I've searched through Google's dev docs and some Android debugging tutorials, but I couldn't find any information on logging some specific information from installed applications.
I need to see all the files the application has accessed, all the SMS and call activity it made.
Something like this online security tool, https://anubis.iseclab.org, but on a local PC with a physical device.
Is there any way to retrieve this information from a device?
Related
Is it possible to see the logcat of an app that is on a distant device, in short, is it possible to logcat remotely?
I sent an app to a client, this is giving error in your device, I tested with the emulator in the same version, but the error only occurred with it.
Is it possible to see the logcat of an app that is on a distant
device, in short, is it possible to logcat remotely?
It is possible to connect device over wifi to perform debugging. You can refer to this document. However, it has limitation that both the device and the host needs to be connected to common wifi.
Since your device is in customer premises and cannot be under common wifi, there is no other way to perform remote debugging.
Alternatives:
1. For logical Errors
The best alternative would be to store logs in local directory (Internal storage or SdCard) and ask your customer to send these logs. You can use libraries like logback-android which facilitates this functionality at ease. You just need to perform some configuration.
2. For crash
You can integrate some crash analytics like Hockey app which will notify the crash along with the related stacktrace. If you want detailed information about pre-condition then you have to go for Alternative 1.
I am looking for a way to read the system logs of a connected device via a web application. Basically, I want the user to be able to connect their iphone, android, tablet etc and be able to see what is occurring on their device at the system/consoleLog level. Similar to adb logcat. This would be a via a web application and not on software installed locally. Is this feasible using react/nodejs? What technologies should I consider using?
There're several components you need for achieving this.
Backend
File Monitoring (Native Node.js fs.watch)
Real-time update (Socket.io)
Frontend
Any framework you're comfortable with, I'm using React.js with socket.io client
What you are trying to do is possible, but in a very limited sense.
Your users will be required to manually upload their log files to your web application.
You can "ask" them to do this by using the FileReader api in javascript. Here is a demo page.
As you can see you must manually select a file to be uploaded and give the website. To programmatically set the path of a log file and try to call it without the user noticing is not possible.
The reason for this is anything you make that is served via a web application will run in the sandbox of the users browser.
For obvious security reasons a browser won't let random websites read/write to local files of a persons phone without explicit permission.
Node.js won't help you here because in order to use the functions Node.js has such as accessing local system files the app would have to be installed locally and not running in a "browsers sandbox".
I hope this helps. If you want more examples of the filereader api let me know and I can write something up for you.
I have an app that has some unknown devices listed in the analytics portal I use.
I was wondering if Android and iOS have a method that I can call which tells me if the app has been downloaded and opened using an emulator?
I've thought of accessing the device's IMEI, but this is only for mobile phones and doesn't cover tablets. Any help would be greatly appreciated.
You can try filtering out the Connecting device's by their device's model number, name and id.
For that you first need your app to parse the data from the phone, and then send this data to your server while authentication.
The server checks the robots list and then authenticates the exceptions (genuine users).
NB: Nowadays emulators are updated, they are capable of spoofing a Device Name, Model and ID. So it's a hectic job to detect spoofer's.
Just a Mere Concept out of Thoughts, Might possibly work!
There are couple of methods out there. Android includes a built in method,but some of them can be maneuvered.
Android includes some system properties that keep such information. they can be accessed using the getprop utility and there are ways to get the problematically.
More specifically, the "ro.build.characteristics" will contain the word "emulator" when running on emulator.
Long story short: There are couple of libraries that are capable of doing this and are consider reliable.
Here is a good example:
https://github.com/framgia/android-emulator-detector
For iOS see this answer
As a side note. if you are concerned about having a safe environment to run your application, take a look at SafetyNet
Here's what I want to do.
I have a Samsung galaxy phone whose message box is full. I want to download all the SMS messages from the mobile phone to my computer the Pythonic way. Before I decided to pose this question, I did a quick research on the internet, SO for possible answers.
I hit this lead and this lead here on the internet. These tutorials are quite extensive but do not provide the basic information of accessing the device and display its contents on a screen on my computer.
I read up a little more on using Twilio and other websites, but then that requires connecting to the internet and exposing my phone for the websites.
For now, I just want to access the SMS messages and display them as, perhaps, lists may be. Not the complicated stuff of automating, etc. There sure must be a simple method of doing this?
To access messages on an Android phone directly, you'll need to read the "mmssms.db" file. This is located at data/data/com.android.providers.telephony/databases/mmssms.db, and is an SQLite database. However, this requires root to read. If you have root, use the SMS-tools library here.
If you don't have root access to your phone, you can likely use a built-in Android backup tool to save your SMS messages to your Gmail account. You'd then be able to scrape the messages, or potentially use the Gmail API to retrieve them.
You can use "SMS Backup & Restore" app from Google Play and then manipulate generated backup file with Python. No need to write Python app for Android
Also, you can't backup sms in Google account, like the other answer says
I haven't experimented, but have a look at this page: https://groups.google.com/g/kivy-users/c/3ToGSpc0_1w.
It looks pretty promising for accessing the sms history.
I'm developing an iOS application for a client that reads PLC controller data via TCP/IP. The PLC devices don't have any method to authenticate a user..so basically if you know what your looking for, are on net; you have the ability to read the data and write to the registers if you want to. Well the goal with this application is to allow for some sort of Permission or authentication in the app. Example. The engineer of said devices has the ability to right to the registers but a maintenance worker only has read only permissions. There is no way of adding a authentication method to the PLC devices sitting on the LAN. I need to come up with a way of doing it through the app.
Any suggestions?
Things to keep in mind...
1: More often than not these PLC devices are NOT on a LAN that has access to the internet.
2: More often than not the iPAD/iPhone will not be able to get to the internet for any sort of web based authentication.
3: This app will also need to be developed on the Android so the authentication will need to be cross platform compatible.
4: Different clients from different companies will need the ability to "adjust" and "customize" a users permissions.
Let me know if I need to clarify anything. Thanks!
Allen Bradley has already created a very similar software platform for their PLC's called Assetcentre for OC's. I suggest you read their documentation carefully to udnerstand their architecture. In their software system the first step is to delete the PLC communications software off all the PC's and force them to connect via a special "gateway" networked version which both handles authentication/security and does the actual PC<-->PLC communication.
For "unconnected" mode, a PC "borrows" a license (downloads the security profile) which has an expiration date in it so that the file "expires".
Obviously anyone with a "rogue" PC in the plant can bypass all of this by going back to the way they used to do it.