[APPLICATION SECURITY] Lock down on application on specific device? - Android Software/Hacking General [Developers Only]

Is there any way to lock down an application to a few handpicked devices and make the application just run on those devices? Without the user being able to share or extract the .apk file? I have full access to the so permissions will not be a concern and they all have SIM cards in them (5 devices). I'm developing the application myself but I don't know if there is a way that I can do that. Is there another software that might help with that? If there is a way then what happens if the user roots the phone? If I base installation on IMEI will they be able to change it?

Related

[Q] android App path

I have installed an Android Application which was developed by the friend of mine. It had installed on my Android phone (HTC G2, with Android 2.2). I need to locate the application forlders, and especially SQLite database which was created along with the application, because I need to copy it to my PC. I did seach on SD card but I did not found it, so I assume it must be on the device RAM, but I really don't know the structure and how the apps are organized. I might suspect the SQLites data filename, but that all I know at the moment.
Can somebody pint me to some utility which will allow to find the database, and the application path, and most of all to copy it to the PC ???
Thanks - Arthur
The database and any other "data" used by the app will be located in /data/data/ then inside a directory that corresponds to the app's package name. If we use the Kindle app as an example, the path to it's data would be: /data/data/com.amazon.kindle
unfortunately I checked this foldeor on RAM as well as SD and couldn't find it. device /data folder is empty, and SD gas some other stuff bot not this App.
aklisiewicz said:
unfortunately I checked this foldeor on RAM as well as SD and couldn't find it. device /data folder is empty, and SD gas some other stuff bot not this App.
Click to expand...
Click to collapse
I should have also said, you need to be rooted in order to see the contents of the /data directory. Without root access, it will be shown as empty because you do not have permission to view or modify. If your phone is rooted, you can use Root Explorer, Terminal Emulator, or adb to access /data and copy, modify, create, or delete files there.
Thank you for your time. That would explain why I do not see it.
OK, I have HTC G2 from T-Mobile, I think it has Android 2.2
Nothing was changed or updated on this phone since I bough it last fall. I'm not with T-Mobile anymore so I do not wat to mess up with the phone unless I'm really sure what am I doing. The only nice thing is that the phone is unlocked now. The reason I ask those questions is because I am working on some tool, which is a desktop program wchich supposed to sync SQLite data from device to the PC.
What I want to do is to connect the device through USB cable, then have it mapped is it normally does (i.e. drive H. Then access the SQLite file from the desktop application by opening the database through that link and syncing the records. Not sure but I hope this approach would work. If it cannot work that way then eventually I want to copy the SQLite dB file to the PC sync database and then copy it back to the device. I already have a desktop App which work on SQLite localy so now I want to access the device, having the same dB file residing on my android phone instead on my local HD.
What could be the reason that the installed APP doesn't want to move to SD ???
I would appreciate any suggestions...
What is required to root the phone? I've herd there are some risks. Besides I probably have to find some other solutions as none of the App users would want to root their devices (or have a knowledge how to do it).
aklisiewicz said:
Thank you for your time. That would explain why I do not see it.
OK, I have HTC G2 from T-Mobile, I think it has Android 2.2
Nothing was changed or updated on this phone since I bough it last fall. I'm not with T-Mobile anymore so I do not wat to mess up with the phone unless I'm really sure what am I doing. The only nice thing is that the phone is unlocked now. The reason I ask those questions is because I am working on some tool, which is a desktop program wchich supposed to sync SQLite data from device to the PC.
What I want to do is to connect the device through USB cable, then have it mapped is it normally does (i.e. drive H. Then access the SQLite file from the desktop application by opening the database through that link and syncing the records. Not sure but I hope this approach would work. If it cannot work that way then eventually I want to copy the SQLite dB file to the PC sync database and then copy it back to the device. I already have a desktop App which work on SQLite localy so now I want to access the device, having the same dB file residing on my android phone instead on my local HD.
What could be the reason that the installed APP doesn't want to move to SD ???
I would appreciate any suggestions...
What is required to root the phone? I've herd there are some risks. Besides I probably have to find some other solutions as none of the App users would want to root their devices (or have a knowledge how to do it).
Click to expand...
Click to collapse
Took me a bit to get back to you but figure better late than never...
Here is a good FAQ on rooting among other things specific to the G2(the US variant of the Desire Z). In order to root your G2, this guide looks to be good as he's simplified and automated a good bit of the process, should be safe, and seems to work. You'll need to install the two apps he mentions in step 1 and download the zip file he mentions in step 2 which is attached at the bottom of the post then just follow the instructions.
As for the database stuff, if you end up needing to access the /data directory you'll have to be rooted. Also, moving the app to the sdcard won't really help you with having access to the app's files. Froyo built-in App2SD just moves the apk file to a hidden directory on /sdcard (.android_secure) but the app data, cache and all that stuff will still be on internal memory. But to answer why the app won't move to the sd card, I'm guessing it's because the app itself must allow for it to be moved since by default, an app doesn't have this enabled unless the app dev gives it that ability.
To communicate with the phone, even with root access, you'll probably have to do so through adb commands or use an adb shell to be able to run shell commands on the phone. This would require adb be set up on the user's computer. If you want to play around with adb, there's a nice guide called ADB for Noobs that goes through setting it up and starting out using it. I can't say I've really done anything with SQLite databases on Android and certainly not then syncing it to a computer so I could be off-base or overlooking a workaround.
Thank you for your valuable information. You guys are really great help, and I appreciate your time. I will study the links provided.
In the meantime my main concern is to access SQLite database, as I need to get to the records, or at least be able to copy it back and forth between device an PC. I guess the database file would be something like MyDatabase.db , but I have no cule how to find it and copy it. As you have said it might be in some system protected directory. The main issue is that I will ne a solution which would work on every standard device (no the rooted one), so I need something very easy for the user to setup and follow. I have seen a utility that allow to manipulate SQLite records directly on device, but again thsi tools requires to root the phone (which I'm reluctant to do) because ot the above reasons. If you could help my to resove this I would be very graceful!
Arthur
aklisiewicz said:
Thank you for your valuable information. You guys are really great help, and I appreciate your time. I will study the links provided.
In the meantime my main concern is to access SQLite database, as I need to get to the records, or at least be able to copy it back and forth between device an PC. I guess the database file would be something like MyDatabase.db , but I have no cule how to find it and copy it. As you have said it might be in some system protected directory. The main issue is that I will ne a solution which would work on every standard device (no the rooted one), so I need something very easy for the user to setup and follow. I have seen a utility that allow to manipulate SQLite records directly on device, but again thsi tools requires to root the phone (which I'm reluctant to do) because ot the above reasons. If you could help my to resove this I would be very graceful!
Arthur
Click to expand...
Click to collapse
Unless there is some trick I don't know about you are going to have to be rooted to get access to the database. I found a couple links discussing this: here and here. The second link does mention that the app with the database you want to access could be written to store the database on the sdcard where it would then be accessible but that would be unsecure since anything could read/modify it there.
Thanks, looks like I have to do more research on my own. It is hard to believe for me that Google would not allow to access the same database from different Apps. I've seen there is a Java class ContentProvider which seems to allow that, so I will study this, perhaps it will help. Thank for you help.
Arthur

