I'm a non-android-programmer who needs to employ/partner with an android developer or development team to implement a project. What I am interested in knowing is how difficult my requirements are likely to be to implement. I have already approached several developers but so far haven't got any answers beyond "sorry we don't have time now" or "we'll get back to you". I believe it would help me to find a developer if someone could give me some indication of how difficult this project will be to implement.
There are two main requirements. Firstly, the software should monitor usage of the device (it will be a tablet computer) so that usage is recorded and regularly transmitted to me (e.g. by automatic email of a datafile). By usage I mean I want to know (a) what apps are installed and when, and (b) what apps are in use (in the foreground) and when. Secondly, the software should be able to restrict usage of the device so that it can be configured to only be able to run certain apps, and only at certain times. At other times it should be unlockable. It doesn't need to be hacker-proof, just child proof.
Skeptics will want to know why I want malicious-sounding spyware written for me: my attentions are good - I'm a child psychologist and we are planning to run a study where we look at how very small children use tablet computers in an ordinary family setting. Basically I will be handing tablets out to parents of three-year-olds: the parents will know exactly what we have done to the tablets.
To avoid asking too vague a question, I guess I could specify even further: is this even possible without a rewrite of the operating system itself (in which case I guess this is a big job), or can this be done more simply? Perhaps there is already software or libraries available which do this?
Certainly it's feasible, and I don't see why it would be as expensive as has been suggested. The key is that you need this only to be child-proof: that's far easier than making it hacker-proof.
All you'd need is a system service to log and transmit various events, and a replacement home/launcher app to prevent launch of unwanted apps. Simples.
Related
Is it possible for an Android application to figure out what words phone's owner types most frequently on the phone? I assume this might not be the case due to privacy concerns, but decided to ask just in case.
The idea was for an app to "adapt" to user based on the analyzation of most used keywords.
Thank you in advance for any input.
This isn't possible unless the android device is rooted, as there are definitely security concerns with allowing an application to have a global key-input hook.
I believe, however, that the operating system itself already does this to an extent. I certainly do not have any definitive evidence, but I've come to notice that the auto-suggestion feature implemented in the standard keyboard suggests very peculiar things that only I would say.
Think you ideally needed to mark up or censor a list of keywords in visual output systemwide, yet cant require to root devices.
That still works on websites through browser plugins.
But is it any thinkable to mess with popular apps like whatsapp, facebook, (one at a time) ?
Reading: I know it is possible to read/change some text inputs yet not generally/all? http://developer.android.com/training/accessibility/service.html
A universal way for markup could be determining screen coordinate positions of contents by OCR and set transparent overlays on the fly + algined smooth with scrolling, just not convinced how well this can both work and be battery efficient (we could cope with low accuracy in text recognition)
I'm adding all my reputation as a bounty.
Laying out a good way for any one popular app (top 20 social apps) qualifies as an accepted answer!
Laying out solution for "1." only but for two or more apps also qualifies.
Showing specifically why/where it will work with one app but not with another also qualifies as an accepted answer.
You cannot modify the visual output of an app. The closest thing you can do to accomplish this is like what Facebook Messenger and LastPass use, which is a feature that allows them to draw over the top of other apps, and LastPass specifically can also read the contents of another app via accessibility permissions. However, that just allows them to draw over the existing apps, and in the case of LastPass, fill out text into input fields. Even with the above options, I don't think you'll be able to accomplish what you're looking to do.
I don't think it's possible. Each app on the Android runs in its own sandboxed environment. You can only communicate through Intents with other applications. So unless they're listening for bad Intents(which I hope they're not), you can't really do anything to those applications.
I would like to know the correct way to monitor system events and operating system activity in Android. My research so far indicates there are various methods for running Activities, Services, BroadCastReceivers, etc. but I don't have an overall comprehensive answer for everything I want to accomplish yet. I did come across an app today called "Carrier IQ" and was wondering how they do it. I believe their app is built into the kernel or at least the phone's OS image, something I want to avoid doing if at all possible.
I know that the Android SDK offers various ways to obtain
Since my app cannot be allowed to be suspended, should it run as a foreground service? If I do this, will I consume too many resources if I need to poll for various activity? I ask this because I don't think I can get everything through receiving events (i.e., using a BroadCastReceiver). I think I need a combination of polling and events.
I want to log sensors, events, OS activity, etc. for a user study. This is NOT for hacking or phishing purposes!
These are the top three projects that I think may accomplish something similar to what I want to achieve, but I have not yet determined if they are viable solutions:
android-hci-extractor
cellbots data logger
android-os-monitor
Does the Android manifest permissions list contain all of the permissions your app will need?
http://developer.android.com/reference/android/Manifest.permission.html
Then you can just ask for permissions when the app is installed and you should be able to access them.
