How to automatically authorize a device for RSA Verification - Android Q&A, Help & Troubleshooting

As written in the title I would need a trick that prevents an Android device from requesting RSA authorization during the first use of ADB (which I use for remote connection via SCRCPY), and automatically give authorization to every devices.
I work in a company where we develop applications for companies, and for a project we used 30 Android mini-PCs that were installed in locations that are not easily accessible for maintenance, so I would need to access them remotely without requiring RSA authorization (precisely because reaching the mini PC to connect the mouse and accept the pop-up window would be really inconvenient).
If it can help the devices we use are already rooted.
Thanks in advance for the support.
Best regards,
Vasco.

if clicking a pop-up is inconvenient then so is this trick too...
https://forum.xda-developers.com/android/help/solved-adb-unauthorized-rsa-prompt-t3693961

CXZa said:
if clicking a pop-up is inconvenient then so is this trick too...
https://forum.xda-developers.com/android/help/solved-adb-unauthorized-rsa-prompt-t3693961
Click to expand...
Click to collapse
Thanks CXZa, yes also this solution would be a bit tricky.
The best solution would be a method applicable during development, something that can maybe bypass this control and allow an automatic authentication to any incoming connection and for any device.
Really I don't know if it's something possible in Android, maybe also with a third part application.

Related

[Q] Changing Input Method on Rooted Device

Hi!
In order to automatically switch to Wifi Keyboard as my current input method when plugging my phone (Atrix, Android 2.2.2) into my computer, I am looking to circumvent the security restrictions preventing that. Normally, applications are not given the permission to change input methods due to them being in control of the system, possibly with malicious intent.
Now, my phone is rooted, and root shall be your god, so this must be possible. To further complicate matters, I am trying to acieve this through Tasker (which does not know about root), as it already provides the several other tasks I want to achieve and can trigger them in any context imaginable. It is, however, able to run scripts - so if there is a way to do this by script, I'm set.
Google gave me a link to the developer.android.com reference to InputMethodManager (which I am not allowed to post here yet...), which says, among other things, the following:
The input method manager as expressed by this class is the central point of the system that manages interaction between all other parts. It is expressed as the client-side API here which exists in each application context and communicates with a global system service that manages the interaction across all processes.
An input method (IME) implements a particular interaction model allowing the user to generate text. The system binds to the current input method that is use, causing it to be created and run, and tells it when to hide and show its UI. Only one IME is running at a time.
Multiple client applications arbitrate with the input method manager for input focus and control over the state of the IME. Only one such client is ever active (working with the IME) at a time.
Click to expand...
Click to collapse
Only the system is allowed to directly access an IME's InputMethod interface, via the BIND_INPUT_METHOD permission. This is enforced in the system by not binding to an input method service that does not require this permission, so the system can guarantee no other untrusted clients are accessing the current input method outside of its control.
Click to expand...
Click to collapse
A client application can ask that the system let the user pick a new IME, but can not programmatically switch to one itself. This avoids malicious applications from switching the user to their own IME, which remains running when the user navigates away to another application. An IME, on the other hand, is allowed to programmatically switch the system to another IME, since it already has full control of user input.
Click to expand...
Click to collapse
The identification of the current IME is represented by this:
IBinder imeToken Supplies the identifying token given to an input method when it was started, which allows it to perform this operation on itself.
Click to expand...
Click to collapse
I take from this that I either have to
a) gimme that BIND_INPUT_METHOD permission,
b) remove that whole restriction at least temporarily,
c) impersonate being the currently active IME by taking the imeToken away or
d) tell the IME that it should switch to another one.
Unfortunately, my programming experience is limited to C (on microcontrollers...), Python and PHP, and I have no greater experience with fitting my scripts into lager-scale frameworks, only in small ones for personal or limited use. So, well, I have no idea how to achieve any of these goals.
Could someone tell me if what I want to do is even possible, and if so, how? I don't need the full code, if there is much to it, but rather some directions, altough I certainly would not mind it
Thanks a bunch for any advice in advance!
V
PS: I hope it is not rude for me to ask this in here, but well, it's kinda-sorta dev stuff, and neither Google nor the Forum search turned up anything even close to an answer.
Use "Secure Settings". It will allow you to switch keyboard input using Tasker. It also lets you turn gps on and off as well as some other things.
Sent from my MB860 using xda premium

[Q] Appropriate permissions request?