[Q] Custom ROM?

Is there a FULL unlock for WP7 2nd gen devices? I just got the Focus S and LOVE IT! But I kind of miss some of the freedom of android. I used WindowsBreak to interop unlock it, but I want to install a custom ROM on it so I can have access to DH Marketplace and such... If anyone has any info that'd be great
Many, although not all, of the benefits of full-unlock are already available by using WP7 Root Tools. For example, I can use DS Marketplace, Bazaar, install XAP files from IE or email, and access the full filesystem and registry.
Yeah but most apps from alternative markets usually don't work because they require a higher level of privileges. So for total control like themes and such you'd need a full unlock right?
Nope! After you install the app that needs elevated permissions, go into root tools, swipe to the long list of apps, and push the slider next to the app you want to give rights to. If you don't already have root tools/bazaar, download them to your PC (xap files, that is) and use the package deployment tool to get them on your device.
You can find that easily by hitting start and typing deployment in the windows start menu.
I don't think you understand what I'm talking about, I'm referring to things such as opera mobile and the likes. Those need an unlocked ROM
Opera wasn't mentioned specifically. Every app I've tried off of bazaar has worked so far on my quantum. Sorry I couldn't be of more help!
So far as I know, Opera and BT File Transfer are the only homebrew apps published for WP7 right now that need more unlock than WP7 Root Tools can provide.

