I am doing a MDM, in this moment i am checking some features to see if these are possible to build in android, i have searched about enable/disable java script, popups and cookies programmatically but apparently the web browser is the only that manages these settings, i would like to know if someone has reached enable/disable those features throught programatically.
See access android stock browser settings - AFAIK no APIs exist to update these settings from within the web page (imagine the badness that a bad actor could get up to by enabling popups)
Related
Android introduced the App Links with Android 6.0 Marshmallow to provide a more secure way of launching a specific app from a (https) link.
Further, I thought Android App Links covers main vulnerabilities exposed by Custom Schemes.
One of the major vulnerability is that a malicious app waiting to intercept the same URL with a similar intent filter. And then the OS will show the Ambiguous Dialog to the user to select which app to open the link.
See: Measuring the Insecurity of Mobile Deep Links of Android
The App Link URL should take the user straight to the app if the App Link has been setup properly as per the documentation for the Android AppLinks.
However, I found that this may not always be the case. For some devices, the "Ambiguous Dialog" could be shown for the first usage of the App Link URL.
Why ?
There is this strange setting called "Go to supported URLs" under the App setting -> Set as default below App Links sub heading which App Link depend upon. This setting allows the user to change the App Link behaviour. It gives three options as below.
In this app
Always ask
In other app
The strangest thing is that the default for this setting will be different from each vendors devices.
If the setting is not "In this app" then the OS will show the Ambiguous Dialog with at least your own app and browser.
Question?
Is there a way of preventing the setting being changed (prevent URL being intercepted by any other app)?
Is there a way of setting the default to 'In this app' or change the setting programatically to 'In this app' to prevent being intercepted by other apps?
We make industrial machinery and ship it with Android devices (just like cellphones without the phone) with an installed app that we write to remotely control our equipment from the factory floor.
One customer requested that we interface to some of their equipment which they expose through a web server. I added a feature to our Android code which invokes the native web browser on our device. This works but they want the URL the browser is pointing-to be be hardcoded (or hidden) so their workers can't alter it. Is there a way to do this programmatically from our app?
Alternatively I could use a WebView. When I experimented using WebViews here at our shop on various commercial web pages, getting the scaling correct for any arbitrary web page was problematic. What would I need to know about the customer's web page to make sure a WebView would work with their page?
EDIT: Several responders have suggested a WebView and giving the user the option to manually scale it. The users are factory workers in a production setting, so making them take time to scale would probably not please the customer, and besides they're wearing gloves - all the controls we expose are "fat" buttons - so scaling would be hard. Really this should look right the first time they see it. The customer's production facility is on a LAN on the other side of a firewall in another country so I can't access it from here. Do I need to be able to reproduce it locally do do this right?
In this case, I would definitely use the webview. There's just not going to be a way for you to prevent the native browser from potentially changing URLs.
To handle zooming you could just let the users zoom appropriately for themselves:
webview.getSettings().setBuiltInZoomControls(true);
I don't believe you can block the native browser from accessing other url's, so WebView is your best bet.
About what you need to check, I'd simply check if their website is scaling properly on mobile devices. If it does, it should behave the same in a WebView. Simply visit the website from a mobile phone/tablet or have a look at their page's code.
Providing the ability for the user to zoom as suggested by iismathwizard is an excellent idea as well.
Best of luck ;)
How can i edit my cookies in chrome on my iOS/android device?
please clarify your question. This seems very broard.
However,
"This article applies to Chrome for Mobile.
Adjust the type of content that websites can show and the information that they can use to enhance your web experience.
Touch Chrome menu > Settings.
Touch (Advanced) Content settings.
The information below applies to all mobile devices
Block pop-ups. Prevent websites from showing additional windows automatically.
Accept cookies. Websites can store small files on your device in order to save your preferences on websites or keep you signed in. Deselect to prevent webpages from storing cookies on your mobile device.
The information below applies to Chrome for Android only.
Enable JavaScript. Many web developers use JavaScript to make their websites more interactive. Sites may function correctly only if they can run JavaScript on your mobile device.
Voice and Video calling. Allow sites with media functionality, such as video conferencing, to request access to your camera and microphone.
Google Translate. Translate pages written in other languages.
Google location settings. Allow sites with location-specific content to ask whether you want to share your location using your mobile device’s location information.
Website settings. If you want to clear location permissions or local data stored on your device for a specific site, touch this option."
