[Q] Log URLs - Android Q&A, Help & Troubleshooting

Helping friend with a cheating husband. She wants something that can log URLs visited to see if he's making new webmail accounts. Any suggestions?
I figured a stealthy way to do this would be something like privoxy installed via the commandline and started in an init script. He's already rooted his phone, so that should make things a bit easier.
Basically the requirements are hidden (doesn't show in apps list or drawer), can log URLs, doesn't add significant battery drain. I see a bunch of paid apps (mobispy, etc) but can't verify if they're hidden from android OS. If he can just kill it with a something like ES Task Manager and uninstall it with Settings->Apps, it's probably not sufficient.

NDK
Hi.
You can introduce any cross compiled binary into the android system if the phone is already rooted. You can compile programs via the NDK and put them in /system, androids software center will never now.
It's probably easiest to install a network sniffer like tcpdump or even better tshark from wireshark. Just start it in init.d and let it write the first 1k bytes of every packet (port 80/443) to a capture file hidden in some sub directory. This will most likely drain battery.
As for hiding in the process list, it's probably easier to rename your sniffer to something harmless like 'wpa-agent'.
* BUT *
You basically want to introduce malware on another ones phone. This might be a felony in your country. And it's certainly unethical. In these cases I always suggest talking to the partner instead of spying. If it comes to spying on your partner the trust, which is needed in a relationship, is already severly damaged. And I'm really not sure that looking out for webmail accounts will repair this trust.

Related

[Q] Can app inventor apps write or read text to /from sd card?

I have been writing an app with app inventor, for my own use but I think it could be of use to others. It is very simple, you type in a cosmetic or a food ingredient name and it tells you all about it (for example if the ingredient has any negative health effects or contraindications).
Currently the app takes an input and essentially does an IF the user typed in "this text" then show them "this text" but that means a lot of IF THEN commands.
I only ever tried BASIC programming and I see that app inventor seems to have no equivalent to a file or write command whereby I could store the database of ingredients on the sd card and search that for information to display to the user.
As it stands the app is nearly five megabytes in size already due to having to store its data internally within the program, is there a way a newb like me could use app inventor to simply search from and display from a text file?
Dave
why don't you use a database (TinyDB) instead of all those IF.
Try looking at this tutorial
Code:
http://appinventor.googlelabs.com/learn/tutorials/textgroup2/textgroup2.html
Thank you
I looked into tinydb, I understood it had a limited entry limit and didn't see the page you linked to when searching before so will study that as it looks like what I may need.
I have one question though, I am a newb so excuse me if this is obvious.
I am writing the app using the emulator to test it. As I understand it the tinydb database is only accessible by the app that creates it and so my app will need a routine in it where I can manually enter the data, but then surely each time I test run it I shall have to re enter all that data as apparently the emulator would wipe the database on each re run?
If tinydb cannot store data unless entered from within the program accessing it doesn't that also mean that when packaged the database would be empty until someone typed in data which would defeat the object of it being a searchable database of pre stored data?
Dave
EDIT: According to google developers at googles forum "TinyDB is persistent ONLY when you've packaged and downloaded your app.
When you are developing with the phone connected, and you quit the appinventors app -- or disconnect the phone and restart -- the phone treats that as a completely new application. " which means that the only way to get my data into tinydb file is enter it when packaged and on my phone. But then every user who installed it would have an empty database, so seems canonly use those if then statements after all
I've never used app inventor, so I'm not talking from experience here, but couldn't you package an XML file with the data in it? That way, future updates to the data could simply include an enhance XML file.
Like I said - I don't know app inventor. It's just a thought.
Thanks to the replies here, along with some help and examples at the google groups coffee shop forum, I found the information I need that should enable me to set up a custom tinywebdb database and on first run of the app populate this data from there into a local tinydb database for subsequent use
Dave
If you have a link, Dave, then share it. I need some info on the tinydb too.
I'm in the same boat hear, do you happen to still have a link for any info you obtained on this Dave?
This explains everything:
http://appinventorapi.com/program-an-api-python/

[Q] Phone Audit with desktop application

If anyone is familiar with Speccy for the PC they know more or less what I am looking for.
I am looking for an app that does a thorough audit of a phone (Android platform) but not only displays it on the phone (plenty of apps do that). Id want it to export the audit to a file that can then be opened on a desktop application with a easier to navigate and study interface.
Currently like I said there is a number of applications that can do part of this as an added feature, but I have not seen any dedicated app to do an audit of the phone, things from programs, spaced used, network, hardware, permissions for particular programs, etc. Id like it to be as thorough as possible, but to be viewable in a reasonably ok interface on a desktop.
Browser maybe preferably for the linux and iOS users so that it isn't tied down to one Operating system.
Any ideas of something like this, or anyone working on something similar?
sorry for reviving this thread but I'm interested as well.

