So I recently read an article on the htcloggers.apk file.
Let's just say it scared the crap out of me.
I have an HTC Sensation, and had no clue that such an app ever existed on my phone, and how it could be abused. In short, the htcloggers.apk file allows a malicious app to access a variety of system information, including system log files. I only remember downloading one non-Play Store app around the time period that this existed, it was an app available on the Play Store but I got it from a different site, so I'm not sure if someone made it malicious. I'm not even sure what the app was, but I'm worried that it may have transmitted my information. What I'm most worried about, as seen by the title, is the log files, specifically the ones having to do with Dolphin Browser. I routinely access confidential information such as bank information on my phone, and also have logged in my credit card number on sites such as Amazon and Ebay. I know I'm probably overreacting here, but if someone were to get my log files could they ressurect the web pages I was on and take a look at information such as the website of the bank I use and confidential bushiness information accessed through the web browser? Could they get my credit card number through the browser? Many thanks, once again I know I'm probably overreacting but just gotta make sure.
Related
Hi!
Well, I just had an idea for a very useful app for android that might be shared on the marketplace as well!
There's this website called webehigh . com ... it's like the travel encyclopedia of marijuana/cannabis/hash around the globe! I often read through various placemarks on that website, mostly for knowledge and sometimes for need... it's quite fun to know about *legality, *where to buy, *prices and brands etc of cannabis. The site's not been updated since 2008, but the info's quite relevant. I just wanted to make an app out of the content on there...
for the app I was hoping to create a database kind of app where a user could search countrywise/citywise through the information and display the appropriate page for each town. For this purpose, I'm not sure whether the format of each page including the front page along with links and advertisement would allow a suitable apk to be made... So I thought of creating new html / php / text files, whatever suitable, and links them all in the database as seperate towns... but I don't know how an app is made for android and what kind of town's page format would suffice in generating the required result...
So I thought I'd ask you for this.... any online tool or offline program that could let me create this app without any programming code knowledge, or if you could create this app, then it would be great! I'm currently downloading the whole site with "httrack" - an offline website downloader. And then as per your reply, I'll change all the pages to a apk friendly format.
Basically, this is supposed to be an offline reference app for people who read webehigh. Since the website is not being updated.. I was thinking of making an offline app for this... There are many marijuana related apps on the android market... so I'm sure publishing this app won't be a big hassle!!
Thanks for any help.
-
Hello,
According to the Android Design Principles
Never lose my stuff
Save what people took time to create and let them access it from anywhere. Remember settings, personal touches, and creations across phones, tablets, and computers. It makes upgrading the easiest thing in the world.
Click to expand...
Click to collapse
which I think is great. The app I'm designing involves storing photos and data about them. Is there a good way to back this up? I could sync with a webservice I could write/host, but then I'm opening myself up to potentially large bandwidth/storage charges.
I considered using drop box or something, but that would require my non tech savvy users to sign up. Is there any easy way to integrate the google cloud service (as my users will of course have a google account)? What do people normally do when they want to meet this design principle?
Many thanks
Russ_T said:
Hello,
According to the Android Design Principles
which I think is great. The app I'm designing involves storing photos and data about them. Is there a good way to back this up? I could sync with a webservice I could write/host, but then I'm opening myself up to potentially large bandwidth/storage charges.
I considered using drop box or something, but that would require my non tech savvy users to sign up. Is there any easy way to integrate the google cloud service (as my users will of course have a google account)? What do people normally do when they want to meet this design principle?
Many thanks
Click to expand...
Click to collapse
I believe there is an api for backing up user data to Google drive and since users will have a Google account they automatically have Google drive (Your app will have to request permissions to access users Google account I believe). This would be the easiest way to implement things as the drive api is a native part of Android, and you don't have to worry about bandwidth and hosting storage. In the past people have hosted there own storage for users to used and then usually tie this to an account users have to create. Overall, like I said I'd look into using the Google drive api.
Sent from my SCH-I535 using xda premium
shimp208 said:
I believe there is an api for backing up user data to Google drive and since users will have a Google account they automatically have Google drive (Your app will have to request permissions to access users Google account I believe). This would be the easiest way to implement things as the drive api is a native part of Android, and you don't have to worry about bandwidth and hosting storage. In the past people have hosted there own storage for users to used and then usually tie this to an account users have to create. Overall, like I said I'd look into using the Google drive api.
