I'm a non-android-programmer who needs to employ/partner with an android developer or development team to implement a project. What I am interested in knowing is how difficult my requirements are likely to be to implement. I have already approached several developers but so far haven't got any answers beyond "sorry we don't have time now" or "we'll get back to you". I believe it would help me to find a developer if someone could give me some indication of how difficult this project will be to implement.
There are two main requirements. Firstly, the software should monitor usage of the device (it will be a tablet computer) so that usage is recorded and regularly transmitted to me (e.g. by automatic email of a datafile). By usage I mean I want to know (a) what apps are installed and when, and (b) what apps are in use (in the foreground) and when. Secondly, the software should be able to restrict usage of the device so that it can be configured to only be able to run certain apps, and only at certain times. At other times it should be unlockable. It doesn't need to be hacker-proof, just child proof.
Skeptics will want to know why I want malicious-sounding spyware written for me: my attentions are good - I'm a child psychologist and we are planning to run a study where we look at how very small children use tablet computers in an ordinary family setting. Basically I will be handing tablets out to parents of three-year-olds: the parents will know exactly what we have done to the tablets.
To avoid asking too vague a question, I guess I could specify even further: is this even possible without a rewrite of the operating system itself (in which case I guess this is a big job), or can this be done more simply? Perhaps there is already software or libraries available which do this?
Certainly it's feasible, and I don't see why it would be as expensive as has been suggested. The key is that you need this only to be child-proof: that's far easier than making it hacker-proof.
All you'd need is a system service to log and transmit various events, and a replacement home/launcher app to prevent launch of unwanted apps. Simples.
This question already has answers here:
Meaning of Choreographer messages in Logcat [duplicate]
(5 answers)
Closed 8 years ago.
I am building a new game with andengine and for some reason i keep getting this debug statement in the logcat:
01-31 21:29:50.503: I/Choreographer(697): Skipped 152 frames! The application may be doing too much work on its main thread.
Im not really sure what is causing this error exactly during my game. I am checking a lot of collisions, but they arent initiated until after the game play scene has started.
I also noticed on my galaxy S3 the game causes my phone to "flicker" when swiping changing home screens and pulling down the task bar at the top.
I think this error has something to do with it, but i am not sure. What do you guys think?
Also each time the user goes to another level i initialized the collision detectors all over again. But i dont unregister or stop the last collisions that were started. I thought they would be automatically cleaned up when the new one is initialized.
What do you guys think?
It sounds like you're aware of what the message is telling you, i.e., your frame rate is lagging. Your follow up question, "why?" is going to be impossible to answer without more information. You've provided some possibilities: is it the collision handling? Is it processing of unnecessary collisions? Is it some problem in the scene transitions? The answer is, maybe. Maybe it's any of those things. Maybe it's something else. At the moment all we can do is guess, because we're not looking at the code.
But the good news is, you're not without recourse! What you need to do is test your code and find where the bottlenecks are. A good place to start is to throw in some calls to clock the milliseconds between blocks of your code that you suspect are the problem. You may discover that things you'd assume we're slow are actually happening pretty quickly, and conversely, things you thought were fast are happening slowly. Focus on the latter! Put more calls in there to see where exactly things are taking longer. And look at your code to see why it might be running slowly there. Are a lot of objects being instantiated there? Is it reading from disk? Etc.
When you're ready for them, there are some great third party tools to get deeper into the testing, but it's worth spending some time to clock and review your own code first. You have the advantage as the author of suspecting where the problems may be. Start investigating!
Side note, I'd provide some links to third party tools, but I'm writing this from a jacuzzi. I'll update later.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed last year.
Improve this question
Is it really important to know algorithms to build mobile applications? I have strong understanding of development tools and design pattern as well as strong knowledge of OOP and MVC.
So, is it required to know hardcore algorithms to become a good mobile application developer?
I can understand that if you want to create games then YES it is obvious that we must know all the AI related algos to be competent. But I am asking for just simple data driven application building.
Every computer program you write implements an algorithm or a set of algorithms. If you are concerned with the quality (deliberately vague term) of your programs then you have to be concerned with the quality of your algorithms.
For example, if you want your program to be fast (which is a quality that a program might have) better choose a fast algorithm than a slow algorithm for the same problem. If you want your program to fit into a small amount of RAM (another quality factor) best choose an algorithm which operates in a small amount of RAM rather than one which gobbles it up by the GB.
So, critical knowledge for a software developer includes the knowledge of how to analyse an algorithm for speed, memory usage, and all the other quality factors you might be interested in optimising. One way of analysing an algorithm is, of course, referring to texts which tell you what you want to know.
