Is it possible to write an android application such that it is only able to open by scanning the device with an NFC tag?
A similar question was asked here but a clear answer was not given.
I want an android app to open using nfc tag only
Is it as simple as deleting:
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
from the AndroidManifest.xml file and then adding an NDEF_DISCOVERED intent to start the app?
EDIT
The goal is to have a secure application that will only work for a user with a specific NFC tag (ie not someone who has found/stolen the phone). So the application is to do with moving money around and I want to use NFC to determine the identity of the user. I could use a remote database with encrypted passwords but people don't want to
a) type in a complicated password everytime they open an app and
b) may not trust a third party if money is involved.
So I'm looking for some sort of security system using NFC that verifies a users identity. How secure is face recognition with Android? If I stored the face recognition data of a verirified user on an NFC tag who then checked it versus a scan of the users face onStart() how secure is that?
One more thing. If I'm trying to secure the app itself should I exit the app onPause() so that if the app was previously being used by the true owner of the account but didn't exit the app then a different person could not resume the app?
Related
I'm trying to understand if it is possible to listen or catch other apps intents? I have two apps. App A and App B. I would like to transmit information using nfc/android beam from app A to app B and to app A on other phone. User can have both A and B apps installed or just one B app installed. Currently I have semi nfc solution working with simple manifest intent filter:
<intent-filter>
<action android:name="android.nfc.action.NDEF_DISCOVERED" />
<category android:name="android.intent.category.DEFAULT" />
<data android:mimeType="text/plain" />
</intent-filter>
Only problem with this approach emulated NFC tag on other phone works 1 out of 50 times. Not very reliable, I don't know why it does not get NFC tag every time I put together two phones.
Right now I'm trying android beam solution, which reacts every time I put phones together. But the problem is that android beam nfc intent opens only Application A and if there is not application A installed it tries to open Play store. I found out that android beam sends tag with two record:
Record 1 - http://
play.google.com/store/apps/details?id=com.whatsapp
Record 2
com.whatsapp
Main main question is, how to filter for in my application B for application A intents? Can I just write in different application packages names?
I am looking to read the ID of any tag detected by the user in background, without actually opening an activity in my app.
What I currently have is an intent-filter for TECH_DISCOVERED in my MainActivity:
<intent-filter>
<action android:name="android.nfc.action.TECH_DISCOVERED"/>
</intent-filter>
<meta-data android:name="android.nfc.action.TECH_DISCOVERED"
android:resource="#xml/nfc_tech_filter" />
where nfc_tech_filter.xml defines all the technologies I want. It works as expected, the activity is either opened directly or the user is required to choose between different apps. Is it possible to get limited data about the tag, such as the ID, without any user interaction?
Really NFC's security model is NFC is only handled in the foreground, this matches the logic that if the user has brought the NFC Tag in to range then they are expecting some interaction with it and to do that the App has to be in the foreground.
There a various different ways to start what might be termed "background Service", they all have limitation and they still might be stopped by the system and Google have changed what is supported over time and there was a large set of changes in Android 8.
The android code that handles NFC has various checks to make sure NFC is only handled by a foreground App.
In my Android app there is a security vulnerability that my app can be opened by a malicious application. I am using the following intent filter in the Launcher Activity.
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
This intent filter makes the Main Activity exposed to other apps. Is there any way to expose the Main Activity only to the Android OS and not to other applications. As far as I understand We can't use "exported=false".
Is there any way to expose the Main Activity only to the Android OS and not to other applications.
Not as you are defining the terms.
Every activity, exported or not, is "exposed" to "the Android OS". Otherwise, they would be unusable, even by the app itself. The difference between an exported activity and one that is not is whether a third-party app can start the activity.
The home screen itself is just an app. A device ships with at least one home screen pre-installed, and users can install others from the Play Store or elsewhere. Hence, from the standpoint of your app, the home screen is a third-party activity.