[Q] com.android.fixed.update

Hey all,
I'm the proud owner of a Samsung Nexus S (sadly the i9020a model, though). I was forced against my will at gun point by someone named Jealousy to install ICS (4.0.4) on my i9020a when it was released for all other Nexus S devices except for the US AT&T version of the phone.
Anyway, love the ICS and absolutely love the ROM I'm using (Brainmaster's stock ICS, w/ Supercharger V6 and a number of other goodies). But I was a bit confused today when I opened my phone and noticed a recently downloaded APK called "update.apk". Looking at it's info, it's name is "com.android.fixed.update" with no author, developer, and minimum version of 0. It weighs roughly 40kb and is not associated with the market, so I'm going to have to disable my "Market-only" settings in order to install it, otherwise it was about to install itself.
I was wonder what it might be. With no other information, I'm a bit hesitant to install it. The only permissions it asks for is Network Access and Start on Boot.
I thought just maybe it was an OTA from a developer (maybe even Brainmaster) but I wasn't exactly sure what kind of access or ability non-service providers had to OTA functionality and what not. (I suppose, if it can probably be modified with some effort, seeing as the source is available...)
Anyway, hoping to hear your thoughts on it. Google showed ONE result for "com.android.fixed.update" and that's it. Thanks for your input in advance!
We also got the same file on our Moto Xoom, I believe its a virus so do not install it. The file was downloaded at biandroid (dot) info which is definitely not associated with android.com
http://anonhq.com/notcompatible-back-market/
that is the explanation
Back in 2012 malware called Not Compatible was haunting android devices. Now more powerful than ever the latest version of NotCompatible.C has its own self protected encryption. Thus making this program difficult to find and delete.
Lookout Inc, a mobile security firm says that this version of the malware is a threat on a massive scale. Once in it has the tendency to control and hack data. It is an advance form of malware that can be seen on a PC a botnet so powerful that it has a server design architecture, P2P communications and as previously said encryption capabilities.
The programming of the malware is one of the hardest to kill malware that we have observed. Once the malware is installed it does not appear on the android operating system as it keeps itself in the background. It only works when the device is unlocked by the user or if it is restarted.
view
Source: Imgur
The only way you can find out is through Manage Applications>Settings. This will show you that an application by the long name of (com.andriod.fixed.update) is running. All you need to do is simply uninstall it.

[App] NFC Safe (Freeware)

