I have a project for Android. In this project my client asked me following scenario but I'm not sure that it is possible.
They want to create an app-store for android. In this store after developer uploads his application we should wrap this APK file with our APK file (therefore we will have one APK file). This wrapper adds some activities to developer's application in order to able users to check their credits and add credits if they have not enough credit to their account (we don't want to manipulate the developer's code, we just want to add our code into their code). Therefore, when user download and install this application, each time he/she launches the application, our wrapper should be run first and check his/her financial account through Internet, if s/he has enough credit in his account, therefore s/he is free to use the application. If s/he didn't have enough credit we should guide him/her to buy more credit.
The things that I did, I created two sample project to see if I add APK of one to second, may I run that application from second application.
In the first application I just show some text in its activity and in second project (wrapper) I created a button that when I click on it, first project should be run. The result was not satisfactory and I couldn't run it.
I think if I export JAR file from first project and repeat above procedure I'll have better results but because in future we can't ask developers to put JAR file of your application instead of APK, it is not a good idea.
Now, for around a week I was thinking about this story and I couldn't find a way to know how can I consolidate and merge developer's application with our wrapper application.
If you have any suggestion please guide me.
The best way to get something along those lines is going to be as follows.
Setup a few permissions for accessing data from your "store" application. using these same permissions you can detect if any of these apps are installed on their phone.
Your going to want to make a ContentProvider that access the users account info and retrieves that information in your "store" application. Using this content provider you setup an api for accessing user information in the third party apps.
At this point you should have access to all users info (also use credit) and know if they have those applications installed.
Now for the third party apps
My suggestion make a jar file that uses the content provider. Also activities that do some basic stuff like making sure your store is installed and stuff. Bundle that app and have your 3rd party developers use it when making apps.
setup a sample application for using your jar and proper documentation. Very important always so hard when there isn't proper documentation on a jar file. But basically you should have static and helper classes for every aspect of interacting with the users account. And the application should only be asking for permission on using this information.
Here's a few content provider tutorials also a link for manifest settings to get the provider to work with permissions.
http://developer.android.com/guide/topics/providers/content-providers.html
http://thinkandroid.wordpress.com/2010/01/13/writing-your-own-contentprovider/
http://www.devx.com/wireless/Article/41133/1763/page/2
http://about-android.blogspot.com/2010/04/content-provider-example-1.html
http://developer.android.com/guide/topics/manifest/provider-element.html#prmsn
One last thing if you don't want third party application appearing on a user normal launcher for some reason you can request that developers also not add CATEGORY_LAUNCHER to their main activity. In which case you will have to query for the main activity in your store application.
Related
I need to increase the security of my android app. Actually my android app. will not be for Google play Store (which provides some licensing options to protect your app.) it will be used for some local companies that used the same app (Desktop app). However, I want to support two versions for my app. which are:
Demo version: for testing aims (after the given period end, the app will stopped!)
Actual version: this if the user want to pay for the app.
What I need:
To increase the security of my app. from installing it another time or on another device for the same user!
For my code I used ProGuard which is a tool provided by Android that lets you obfuscate (make harder to read) your code during packaging. cause there are many reverse-engineering application that used for unpacking the compiled code and viewing the source code (actually I tried some of them and its really amazing to restore the sourse code from .apk!) ..
I think to use the MAC address of each device the app. installed on and then store it into internal database and generate a number form it (in somehow), then ask user enters it (which I the one who knows this number and provider for it) if it is true, the app run else not. But, it's just idea I do not know how this can happen or even from where I can start or even also if that will help!
I tried also SharedPreferences But this does not help!
Actually I do not need for external database on server to read the username or the password for eligible users for app. I need to do that by my app. itself!
In sum please,
How can I protect my app from installing many times for same user or continuing using after testing period ends, etc. (I mean make it more secure)!
any ideas, any suggestions, any useful examples or sites are also desirable.
Sorry for this long question,
Problem
I have a free app in alpha stage at the moment, there is some extra content and functionality that I can imagine my users will want access to.
However as its my first app I do not know the mechanism for including the extra functionality. I see the in-app apk option in the google console but I do not know how I will need to package up my module for it.
My core app will need to pass parameters and call the extra functions in the module, which will display new activities extending my core app. This will only happen if the module is installed.
How do I go about this? Do I just make another app and install it side by side? This would be ok but the other app (my module) really is an extension of my core app and would not make sense on its own.
What is the right method to go about this?
clarification
I wish to have an optional module, which is not part of the core app but can be added by users on demand.
