[Q] [Help] Writing my Own App - Android Q&A, Help & Troubleshooting

I am planning to create an Android application which will neither have a launcher icon nor application UI. in short it will be a stealth app.
It will run in backgroungd and will perform its task automatically.
No user interaction required. just install it and forget it.
Basically it will collect some logs from a pre-defined directory and will send it via email to a pre-defined email address, without user knowing any thing All this should happen once a day as a pure background prcess.
Can anybody help me as this is going to be my very first Android application and I dont know anything about Android application programming.

Related

[Q] MySQL push notification to Android, How?

Hi, I wanted to develop a system where it has values in MySQL and it will update always. What I want to achieve is when the value fall below certain value, a push notification will send to the android apps. May I know how this can be done? How is the concept like? I know that the push notification can be done by Android Cloud to Device Messaging, how about the MySQL to Android Cloud to Device Messaging?? thx in advance!
well mysql is just databasing...it can not send out information as much as it cant process it. What is updating mysql? W/e that is will be what you need to send out your push messages. As for that there are a few options. mqtt, c2dm(xmpp) or w/e u want really.
actually I want to develop a simple inventory control system desktop app using vb for personal use and it can update the value of the database. When the stock number goes below for example below 20, I want a push notification send to my Android app.. so which part of the system should send the message to the C2DM?

[Q] Background Service Security

Hi all,
Check out this scenerio and let me know your thoughts.
You know that app.apk is installed as a background service. Via looking into the manifest file you know all the intent filters they are using and all the permissions they are utilizing.
If you want to eavesdrop and intercept the message traffic app.apk generates as it is listening and sending information to its remote server, is that possible? In what ways would go about doing that?
I would think this should be possible via intent filters and Xlistener methods.
Extra info:
The manifest declares the following permissions:
Internet, read phone state, wake lock, receive boot completed, acce fine location, access coarse location, access wifi state, receive sms, read sms, send sms, read contacts, disable keygaurd, persistant activity, vibrate, get tasks, kill background process, restart packages, write settings, call phone, modify audio settings, process outgoing calls.
All of those permissions have an associated intent filter. All of the data is stored in shared preference.
I know that's a scary list of permissions..I'm looking into the possible security flaws of this app in order to make it safer.
Thanks

Self hosted SMS synchronization/sending server?

Hi all,
There are a lot of apps out there like MightyText, AirDroid, or DesktopSMS that allow you to send SMS messages from your PC. The problem with these services is that all the TOSs show that messages could be saved on their server. They also give pretty universal permission control to the application. While I'm sure these apps are "safe," I'm looking for a self-hosted solution, where I can host a website that my SMS/MMS content is synchronized to, and allows me to send SMS/MMS from the web browser (or companion app).
Is there something out there that does this? If not, I'm going to look into developing it myself.
Thanks!
Platform
I'm a developer and I had to create something for one project of mine and in time it became a whole project by himself.
I've created a self-hosted SMS marketing platform that it's integrated with more than 150 SMS providers you can bring your own device if you require it.
Have a look at selfhostedsms.com

[Q] Help making Android App with MySQL DB (or other DB if you have suggestions)

Hi.
I am new to Android and am looking to solve a problem.
I want to create an Android app that has a login and that you can send messages back and forth with the people who use that app. Similar to the Facebook Messenger App. Also similar to Facebook, I want to users to be able to log in via a web-app in their browsers and view/exchange messages.
My idea was MySQL as the database that stores all of this information. The website will then be made with a PHP framework to access that MySQL data and similarly, I was thinking the Android App would read/write to that same MySQL Database.
I already proto-typed this and was able to create an android app that posts data to a process.php file I have sitting on a web server which then queries the MySQL database, and returns a JSON object back to the Android App for consumption. I followed this guide from Stack Overflow to accomplish this and it worked good. I also searched these forums and found this: http://forum.xda-developers.com/showthread.php?t=2325799 which seems to sort of do things the same way.
My question is:
1) Is this the right way to do things for an app I want to scale to 10,000 users? I want to ask the more experienced developers if this is how they would go about creating such an app. Is there a better way besides what I described? I am a noobie so this was the best way I could come up with from searching the internet.
Much Love,
MicroR

Need to lock Genymotion SaaS appliance to run only 1 app in restricted user by default and prevent install 3rd party apps and access to settings

