for some business application scenario, we need to make an application (or a background service/daemon) that sits on an Android device and is activated when person, using any Android browser, comes to a certain website. We control the website content and can put any HTML/javascript/something else in it if needed.
So the idea is that popup window with some message/choice is presented to the user when the user visits the website and clicks something. One idea, which I don't know if it is feasible, is to listen for all HTTP requests (if this hook exists somewhere in the SDK) and recognize an URL we are interested in, which would in turn trigger our application.
Any other ideas?
Kind regards,
Bozo
One idea, which I don't know if it is feasible, is to listen for all HTTP requests (if this hook exists somewhere in the SDK) and recognize an URL we are interested in, which would in turn trigger our application.
Fortunately, this is not possible.
You are welcome to create an application that has an activity with an <intent-filter> that identifies the URL you are interested in. Depending on how the user accesses the URL in question, they may get a choice of launching your app or one of their browsers. Users, of course, are perfectly welcome to ignore your app and load up the URL in a browser.
Any other ideas?
Any solution would represent a security flaw in Android. Hence, I sincerely hope that you fail in your quest.
You could write a proxy.
Orbot uses iptables to redirect to it's proxy service but it seems that not all Android distributions have the iptables module enabled so it might only work on rooted devices.
https://gitweb.torproject.org/orbot.git/tree/HEAD:/src/org/torproject/android
Related
When a website is implemented in an app, is it possible to open an popup in the app when clicken on a link/button in the website?
If so, what are the possibilities?
Thanks
Grtz
Your case I understand may have two scenarios to it. Say on the same device, click a link on browser it opens in the app much of what medium and a couple of other apps do. Second case is an independent phone and independent browser. Here I would suggest using web sockets to send real time data to the client app when a certain change occurs on the server side which may be caused by change in another client. Basically close to what services like Firebase offer but not actually the same
I'm developing an app and I use volley to fetch data from server in background . Can anyone see the urls I have used in my app?
If yes then how? and how can I prevent anyone from seeing them?
Yes, people could see what URLs are used. Specifically:
Users can decompile your app, and read the URLs from the decompiled source. Use an obfuscator such as Proguard to make this more difficult.
Users can also attach a debugger to your app at runtime, again revealing the data. Remember that the user has full control over the device and anything running on it.
Users can use a network traffic sniffer, eg Wireshark, or a firewall which logs all traffic, in order to see what your app is requestion. Make sure you're using HTTPS in order to make this harder. Make sure you also implement HTTPS correctly, especially, this means to not simply accept all certificates.
You cannot completely prevent people from seeing the URLs your app is using, since the app is running on the user's device, where the user can do anything he wants with it. You can only make it harder.
See also:
How to avoid reverse engineering of an APK file?
Android - Get the URL of a file being downloaded, which I answered a while back.
Yes, for example you can open chrome developer console and look at requests that are being made from your app if you are developing web app. In case of mobile app, everyone also can sniffer internet traffic, for example connecting to your own wifi router and listen to traffic, or use special tools like portswigger.
You cant prevent your urls from being revealed anyway, but you can use https in order to hide data you send.
Hope this ll help.
How to block some url (site) on android default browser???
I want to restrict user to access some url which are black listed.
eg. If i want to block facebook then phone inbuilt app browser will not access this facebook site.
Thanks in advance!
Do you want to block some websites on a user's device by letting them install an app?
If that is the case, it will only work if they are rooted. If they are, then you could add an entry of the url to the hosts file and redirect it to another ip address (eg 127.0.0.1). But since they need to be rooted, they will probably get a popup asking for permission to access root. This could raise some suspicion with the user.
On a device that's not rooted, preventing the standard browser from accessing a certain website is not possible by installing an app.
You can't prevent the user from using their browser on their device to access any site.
If you want to do this, make your own browser and replace the one on their device with it (may not be possible without root).
There's a work around which is using a VPN service to monitor and filter all the traffic.
An example of this is the NetGuard project:
https://github.com/M66B/NetGuard.
Of course, the user should give his permission to permit this service to take control of the traffic. And in some systems, some system applications are not directed to this service (I've noted that the Samsung Web Browser traffic is not sent through the system VPN).
Been researching it for a couple of days, and it seems quite impossible (though highly desired).
I'm Looking for a way to anonymously identify users on our website as they later on run our mobile apps (both iphone and android, actually). At the very basic level, I'd simply generate a UID when someone visits our site, plant a cookie on their device, and then retrieve it later when our app is run. This simple implementation seems to be impossible, because the apps don't get access to the same cookie-base as the browsers (which makes sense, privacy-wise).
Also thought about using HTML5 for this purpose, which doesn't seem to provide any solution.
I Tried going the other way around and using the device id as identifier. However, seems like device id won't be available to the web server when someone visits our site.
There seems to be a perfect disconnect between data accessible from the browser, and accessible from the device itself in native apps.
Has anyone ever found a solution for this scenario?
As of my experience what you seek is almost impossible to achieve for a third party developer.
As you mention, the web browser - by default - doesn't have file-system access from the javascript context (which is where your web app will most likely run) and the cookies infrastructure isn't exposed to the application context.
What you could do is to write a plugin to the browser which might enable this one way or another. But then there is the technicality that the browsers on mobile devices usually don't support plugins and even if they did; you can't force your web app users to install the plugin :-(
Yet another, and if possible even more unlikely solution would be to try to influence the device browser project (WebKit or whatever project you wish to target) community to implement the functionality for you (good luck) :-)
A third solution and perhaps even the ethically more correct one would be to allow the user to identify him/her self optionally when using your device client application. Your client iPhone/Android application would then have a "Identify me as a client user"-button. This would of course require you to allow the user to choose a key (an e-mail address?) of his/her own when entering the web app. You'd likely need to store the key on the web server opposed to the client browser cookies.
Hope this gives you some further ideas.
Cheers
Here are some things I think would work (untested):
You can check if the user has a google account login in the browser and on the phone.
Another way would be to have them log in in both apps
Register a special url-handler which opens your android-app with an user-identifier which gets called by the webapp (see this question)
Edit: I over-read the IPhone part - #1 and #3 those answers are Android only (I think).
You know there are internet providers that require log in though a website. Most common examples are the coffee shops, or airport points, or hotels.
It's ok for your laptop because you can use a browser and you are done, but what if you wanted to use your android apps in your phone? how you set the auth data to them?
does anybody knows an app which will allow me to do that? e.g. set the needed auth to let the rest of the apps run without a problem.. I'm thinking of a proxy but not sure if it is what i need here..
thanks!
The way those authentication points work is that most traffic through the access point are dropped until the user opens their browser. The browser's HTTP request is ignored and the gateway page is displayed instead, and once the user accepts the terms of service, or pays, or whatever, the packet filter is disabled for your device.
This means that an app that's authenticated to the hotspot can run any kind of application over the network without the application being aware of the hotspot's specific security model. However, it does mean that you'd need to put a browser in your app and use some fairly fuzzy logic to determine when to show it.
Most of the time, the user will know when he or she is using this type of provider and will know to login through the android browser first.