For those who's still looking for an answer here is an instruction for an iPhone:
You can't see cookie data on the phone itself, but if you activate
Settings > Safari > Advanced > Web Inspector you can connect the
iPhone to an Apple computer with a cable and open Safari. Activate the
Develop menu in Preferences > Advanced > Show Develop menu in menu bar
Now you can open a page on the iPhone and then select Develop >
your_phone > the_page on the computer to see an inspector for the page
on the phone. The second icon at the top is for storage and will show
cookies for the page you show on the phone.
Source: https://apple.stackexchange.com/a/75186
If you are still looking, I made a Firefox extension called Cookie-Editor that also works on Android phones. It is similar to EditThisCookie.
It lets you create, edit and delete your cookies as well as importing or exporting them.
You can find it here: https://cookie-editor.cgagnier.ca or directly on the firefox store here: https://addons.mozilla.org/en-US/firefox/addon/cookie-editor/
I have a number of Drupal 7 websites (http://drupal.org) that have a mobile theme with JQuery mobile (http://jquerymobile.com/) for users browsing with smart phones or tablets. Although this provides a great mobile experience I would like to create an app for the Android and Iphone that uses a few built in features for content creation (mainly just the camera on node creation). I have eclipse and the android emulators all installed and have an installation of Phonegap working for Android testing. Here is where I need some advice on the best approach to my particular problem.
Basically each app can be almost entirely just a webview (easy), but I do need 2 features which should add enough uniqueness to make it able to get approved in the MAC app store.
Ability to add nodes using a REST service (along with phonegap) have access to the use phone’s camera to populate an image field.
A start or front-page has a fast login, and allows instant access to add content (all assets stored locally on phone, so even if the phone is offline, this page will still come up).
Ability to go from the regular mobile site (webview) back to the local node creation page (with access to the camera) or frontage.
Ability to pass something to the webview so I can hide content creation links that access the web version of node creation forms (which would not have the camera for example).
Here is where I’m confused. I don’t want to recreate the entire site and retrieve all the data using services (lots of tutorials and stuff I’ve seen are doing this including DrupalGap - http://drupal.org/project/drupalgap). That seems like a ton of redundant work that will require lots of continuous updates when the site is upgraded and changed with no real gain other than speed (For this it’s ok that it won’t be as fast).
For my mobile apps, when a user wants to view their profile, look at various pages etc, that should all happen in a webview, I only need services and the typical approach to mobile development for the front page, authentication and node creation. The rest should happen in a webview. So what is the best way to switch between adding nodes and authentication using a service and just going to a regular webview? Should I try embedding a webview in a page and having a small menu on the top that doesn’t’ change which links to the add content and login?
How do I setup the session for both the webview content and the service? Or how I can I force authentication through REST and then pass that on to the webview?
You don’t have to answer each one of those directly, I would just like some tips to get me started in the right direction. So far I’m thinking I create a “frontpage” for the app with all it’s assets stored locally on the phone, which has a login which authenticates through a web service (REST). After you login it shows the link to add nodes and a link to view the webview. The big question is how I use the same session for both and how to navigate between the 2 well?
I accomplished the goals stated above, by have the login use a REST service via jquery mobile in a regular html page (like this tutorial http://tylerfrankenstein.com/code/android-app-with-drupal-7-services-phonegap-and-jquery-mobile) this is also where the create content links can be placed. When you want the user to be able to open the "regular" mobile website and already be logged in, use the childbrowser phonegap plugin (https://build.phonegap.com/docs/plugins). Users can close the childbrowser and go back to the main dashboard by clicking the X, or you can create a listener that responds to them vising a specific URL (like the homepage).
is it possible to programmatically access the website that is currently displayed within the Android browser?
As far as I know the native Browser doesn't handle plugins (please correct me if I'm wrong), so I thought that reading the browser cache would be an option.
Is there a more sophisticated way to get the currently displayed HTML?
Thanks in advance!
S.
is it possible to programmatically access the website that is currently displayed within the Android browser?
That would be a security violation, so, no. Also bear in mind that there are several Web browsers for Android.
As far as I know the native Browser doesn't handle plugins (please correct me if I'm wrong)
The standard browser app supports plugins, but not ones downloaded on the fly. So, for example, it supports the Flash plugin (on Android 2.2+), but you have to install Flash separately first.