install it on devices.
Apps are not allowed to do this on a secured device (ie, consumer phone/tablet that has not been 'rooted').
However, depending on your needs it may be possible with the development tools connected to a computer. If you can do some moderately annoying setup before each controlled-circumstances trial, I believe you can do it on some stock devices by using the USB cable to switch ADB into wifi mode, then monitoring input events over a wireless ADB session. See
http://source.android.com/tech/input/getevent.html
That document seems to imply that 'su' is needed (which is odd as the official 'su' isn't usable by non-root users), however it works without on many stock devices.
You'd probably also want to be running logcat to figure out what application is in the foreground.
I'm trying to develop an app that would normally be considered to be malware, but the customer's demands are very specific and logical. We have around 50-100 cheapset Android phones that are bolted down, plugged in, and the app is supposed to send some of the sensor data via tcp to a remote server. It sounds simple enough, but there are two features that I struggle with (since I'm not an experienced Android developer, and have never rooted a phone):
#1 The app should be always on. If it crashes, server should get the error report (stack trace), and the app should be restarted after 10 minutes one more time before giving up. Also, the OS could theoretically kill the app (although I did my best to minimize the memory usage). I'd like to somehow handle that as well.
#2 It would be great if the app could be remotely updated, or auto-updated, with no user interaction whatsoever (since there is no conventional user).
To implement #1, I see no other solution than to root the phone (AlarmsManager doesn't seem to work as I expected, and adding another application to take care of the first one just feels wrong). Is there anything I'm missing?
I don't know how to approach implementing feature #2 at all. If I put the app on the market and check the "keep this application always up to date" checkbox while installing it, will that work? I fear that the auto-update would not occur while the service is running, and even if it did, that the OS would not restart the service after installing the update (unless feature #1 is implemented). If I programatically download the latest .apk and open it, I still need the user to click the "Install" button. I'm even considering implementing the updateable part in some scripting language.
Is there a solution to these problems within the limits of Android API?
EDIT: Thank you all for your answers, you've been very helpful. It seems that the only way to make Android behave as a non-user piece of hardware is to root it. That's the only way to do silent auto-updates. Always on can then be implemented by enabling cron (AlarmManager apparently doesn't fire the event in case of service termination via crash, but it could be used by another trivial, non-crashable service to keep the first one running).
For #1 you can use an foreground service. I don't know how often you need to get sensor data, but what's the problem with AlarmManager? I don't see how rooting could help with #1 though. You can't really do #2 without rooting or building your firmware. If you install your app as a system app (in /system/app) you can use a hidden PackageManager to silently install the new version. Using Market/Play autoupdate should work as well, but you have no way to control the update schedule. And, yes, it won't restart your service, but if you use AlaramManager, this shouldn't be a issue.
All in all, stock Android is not exactly an embedded system that gives you full control, so depending on how much time/effort you are willing to spend, you might want to customize it somewhat (or find a custom ROM that gets close to your requirements).
Re: question #2, there are a few open-source (licensed under the Apache Software License 2.0) options you may check and see how it works.
https://github.com/lazydroid/auto-update-apk-client is the android client for the auto update service (i'm affiliated with), which is small, easy to implement and supports silent updates on rooted devices.
https://github.com/commonsguy/cwac-updater is written by Mark Murphy, however it might require you to run your own update server and I'm not sure about silent updates.
I'm trying to develop an application capable to detect malicious application for Android platform using Support Vector Machines (SVM).
I can get many system information from "logcat" and "strace" tools but I don't now how to manage to detect real malicious applications.
Does anyone know how to stablish/record normal behavior use of the device using those tools, I mean, get information from the device and set a behaviour pattern.
Best regards
You will always have trouble determining malicious application behavior: Kymie M.C. Tan, Roy A. Maxion, ""Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector," sp, pp.188, 2002 IEEE Symposium on Security and Privacy, 2002
But if you really want to try, perhaps the starting point is here: "Intrusion Detection Using Sequences of System Calls." S. Hofmeyr, S. Forrest, and A. Somayaji Journal of Computer Security Vol. 6, pp. 151-180 (1998)
I wonder, if this is possible ...
How do you want to rate whether a behavior is normal for an application? Do you plan a "learning phase" where everything a certain app does, is recorded (if that's possible without root access in the first place!) and then saved as the "profile" of "normal behavior" of that app?Say you record whatever behavior an application has, e.g. a tool to organize icons on the homescreen. Now say this application also offers the function to call one of your favorite contacts directly, it will need the permission to access your contacts and to make phonecalls. If this feature is hardly used, you would probably not record it during your "learning" period of this app and rate the app as malicious once it tries to make a phone call.And what if an app shows malicious behavior during the "learning phase" where you can't detect it because you haven't determined the "normal behavior" yet?
Sounds like the "normal behavior" has to be saved somewhere to rate an app before you install it and it starts acting weird or performs unwanted actions. But then again: what is anwanted for one user may be perfectly normal for another one ...
I'm interested in whatever fancy solutions people come up with, but I guess this will be a hard one ...
what if you use sets of malicious calls in Android first rather than profiling the normal ones.
Also, take note, if you're using unsupervised classification, it does not know what kind of data that it classifies
For Windows API usually people take a look on the sequence to determine their sets of actions.
You can find papers/researches done on that too for the Android platform.