is it somehow possible to create an Android application / service that blocks an URL (or a list or URLs)?
From what I have searched here on StackOverflow and on Google it doesn't seems possible:
https://groups.google.com/forum/?fromgroups#!topic/android-security-discuss/ciepvxyn8UY
However, Norton Safety Minder somehow "blocks" certain websites, although:
It lets the page load entirely before redirecting user (any idea on how they do it?)
It only seems to work for the stock browser (any ideia why? maybe they are listening for changes in the browser bookmark history?)
is it somehow possible to create an Android application / service that blocks an URL (or a list or URLs)?
Not really, for unrooted devices. With root, you might be able to rig up some iptables stuff to route things through some transparent proxy.
It only seems to work for the stock browser (any ideia why? maybe they are listening for changes in the browser bookmark history?)
Given the one Play Store comment ("Going incognito mode bypasses the Web filters. Please fix."), that would be my guess. Script-kiddie techniques like that are never going to be reliable.
Related
When browsing around in Chrome for Android, Lastpass pops up with suggestions if it recognizes the URL as one you have associated login details with.
How does it know which URL Chrome is looking at? I know that Lastpass makes use of Accessibility Services, but I wonder how it queries the current URL from Chrome.
PS. Apparently it only works for Chrome (it doesn't pop up in Opera for example) so it might be something Chrome specific.
LastPass on Android asks for Accessibility permission with canRetrieveWindowContent true. This lets it traverse the current view hierarchy, and access the views as AccessibilityNodeInfo objects.
Accessibility API lets you search nodes by the text displayed on the view, and also gives you java class name of each such view. AccessibilityNodeInfo#findAccessibilityNodeInfosByText
The feature doesn't work on Opera probably because the devs never handled the view hierarchy traversing logic for it.
Check out https://developer.android.com/guide/topics/ui/accessibility/services.html
I general using javascript, apart from Andoid functionality, and with some hacking, it is possible to get references to all open windows (and for instance get their URL). See this answer from 2009.
I'm developing a web app and I have an url that has the word "feedback" in its path. When I tap it, Chrome for Android asks me whether I want to open it with Chrome, with Firefox or with RssDemon (an Rss app I installed).
I played with the url bit by bit until I realized that it's the word "feed" in the URL what triggers that behaviour. It doesn't have to be at the beggining nor at the end. Anything like "feeding animals" or "linefeed code" would have the same effect.
I don't want to have to change my urls to avoid that.
The problem is not in the web app in any way. It's all the fault of RssDemon, the RSS android app. After uninstalling RssDemon, the problem goes away.
It seems that RssDemon set up an URL intent filter so that links clicked on Chrome that had the text feed in them opened with RssDemon. Being a link, it's likely that Android also offers Chrome & Firefox as options to open it.
The bad thing about that is that I can't do anything in my web app to avoid such a behaviour. The good things is that I don't have to :-) . It'll work fine for anyone without an app like RssDemon that installs such an intent filter. And you can't really protect from those, any app could set up a filter for any pattern and it'll be up to the user to decide then.
So lets say there is a fully functional responsive ruby rails web app. This app works and looks great on mobile phones. Unfortunately, this web app can't be seen from the mobile phone app stores, because it's not a native app. Technically you could place an icon on a smart phone that opens up the browser, but obviously this is not optimal.
Is there a way to create a native app (Android, iPhone) that is essentially just a browser, without the navigation bar? This browser's wrapper would just load the web app and behave just like you had opened up the browser.
I have looked into options such as Phonegap and Titanium, but it seems there would be a significant amount of rewriting, and there are very little funds for this.
I don't really know iOS, but doing it in Android will be really easy.
First, this is your activity:
package com.example.my_browser;
import android.app.Activity;
import android.os.Bundle;
import android.webkit.WebView;
public class MyActivity extends Activity {
/**
* Called when the activity is first created.
