I need to know how we detect the event of an Android app making a request to the Android Framework for sensor data. Also, if it is possible the Android Framework responding to the said request. I am trying to create a service that will be able to log this information for security or privacy purposes. Is this possible? What is the ideal way to go about it? If it is not possible, do we know why not? Is there an alternative solution?
I am trying to create a service that will be able to log this information for security or privacy purposes
I fail to see how spying on application activity regarding sensors will be "for security or privacy purposes".
Is this possible?
You are welcome to build your own ROM mod that has a revised version of Android, one that contains security vulnerabilities that would allow an app to monitor the sensor requests and responses between another app and the OS. Or, your ROM mod can do the logging directly, through an altered version of the framework.
Otherwise, no, this is not possible from an ordinary SDK application. I do not have enough experience with root-requiring frameworks like Xposed to know whether this is possible using them, though, again, that would require root.
Related
I am working on a mobile application and would like to inform users when an update is available, if that user's device is not managed by an MDM. If the device is MDM-configured, we don't expect the end user will be able to update the app without the configuration being changed by the administrator. To provide a better user experience, we want to provide relevant information. To do this, I'd like ideas to determine if an app (written in Kotlin/Swift) can poll for this type of information.
I saw some things in the Android Docs about checking for Restrictions Providers, but I think this is the wrong avenue. I'm not very familiar with this, so correct me if I'm wrong.
Sadly I know little to nothing about mobile app development and I am tasked with thinking through privacy considerations a user could have when using a mobile website vs its app equivalent.
For example, when a user browses our mobile website we can collect the following data:
IP
User agent
OS information returned from Javascript, including screen resolution
Cookies from the domain
Of course, this list isn't exhaustive.
So what can easily be collected from a user of a mobile app? (assuming no extra permissions were enabled)
IP
What's the equivalent of a user agent?
What OS/device info is available?
Do apps have "cookies"?
What else?
APMK, we can Collect the below data
Device location.
Device Name.
Device Version.
OS (Android/iOS/Windows)
Cooikes if we are using webview ..etc
I think your question requires more clarifications and answer to the following questions:
Do you have access to the source code ? If yes, you can track basically anything that's in the app using 3rd party tracking services like Google Analytics or other similar stuffs (even your own implementation). If not, do you have access to the API that's used by the application ? If yes, you can probably detect the OS since almost all request have a User-Agent attached to them, platform specific, but from the API requests you can't have much info.
I think the problem should be put the other way around, what do you want to track from a mobile app ? And I can tell you from my experience that there's almost nothing that can't be tracked from mobile apps if you have access to the source code. Regarding the permissions, off-course you won't be able to access something for which you didn't request any permissions, but you can check if the permission is granted anyway (maybe some other part of your app requested those permissions).
Also just a reminder, if you develop apps for EU, make sure you're GDPR compliant, the sanctions can be quite huge for a non-GDPR compliant app.
Yes there is an App where you can find all the info of the Particular info https://play.google.com/store/apps/details?id=com.quixom.deviceinfo
Check it out
When I build a web application, like most others, I simply build an admin area from which the client can control their site.
Most applications I build for android never require this kind of maintenance as they are all self contained. However Something I'm extremely curious about, say you build a cross platform application that does require constant maintenance; you've got 2 versions - an iOS and android version. What would be the best way to go about managing both applications from the same place?
For examples sake, let's say you build a real simple application. It could be something that once a day sends you a message, "hope you're day is going well" or "let me tell you a joke". Now what if those messages were hand typed and submitted to the applications, you want to log into a system, type the daily message in and both applications are simultaneously updated with the new message.
In my head I'm imagining you would need to build a dedicated admin system either as a web application or standalone desktop application that connects to the apps hosted database however I'm wondering about how well that would work, what kind of problems are you going to run Into, would it even be feesable?
I've never had to build something like this but some of the more recent web applications I've built would work well as straight forward applications and that just gets me thinking, if I was asked to turn them into apps that function the way they do already, what would be the best way?
It's something I'm really curious about and feel like I need to get my understanding on the right track.
I think you are describing an application for an admin that will set up (write) data to be used by users of Android and IOS apps. Few options:
Write the admin application as a regular web application. Be careful to use transactions in the code that writes to the database. That is to avoid inconsistent DB states when your admin applications DB writes interleave between mobile app reads. Also you have to secure the admin REST resources (API end points) for admin access only, so you would need authorization code in the app.