[Q] Custom Device driver / KernelLibrary

Good day,
I am new to the forum so please forgive me if this is not the right place to ask.
I have been reading through some of the threads on the forum and is curious to know if there is a way to load custom kernel libraries or device drivers onto the phone.
If there is a way, is there a correct procedure? For example to load a custom device driver / kernel library, do I also have to have an entry in the registry? Does the dll file have to be in /Windows?
Thanks in advance.
Good questions. There's been only a little research on this so far. I can tell you waht I've found, though:
For a stock ROM, nobody has managed it yet, but it might be possible. You'll need to have your DLL signed, and the certificate added to the Code Integrity store on the phone (just mailing yourself the .cer is insufficient! That will put it in the wrong store). You'll probalby want the DLL to be in \Windows, although I'm not sure it's needed. You almost certainly will need to add registry entries; the current drivers seem to have them.
Good day,
thanks for your reply. And thanks for all the good research you have done.
So at the moment, the software approach is not working but for custom roms, is it possible to include custom device drivers / kernel libraries in them?
Thank you.
mousefish321 said:
Good day,
thanks for your reply. And thanks for all the good research you have done.
So at the moment, the software approach is not working but for custom roms, is it possible to include custom device drivers / kernel libraries in them?
Thank you.
Click to expand...
Click to collapse
Well, it's possible. The HD2 Multitouch driver is an example that its somehow possible. Should be the same for the other devices (espacially HTC first gens)...
But don't know what you're getting at? Why would you need a custom driver?
Good day,
well, I just think that having a driver that acts like HTCUtility would make things convenient.
As for file operations, besides the application that Heathcliff has created (WP7RootTool), are there other applications that can do write operations to the /Windows folder?
What are the things that needs to be done before we can write to that folder?
Thank you.
Any app with Elevated or TCB privileges can write to \Windows, I think. Using HtcRoot project or WP7 Root Tools works (both elevate apps to TCB permissions, though using different methods). Also, using an OEM driver, such as HtcProvisionDrv or HtcFileUtility, works (although those two particular drivers were crippled in the 4.x firmware).
Good day,
thanks for the information. I tried the HtcRoot tool and it works. Thanks for the tool and the source that allows me to know how it works.
Can I assume that I would be able to have write access to the Certificate and Code Integrity store also?
I am also curious as to the workings of HTCFileUtility. A quick search on this turns up little information on its workings.
Furthermore, is there a guide to inserting custom certificates to the root Certificate and Code Integrity store? I have tried downloading the Certificates.zip file in http://forum.xda-developers.com/showthread.php?t=1236027 and test rom files in http://forum.xda-developers.com/showthread.php?t=1248799 hoping that they will shed some light but is unable to download them.
Any help is appreciated. Thank you.
Yes, installing your own cert into Code Integrity is possible (in several ways, actually, but I did it using HtcRoot just as an exercise). The certificates are actually stored in the registry, so any tool that can write to HKLM can add them. I believe that WP7 Root Tools will also let you choose the store for adding a certificate if you "open" the cert from the Root Tools filebrowser.
Although I don't know exactly how HtcFileUtility works, here's the basics. It's a software driver that exposes an interface - probably an IOCTL - which apps can use to perform filesystem operations. Since it runs with TCB permissions (it's probably kernel mode, though I haven't actually checked, but it's definitely in TCB) it can perform any operation that the filesystem supports. Of course, that doesn't mean that it exposes all those operations through the IOCTL... but it exposes enough of them for a pretty solid filebrowser implementation (that's how TouchXplorer and Advanced Explorer worked, although they used an OEM COM DLL that called into the driver rather than doing the IOCTL themselves).
The new version of it has very limited operations permitted; it will only list files in a few folders and so forth. It does still "work" within those limitations - Connection Setup, for example, uses it to check the folder that we use for interop-unlock on HTC - but it isn't useful for a general-purpose browser anymore.
It would be great to even figure out how to roll back the OEM drivers to earlier versions. For example, I've got WP7 Root Tools installed on my HD7, but I don't want to install HTC updates because they'll break my drivers such that if something ever goes wrong I won't be able to re-install Root Tools, or if a new hack is found (or developed; I'm working on some stuff with HtcRoot still) I won't be able to run it on my phone. Being able to use the advantages of the new firmware (Internet Sharing, compass in managed apps, hopefully an end to the damn music player freezing between songs...) while still having hackable OEM drivers would be reallllly nice...
Good day,
thanks for the information.
I noticed in the HTCRoot project thread where you mentioned that "It is not a true handle (no handle table, no handle data) but everything that checks for tokens also checks for this const value, and appears to pretty much skip all remaining permissions checks if it finds it".
Would you mind sharing some of the function names so that I could take a look at the code where the checking occurs?
Thanks.