Ideally this module can also function by itself even though it would not make too much sense. Like a dictionary say of medical terms, it could be used by itself but would make more sense when an addon to a medical app.
It is so large in size and applicable to other potential apps that I cannot permanently include it with my app.
You need to integrate the Extra Module with your current Application's code.
After doing so, change the VersionCode / versionNumber in your Manifest.xml file of your project.
Then simply export the fresh .apk with your existing Keystore and upload it to the PlayStore over your existing Alpha apk.
I hope this helps.
My issue is very related with this question. I'm working in a app that must implement a very uncommon behavior and, in my current overview, I don't know if it is a possible implementation. The main sequence of my desired behavior is:
The user is navigating in a browser, that can be either Android's browser or a desktop/remote browser, in a webpage (let's say "http://somewebpage.com");
The user access my dynamic website, that has a button to redirect him to GooglePlay store;
The user downloads my Android app from GooglePlay;
When the app download finish, in the first open of the Adroid app, it has a reference to the first visited page in item 1 ("http://somewebpage.com").
So, how can I properly implement this? Does GooglePlay store provide a way to pass dynamic arguments to downloaded apps? Is it possible to pass a dynamic
configuration file coupled with the .apk in app download-time? I've already spent lots of time in this, but I'm still with no solutions.
Thanks in advance!
Alternative solution: try and get the browser history to find the last page on your site visited. See Browser.HISTORY_PROJECTION and this thread.
Just an idea...
You could manipulate the Google Analytics referrer params and read them yourself through a receiver with the com.android.vending.INSTALL_REFERRER action.
Never tried it...
What I did when I had to create a dynamic APK, is use a lot of tricks and manipulations (compiling, signing, etc. through scripts) to create the dynamic APK and it was downloaded directly from our website.
I’ve been building some android apps using the website ibuildapp.com
But the thing is that each app requires so many permissions despite the app does not use these features. My question is, can the app send personal information to their servers?
Are you asking if the app can send information to ibuildapp.com servers, or servers in general?
Apps should request permissions only when they need them to provide major functionality. I don't know anything about ibuildapp.com, but if it's requesting a lot of permissions it goes high on my "suspect" list.
permission.READ_CONTACTS, permission.READ_CALENDAR, permission.READ_PROFILE, among others, are not to be handed out lightly! The full list of permissions is listed at
Android.Manifest.Permission javadoc, along with documentation.
I'm an iBuildApp team developer, so I can answer your question. :)
The only reason why we ask all these permissions in every app is that this is how our service works at the current moment.
It has great number of widgets (i.e. page types / functions), every widget has it's own permissions needed. One of our features is that you can manage your app on the fly (modify content, change pages' types etc.), while in most cases there is no necessity to rebuild native app: all the changes will be visible in already built ones. This means that all the modules are built in inside an app (while, as mentioned before, every widget needs it's own permissions).
So in the main: yes, if an app (I assume not specifically our app, but any app) asks for some permissions then it can potentially use them in "bad" way.
But as for us: no. We're not interested in your personal data. We're only interested in providing an excellent service.
Hi i'm ibuildapp android developer.
You can unzip recieved apk file and edit manifest file. As soon as you've done zip it.
Here's the scenario i am trying to achieve:
Publish/have an app in the Android app store
However - i do not want it to be searchable through the android market search, etc.
The only way people can access the app is if i give them an explicit link to download
Is above possible? If so - how? All FAQs/instrucitons i have seen publish & make it searchable for the whole world - but i want it only accessible through #3 above.
Thanks.
Try this site https://www.push-link.com/, you can upload apk on your private account and only can be accessible thorough automatic generated link and QR code. This service contains user notification on new versions and bug reports.
Two things that are problematic with the link to an APK approach:
Some of the devices out there (I m only aware of the Motorola Atrix) don't have the "Unkown Sources" option, meaning that this won't work on them.
You loose the ability to auto update the app if you want.
I would recommend adding a login process where only your users will have access to the actual application. This way, you still have the Market advantages and only those people can activate the application.
The main disadvantage is that the application will be open to search in the Market, but as far as I know, this won't be a problem since people will immediately uninstall it since they won't be able to activate it.
In your case, what I do is, I dont upload the application to the Market and distribute it from my server.
I mean this is simple, sweet and it also saves my $25 for the market account...
Don't do this. Just publish the APK to your own website, then give the users the URL to the APK, they can download and install it directly. The only thing they'll need to do is ensure that Menu-Settings-Applications-Unknown sources is ticked.