I would like to use an application to enable remote access to a security DVR from an Android phone. The app requires permission for "read phone status and identity".
That doesn't seem like an appropriate permission, since the application has nothing to do with the phone number or the phone operation. It would work equally well without any phone functionality.
I contacted the developers, and they say:
"The application makes that request to get though the firewall on the phone.
The program does not store or use that information.
If you manual set permissions in the firewall then the program will need the permission."
Does that make sense to anybody? Is there a "firewall" in Android that is somehow related to phone state and identity?
Before I call BS on this response, I wanted to check here with the experts just in case there is some obscure relationship.
Thanks!

Is there a way to get another device to access that url without having to type it man

Hello developers, best regards from Venezuela.
This question will be long because I am providing a lot of detail, so this question is as clear as possible.
Brief introduction.
I have created an app that runs on Android devices, this app allows you to share files between devices that are connected to the same WI-FI network. but with a different methodology to that used by apps that are intended to fulfill this same purpose.
On the device where my app is running (which we will named device one), a url similar to http://192.168.1.102:7898 is generated, and said url must be entered in a web browser installed on the device with which you want to share the files (which we will named device two).
The main purpose is to offer a way to share files between devices, using WI-FI. without the need for device two, my app has to be installed.
You can find more information in https://labs.xda-developers.com/store/app/com.tecnoelias.ipfiles
...
So far everything works fine. But, it is annoying that every time someone wants to share files using my app, on device two, they have to enter the url described above. keeping in mind that said url will change as the WI-FI router decides, and therefore, you should not use shortcuts to the url (bookmarks or navigation history).
Having said all this, the following question arises.
Is there a way to get device two to access that url without having to type it manually by the user?
To accomplish this, three ideas occurred to me.
1: Generate a QR code in the app. but this requires that on device two, an additional app is installed that can read QR codes. which violates my purpose.
2: Implement in the app, a mechanism that allows you to find other devices that my app is working on, and in this way, interact with those devices (through my app, similar to how other file transfer apps do). This is a good idea, but it nevertheless requires that my app be installed on both devices.
3: My third idea and the one I would like to implement is the following:
On device one, it will open my app and then activate it.
When the app is activated, the app will search for other devices that are connected to the same WI-FI network, until it finds device two.
If successful, a SOMEWHAT will be sent programmatically to the device two, that SOMEWHAT can be, a message, a bit, a data packet, or anything else that helps to realize this idea .
After device two receives that SOMEWHAT, it will show a notification or a pop-up window, which will allow access to the url generated in my app (on device one).
Consider two things. 1: Additional app MUST NOT be installed on device two. and 2: Because device two can be running any operating system, the SOMEWHAT will be a different mechanism for each operating system, (operating systems can be, Android, IOS, BlackBerry, Symbian, Windows Phone, Windows, Linux, Mac, among others).
If for example, device two, runs Android 10 (not rooted), and has the most common applications installed, which can be: WhatsApp, Facebook Messeinger, Google Play Services, other Google apps, and system applications.
My thought is that you should be able to use one of those apps, to receive the url, and after clicking on that url, the web browser will open, and then it will load the corresponding webpage (which in this case, is to access the files shared by device one, through my app).
Any idea?
You can give me your opinion, or you can just tell me that this can't be accomplished.
Any response or suggestion are appreciated.

How to find Info/Errs from an Android App Crash to steer toward App's bad Settings?