Reverse Engineering Apk files

Hi,
I am looking out for in detail tutorial for reverse engineering Apk files in Windows XP
Reason 1 : I want to disable the code in the Apk that creates push notification ads.
One may say the easiest way is to uninstall the app, but if that was what I wanted to do I would have not posted this thread.
Am I doing wrong,I don't think so as even Google supports stopping the notifications as it has given facility to disable notifications for individual apps in JellyBean.Also if the developer had previously mentioned clearly about push ads,maybe I would have neither installed nor liked the app.
I am not against the developer earning revenue, but in the way it is earned,irritatingly.
Reason 2 : I want to disable the code in the Apk that makes it run as a service in the startup of the phone.
Not all apps that run as service are required by the user to run in background consuming battery and most important valuable RAM memory.
Guidance appreciated.I am not an expert in programming can say a NOOB !!
this tool will help you to disassemble and assemble apk file
User kodex009 I have downloaded the file and extracted it but how to use it.Where do i place the apk file to disassemble?

Unsolved tech...

Hello guys,
I have been searching for answers to some of the tech stuff, but couldn't find them.
Here are some of those questions. Hope some of you would have answers to these. Thanks in advance!
ANDROID
1. How to share files between multi-users on Android 11?
Before Android 11, it was possible to save files inside the Android/ obb folder, and these files were visible for all users on the device. In Android 11, this is no longer working as the 'obb' folder appears to be exclusive to each user.
I know this is possible via USB OTG or a cloud service, but is there a solution without these?
2. How to copy/ backup game data for non-rooted devices?
Helium Backup doesn't seem to work. I have played a game for long on my Mediapad, and I would like to copy that game to my phone. Unfortunately, my Mediapad is not rooted and losing all that game progress has become a nightmare. I have written to the app developer to provide some sort of backup using either Google Play Games or social media integration like Facebook/ Twitter, but haven't received any response.
3. How to force apps (esp. file managers & gallery apps) to use in-app media viewer without changing system default.
For example, I may use the stock gallery app as default for viewing media. But if I am using another gallery app or a file manager that is capable of viewing media files using its own media viewer, I would rather want it use it than open the default app. Is there a way to do it?
4. Replace stock file manager (a system app) with another app from Google Play Store or other sources. Is this possible?
I am not asking how to convert a user app into system app. I know that part. I tried replacing the apk file of the stock file manager with a 3rd party apk, even renamed it, but it didn't work.
5. Extract a system app from one device and install it on another device without root. Is this possible?
I have tried it, but apk installation fails. For example, Samsung Gallery app on OnePlus phones.
iOS
1. How to install .ipa (iPhone app) on an iPhone (not jail-broken) without a laptop (iTunes)?
2. Is it possible to have SFTP server for iPhone?
All Operating Systems
1. How to provide LAN only access for non-rooted devices as well as in Windows & iOS?
For rooted devices, we have apps like AFWall+ that can do it. But is there a way to do it for devices without root, as well as for Windows and iOS?
For non-rooted devices, we have apps like Netguard that support 'Allow LAN access' whilst blocking internet access.
Are there any alternatives and solutions for other platforms?
2. How safe is it to enter login credentials in an app to allow it access to network drives?
I use several apps (on various platforms) to connect to my laptop over SMB. This requires me to provide the app with my Windows Login Credentials, which is a Microsoft account. Am I risking my account by providing this info to the app? Is it safe to enter login credentials of cloud services in file manager apps?
Just bumping this thread as it seems to have been lost/ unnoticed.
@Ultramanoid can you answer some of these?
Sridhar Ananthanarayanan said:
@Ultramanoid can you answer some of these?
Click to expand...
Click to collapse
Can't help much, sorry. As to Android, some notes :
1. Never have used an OEM / Google's version of Android, or anything other than rooted single-user systems.
2. In addition to the previous answer, I'm not a gamer.
3. I usually don't ever set defaults with some rare exceptions, so I am always given a choice of what I want to use to handle a file. It may vary depending on many things; I may want to edit an SVG file as text, or view it as an image, for instance. There are applications / services that will intercept intents to allow you to do this sort of thing as well, but I can't recommend a specific one, never use them myself.