In my Android app there is a security vulnerability that my app can be opened by a malicious application
Having an exported activity is not a "security vulnerability" in its own right. Your argument is akin to saying "there is a security vulnerability in my Web site — how do I allow my home page to only be opened from a Google search result, but not by a bookmark or any other Web site?".
Having unnecessarily exported activities is bad from a security standpoint, but the launcher activity is exported by necessity.
I am developing an Android Wear biking app. I am trying to enable the "Ok Google, Start cycling" into my app. It works perfectly if I say it to the phone, but not to my Moto360. Also in the Android Wear app, I am unable to choose my app as the default for "Start bike ride" Any suggestions?
This is what I have in my manifest, and it is based off of Google's example.
<intent-filter>
<action android:name="vnd.google.fitness.TRACK" />
<category android:name="android.intent.category.DEFAULT"/>
<data android:mimeType="vnd.google.fitness.activity/biking"/>
</intent-filter>
I searched other similar questions but didn't find a result.
Thanks for your help
Providing a Wear app is a requirement for being listed in the available apps to register for a system provided voice intent on Android Wear and appear in the Android Wear application for choosing as the default for that voice action. Per the Adding Voice Capabilities training, you attach the appropriate <intent-filter> to an activity in your Wear app. One point of note if you aren't ready to provide a full Wear app is this section of the same page:
When users speak the voice action, your app can filter for the intent that is fired to start an activity. If you want to start a service to do something in the background, show an activity as a visual cue and start the service in the activity. Make sure to call finish() when you want to get rid of the visual cue.
In your case, your activity could just display a visual cue that you are launching something (say using a ConfirmationActivity with an OPEN_ON_PHONE_ANIMATION from the Wearable UI library) and then send a message to your phone app, which would then listen for that message using a WearableListenerService and start the bike ride on the phone, posting your notification.
Note that a full Wear app with more customization is going to be expected as many apps, such as Runtastic on Android Wear add quite a few more abilities that augment the standard experience. While not out yet, an upcoming release of Android Wear will be adding offline (i.e., without a phone) GPS support for Android Wear watches that have GPS ability (currently only the not yet released Sony Smartwatch 3) and of course those abilities will require a full Android Wear experience and cannot rely on a phone app (although details have not yet been released).
You need to add a launcher intent-filter to it; then, saying "OK Google, start [app name]" will start the app. The launcher filter is:
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
The FitBit app just introduced its new NFC functionality and now, even though my app, and several other apps I have installed on my device are all registered (in the manifest) as NFC apps, Android no longer asks me which app I'd like to use and just goest straight to FitBit when I scan the NFC tag to my devices.
I'm curious what they could be doing to override the settings in the manifest. Is there some way that they can be running a Service that dominates NFC and swallows all incoming NFC intents?
I'm hoping there's some way to undermine what they're doing cause currently, in effect, their app is malware that breaks the underlying basic NFC functionality on Android.
A service cannot receive NFC intents, so that cannot be the cause of what you see. As far as I can tell, the FitBit app filters for NFC events with MIME type "text/plain". So if your NFC tag contains an NDEF text record, it will likely start FitBit or, if more apps are installed with the same intent filter for NFC and "text/plain", an app chooser is shown for the relevant apps.
Try scanning another tag with different content or change the content on your tag to a different type of NDEF message and see what happens.
I have an app with a specific intent filter for one of its activities:
<intent-filter>
<action android:name="android.nfc.action.NDEF_DISCOVERED" />
<category android:name="android.intent.category.DEFAULT" />
<data android:scheme="duckapp" />
</intent-filter>
If a scan a tag with an URL starting with duckapp://, my app's activity is started directly even though I have other NFC apps such as TagInfo installed.
I don't know for sure. But it seems that if one activity has a more specific intent filter than all the other apps, it's directly started.
If anybody knows about a precise documentation of this mechanism, I'd be glad to hear about it.