I conclude with the assertion that yes you do need to know hardcore algorithms to be a good developer, I don't see any reason to modify my belief when it comes to mobile applications development. Of course, I don't expect you to know all about all the algorithms there might be, but the principal ones found in all the basic text books, and the ones which are specific to your application domain, hell yes you gotta know those rascals !
I think it's irrelevant being for the mobile area or not. You should always try to achieve the best possible solution (there aren't perfect ones). In the mobile area, particulary, performance is very important, because we are talking about small devices, that although in recent years have been getting a major hardware boost, you should always take special care. I always use memory leaks to check if something is wrong with what I do. I also check the heap memory to see if there is something consuming too much memory. Battery is also a concern and you should also test if your application is using too much.
At the moment I am really focusing on the architecture of the application, a working application in the current standards (at least on my owns) is not enough. Knowing patterns is a powerful tool, and you should read about those (one of the best is this one). Maintenance's costs are a major factor these days, and you should try to achieve the maximum code reusability and cleanness. Always assume that the client will change spec and always keep in mind that someone else in the future will maintain your code, so avoid long methods and over complex code (unless you have to do it). Also remember to leave comments, even if something is really simple, be humble... In a month you might not now what that "simple" stuff did. Those things are fairly easy to achieve when you are starting a project from scratch but a pain when you need to start thinking about those when the project is going to production in one week..
So as for your question: is it required to know hardcore algorithms to become a good mobile application developer?
My answer is: No, it helps, but there are others important parts when developing, besides algorithms.
Good algorithms can have a direct impact on battery consumption for your phone as well as how much of a memory footprint it has. Every developer should strive to use the best algorithm possible, but that doesn't mean it is absolutely necessary.
The smaller and more resource constrained your platform the more important it is to know algorithms. So on mobile it would be even more important.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
So we've been through this several times now, we release a game (for cheap) and someone hacks it and puts it up on a mirror. We setup Google Alerts for all our apps, so we get told daily who's doing the hacking. So far, we have implemented the licensing service as Google has suggested, our salt is randomly made each time the license is initiated with the unique device ID. We run the check service once, when the application is started for the first time. We then generate a 512 character hash for the key and the stored value that is compared against in SharedPreferences from there on out.
Now, I know that checking once is probably where the application is being blocked. Our bytecode has most likely been looked at and recompiled without the line that initiates the check.
From here, I don't want to obfuscate our code as I have seen it broken before. I want something a little more solid, and I also want to learn how to do this properly. I am more interested in learning than making money at this point since only 2% of people will ever look for a hacked version.
So far, on my own, I have come up with a random number generator that is placed in several startup areas of the game. When initiated (say, 1 out of 50 times) the license is checked. I know this would make it harder to hack because the cracker would have to eliminate each case, compile, eliminate, compile. This method however, is still crackable...so what do you guys suggest? Again, I am really interested in this process of security, so please educate, don't turn this into a discussion on obfuscation or checking periodically based on a timestamp.
Thanks
My idea isnt hacker proof, but might remove some of the interest for hacking the game.
Freemium model
1) Make the first 5-10 levels free so people can learn the game and have some fun without paying. Less will want to hack the first level and the game will spread even further by Freemium model.
Shareware/clustered levelpacks
2) Let part of the game levels or logic stay online. Eg. when reaching for level 5 or 10 or 15, then download small parts for the game, and every time submit the progress-log from the game and validate this against possible values + hashcodes. This could perhaps make it possible to automatically close down of hacked accounts.
Stealth cheater protection
3) You could also just count "small warning flags" that you place around in the game. Dont just check for the "validation" in the beginning, no build these flags into the game logic itself. Dont make it break the gameplay, because then noone will look for it.
Then when the user reached the end of level monster, check if there were any logged warning flags. These will not show up inside the game, so the unknowing user with a hacked edition could be playing for hours/days and suddently realize that he/she couldnt finish the game or advance to next level, because the game had a "bug". What the user didnt know was that this bug only occures on hacked clients.
Conclusion
Be smarter than the crackers. Fool them into thinking the job was done. Make a copyprotection and know that the more advanced crackers will be able to remove it. But they probably dont want to play 50 levels to check if the crack also works all the way.
Once they realize this problem, they might start to crack it too. But if you break the game up into level-packs, you can still validate between each pack download. So once you receive hacked client hash data, then just execute an exeception and crash the game on the client. Whoops the game crashed. Dont tell its because its hacked. A program error can happend. :-)
Again, its not hacker proof. But it might annoy them enough to move on to the next game. Lastly, you could also put out regular updates for the game and only the latest version should be able to "post the records" etc. so the active users would have to update to keep in the loop.