Sent from my SCH-I535 using xda premium
Click to expand...
Click to collapse
Thanks very much. A bit of an oversight on my part so I'll have a look through the API and see what it offers.
I do intend to charge a subscription for my app/service ultimately, but I think I need to make storage space the users problem to save myself sleepless nights.
I'll investigate and post back here what I find. If anyone can give me a link to an article on this I'd appreciate it.
Thanks
Russ_T said:
Thanks very much. A bit of an oversight on my part so I'll have a look through the API and see what it offers.
I do intend to charge a subscription for my app/service ultimately, but I think I need to make storage space the users problem to save myself sleepless nights.
I'll investigate and post back here what I find. If anyone can give me a link to an article on this I'd appreciate it.
Thanks
Click to expand...
Click to collapse
Here is the official Google documentation on using the Google Drive Api:
https://developers.google.com/drive/
Check out this article on network storage and android:
http://developer.android.com/guide/topics/data/data-storage.html#netw
As well as this article on using the backup api and cloud sync:
http://developer.android.com/training/cloudsync/index.html
Also since you talked about eventually charging a subscription fee here is the official android developer documentation on that as well:
http://developer.android.com/guide/google/play/billing/billing_subscriptions.html
Wonderful, thank you very much indeed! I will give those a good read over when I get chance and let you know how I get on. It seems this could definitely be the answer, saving me money concerns and allowing my app to be multi user and backed up.
What I need to do is get my head around how I will use the cloud storage to allow my app to be multi user. Potentially I can make my database file based, and sync between two devices that way. My only trouble is when both devices are editing the same file / working on the same thing. I want the app to work offline, as I don't want connection issues to affect its usage.
Hmmm, I'll give it some thought.
Thanks again!
Hi,
I doubt that I'm the first one to think about this but I couldn't find anything useful trying to search for it, so here is what I'm looking for:
Is there an app that I can use to share a number of apps I installed on a webpage including QR-codes, GPlay-links, short descriptions etc.? The apps I know of mostly share text only and/or links but none I found allow me to generate a webpage (or use a site for this) which has all the info in a neat, organized way so that my friends can read the descriptions and decide which apps to download from there.
AppBrain's API has an app widget that would be somewhat fitting but 1) there is no app to automatically create those based on a list of apps on your phone and 2) it requires people to use AppBrain, which some people don't like.
Basically, I'd like to have it created automatically and look like the ones used by Android Police (but with links to Play-Store only and no need for ratings)
Anyone know an app like that?
TIA
SoWhy
Since I got no replies, I went ahead and put together a crude PHP script to convert a list containing Market/Play-links to a webpage and to host that list on PasteHTML.com in case you want to share it with someone (since I don't have the hosting for that). If you are interested, you can check it out here (sorry if it's slow, it's running on my home server). I'm still looking for an app that could do this though but for now this is better than nothing
Was just wondering what peoples thoughts were on using the Android Licensing copy protection in their apps? Do you use it and do you spend a lot of time on it or have any creative ways to help enforce it?
As we all know any kind of drm will always be cracked but I just wanted to know if people found it worthwhile to have..
I'm using In-app-billing, because I found that even licensed apps can be copied.
And yes, all apps can be cracked eventually, but most of the publishers of cracked apps remove them if you ask to. So that's what I'm gonna do!
Sent from my Nexus 4 running Android 4.2 JB
I don't like license checks that force you to be online, but I do like to have 'something' in place...
Recently I started working with some OEMs in India who wanted to pre-load my apps on their devices. Very exciting obviously, but I didn't know if I could trust them as I'd never heard of them.
So what I did was get the app to load a web page on one of my servers off the screen (9000%x...) so that it couldn't be seen. The page it linked to was empty, but if I wanted to I could modify the code to include a redirect that would send it to another page. Then in my 'onPageOverride' event I just said if URL = 'stopapp.htm' then do whatever it was I wanted to do.
What I actually have it do in that event is to fill the entire screen with that web page. The user then can't interact with the app underneath, but they get a message that I can create at the time saying 'This app has been illegally distributed' or whatever else I want to say. I can even forward them on to the download page if I want this way.