*/
#Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
WebView browser = (WebView)findViewById(R.id.browser);
browser.loadUrl("http://google.com"); //Replace google.com with you webapp's URL
}
}
This is your main.xml layout:
<?xml version="1.0" encoding="utf-8"?>
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
android:orientation="vertical"
android:layout_width="match_parent"
android:layout_height="match_parent"
>
<WebView
android:id="#+id/browser"
android:layout_width="match_parent"
android:layout_height="match_parent"
/>
</LinearLayout>
And you will need to request internet permission in AndroidManifest.xml:
<uses-permission android:name="android.permission.INTERNET" />
I just tested this in an emulator and it works.
This answer is for iOS.
You can have an icon of your website on the home screen of the device without writing a line of code (no UIWebView, no native coding, no XCode).
Download iPhone Configuration Utility from http://www.apple.com/support/iphone/enterprise/
Start iPhone Configuration Utility and from the left menu select "Configuration Profiles"
In the General section of your new profile fill out the Name (MyWebsite app) and identifier (com.mycompany.coolapp). You can add also organization name and description.
Scroll down and select Web Clips section.
In the Label field you can enter the name that will be visible on the home screen.
URL will be the URL of your web site / web app.
Select the icon to be used as a home screen icon. Use at least 114x114 pixel resolution.
If you select "Full screen", the navigation bar and the address bar of Safari will be hidden when you launch your web app, so you can have a real "app".
Click on the "Export" button. You can decide whether to sign your profile (will be visible by the end user when he installs your profile).
Save the .mobileconfig file and upload it to your web server or send to your end users via mail.
When the end user opens the .mobileconfig file on his device, the system will ask him to install the configuration profile. After the installation a home screen icon will be created that points to your web site.
Update as of 2017
iPhone Configuration Utility has been replaced by Apple Configurator that you can download free from App Store. You can create a new Configuration Profile the same way as described for Apple Configurator, selecting File -> New Profile in the app.
edit 2
As #MrTJ said in the comments. Apparently Apple won't let you have a simple "website wrapper" application. So your only options would be porting Ruby, like the rest of my answer describes, porting the application natively, or doing a web app like #MrTJ describes in his answer. Porting it natively, supported by RESTlike web services, would probably be the best solution. Web Apps are nice, but native applications are usually nicer. It depends on what kind of user experience you want to provide.
end edit 2
edit 1
I need to read more carefully. I answered your question assuming you wanted to embed the application, without needing to access the internet. If that is NOT what you are trying to do, then it is definitely possible.
Just make an application that has a webview and loads the base URL for the site. You will probably want to do a special version of the site that ALWAYS has back buttons etc, so the user can never get stuck in a corner of your site (since you want the navbar hidden).
Also, personally I would not do this, you can, but you probably shouldn't. You will need to handle what to do when the user does not have an internet connection. And you may make them less than happy when they (potentially) paid for an application that they can't use everywhere. Native Applications tend to sell/perform much better.
end edit 1
My Personal Reaction to This Question
Cool Question. Personally I am not a fan or Ruby or Rails (I'm a bit more of a Python guy, but Python is actually why I know anything about this situation), but this is a pretty cool problem regardless.
Questions to ask yourself
Is this possible? Probably
Is it a good idea? Probably Not
Is it going to be worth the effort? Probably Not
And most importantly, will Apple let you sell it? ....Maybe, but for something like this, you won't know till you try....
What you Need
A WebView that uses a protocol to talk to your native application. This would be like the URL hash tag hack used to talk to an iFrame in a browser, or the protocol that PhoneGap uses to communicate with it's WebView
Embedded version of the Ruby Interpreter. People have been doing this on iOS with both the Python and JavascriptCore interpreters. Some people will try to tell you Apple won't let you do this, but that is no longer true. You will need to compile Ruby specifically for iOS, this will probably be annoying, but I bet if you base your implementation on the Python/Javascript implementations, you could eventually get it working.
edit
Another SO question/answer with relevance to this answer
Embed a JavaScript engine in an iOS application
end edit
Embedded version of Rails... Good luck :)
Method of triggering the Rails app without a web server (you probably can't run apache locally on an iPhone (would be difficult and would probably crash immediately), and definitely not on Android). You will either need to trigger each view manually somehow, piping the output to either a string or a file, and load that string (HTML) or file into the WebView
Method of triggering navigation in the Rails application. This will require catching link presses from the WebView (you can watch for the URL changing on iOS), and triggering the proper Rails view to produce its HTML.