Hi,
I made a new app: NFC Safe!
With NFC Safe you will be able to encrypt your private data with a NFC Tag (e.g. NFC Key Fob). You can add unlimited custom folder and entries. You will have only access to those entries with the specific NFC Tag! This is much more secure than protecting your data only with a password!
You can use any NFC Tag for this app! Your NFC Tag will be written with some data so it can only be used for this app.
NFC Safe | Windows Phone Apps+Games Store (United States)
Would be nice, if you test my app! My app is available for free!
With one of the next releases it will be also possible to encrypt/decrypt media files (images, audio, etc.)
Best Regards,
Sascha
I don't have any NFC tags on me right now nor would i really use this, but i have to say, this is a really cool idea!
While I understand if you're hesitant to post it, I'd want to review the app's source code before using it myself. Getting cryptography right, even when just using existing and well, implemented pieces, is vastly harder than getting it wrong. What algorithm do you use to encrypt the data? How about generating the key data? Are you using secure buffers? Initialization vectors? How are you detecting which key is correct for the data you're trying to access; is there a hash? What hash function? There are a lot of other important questions here, too.
With that said, the idea is fantastic. It would be especially great if you could support two-factor authentication (password + NFC tag, in this case) for extra-sensitive data, although password management in crypto has its own set of problems (what key derivation function, with what parameters? How are the password verifiers stored? Etc.)
Sorry for late reply!
xandros9 said:
I don't have any NFC tags on me right now nor would i really use this, but i have to say, this is a really cool idea!
Click to expand...
Click to collapse
Then you should buy an NFC Tag! They are really cheap. For example you could buy a NFC keyfob, so you will have your NFC tag always in your pocket and as said, such a NFC Tag costs ca. 1 USD at ebay
GoodDayToDie said:
While I understand if you're hesitant to post it, I'd want to review the app's source code before using it myself. Getting cryptography right, even when just using existing and well, implemented pieces, is vastly harder than getting it wrong. What algorithm do you use to encrypt the data? How about generating the key data? Are you using secure buffers? Initialization vectors? How are you detecting which key is correct for the data you're trying to access; is there a hash? What hash function? There are a lot of other important questions here, too.
With that said, the idea is fantastic. It would be especially great if you could support two-factor authentication (password + NFC tag, in this case) for extra-sensitive data, although password management in crypto has its own set of problems (what key derivation function, with what parameters? How are the password verifiers stored? Etc.)
Click to expand...
Click to collapse
Hi thanks for your feedback and your questions! I think you misunderstood my app. It's not a military app, where the highest security is important! My app doesn't need to encrypt the data, because the data is stored on your Windows Phone in the application data storage. Noone has access to this. If ever any person has access to those data, you and all other Windows Phone users have a very big problem!
So, my app is an app, not a Windows Application, where virus, NSA, etc. have access to your data There are a lot of apps which protect your personal data with a password. So if someone else has your phone (stolen, or a friend while you are not watching at it), he will be able to see your data, if the know your password (this is not impossible!) or guess your password! So my app protects your data with an NFC Tag. It's very comfortable to use and faster than typing a password and also more secure, because the third-person needs your phone AND your NFC Tag.
However, my app also encrypts the whole data, so even if someone have access to the application data storage, he will be unable to read your data. Windows Phone has a built in encryption mechanism, which can be used from an API. I'm using this encryption mechanism. This mechanism uses Triple-DES. It uses the user credentials and a randomly generated password (GUID with 36 chars/numbers and "-"-sign) to encrypt the data.
Hi! Welcome to XDA-Developers, where all of your assumptions about what cannot be accessed on the phone are wrong, or will be shortly!
OK, that's half a joke. But only half... as it turns out, the claim that "... Windows Phone in the application data storage. Noone has access to this." has been untrue for months. Check the Dev&Hacking forum, especially the Interop-unlock and SamWP8 Tools threads. We have the ability to access the entire WP8 file system. Currently that access is only via MTP (USB connection), but I and other people are working on extending it to homebrew apps as well.
Moving on... 3DES (even if used with a good mode of operation and a unique initialization vector, which I am guessing you probably didn't do) is obsolete and should not be used anymore. While it is considered adequate for existing code, it should not be used in new software, and cryptographers have been recommending a move to newer ciphers (such as AES) for years. As for using a GUID as a password, GUIDs are 128 bits (the dashes don't count, because they are always the same value in the same place, and each of the other 32 digits is hexadecimal only, meaning merely 4 bits of data), which is plenty if they are generated securely; however, most GUID generators do not use cryptographically secure random number generators. GUIDs are supposed to be unique (that's what the U stands for), but are not guaranteed to be unpredictable (which is one of the key requirements for an encryption key), and the way they are generated reflects this.
Oh, and good security is important in an awful lot more places than "a military app"! In fact, there's no such thing as "military-grade" encryption, really; there's only good encryption, and encryption which shouldn't be used for any purpose. For example, modern TLS (Transport Layer Security, the replacement for SSL or Secure Sockets Layer) cipher suites are intended to be secure even against governments and megacorporations (although there is of course suspicion as to whether the NSA have broken some of those cipher suites)... but TLS isn't just used on extremely sensitive stuff like top-secret documents and such, it's also used when browsing Facebook and Twitter, or accessing Gmail, or many other things of similarly minor sensitivity.
Thank you for explaining the intended use cases of the app, though. Do please be careful when making claims such as that something is "much more secure", though; you are liable to mislead people. TrueCrypt, a PC app that performs disk encryption and is intended to stand up to very powerful adversaries, uses only a password most of the time - but I would expect that, given a well-chosen password, it is more secure than this app. There are many critical components to security, and only the weakest link in the chain matters.
For what it's worth, if you are interested, I would be happy to help secure the app (on my own time, free of charge) as it sounds like something that I would quite like to use, if I could trust its security.
What exactly is your problem?!?!
I said, that noone has access to the Application Data Storage and this is true! There is no Virus available for Windows Phone and there is no App in the Store available which has access to another app's data storage! We are not talking about some special cases where the third-person already have STOLEN your device, because nothing in this world is safe! NOTHING! Everything can be hacked! Also I didnt know that all current Lumia devices were hacked. Other devices are not relevant (Nokia has a market share of more than 90%!).
