tl;dr: How do you do a Google+ keyword search using the com.google.android.gms library? Can you use the OAuth token, or do you need an API key? (Yes, I know that token is overkill for the application.)
I'm attempting to write an app that will search Google+ for a particular word, and then display results. I followed the Android-specific quickstart. That works fine, but it's only signing in...which maybe isn't even required. I don't care about user profiles or anything. I just want to search and show results. But whatever. It's working. Let's call that part A.
Part B is the actual search. I found another sample code for that, but it's for Java, not necessarily Android. Here's where the problem is. I'm getting a 403 when I try to search, and I could show you the results of that, but it's the same as you'll find all over - "Access Not Configured"...which I did configure. I spent a lot of time regenerating keys, and it seems like a dead end in a way.
But my question, that I'm finally getting to the point of, is about the two samples, and how they differ. Part A, which is Android specific, has a package of com.google.android.gms, but part B, which is plain Java, has a package of com.google.api. So, I can log in through the Android library and it works, but that package doesn't seem to include anything to allow searching, and the plain Java package gives me that access error, which is nonsense because I already have the OAuth token...in a seemingly incompatible API.
Why are there separate packages? Should I ditch the Android one completely? I'm considering ditching native Android code entirely and just using HTTP, which seems a lot simpler.
Related
I've recently had some tasks requiring that I need to log an Android app for some events, like adding to cart, checkout, signing in to the app, pressing on a specific button, etc... to Facebook and Firebase platforms.
Since these are non-functional requirements, I figured out it could be a good idea to start implementing the AOP (Aspect Oriented Programming) method, so events can be intercepted without changing any code in the app.
I've made my research and found out that you could implement AOP using either the AspectJ lang (which is compiled to Java Bytecode and can talk to java directly), or AspectJ annotations like #Before #After and #Around to intercept the pointcuts.
However, I have read some articles like This one And This one, they don't seem to be working for me, the code before of after the pointcut calls do not get invoked at all. I feel like I might have something missing or outdated in the build.gradle aspect code that is mentioned in the first article (which is 8 years old really).
I won't be providing any code here since I've tried the exact same examples in the tutorials and didn't work for me.
I'm asking for someone recently implemented AOP in his Android app.. And could provide me with some steps that I can follow, so I can get the code in the aspects invoked and working.
Also, I've seen some people on the internet trying to implement the aspects in another Android module, and some in another src directory, if someone would explain the difference? And since I'm using Firebase and Facebook dependencies to log the events, wouldn't making the aspects in a different module affect me in any way?
Also, if anyone knows if I'm approaching the best way here to log the events (for Firebase and Facebook), or there could be better? I've went to AOP since I don't feel like changing the existing code to log some events is ideal.
Please, and thank you.
I'm working on a drag and drop app builder. The concept is simple: users can build their apps visually, then the app's settings get turned into a configuration file which will be used by the app to decide how to construct itself (which views should be shown, how should the navigation look like, etc.)
My main concern is once the users download the apk (or ipa) file, they can decompile it, change things in the configuration file and re-compile/re-sign it to be published as a brand new app.
I was thinking about putting part of the logic on server side but that would introduce me the following problems:
If 1000 people built and published an app with my software, and each app sends only 10,000 daily requests to my server, that's already 10,000,000 requests per day, which would be pretty expensive.
If my server is down for any reason, I will have a lot of angry users coming at me.
Got any ideas?
There is no exact way of stopping decompilation/reverse engineering process of android app or apk !
But there Some chances to reduce the scope of code visiblity after decompilation/reverse engineering process !
Here are some habits I am sharing
1) Put important code on a Server : You may rely on remote procedure calls to a well protected server. This reduces the chance of your codes being stolen as the code will always remain on the server and nothing other than the results can be seen.
2) Debugger Detection Techniques : Insted of using the hard coated values or string use some formula or encryption methods which can help to hide the actual values
3) Write important parts of code in C/C++ :You can also write the important parts of your code in C/C++ and add them as a compiled library. While it can be disassembled into assembly code, reverse engineering a large library from assembly is extremely time-consuming. Java is easier to decompile in comparison to C/C++.
These are some key habits which are be taken care by good developer , You should also check out this answer as well !
Huh, I knew it wasn't possible to stop the decompilation/reverse engineering process on any android app. But, I thought maybe everything was possible! Like, perhaps something has changed since then, but no. Basically, I use the same steps as Nisarg Jani described. But, you have to pay some special attention to the C++ code. Any mistake will destroy everything that you have built to that moment. So, if you use a no-code desktop app builder, you should be aware of those "tips and tricks." Besides that, you should keep in mind that without the C++ code, you won't be able to do anything.
I am a Computer Science undergraduate student and I am creating an Android app that using an API to interact with an execution server.