Write admin apps for the mobile platforms (or an admin section in the existing app that is properly authorized in the app code) and the server API end points. That is more tedious because of 2 platforms. Again you will need the DB transactions and authorization code
Write separate admin apps for mobile but with one framework (Xamarin). It will work for simple apps and yours sounds simple enough for Xamarin to work well.
Can any one help me out how to do MDM Integration in Android from client and server prespective?
I want to do an enterprise application which having lock and wipe functionality. I have no any clue of workflow of MDM in Android.
Thanks.
Android Device Admin API will do both things what you want to do (lock/wipe device and even more). An example is given and also you can find this complete source code in your Android SDK directory.
Now as client server perspective:
You have to implement your task (lock and wipe) in your android application (in client, i.e. known as agent). Now your application should be capable to communicate with your server or vice-verse.
I am 100% agree with adamk as he said "Remote controlling your application remains exclusively your responsibility - the Android framework does not provide (or enforce) any solution for that."
And Android gives your this feature too, as adamk said to use C2DM, he was right but now C2DM is deprecated, and GCM has been introduced, “a service that helps developers send data from servers to their Android applications on Android devices.” The service can send a message of up to 4 kb to an application on an Android device, most often to tell the application to retrieve a larger set of data. GCM will now handle all queueing and delivery for messages to Android applications.
You should read how to use GCM, and you can find sample code too. Download GCM Android Library from SDK Manager
and check android-sdk/extras/google/GCM directory
After establishing successful communication between your agent and server, evaluate msg in agent sent by server and perform desire action (lock/ wipe). This is again up to you how you define your message payload and how you handle those payloads in agent application.
Here is an article about Android MDM.
Happy Coding :)
You can use DeviceAdmin to gain privileges for managing the Lock preferences and performing device wipe (among other stuff).
(The user must add your app as a device administrator beforehand)
Remote controlling your application remains exclusively your responsibility - the Android framework does not provide (or enforce) any solution for that.
You may want to consider using Google's C2DM API, which is a convenient push mechanism.
As mentioned in the above answer, DeviceAdmin API can help. If you are using an Android device, you might know about the Android Device Manager (the web-based version) which allows you to manage your device. Basically, you can track, locate, lock, and wipe your device, some of the basic features of an MDM solution. So, in coding (though I am not a coding expert), you need to get access to the Device Manager (I guess, using some listener codes, or notification access).
Apart from this, MDM allows creating policies and groups of users (which would be a part of the coding in the app itself), then pushing the command over the internet (or OTA) to the connected device.
MDM also allows managing Apps and Data on the device, for which, you need the app to get access to the internal as well as external device storage.
Hope this helps. Good luck creating your MDM software
a customer ordered us a tablet application, but they need a lot of access restriction to lock device functions such as:
Permit datas transfer only inside the application not outside
Restricted user access on the device (something close to admin and normal user permissions)
A framework/API that permit to create an internal mail reader/sender
Public API of iOS makes impossible to fulfill those requirements. I was wondering if Android makes life easier when there are those kind of restriction.
UPDATE: To make understand better the field of use. I'm talking about an application that "force" the device to be used just only with that application for an Enterprise use. The app is just like a CRM but the device should be blocked in some functions to make users only work with them and NOT playing or use facebook, market etc.
Not sure you can achiev all of those, but you should look into the device policy for android here and here.
1) Not sure what you mean by point 1. If you mean controlling all data transfer from the device, you might be a in a bind considering the only way to get a firewall running on android is by rooting the device. Perhaps you could look into writing a custom launcher/home like KidZone that only shows approved apps? - Not nearly as secure, though.
2) Honeycomb, so far, doesn't have multi-user support - though you can have multiple google accounts registered. The custom launcher could help in this regard though.
3) I don't see the point of doing this unless they already have a custom mail infrastructure in place. Otherwise just go with exchange.
Permit datas transfer only inside the application not outside
Do not request the INTERNET permission.
Restricted user access on the device (something close to admin and normal user permissions)
You would have to implement this yourself.
A framework/API that permit to create an internal mail reader/sender
I have no idea what this means.