I'm a long time developer but brand new to Android, with my having past experience developing in Unix systems as well as a lot using Cygwin in Windows. I have a newly-installed App that seems popular called 'C Locker'. So far, I've just got the Free version because I'm trying it out to see if it does what I need. Unfortunately, it's now crashing with the Settings that I've enabled, and as a general developer, I'm interested in seeing if I can glean information from the Bugreport (or whatever else I can use...perhaps even gdb on the device itself?) to help me know what specific Settings might be the problem being that there are so many of them and I would prefer to gain some type of help from my phone in figuring out what the bad settings might be that I've enabled that are causing the problem rather than to spend all day flipping them around. I've already scanned through the Bugreport after uploading it to my computer, examining all of the references it makes in there to "com.ccs.lockscreen" with this apparently being the process name for the C-Locker program. I've seen indications in there where it indeed shows that it has crashed, but I couldn't yet discern if it is able to give me pointers as to what the cause of the crashes might have been. Is that possible to gain such information out of these Bugreport files? Or is there a way to run it directly in gdb on my device to perhaps see the stack at the time that it crashes, for which the names provided might help to discern what specifically it was trying but failing to do at the time? If it helps, as an intended future Android developer, I've already gotten Android SDK set up on my computer, although I haven't yet really used it much to speak of for anything. I also have adb working from my computer to the smartphone and even have rooted it using a rare method being that I have an older phone purchased years ago via Amazon that I didn't activate until about a month ago. (It's an LG G4 VS986 version 13B so I couldn't use the popular rooting method for version 11A but instead had to use the "Injection" method which took me FOREVER although I finally got it to work!) And just in case it helps perhaps even to bypass a direct answer to this question (although it will still of course be appreciated), my Settings within C Locker involve having set it to be a Device Admin and to bring it up as the first App upon Reboot as well as I've selected within the Root category to make it a System App as well as my then having Disabled ALL things that typically show on the screen (such as 9-1-1, camera, Etc). I had left it set to the default "Gesture" Unlock method, but whenever I bring up the App again and go into "Unlock Methods", it now immediately crashes each time (as well as upon Restarting the phone!). So this covers the majority of the most significant of the Settings that I've made on it so far to the best of my recollection. And I feel that if I could get some indications from the system as to what the specific errors may be when its crashing (or from a stack trace or whatever else), then it might help me to discern what specific Settings are creating the problem being that perhaps I just have an odd (rare) combination of Settings on it that I can tweak to get it working. My goal is to ultimately get a lockscreen App that I can use a Pattern type Unlock with that allows an UNLIMITED number of Failed Attempts (so that it won't ever Factory Reset my phone after the 10th or ANY number of failures!!!). I also--as mentioned above--don't want ANY shortcuts whatsoever being accessible BEFORE the phone is unlocked...not even 9-1-1. Anyway, so if there's a way to glean information from the Bugreport (or from whatever other methods available) to find the specific cause (involved errors) of this or any other App that's crashing that I do NOT have the source code for (being that I of course am not its developer) then it will be greatly appreciated to know how to best find this information. (And I promise that I've already searched extensively on Google but couldn't filter out its replies all being based on the idea that I'm the developer of the App that's crashing, with my even trying adding phrases such as "not my app" and "not the developer of" Etc to no avail...lol). Thanks.
By the way, if I shouldn't have combined the 'C Locker' Settings details into this post, then please just let me know because I'm new to posting here. Also, unfortunately, if I don't receive any help with this right away, then I'll be forced to start testing different Setting combinations anyway, which would then of course solve this problem but without knowing truly what exactly was causing the issue. Even if so, it will still be helpful in the long run with other potential App crashes to get the answer to this general question.
Unless not disabled by user, all runtime activities in Android are logged, so app crashes and their reason also. You can view this log by means of Android's logcat command-line tool or by means of a LogCat Viewer app. My POV: logcat is essential for determining what an app and the Android OS are doing while the app is running on a device.
BTW: Android's log can be filtered per package, too.
Thanks!
jwoegerbauer said:
Unless not disabled by user, all runtime activities in Android are logged, so app crashes and their reason also. You can view this log by means of Android's logcat command-line tool or by means of a LogCat Viewer app. My POV: logcat is essential for determining what an app and the Android OS are doing while the app is running on a device.
BTW: Android's log can be filtered per package, too.
Click to expand...
Click to collapse
Thank you, and since posting this, I've been learning more about Android Studio and have used it to actually see the stack trace within the "Android Monitor" pane there in order to find the instant reason why the/ANY (meaning 3rd party as well) App is crashing at the time! Thanks again for the help!

About Chrome OS security

Hello everyone.
It seems Chromebooks cannot setup a power-on password, like normal BIOS/UEFI do. So how can users prevent a hacker with physical access tempering with the system?
Let’s assume he don’t disassemble the computer, but there’s still many ways, right?
For example, he can boot via USB and change the unencrypted part(will it always triggering boot verify?)
Or, he can switch to developer mode and login as root or other hidden users. (Or does the system prevent those action without first login a normal user?)
And are there even more security holes one should pay attention to?
Thank you guys.

Categories

Resources