The built-in encryption mechanism in Windows Phone is the same almost ANY Windows Phone app uses! Any banking app, Facebook, eBay, PayPal. The Wallet feature of Windows Phone uses it. If you have set up accounts (E-Mail, Microsoft Account, Office365, etc.) your passwords were encrypted with the SAME API my app uses. So if you think this API is totally unsafe, WHY THE HELL are you using Windows Phone? Also Windows Vista, 7, 8 and 8.1 uses THE SAME API for a lot of thinks. So please don't use Windows anymore!
I said, my app is more secure THAN AN APP which only uses a password and that is true. Also my app additionally encrypts the data and not only block the access to the data (which a lot of other apps only do!).
Please decrypt the attached file and tell me, how you did that and how long it took Thanks!
Whoa, whoa, calm down.
First of all, don't count on that "no app in the store..." business; There's *probably* no malicious app that can do so, but OEM apps can, if they have som reason to do so, access other app's install and data folders. I've written apps (using the Samsung OEM components, which are clumsy for the purpose but *do* work) to do it myself. It's not something you're likely to see in widespread use, but it's possible.
If you aren't bothering with the case of your phone being stolen, what's the point of the encryption anyhow? I mean, prevention of data loss in the event of device theft is one of *the* key use cases for data storage encryption! It's the rationale behind things like BitLocker (which is available on WP8, but only if the user has connected their phone to a company's Exchange server that pushes a policy requiring device encryption).
If you were honestly worried about market share, you probably wouldn't target WP at all; Nokia's fraction of the WP market share is lower than WP's fraction of the smartphone market share. Nonetheless, you are correct that, at this time, Nokia WP8 devices haven't been cracked. Nor have HTC's phones. I'm confident that this will change in time, though. You might have misunderstood my little joke at the start of my last post... but breaking into smartphone operating systems, getting past the lockdown policies that say "noone[sic] has access" (it's "nobody" or "no one", by the way) and taking those decisions into our own hands.
I guarantee you that the vast majority of WP apps don't use 3DES. I *know* full well that the Microsoft code doesn't; they had already deprecated that cipher years ago, when I interned there, long before even WP7 existed; its use was prohibited for new code. Just because you used the DPAPI (Data Protection API) doesn't mean you used it correctly (and by the way, that internship involved working on encryption in Windows, writing test tools for it). Please don't take this as some kind of personal insult; in my line of work (security engineer), I see a ton of misuse of cryptography. It is, as I said in my first post, hard to get right. That's why I offered to help.
I'm not going to bother taking the time to figure out what cipher you used on that file, and what its contents are supposed to look like enough to start doing any cryptanalysis, but I guarantee you it's not very good. There are repeated patterns, including long strings of null bytes, that are phenomenally unlikely to occur in a file that short after passing it through even a half-decent cipher (we're talking 1-in-several-billion chance here, no joke). Coming to this conclusion took all of a few seconds, by the way, using no tool more sophisticated than Notepad++. If I was pulling it off of a phone, I'd have a lot more idea of what type of plaintext to expect, and I could examine the decompilation of the app to see what ciphers were used, which would make things a lot easier. I'd say "for all I know, you just took the output of CryptGenRandom and put it in a file" but if you had, it wouldn't have had obvious patterns in it... in any case, it doesn't matter. I don't have to prove anything to you. I'm *trying* to help, and offer some good advice as well, but I can't force you to take it. There's no call for getting defensive, though. I wrote a file encryption utility myself one, in fact. It sucked, so then I wrote a program to break its encryption. Both experiences (but mostly the latter) taught me things.
A new version is available now, which includes image/photo encryption, OneDrive backup, bugfixes and other small improvments!
http://www.windowsphone.com/s?appid=0a8656d4-ed32-4bb5-baac-1317827e18d8
Hi,
I have a question:
My app is available in German and English since one year now! It was downloaded over 1000 times in Germany, but only 80 times in USA, UK, etc. I got 40 reviews (4-5 stars) in Germany and only one bad review in USA. So could someone explain what's wrong with my app? Is it not visible in the US Windows Phone store? Is my app very bad translated? Are there no Windows Phone users in the USA? Or maybe no one use NFC in the USA?
Best regards,
Sascha
Sorry, I don't tried your app yet but will try to answer your questions.
First, probably it's something wrong with your marketing, not the app Le me say: 1080 downloads per year - it's too small number (even 1000 in Germany). For example, my "marketplace entry ticket", "Lunar Lander Touch" app, very unpopular and underrated (but it's still one of my favorite games on WP, and good alcohol tester ), has 4078 for the year 2013.
As for NFC: I've tried to use it but stopped because of very uncomfortable WP implementation. That service should work flawlessly, without user interaction, stupid questions and dialogs, to be useful and popular. But unfortunately it's not (for the Windows Phones). Microsoft must add an option to disable NFC warnings.
P.S. I may recommend you to use "Snowden case" for advertizing
Thanks for your feedback!
Yes, I know that the download numbers are very bad, but I don't have an idea how to improve this. Because of my app is free and my private hobby I don't have money to buy ads, etc.
Improving my app had not effect. Thanks to DVLUP I "bought" ads for 50$ with AdDuplex, but this also had no effect.
It's really hard for individuals to get their apps famous and in a higher ranking in the Windows Phone Store without investing money
I understand... AdDuplex is really bad: I've tried once ($100 from DVLUP meeting plus I've bought another $100 coupon for $40) during a week - no results at all. Complained to AdDuplex support and manager gave me additional $300 for free, to spend within one day (sic! He-he, I wish to get $300 daily from my app!) - still no visible results, just a regular download fluctuations...
What you may try: advertise on more forums, prepare good pictures/screenshots; may be, video clip "howto" will be helpful. Embed RateMyApp Nokia's control (check NuGet) to your form. If you have XP on DVLUP, spend 'em for advertising campaign (these ones are extremely effective!).
P.S. I also thought about xda-based developers club, with "rate 5 stars my apps, and I'll rate yours" rule but I don't know how to implement it properly (but good customer rating is very important for the app distribution).
Thanks!
I already added RateMyApp. This was really helpfull to get more reviews. It's a pity that I had not implemented such a thing from the very first time my app was added to the Windows Phone Store :-/
I "bought" 1 week in App Social (DVLUP). Hope this helps. But it is also only in Germany.... I have enough users and reviews in Germany, I need them in USA, UK, etc. The problem with the DVLUP campaigns is, that you need at least 50 or 100 reviews (and 4,5 stars) as a requirement for the advertising. But you don't have so many reviews and that's the reason why you need the campaign to get more reviews, but you can't buy the campaign... A vicious circle!
I will do my best to get more downloads in other countries than Germany!
Hey, thanks for this app i find it realy useful.
Danke!
And here is the idea for the ad banner
Great idea
btw: Version 2.1 with new type "User Credentials" is available now!
Ok, I stopped developing, it's not worth. Sorry!