This works well too because if the user isn't online, the page just doesn't load and nothing happens. But if I want to stop offline use as well I can save a file in File.DirInternal and have the app check for that. 'SwitchOff.txt'. They get caught once, then they can't use the app.
Obviously this doesn't work quite like a license check, but what you *could* do with it is to have the app pop up with a message to people using an old version that's not updated. That's probably downloaded off of some file sharing site, so you could then just keep pestering them to 'update' and send them to the Play Store to do so. You can also check how many of the users on that version of your app are legitimate by looking at your Play Developer Console.
One thing to note is that the redirect URLs you use will need to be different in every version of your app that you release.
Hope this helps someone! I wish I'd done it sooner, one of my apps is all over the web grrrr...
pretty much the same as what I'm doing atm except I just ping a server in the background and display a popup if the result meets certain conditions.. I don't disable the app either as I can't be 100% certain it's pirated, instead I display a "scary" popup saying if they're using a pirated copy this is illegal etc.. your average user won't know how the popup was generated so it should be enough to make them think "someone" is onto them and go the proper route.. With the added bonus a genuine user can just press ok and carry on using the app
Sent from my Nexus 4 using Tapatalk 4
Currently, none of my apps use licensing.
For one of my paid apps, about 5% of the downloads are from non-Google Play sources, meaning, I'm not seeing any revenue from those 5%.
There is an Android API, that allows developers to see which platform their app was downloaded from. So, I've been thinking about adding that hidden feature to my apps and maybe do something fun with it. But, haven't got around to it yet. My thinking has been that if somebody downloaded a pirated copy of my app, then they probably weren't going to pay for it in the first place. And, hopefully, they will tell their friends about it and maybe one of them will actually purchase it through Google Play.
I already have all my licensing code in place and commented out. Since my app is pretty new I want to see how it does before adding licensing. Since the app is free and income is from IAP its not too bad. I'd only turn on licensing in the next release if I see a pressing need for it.
Currently, none of my apps use licensing.
OK, I know, some of you would tell my friend to just root the phone, delete the offending APK, and get on with it. Problem is it's under warranty, and he just isn't confident with hacking the device for now. He stumbled upon what appears to be an SMS malware app in /system, and while a few virus scanners flagged it as malicious, Kphone's customer support apparently shrugs it off in a (automated) reply to my friend's inquiry.
My friend bought it off QVC, and so far we haven't succeded in convincing either the manufacturer or QVC in recalling the device and/or issuing an OTA zip to rectify the issue in some way. To put it another way, we need confirmation that the app is of malicious nature, regardless of how the manufacturer tries to downplay or cover things up. I could more or less dechiper the code, but I'm no Java expert so any help would be appreciated.
Hello. I am the OP's friend here. I'm here to share some more details about the APK file and what programs detect it.
First off, this phone piqued my interest when it was actually shown on air late one night on the QVC network, which I don't usually watch much. I got the phone, and upon the recommendation of Blake and another friend, the first thing I did was run Malwarebytes on the Kphone. It initially picked up the APK as a generic SMSSend trojan variant, but after sending in the APK to Malwarebytes for a more detailed analysis, they reclassified it a not-as-severe PUP/Riskware. Another mobile antivirus app, AVG, also detected this APK as an SMSSend variant, but upon rescanning the device a few days ago, it no longer flags this APK. No other AV app I tried flags it, and I have tried ESET, 360 Security, Avast, Kaspersky, Sophos, and Avira. For the AV apps that detected the APK, removal is impossible since it's installed in the system folder. The phone isn't rooted out of the box.
I did initially email QVC about this potential problem, and they claimed to forward my concern to the proper department. I haven't heard from them since and the phone is still listed for sale. I also contacted Kphone's support site. After a few days, they replied back and stated that the file is meant for "international use" and it's a false positive. While the CSR could just be trying to cover up malicious activity, the fact that AVG seems to have removed the file from it's definition files seems to indicate a bit of truth behind their explanation. Even so, we do need a second opinion, which is why my friend put the file up here for further analysis.
