Can an application be remotely uninstalled/deleted?
We cannot uninstall an application without user intervention, therefore uninstalling/deleting an application remotely is not possible.
This is actually possible but you cannot do it. Only Google can (to remove malware downloaded from the Market I guess)
If you want controls like a remote wipe of data/ encryption though, read about Device Admin
Related
I have an application which runs on an organization's server. I also have a mobile application which the users of the organization can download from the app store.
I want the person managing the application on the server side to be able to select the users and install the mobile application remotely on the user's devices without users having to go to the store to download it.
How do I do this for my iOS app and is it possible to do this for Android apps?
Since it is an enterprise app, the iOS app has to be trusted by Apple for users to use it. I don't want the user to trust the app manually by going to settings.
On ANdroid you can't silently install it. You can download it and attempt to install it, which will prompt the user for permission. To silently install, you'd need to be a system app with the appropriate permission. Which means you'd need rooted devices, which more or less means devices you guys but and maintain. But if that's a viable path you should check out device ownership policies and the amount of control you have that way.
Just to add to #Gabe, what you can do is, you can have your basic app installed on the device and then request request to install further content.
I'm trying to understand how applications are storing data without the use of a login system. Example, an android app starts you with 500 coins and you use some of them. You have not logged in at all and you delete the 'app data' in settings and uninstall and reinstall. The app still knows you only have 450 coins left for example. The app requires internet connection so I'm assuming they are storing the info on their server. If so, how are they uniquely identifying your device? In my reading so far it seems there is no full-proof way to uniquely identify a device every time.
I'm asking because I'm going to be working on an app where I don't want to require a login but I also don't want the player to simply reinstall and get to start over. So, my question is how does everyone handle this situation to work for both iOS and android?
Google offers Firebase, which is used for notifications, but makes use of a unique identifier for an application instance on a device (both on iOS and Android), they could be using this.
There are some more providers that offer a similar service (for example OneSignal).
Reference: https://firebase.google.com/
I'm planning on developing an app and I don't want it to be 'online only' so I want to be able to store data internally on the users device, app data. Is this 'secure'? Or can people fiddle with the app data? Is there ANY secure offline way to store app data?
I tried reading http://developer.android.com/guide/topics/data/data-storage.html#filesInternal which suggested it is secure, but somewhere else someone said rooted phones could disregard this. So is it secure or not? -If so is there any way to 'block the app' if the phone is rooted?
On a rooted phone the user can read the data.
With JellyBean Google tried to encrypt application data to prevent that from happening, but this feature is disabled for now because it broke too many apps.
Some ways of rooting the phone you can detect, for instance using roottools.
But there is no reliable way of detecting all the ways in which a phone could be rooted.
And even if you could make sure the phone is not rooted, what would prevent the user from rooting the phone after you downloaded the data?
Be aware that even if you don't download the data to a file: Using a rooted phone the attacker could still transmit the .dex file of your application to his PC. He can then decompile it (for example by using dex2jar and jd-gui) to gain information of how to read the data from your server.
Thus any info your app accesses from the server an attacker can potentially access as well.
I have faced the same problem but found encryption is the only mechanism to handle the situation but ofcourse that increases burden on the device but if that is mandatory then only option is using Encryption or Steganography
Is this 'secure'?
It is secure from other apps by default.
somewhere else someone said rooted phones could disregard this
Users who root their phones can run apps with superuser permissions, and those apps can access any file on the device.
Hence, data on internal storage is not secure from the user, because it is the user's phone, not yours, and hence it is the user's data, not yours. Most users will not touch your data, but all users have the right to, if they take sufficient steps to do so.
If so is there any way to 'block the app' if the phone is rooted?
There is no rock-solid way to determine if a phone is rooted.
i need to know how can i secure my app to make a close beta?
i want to send my app to some people so that they can test it. but i dont want them to share the .apk with other people and just use it some days. so i need to implement some kind of trial/beta mode.
i need something, that the app e.g. only runs 7 days or so. how to do this?
There are a few ways to ensure security:
Get a server, and have a server side authentication based on a unique device ID, like an IMEI or MAC address. Any device which does not belong to your testers will not be listed on your server, and you can stop the app from running.
If possible, have each person come to you and install the apk yourself, instead of mailing it to them
Create a trial system. Store the date on which the person first accessed your app from the device, and stop letting him use it n days later. If you store this on a server along with the unique ID, it'll be safer, as if it is stored in the shared preferences or something, the user could get around it by clearing the data or uninstalling and reinstalling the app.
Obfuscate your code using a tool like ProGuard. This will add an extra layer of security incase someone decompiles your app
Note that these are only a few suggestions, and none of them are 100% secure. AFAIK, there is no way to ensure 100% security, short having having the devices locked in a lead room, and letting in the testers one at a time. And there is a way to get around that too, I bet.
Use hockeyapp, there's nothing easier to distribute your app to a closed group of people.
I am just starting on Android development. To my nascent knowledge, it seems that anybody can grab any personal info and modify it or phone it home. Like with ContactContentProvider. I know these(permissions) have to be specifically declared in application manifest and the user would be presented with this info during installation. But still how would you you know the application handling your private data is not going to go rouge on it?
Example:
Suppose I create an app with internet
and contact-reading permissions. It
claims that it will backup contacts on
a server specified by user. While
secretly it also copies them to your
own server.
It's no different than you developing an app that does it that runs on a PC, or something that uses your gmail login to see if there's others you know on the same site.
It's all about trust. Also the Apple approval process doesn't safeguard against any of this if you hide it and when found out malicious apps can be killed & uninstalled instantly.