Folks, I'm trying to see if my plan realistic at all. I'm ne to
Android platform but not new to software development. This is my first
post here as well :)
We want (in our company) to create Android software to compliment our
truck management software. Basically, it will do couple very specific
tasks.
a. Send GPS updates to server.
b. Receive trip information.
c. Send pickup/delivery confirmation to server.
After evaluationg i. platform and Windows phone 7 platform we came to
conclusion that only Android has multitasking that works for us. So,
Android it is but I have some specific questions.
Data plan we want to use will be very limited. Probably 5M/mo and
no voice/text. I figured 5x1024x1024 = 5242280 bytes will give me 1k
per transmission every 15 minutes (3000 transmissions per mo). It will
leave 2M for other stuff that will happens every couple of days. Does
my math look OK or there is lot of "waste" traffic? Our server going
to be XML SOAP and messages sent will be just Lon/Lat in XML package.
1K will be OK? If I just calculate bytes it will be even less but I
wonder if there is "minimum" packet size, etc. Any insight on this
data limitation appreciated.
Because of #1 we need to "lock" device somehow so there is no other
software that uses network. Possible? If so, what do I need to look
for? I found already created app - firewall and it says phone has to
be rooted for that.
Receiving trip information. What's the best way to accomplish that
given my situation? Should I run some kind of listener? Will my phone
have IP address or something? Or should I get small text plan and use
that for this specific functionality? Can I receive text message in my
own application?
So, as you see we trying to shrink $80/mo service to $15/mo service
that will do big savings to our company but not sure if it's all
possible with constraints we have. Also, we may just give discounts to
drivers who have Android phone and will install our app but we don't
count on that.
Thank you in advance for any help on this subject.
UPDATE:
Now that I think about it - limited data plan present challenges initially but actually helps us do it "right" to make sure we don't overload server with constant polls. What I really like to see is some real-worls experience with data usage. Problem is, to us to even come up with test app - will require considerable effort. Would be much better to rule this out right now if it won't work. For example, if I knew that message size 2k no matter how big of a message itslef - then I would know immediately that it won't work for us..
If you have a very limited kind of data that you are transferring, the overhead of xml might be unnecessary. Instead, pass .csv data to different endpoints dependent upon the data that your are transfering (one endpoint for lat/lon, another for pickup/delivery confirmation)
You do have an ip address on each device, but you're not necessarily going to know that information - it's not constant, or consistent (it can change as the phone moves around). Instead, do a timed polling of the server (that would make your 3rd endpoint) See other mentioned solution of triggering on SMS.
As far as locking the device, I'm not sure about this, but it certainly seems feasible (though it's not consistent with your 'discounts to drivers who have Android phone'. I understand why, but if the phone has no voice/text capability, it's not likely that the phone will be used by the drivers for much besides it's expected purpose.
You are not going to achieve this with a default Android ROM in other words you have to create your own customized ROM from scratch and deactivate quite some stuff in order to get your devices not to use up the 5M/Month.
You can checkout the developers site on the Android source code to check out if that would be an option for you. Giving discounts to drivers owning an Android phone sounds nice and all but I'm quite certain that this is not going to get the desired results which I guess are that you equip all your trucks with such a device and track all of them.
In my opinion it is not going to work with a data plan of 5M/Month but on the other hand I don't know the data consumption numbers without testing.
UPDATE: Also I would not go with XML but with JSON due to overhead.
When you upload a GPS update, have the server reply with any of the trip data you need to push down to the phone at that time.
I think that for the data traffic (the other topics that you asked about are already solved in the other answers) using a bitmask-like solution will be the best option, first bits are for lat, the next for lon, and then some bitmask for the flags, and sending text data only if it is necessary.
Can you suggest me any good anti-crack approaches (other than a code obfuscation), considering that the paid apps on the Market are easily cracked, and the same goes for a basic server check after a PayPal transaction?
My idea is to have one (very important for the app) Java object saved on the server, and passed to the app each time when it starts. Do you think that this sounds good ?
Note that it is more like of a theoretical question, as I am not going to implement it in an app, I am more like seeking the knowledge for this rather than a concrete solution to a problem.
Any ideas would be appreciated, even ones that you are not very sure if they are good or not. Remember, the question is for Android apps. Thanks.
EDIT: I know that there can't be an unbreakable client side application, I am asking for a good option to prevent it other than a obfuscation
No. Code stored on the server and provided for execution on the device can be grabbed and stored elsewhere such as locally. (And that's probably going to be as hard for you to implement as it will be for the attacker to patch around)
Ultimately, you have to face the fact that preventing run authorization just isn't possible on a general purpose computing platform.
Unless you move actual functionality to execution on a server requiring an individually authorized account, all you can hope for with regard to code running on the user owned device is to achieve a higher than average shade of difficulty.