It would be a shame too if the file is indeed malicious since the Kphone itself is rather great for the price. The performance and screen are great overall and it would actually make a good Android-based media player if you don't plan on using it as a phone.
wb8976 said:
Hello. I am the OP's friend here. I'm here to share some more details about the APK file and what programs detect it.
First off, this phone piqued my interest when it was actually shown on air late one night on the QVC network, which I don't usually watch much. I got the phone, and upon the recommendation of Blake and another friend, the first thing I did was run Malwarebytes on the Kphone. It initially picked up the APK as a generic SMSSend trojan variant, but after sending in the APK to Malwarebytes for a more detailed analysis, they reclassified it a not-as-severe PUP/Riskware. Another mobile antivirus app, AVG, also detected this APK as an SMSSend variant, but upon rescanning the device a few days ago, it no longer flags this APK. No other AV app I tried flags it, and I have tried ESET, 360 Security, Avast, Kaspersky, Sophos, and Avira. For the AV apps that detected the APK, removal is impossible since it's installed in the system folder. The phone isn't rooted out of the box.
I did initially email QVC about this potential problem, and they claimed to forward my concern to the proper department. I haven't heard from them since and the phone is still listed for sale. I also contacted Kphone's support site. After a few days, they replied back and stated that the file is meant for "international use" and it's a false positive. While the CSR could just be trying to cover up malicious activity, the fact that AVG seems to have removed the file from it's definition files seems to indicate a bit of truth behind their explanation. Even so, we do need a second opinion, which is why my friend put the file up here for further analysis.
It would be a shame too if the file is indeed malicious since the Kphone itself is rather great for the price. The performance and screen are great overall and it would actually make a good Android-based media player if you don't plan on using it as a phone.
Click to expand...
Click to collapse
And it's just as much of a disappointment when similar low-cost Android devices end up being tainted OOB, as what you mentioned on our forum some time ago, and when a friend of mine recalled a tablet belonging to a kid whose parent or relative is a friend of his, to which they had a rather hard time due to the sheer amount of popup ads being shoved up their throats, all thanks to the malware that's present in /system.
Mobile virus scanner apps are ****.
(Atleast most of them.)
I saw 360 security flaged share it.apk as a malware and deleted all my files.
So,I recommend u to get d help of a pc and run a anti-v test.
If it still shows as a malware then disable it from system.
For rooted user's, there's some easy solution like,
delete/freeze/denying permissions.
good luck
BatDroid said:
Mobile virus scanner apps are ****.
(Atleast most of them.)
I saw 360 security flaged share it.apk as a malware and deleted all my files.
So,I recommend u to get d help of a pc and run a anti-v test.
If it still shows as a malware then disable it from system.
For rooted user's, there's some easy solution like,
delete/freeze/denying permissions.
good luck
Click to expand...
Click to collapse
The desktop edition of Avast flagged the APK as malicious, so that's one red flag for me.
blakegriplingph said:
The desktop edition of Avast flagged the APK as malicious, so that's one red flag for me.
Click to expand...
Click to collapse
The mobile version of Avast seemed to just scan a handful of apps and did not detect the APK.
The only AV apps on my PC are Windows Defender and the PC version of Malwarebytes. Both don't flag the APK.
If one could take a look at the code and determine what it does, that could give us a better picture as to what the APK does. We did glance at some of the source code and found what appear to be various Chinese phone numbers and a server URL that seems to belong to the manufacturer of the Kphone K5, K-Touch. These can be red flags on their own, and if the rest of the APK code could be better analyzed, the meanings of these strings could be clearer.
wb8976 said:
The mobile version of Avast seemed to just scan a handful of apps and did not detect the APK.
The only AV apps on my PC are Windows Defender and the PC version of Malwarebytes. Both don't flag the APK.
If one could take a look at the code and determine what it does, that could give us a better picture as to what the APK does. We did glance at some of the source code and found what appear to be various Chinese phone numbers and a server URL that seems to belong to the manufacturer of the Kphone K5, K-Touch. These can be red flags on their own, and if the rest of the APK code could be better analyzed, the meanings of these strings could be clearer.
Click to expand...
Click to collapse
I could barely understand what the code does apart from a few functions, but it's still perturbing given the malware my friends and I encountered with no-name tabs previously.