4. Possible, but will break Android as by now the system requires it as a file picker in many instances without recognizing alternatives and developers of most applications do expect it as well and their services will not work without it. Don't do it. With recent Android storage changes, including the scoped storage debacle, this is not a viable option anymore.
5. Depends, but not likely as a general rule, specially for OEM garbage, which relies on their own proprietary modifications of Android, their libraries, frameworks, et al. You'd have to carry those over to the destination too, which may not even be possible. Use OEM-independent and not Google Services reliant applications. ( Edit : you'll find some of those applications built to install on all devices here on XDA by single developers, "SONY camera for all devices" and that sort of thing, not recommended anyway, not well supported or long-lived experiments. )
Ultramanoid said:
Can't help much, sorry. As to Android, some notes :
1. Never have used an OEM / Google's version of Android, or anything other than rooted single-user systems.
2. In addition to the previous answer, I'm not a gamer.
3. I usually don't ever set defaults with some rare exceptions, so I am always given a choice of what I want to use to handle a file. It may vary depending on many things; I may want to edit an SVG file as text, or view it as an image, for instance. There are applications / services that will intercept intents to allow you to do this sort of thing as well, but I can't recommend a specific one, never use them myself.
4. Possible, but will break Android as by now the system requires it as a file picker in many instances without recognizing alternatives and developers of most applications do expect it as well and their services will not work without it. Don't do it. With recent Android storage changes, including the scoped storage debacle, this is not a viable option anymore.
5. Depends, but not likely as a general rule, specially for OEM garbage, which relies on their own proprietary modifications of Android, their libraries, frameworks, et al. You'd have to carry those over to the destination too, which may not even be possible. Use OEM-independent and not Google Services reliant applications. ( Edit : you'll find some of those applications built to install on all devices here on XDA by single developers, "SONY camera for all devices" and that sort of thing, not recommended anyway, not well supported or long-lived experiments. )
Click to expand...
Click to collapse
Thanks very much. But I wish you answered the last 2 questions as well.
If time permits, would you be interested in telling us how you use your phone? I mean which device, which OS and what apps you use. I would like to give that a try (on a spare device) and see if it is possible for me to live without Google.
Sridhar Ananthanarayanan said:
Thanks very much. But I wish you answered the last 2 questions as well.
If time permits, would you be interested in telling us how you use your phone? I mean which device, which OS and what apps you use. I would like to give that a try (on a spare device) and see if it is possible for me to live without Google.
Click to expand...
Click to collapse
Didn't answer because it won't be helpful.
As to the 1st, I don't use LAN, and I don't keep data in any device or computer unless in use. External independent encrypted storage to be used wherever, whenever, independent of device, cables if needed.
As to the second, it's a matter of common sense, being informed of vulnerabilities and aware of reputation, and trust. Would you trust Chrome or Mozilla with data if you're online banking ? Seems reasonable -- but be aware of major vulnerabilities that may be going on. Would you trust an application released yesterday by a single developer for the same ? Probably not a good idea.
Finally, I doubt what I use and how I use it would be acceptable for you, or most people. In essence you could : Install latest firmware, wipe device, install latest security patched Lineage build for it, remove vendor / Lineage applications, get full root, remove anything you don't need or use which could have vulnerabilities; frameworks, libraries, binaries, etc ( Bluetooth, SMS, Android system-wide downloader, system-wide WebView, NFC, and on and on .. ), install your own binaries, fonts, hosts file, and applications where appropriate ( /bin /etc et al ), install Termux and all Linux packages required for your use, everything open source whenever possible, and stay away from any Google services / Play / applications with ANY trackers, analytics, data mining or even crash report capabilities; zero tolerance. Internet permission only for a secure web browser -- and terminal if / when needed. Half of what I do or use goes through terminal to be honest. In short, for me an Android device is a full Linux laptop replacement with added perks : Always on and on me, camera, GPS, pedometer, unlimited LTE data, and emergency calls for medics / police. ( Edit : And Japanese EEW alarm of course ! Only notification I use. We learned our lesson well in 2011. )
You can use ApkExport to extract any apk including system apks. I've transferred apks between other devices devices with it.
Never had need of doing that though with a system apk.

Categories

Resources