I have been doing some apk decompiling and hacking for a while (not warez, but mods and hacks mostly to the google apps and the android framework, always abiding xda-developers policies).
Once you learn to read smali, it is almost as reading the original java code (but with way more LOCs). So, any code you add to check for keys can be found and deleted or replaced. You don't even need to recompile each time to eliminate more than one (some searches do miracles to find similar pieces of code) and, even if compilation/recompilation cycles are needed to find them, it's just a matter of one or two minutes to decompile: everything is automated by apktool and even more by apkmanager.
Having said that, my suggestion to you is to implement some sort of online scoring table or similar, and when the user looks at the score table online, you can check the hash code you implemented and compare it with the associated gmail account. That way you can report the hack to google and send a nasty message to the user of the warez, explaining why that is illegal.
Of course, a new hack could be implemented to eliminate the scoring table, but that would reduce the interest for the warez.
Good luck.
Update
After researching to answer this question: Injecting code into APK (really about the Amazon DRM mechanism), I can tell a little bit on how Amazon is protecting the apps: it includes methods for checking for the installation validity everywhere (you can see an example of how they do it in my answer to that question). This will make any attempt to hack an app not very difficult, but extremely tedious. I believe that is a strong point: hackers won't want to spend so much time doing so many repetitive tasks: it's not challenging and it's boring. The main flaw I see in that approach is the possibility to hack the Amazon app itself to always return a valid answer, of course. But, if you mix your current hash checks with some sort of online check scattered among your methods, I believe the chances of it getting hacked may be drastically reduced.
Taken from my solution from this post Avoid apk cracked
Implement your own licensing library
I'd also refer you to check out this from Google I/O 2011 YouTube recording:
Evading Pirates and Stopping Vampires
EDIT:
The Presentation Notes from Evading Pirates and Stopping Vampires
Some basic keypoints
Modify the LVL
Implement LVL Tamper Resistance
Use obfuscation
Add reflection
I know you're not really into obfuscation, but I really need to react to this:
From here, I don't want to obfuscate
our code as I have seen it broken
before. I want something a little more solid, and I also want to learn how to do this properly.
ProGuard is very reliable in my experience, and this although I use a couple of advanced features such as AIDL and some native code which calls Java method.. It takes a little work to read the documentation and do things properly, but once you're there ProGuard is extremely reliable and also optimizes your app.
Custom security/cryptographic tricks are good, but without obfuscation it's like throwing a stone in the water in my humble opinion.
I've used ProGuard in production for many months, and it just works flawlessly.
If you're into learning, then read the ProGuard manual carefully, experiment with it, and inspect its output logs.
Chance, that there are more talented programmers then YOU (applies for all programmer), is 100%. And if that is true, you can not fix hacking. But you can spend as much time and effort on it to go bankrupt.
If you want to make some serious money you need to do some research on your target user group, and behavioral science. You need to make users playing that bring in new money, and thats it.
Besides, you got it all wrong. Hackers are most active members of your user base, thy just behave in a way you did not intend them to.
Take Zynga games on Facebook for example, do you think thy get hacked? - Sure, and about +100000 players only play, because thy can use bots, that automate everything.
Having huge active user base botnet of actual people, makes archiver type gamers want to play the game - and if thy play, and it looks cool, then Avarage Joe will also want to play. If Avarage Joe plays, then his friends might want to play, and thy probably will not care anything other, then being better then his/her friend, killing time or having something to chat about. Avarage Joe friends will most likely be willing to pay to be better then Joe, but rather thy would like to invest in something that makes them able to be better.
Besides if the real value is playing the game for free, then users who use the free hacked version, will most likely never would have payed for it. But thy are Avarage Joes and their friends just might. So this is like the cheapest commercial you can have. If you want to make money of your large userbase, then just make new versions of the game with small changes to levels and graphics.
Piracy will always be an issue. By in large crackers are better at playing this Security Though Obscurity game than developers.
What an interesting and disturbing question. :-) As an exercise, you might try releasing an app through Amazon; they have their own DRM mechanism; I wonder if it works any better than ProGuard...
One of the key elements in my opinion is to spread out the code so it's not all in one place. If you have a function called LicenseChecker.checkLicense() which retrieves the license and checks it, you can be sure it will be disabled promptly.