I need to run an app in Genymotion that is used for data entry and upload of the entered data into 3rd party sites. The logins to 3rd party sites are stored in this application (probably encrypted). The application will store multiple logins for my different customers of who need to have the data uploaded into the 3rd party sites. The data into the app will then be entered by other people to whom I outsource the data entry.
So I created Genymotion appliance, installed the app and in this application I entered logins for sites such as ebay. I am looking for suggestions on what can I do to secure the appliance to prevent the data being copied out from it.
I want to prevent the person to whom I outsource data entry to be able to install and load 3rd party other apps, modify system settings, install other apps, copy the system directory, copy the login and password information saved by the application.
Let's assume the worst possible case here when application is well written but the passwords mentioned above (for the ecommerce sites like ebay) is saved in plain text in this application in the internal application directory. What I know about the application is it doesn't support access to SD Card, only can read and write data to the internal memory.
What can I do in Gennymotion to improve the security of my appliance. Genymotion virtual machines are rooted. So I looked at following suggestions:
1. Setup restricted user on Android
2. Set restriction for the restricted user to only be able to use the one application. Disable anything else (including disabled browser, email, youtube etc..)
3. Try to get the restricted user loading on boot of Android. When Android restarts, however, it doesn't allow choice to login into the restricted user or the admin user, sort of like a Windows or MacOS login menu. To get the appliance to always start with restricted user by default, I need to add a script and the scripted will need to start using Tasker or MacroDroid.
However, how do I prevent the user from installing 3rd party apps? Is it good enough to disable all user apps (except that one used for data entry) from the restricted user? Is there any other way the user could abuse the access to the virtual appliance and load something there? Are there any system android apps I need to disable for the restricted user to prevent the user to be able to do anything bad with it?
The application used for data entry can not download any application or data, however, I believe it does use the webview because it loads sites like ebay and fills the forms on those sites. It only interacts with select websites only like Ebay to enter data into Ebay forms..
Is there anything I can do to secure Genymotion appliance any other than what I already mentioned. I would like to send the link to the Genymotion SaaS Android to people who will do data entry for me into Ebay and other sites. So I need to make sure the virtual appliance is secured as much as possible from tinkering with it. I need to make sure somebody doesn't get hand on the stored login details.
Just to clarify for the login credentials:
I am not sure how the user credentials are stored and I will find it out, however, for now, I go from the worst case scenario when the credentials are stored in plain text in the app settings. The user name and password is stored in the application with exception for Ebay because the many other sites do not have API key or any webservices interface, so the application would access those sites simply via a webview, and when it goes to login there it will do that by filling in the login information on the login form (simulates keystrokes). The user name and password is entered into the login form for the site. That's why the login info is stored in the application itself.
This question is not about how to secure the specific application I will be using, but how to secure the actual whole Android appliance from tinkering with.
I am aware I will the risks here, just want to do as much due diligence as I can.
Sources for Genymotion restricted user..
How to set restricted user as default user on reboot?
We would like to have an already added restricted user account be the default when we restart our Samsung SM-T580 tablets. At current we have 2 accounts installed, Admin and User The User is a use...
android.stackexchange.com
Root access - Device image User Guide
docs.genymotion.com
Done some digging so this cannot be done. Neither Genymobile or Appetize or other online Android emulators can offer fine-tuning in terms of user access. The closest is Genymobile because at least allows adding and removing access of users to individual appliances. That is however not resolving the issue with Android and in particular rooted Android, since all online emulators run rooted Android and I am not sure how that is secured against potentially malicious actors who receive access link.
The only easy way to solve it, kind of in a mickey-mousy way is to install Kiosk mode application. That kiosk app will run at every boot and it only shows the specific application. There is always risk of course the malicious user would do something to crash the application and the Kiosk app, but if the application is not a web browser or email client or similar it should be relatively safe.
There are plenty of Kiosk mode apps for Android but none of them is free (don't try to look, no chance to find one), the cheapest cost about 7 USD one-time purchase, the more expensive ones cost 20 per month per device or more and come with remote control etc... Not cheap but kiosk mode apps are almost exlusively used by businesses so that's why there is lack of free apps.
Anyhow I believe this is the closest as I could get to deal with this.

Categories

Resources