a customer ordered us a tablet application, but they need a lot of access restriction to lock device functions such as:
Permit datas transfer only inside the application not outside
Restricted user access on the device (something close to admin and normal user permissions)
A framework/API that permit to create an internal mail reader/sender
Public API of iOS makes impossible to fulfill those requirements. I was wondering if Android makes life easier when there are those kind of restriction.
UPDATE: To make understand better the field of use. I'm talking about an application that "force" the device to be used just only with that application for an Enterprise use. The app is just like a CRM but the device should be blocked in some functions to make users only work with them and NOT playing or use facebook, market etc.
Not sure you can achiev all of those, but you should look into the device policy for android here and here.
1) Not sure what you mean by point 1. If you mean controlling all data transfer from the device, you might be a in a bind considering the only way to get a firewall running on android is by rooting the device. Perhaps you could look into writing a custom launcher/home like KidZone that only shows approved apps? - Not nearly as secure, though.
2) Honeycomb, so far, doesn't have multi-user support - though you can have multiple google accounts registered. The custom launcher could help in this regard though.
3) I don't see the point of doing this unless they already have a custom mail infrastructure in place. Otherwise just go with exchange.
Permit datas transfer only inside the application not outside
Do not request the INTERNET permission.
Restricted user access on the device (something close to admin and normal user permissions)
You would have to implement this yourself.
A framework/API that permit to create an internal mail reader/sender
I have no idea what this means.
Related
I am working on a mobile application and would like to inform users when an update is available, if that user's device is not managed by an MDM. If the device is MDM-configured, we don't expect the end user will be able to update the app without the configuration being changed by the administrator. To provide a better user experience, we want to provide relevant information. To do this, I'd like ideas to determine if an app (written in Kotlin/Swift) can poll for this type of information.
I saw some things in the Android Docs about checking for Restrictions Providers, but I think this is the wrong avenue. I'm not very familiar with this, so correct me if I'm wrong.
Sadly I know little to nothing about mobile app development and I am tasked with thinking through privacy considerations a user could have when using a mobile website vs its app equivalent.
For example, when a user browses our mobile website we can collect the following data:
IP
User agent
OS information returned from Javascript, including screen resolution
Cookies from the domain
Of course, this list isn't exhaustive.
So what can easily be collected from a user of a mobile app? (assuming no extra permissions were enabled)
IP
What's the equivalent of a user agent?
What OS/device info is available?
Do apps have "cookies"?
What else?
APMK, we can Collect the below data
Device location.
Device Name.
Device Version.
OS (Android/iOS/Windows)
Cooikes if we are using webview ..etc
I think your question requires more clarifications and answer to the following questions:
Do you have access to the source code ? If yes, you can track basically anything that's in the app using 3rd party tracking services like Google Analytics or other similar stuffs (even your own implementation). If not, do you have access to the API that's used by the application ? If yes, you can probably detect the OS since almost all request have a User-Agent attached to them, platform specific, but from the API requests you can't have much info.
I think the problem should be put the other way around, what do you want to track from a mobile app ? And I can tell you from my experience that there's almost nothing that can't be tracked from mobile apps if you have access to the source code. Regarding the permissions, off-course you won't be able to access something for which you didn't request any permissions, but you can check if the permission is granted anyway (maybe some other part of your app requested those permissions).
Also just a reminder, if you develop apps for EU, make sure you're GDPR compliant, the sanctions can be quite huge for a non-GDPR compliant app.
Yes there is an App where you can find all the info of the Particular info https://play.google.com/store/apps/details?id=com.quixom.deviceinfo
Check it out
I need to know how we detect the event of an Android app making a request to the Android Framework for sensor data. Also, if it is possible the Android Framework responding to the said request. I am trying to create a service that will be able to log this information for security or privacy purposes. Is this possible? What is the ideal way to go about it? If it is not possible, do we know why not? Is there an alternative solution?
I am trying to create a service that will be able to log this information for security or privacy purposes
I fail to see how spying on application activity regarding sensors will be "for security or privacy purposes".
Is this possible?
You are welcome to build your own ROM mod that has a revised version of Android, one that contains security vulnerabilities that would allow an app to monitor the sensor requests and responses between another app and the OS. Or, your ROM mod can do the logging directly, through an altered version of the framework.
Otherwise, no, this is not possible from an ordinary SDK application. I do not have enough experience with root-requiring frameworks like Xposed to know whether this is possible using them, though, again, that would require root.
I'm rather new to Android developing (a few months), and I'm developing Android application, that must have some security mechanism, that require licensing per device not per account.
I thinking about the scenario:
client have a multiple similar Android devices (for example tablet, the same model)
client buys first license (application gets the license data and store it in the device)
client create snapshot of first device and use it to make software duplication with other devices (licenses allow to run without internet authorization when user have full commercial license), even after all updates (done in first device)
And here's my question: is it possible to detect (or prevent) by application that kind of duplication? Even with required internet connection in every run (or uuid generated by application instead of getting hardware id), duplicated devices still will be recognized as the same model...
Or maybe I'm wrong, and that kind of duplication isn't possible?
There are several more or less unique IDs that can be used to identify Android device. See this example - you may need to use all of them.
On a rooted device with custom build an attacker can obviously fake any ID.
I am just starting on Android development. To my nascent knowledge, it seems that anybody can grab any personal info and modify it or phone it home. Like with ContactContentProvider. I know these(permissions) have to be specifically declared in application manifest and the user would be presented with this info during installation. But still how would you you know the application handling your private data is not going to go rouge on it?
Example:
Suppose I create an app with internet
and contact-reading permissions. It
claims that it will backup contacts on
a server specified by user. While
secretly it also copies them to your
own server.
It's no different than you developing an app that does it that runs on a PC, or something that uses your gmail login to see if there's others you know on the same site.
It's all about trust. Also the Apple approval process doesn't safeguard against any of this if you hide it and when found out malicious apps can be killed & uninstalled instantly.