How to redefine app "system permissions" ? Or if not possible howto make app that ...

How to redefine app "system permissions" ? Or if not possible howto make app that ...
Hi Everyone,
I'm new to android, and having 2 different phones (running 5.1.1 and 6.0.1 versions, both rooted) and numbers I have quite some issues with apps (paying gps outdoor app, whatsapp,...) and since I travel a lot many connections issues to accounts on other apps "you seem to not be...." with codes I don't get because I'm roaming
In order to find a way to use them with the same accounts and settings on both phones and to solve the authentication issues, I took different angles to solve it, but none worked. In doing so I discovered many ways to enforce permissions through the code that where disabled by the user (worse than I thought). Well I dislike and want to change it.
Anyway to make things shortne approach is to completely limit the app access all localisation approach, phone ID, number, carrier, IP number, other accounts on the phone....
On the 5.1.1 I tried:
App Ops => allows to "change" if one looks in the App, but changes are not effective (way apps work and according to "Explorateur de permissions")
Apk permissions works but only on some user installed apps, I tried moving system apk to other folders, change them through the Apk permissions and reinstall them, didn't work
Decompiling the apk with Apk Studio, changing manifest, recompiling, reinstalling seems to not be enough, if I understood it right if the code contains specific rights and there not in the manifest, it doesn't work. Right
next step would be to dig into the code and change it...
All this is extremely time consuming even if it would be the "clean way"
On the 6.0.1 :
I removed the bloatware with Root Uninstaller,
Modified the permissions apps had, incl system apps
And since some apps still seemed to exchange some information over data or wifi, I limited all background data usage over data or wifi.
All this make my phone much less user friendly and does not solve my issues
So please, I you know of a reliable "easy" way to really manage permissions, or to generate a master permission file that overwrites apps permissions? removing all weird "granted", or if you have any idea on how you'd start it, please let me know
From this "clean approach" I got to spoofing, which seemed to be a solution to work around some issues using several different apps that would change the location, the IP, the network, VPN, spoof caller ID, ...
Well... since I had discovered all kind of right that can be given to an app, I checked their manifests before installing them. They might solve some issues, but generate worse problems (billing?!!all social media accounts?! create social accounts?!?)
So is there a clean app that lets you temporarily "clone" phone1 on phone 2 considering they are not at all the same (manufacturer, android, phoneID, carrier, phone number) and change the location and this only to some apps? Still have to use SIM carrier.
If not, any hints on how to write this?
thx :laugh:
---------------------
Hasbeen developper, totally new to Android who still believes that technology should allow to increase productivity and respect FREEDOM and PRIVACY.

Categories

Resources