The server takes a xml file and do various stuff with it(get data, process data etc.)and then gives back data as output. Both input and output are exchanged via this API.
The problem is that the API references code from javax.xml.bind, for example, JAXBContext while android doesn't have javax.xml.bind package in its core. (a well known issue)
Feasible solutions on the internet seems to be repackaging the code I need, but I don't know exactly what suppose to be.
Since the API reference classes in javax.xml.bind and javax.net, I guess I have to extract code from these 2 packages and make them part of the API (I have access to API source) and then repackage the API. However, I guess classes inside javax.xml.bind might have dependencies on other classes that not supported by Android, so does javax.net. (Please forgive me if this is stupid thought...)
So anyone know : whether there are classes, which codes in javax.xml.bind and javax.net depends on, not supported by android ?
Bit of tricky question really..
I will be really appreciated if you can provide a work around that enable a Android app to call an API that reference codes inside javax.xml.bind.
Try JiBX (http://jibx.sourceforge.net/), it's a small and fast footprint, Android compatible, XML binding framework.
I ended up with repacking those package which exists in standard Java library but not in Android. Basically, just get source code of all those missing packages and then put them into the API source and rename them into a name that is different from the original one and then change corresponding code in API that reference these methods as well (you have to use a different name, otherwise code reference methods in these package will still looking for methods in the core Library (i.e Android API)
Anyway, hope it helps. If you have the same problem.
If you have any better suggestion. Please share it!
The app I am working on is automatically cracked by antiLVL (although I am not using the LVL in my app).
In order of protecting my app from "one-click piracy", I am implementing tampering detection techniques explained at Google IO.
I have tried checking the signature both with getPackageInfo() and reflection (invoke()), but AntiLVL was able to crack the app automatically in both cases.
How can I write code that will not be automatically cracked by the current version of antiLVL (1.4.0)? I mean, apart from using JNI.
PS: I am not talking about preventing piracy in general. I just want the pirate to dig into the code by hand rather than using an automatic cracker.
The problem is, any API that only serves to check the validity of your application can be subverted and replaced with a version that always returns the result you expect. I haven't looked at Anti-LVL in detail, but I would imagine it is doing this, which is why your attempts to verify your code using Dalvik's built-in APIs for this purpose are failing.
In order to make it work, you'll have to do the work yourself, using only APIs that have multiple purposes and cannot be so easily subverted.
One way of doing it is to calculate a checksum of either your .apk file or just the classes.dex file inside it, and verify it against some external resource (online server with list of known correct versions, file downloaded to SD card on first execution, etc, resource in the .apk file that isn't included in classes.dex). This prevents code modification, which I believe is how anti-LVL works. I haven't tried this myself, but suspect it should work.
The Presentation Notes from Evading Pirates and Stopping Vampires
Some basic keypoints
Modify the LVL
Implement LVL Tamper Resistance
Use obfuscation
Add reflection
Please note, the #:r.page.X at the end of the links I've provided will not always bring you to that specific slide page number for whatever reason. If it doesn't, take note and browse manually.
I have searched from here to the ends of the earth and have still not figured out how this is possible.
I started with using the custom built javamail/gmail api because I wanted to send the email in the background without any interaction from the user.
I then tried to build ontop of that: crypto ( http://javamail-crypto.sourceforge.net/ ) coupled with bouncycastle ( https://www.bouncycastle.org/ ) to sign the email
Because these api's are so old, they clash a lot and every time I seem to fix one obscure error, I uncover another.
I have seen 1 or 2 apps on the market that provide S/MIME encryption and have emailed the creators but have not received a reply.
I've officially given up, its not a case of how old the API's are but a combination of the following two problems:
There is no java.awt package in Android, but a custom andrioid.awt one. I have tried editing the jar files belonging to bouncycastle to adapt to this but to no avail.
The api's seem to not correspond with each other at all. Every time I got close to signing the email and sending it, I would find a nosuchfieldexception or nosuchmethodexception at runtime where one api was looking for something in another api.
Eventually, I just gave up trying to do it for free and found a site called Chilkat who have a perfectly working API with a 30 day trial from the first time you run the code.
Their android api's are here: Chilkat for Android
The reason I'm putting this up is for anyone else who's gone through as much blood and sweat over this as I have to know that there is some hope, even if you have to pay for it...
Djigzo S/MIME Email encryption, from the author “Djigzo”
For Blackberry devices, download the app from: http://www.djigzo.com/bb.html
And of course it has to be free also? The APIs haven't changed because S/MIME hasn't changed. I think you'll also find the sockets API hasn't changed in eons because TCP hasn't changed. However, if you are willing to pay money, then you might consider IAIK, for example this IAIK toolkit.