How can i access a database which is in a different application. I want to access the data and use it for an other application how am i suppose to do it. I dont even have a clue how to access data from a different application please help.
Read this article:
"Application modularity – The Android system allows applications that are signed by the same certificate to run in the same process, if the applications so requests, so that the system treats them as a single application. In this way you can deploy your application in modules, and users can update each of the modules independently if needed."
"Code/data sharing through permissions – The Android system provides signature-based permissions enforcement, so that an application can expose functionality to another application that is signed with a specified certificate. By signing multiple applications with the same certificate and using signature-based permissions checks, your applications can share code and data in a secure manner. "
please use content provider for accomplishing the same
Do you know about content provider?, you can implement the above functionality by using this.
For example, Calendar, Contacts are doing the same.
Check:
Creating a Content Provider
Android SQLite Database and ContentProvider - Tutorial
in Android diff app can share the data with help of content provider
below will help you
http://about-android.blogspot.in/2010/04/content-provider-example-1.html
Stay smiling
Related
I am using FileProvider and Intents to share content from our application to other applications. Using these components can also upload data from other applications to our application. For security reasons, we want to only disable sharing from our application to other applications. Is there a global solution to have this restriction put in place?
Thanks in advance.
FileProvider enables to share content from our application to other applications.
Only by having additional code in your app. FileProvider, on its own, does not do what you describe.
It also provides capabilities to upload data from other applications to our application.
Again, this only happens if you have have additional code in your app. FileProvider, on its own, does not do this.
Is there a global solution to have this restriction put in place?
Do not write the code that implements sharing from your application to other applications.
IIRC your app must "opt in" to sharing its own files on a case-by-case basis. Other applications request files from your application, which must then grant them (temporary) permission and pass them the access URI. Other applications don't get automatic access to your files without asking. If you don't implement the sharing functionality, there is no way for a sharing request to be granted.
If you do want limited sharing you can also set up a policy XML file to restrict which directories owned by your application are shareable.
https://developer.android.com/training/secure-file-sharing
I ran a security test via the ImmuniWeb tool on my Android app APK. One of the observations the tool made was that one of the app contains hard-coded sensitive data. It further said:
An attacker with access to the mobile application file can easily
extract this data from the application and use it in any further
attacks.
There is 'google_api_key', 'google_crash_reporting_api_key', and
'google_storage_bucket' found in file
'android/res/values/strings.xml'
The issue is that this strings.xml file is auto-generated and cannot be edited:
How do I clear this issue?
The data you're referring to is not "private" or "sensitive". This is a standard configuration for Firebase products that get injected into your app as part of a standard app build using the Google Play services plugin. All of those values are just identifiers for Firebase and Google services that need to be known by the client in order to address those services. Without them, your app wouldn't know where to go for information.
If you're using Realtime Database, Firestore, or Cloud Storage in your app, you should be using security rules for each for those products in order to limit who can read and write which locations in those products. That's how you implement security in apps that use Firebase. Trying to hide or obfuscate the configuration isn't going to foil a determined attacker.
I don't know anything about this tool you're using for this security scan, but it doesn't seem to be aware of these facts.
It seems when you download a new Google Suite app for iOS - whether GMail, Inbox, Calendar or whatever - they offer you to log in with your account and already present to you the account you have logged in elsewhere.
The question is both for iOS and for Android.
I know that apps can use Safari or the new Safari WebView (Chrome Tabs in Android) and a permanent cookie to share data between apps. It's a bit clunky, and can be broken by the user deleting cookies. But other than that, it works.
Google seems to be using something else. AdvertisingID? How exactly do they achieve this feat of sharing data on both operating systems?
AppGroup allows data sharing between two different apps or even app and widgets by creating one common shared path (like document directory). Data saved over there can be accessed by any app which is associated with that particular AppGroup. It is an offline data sharing between apps.
Communicating and persisting data between apps with App Groups
On Android:
They probably use Content Providers. As described in this link,
A content provider manages access to a central repository of data. A
provider is part of an Android application, which often provides its
own UI for working with the data. However, content providers are
primarily intended to be used by other applications, which access the
provider using a provider client object. Together, providers and
provider clients offer a consistent, standard interface to data that
also handles inter-process communication and secure data access.
A content provider coordinates access to the data storage layer in your application for a number of different APIs and components, these include:
Sharing access to your application data with other applications;
Sending data to a widget;
Returning custom search suggestions for your application through the
search framework;
Synchronizing application data with your server;
Loading data in your UI.
TL;DR In short, Content Provider is a layer that allows you to share your database with other apps/widgets. So Google Probably has a Content Provider in every app which shares the accounts that have been used on this app.
On iOS:
Now I'm just an Android Developer, but after a quick Google Search, I found this post which talks about UIPasteBoard:
Use the UIPasteboard class to let a user to share data from one place
to another within your app, and from your app to other apps. For
sharing data with any other app, use the systemwide general
pasteboard; for sharing data with another app from your team—that has
the same team ID as the app to share from—use named pasteboards.
I can't assure you that this is exactly the way Google does it. But If I were to implement such thing across my apps, I would use this.
I have an android app with a database. There was one option to export the data in the app to excel files. But now there is an error in export function. So I am not able to get the data. Is there any way to recover the data from the database with out rooting the device? Can I access the data in another app?
Fir security reasons there is no possibility to access a foreign database. The only possibility to access da data of an other app is the ContentProvider of an app.
If the app you want to access does not provide the possibility to access it from external via a ContentProvider, there is no legal possibility.
The only possibility might be the shared user id and sign both apps with the same key.
See this documentation for more details on the topic: http://developer.android.com/guide/topics/manifest/manifest-element.html#uid
I am creating an app where the user does some things during a game, and these actions are logged in a SQLite-database. At the end of the game the app presents these logs through a screen, which are read by the game administrators (like, physically read by the game administrators watching the screen). Is there some ways for the contestants to manipulate the database, and if not, what security measures prevent them from doing this?
The database is stored under /data/data/your.applications.package/databases. Normally this location could only be access by the user the Android OS created for the app. No other user is able to access this location unless the device is rooted. Then any user can access any location on the phone and manipulate the data.
So if you want to prevent users from cheating you need some way to check if the values in the database are untouched. Perhaps you can store some kind of fingerprint on a server to check this.
Yes, you can do it programatically, as long as you are the developer. Here is the Android docs for SQLiteDatabase.
Here are some links for working with SQLiteDatabases programatically:
From Android docs
From a blog
From another blog
The SQLiteDatabase in an application should be 'sandboxed' to that specific application, meaning that no other application should be able to get to that data, as long as the developer didn't provide access to it with a ContentProvider. So to answer your final question, no, there should not be a way for contestants to manipulate the database, except in ways that the developer has already allowed.
Yes, users can examine and change the database when connected over USB via ADB: http://developer.android.com/guide/developing/tools/adb.html#shellcommands
Update:
This only works on rooted devices or official Google Dev devices: Why do I get access denied to data folder when using adb?
Still, this would allow users to access database and change game results. So you can not rely on databse not being accessible..
Unless you issue the devices to users and you carefully watch what they do with them, to be secure against anyone determined, you need to digitally sign the entries in the database using a mechanism hidden in strongly obfuscated application code. And even that only makes it harder.
Note that using a server does not help unless a key part of the game logic itself is implemented in the server; if the user knows how to fake your signing mechanism to write fake database entries, they can also send fake reports to your server.
You can use Proguard to obfuscate your code.
Also have the database be unique with a particular id according to the device id with some sort of server callback, to validate the database.