The one advantage you have is that the crackers cannot see the comments of your code (and, if you obfuscate, method/variable names), so come up with something weird. In the onCreate() of one activity, you get the license ID. In onResume(), you get another value to check it against. Maybe create a thread and do some checks there. And then, some other irrelevant piece of code (maybe the player control) might pick up the value and compare it and store the result somewhere. Then three other irrelevant pieces of code will all independently check that value and disable your application if it doesn't match.
Now I should say upfront that this can cause headache for yourself - obviously, cluttered, nasty code is harder to debug and prone to cause errors. Worst case, you create false positives in legitimately purchased applications.
And, of course, everything can be reverse-engineered - once the crackers find the place where the app is disabled, they trace back the value that's being read from. They could then trace back where it's being stored, and trace that back..... or, much easier, they can just disable the final check (which is why I recommended 3 different places, all triggering delayed). Security is only as good as the weakest link.
You will not be able to stop piracy. Your best bet is to delay the spreading of a pirated copy until the initial hype about your app has calmed down.
First, I do NOT consider myself a pro in the SW security field whatsoever, but:
I think an important thing is to let the application be dependent in some part(s) on the signature check. Don't let it affect immediately, but let it set some flags or change some values. later on, use those flags, check them, let the absence/incorrectness of them cause an exception of some kind which will terminate the application maybe. As long as the signature check is only relevant at the moment, it is easy to bypass it, to remove the line, once it touches more areas in the code, your application becomes harder (or less easier...) to hack. Also as I see it, not all checks should call the same routine for the sanction, because this will also make it easy to find the protection mechanism and terminate it.
Of course, the sanction to take in cases of illegal SW may vary, you might want to crash the application when used illegally, but you might as well want to keep it running, and only send message that asks the user to buy a legal copy of the application.
If this is just what you didn't want to hear, then I'm sorry for your time :)
Android users are just going to have accept the pain of constant phone-homes. The only secure Android app is an always-connected Android app.
This is, in large part, due to Google's refusal to lock-down the installation, like Apple has. On IOS you have to jailbreak the phone. On Android you can load any APK on a stock, factory install.
Keep some/most/all your content on the server; deliver it in chunks; validate the license/session on each call.
It will be incredibly hard to inhibit this kind ov behavior. Anything that is handled on the client-side is hackable using APK decompilation and modding, memory editing with software such as Game Guardian ect.
The only way I can see how partially getting around it, would be to make an online game instead. Or have certain functions handled online. Or if anti-tamper encryption like denuvo ever is available for Android / iOS.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Tomorrow I am buying an HTC magic phone on the Rogers network. Since it runs android (the only reason for picking this phone :) ), I was hoping to do some playing around with it, writing applications for it and the like. But first of all, how? Do I need some special cord? I know about the android SDK, but how do I even get started?
And, the main point of this question: I've never programmed for anything besides a website or a PC before. What is strikingly new and exciting about writing software for a phone? What are some things I should try to write, which aren't too difficult, and will maximize my "OMG AWESOME" moment density per unit of time?
Oh, one more (possibly stupid) question: What language do I write in? Java...right? Is there any other languages or frameworks I can use to write for this phone?
Note that there's nothing special about this phone: It's not unlocked anything, I didn't order it as a developer phone from Google, I'm buying it out of a Rogers store on a three year contract.
You can phone up your significant other and talk.
Here's what you need to do:
install Eclipse and the Android SDK
work through the dev guide, tutorials and documentation at developer.android.com
join the Android Google Group
Once you're done with that, you should have some ideas on how to proceed. Good luck and have fun!
The big difference in writing software for a phone is the constraints placed on you by the hardware. Forget creating masses of objects and throwing them away. That takes memory and your garbage collecter will end up taking too much processing power away from you to clean up after your mess. There are a number of good videos and tutorials up at developer.android.com which give you more info on how to code 'tightly' for low memory/processor environments. It's actually great fun - you have to think a bit harder about what you are doing than if you are coding for a more powerful environment like desktops.
As for the android OS itself - I think it is fantastic. Just brilliantly designed for something like cellphones. I love the way they use intents to trigger things. Seriously, go take a look at all the tutorials and then play. If you like well thought out software then you'll love android.
I found this book quite handy for rapidly getting into coding on android.
Android book
I'm not a java developer by trade so I can't be sure this guys coding style is a god Java style but he does touch on most of the main topics you need to get started with android. Do the Sudoku example in full - don't cut and paste, actually code it from scratch with the book as a help.
You can take a loot at apple iphone app store, there are thousands of cool apps already, some of them are indeed OMG.
Language - java is the most commonly used.
You can visit the official website, it has a lot of your answers.