Problems
Ruby and Rails are both VERY HEAVY. Most implementations I have seen require at least 256mb of RAM, iOS will instantly kill your application if it tries using this much memory at startup. Android will probably handle it far less gracefully and just crash unexpectedly at some point in the application run.
Android does not run Native Compiled code. This means you will need to run JRuby, which will leave you with an interpreted language running in an interpreted language (read as, Slow As Hell On a Mobile Device).
This will require writing MORE Ruby, some Javascript, and MORE Java or Objective-C. So in other words, Don't. Figure out what your application does, and port it.
Key Learning
This is will probably take way more effort than any sane developer would ever want to spend on a 'simple web application'. You will be far better off learning Native development, since that will be required to get this job done anyway.
Yes, for iOS simply load a UIWebView fullscreen and change the UIWebView's current URL to whatever the location of your web-app is. launching UIWebview with specific url
I don't know anything about android but apparently it's the same process... Here ya go: How to set url on WebView from a xml layout file on Android?
To communicate between iOS app and your website you can use stringByEvaluatingJavaScriptFromString mentioned here: Passing Javascript Variable to Objective-C
To do this with Android refer to the other answers to this question where they have already listed the code in their answer.
I want to us an Android-powered Pad as an information terminal for my customers.
The only thing it has to to is to show a HTML5 Webpage.
Therefore,
1. it should not be posiible to show another website (only the local one), should be no problem
it should be only possible to leave the app with a password (how?)
and all buttons should be disabled (that´s hard).
I found out how to set the target for the home button, but maybe there is an existing solution.
Thanks
Christian
I assume you understand the easiest way to do this is to develop an Android native application to show your webpage. This is done by using a WebView, but the support of HTML5 depends on the platform, so if you use any video or audio, you may need some hooks.
Trhough a WebView, you can filter which urls can be opened or not.
And well, I don't think there are many problems on exiting only when a password is entered.
Regarding to number 2, AFAIK, you can let your Activity ("window" of the application) to handle most of keys, but obviously you can't map the power key.
But I have to confess, when you develop an application, you always find some issues... so probably is not that easy as I wrote in these lines... Good luck!
I'm working on an application that requires support for forward locking of media files on Android (1.6 and above). Of course, there appears to be no documentation in the APIs on how this might work.
The two questions I have are firstly whether forward locking is supported on Android (and in which versions of the platform) and secondly how to implement it in a program that, for example, downloads DRMed ringtones and wallpapers.
Android isn't that big on DRM, because of the open source heritage of the product. I think you'll have to implement any DRM solution yourself.
Forward lock means that your application offers no way to use protected content on other devices. Literally this means that your application must not have functionality for forwarding (sending) protected content to other devices or for writing to a file system or something else like that. For an open platform like Android that as well might require encrypting/obfuscating your applications content store to prevent access from other apps or from a USB-connected host computer.
A forward lock is identified by a flag in the media metadata (format is media-dependent IMHO). The content is not encrypted. Thus a forward lock is a simple check per content item to disable forwarding functionality as needed.
The whole concept came from and worked with closed embedded devices (like typical mobile phones 5 years ago) and sounds strange with open platforms like Android.
You have to ensure the applications which may want to transfer content to another device via bluetooth etc dont get the permission to transfer it.
OMA has defined how forward lock works. Hence that way you are sure of what has to be done.
You have to check the header information of the content to get information on whether it has to be forward locked or not.