Hey guys, I have a big question to ask.
Would really appreciate creative answers for this.
Let's say today, I own a telco. As a telco, I have access to a certain amount of data. However, I want more data. As people tend to use tons of apps on a daily basis, I am missing out on a bunch of data by not being able to track how much time a user spends on that particular app.
My question is:
Is there a way for me, as a telco, to track the usage time of an app I do not own? Example, tracking how many of my subscribers are playing Minecraft and how long they play Minecraft for. Would it be able for us to inject code into the APK that helps telcos track how long the app is being used?
No, attempting to inject code would equate to hacking an app. Provided apps are downloaded from "safe" sources, they should not be modified by anyone except the developer.
Am internet provider does have access to any IP you connect to. In that way an inference can be made.
Related
Hi all,
Sorry if this is a duplicate but I already searched for an answer and couldn't find one. I am working on an Android app that I wish to distribute as trialware and I am seeking info on best practices.
First of all, what is the best way to make sure that users cannot get the free trial again by reinstalling? This is critical, of course.
Next, how do I manage the expectations of my users who think they are downloading a totally free app? Is there a better way than just shouting it in the app description?
Any other advice, links or suggestions on this topic are much appreciated!
Thanks in advance,
Barry
Hi!
The only way to prevent reseting the trial period with reinstalling is to create a server and validate the device only by some of its hardware IDs.
Alternatively You can use an online service like https://trialvalidator.com.
Robert
Just keep in mind that server validation isnt bullet proof.
Users can use a simple firewall like Droidwall to block incoming/outgoing communications or both for individual or all apps.
There's LBE or Pdroid which can prevent apps from obtaining uniquely identifiable information and also change it so that each time your app requests the ID it gets a different random ID.
Then there are "code patchers" like LuckyPatcher and others which can patch the server validation within the app and bypass it.
You might get lucky and be releasing an app whose target market isn't a particularly tech savvy audience, but personally I run a very tight ship on my phone, and will not install any apps without locking them down completely.
This includes free and purchased apps.
Even my system apps are screened and only allowed to access the bare minimum on my phone to retain their functionality.
Have you looked into having crippled/free and full/paid versions of your app? Or a crippled app that has an in app purchase option to upgrade to full funtionality?
Another option would be an always on internet requirement, but unless its a really great MMO game, users are not going to be too happy about that especially if, for example your app is a music player or shopping list or single player game.
Im not trying to disseminate methods to bypass validation, or dishearten your app protection efforts. This is just an FYI.
Introduction
I have not seen much talk about security in XDA, and not at all on Neo Section.
SO here's just one informative link talking about using and developing apps and security risks involved
http://www.technologyreview.com/computing/25921/?mod=related
Any bug in software could potentially be used as a security loophole to gain access to private information, spy on you, get your credit card info(should you do such things on phone).
What is kind of unsettling is that everyone seems fine with modding, tweaking, developing and using those ROMs made in XDA without worrying if there could be that kind of bug in your made or used ROM.
You don't need a malicious app only to have risks. Most people use Windows so they should know that it is OP systems bugs and vulnerabilities that allow for unwanted access to your files, data, etc.
Android itself is having very non-foolproof security system. All apps on unrooted phone are in sandbox. That's no security measure at all. It doesn't limit app from stealing your private info at all, it only cant delete the whole ROM. That's just idiotic security system, for it is the only thing beside encrypting shut off phone on 3.0 and 4.0. So that means Android on it's own has no security measures while it's working. Even Windows has... some... but not too much... so you could pay for antivirus and antispyware software ofc.
It has always been the goal of big corporations to make money from insecurity, be they software developers, arms dealers and you name it. They all benefit from insecurities existing. Same is with Google and it's Android. But the good news is that we the users can modify Android. We could all say "Au revoir security bugs and loopholes!" if we would care about developing ROMs designed to make Android more secure... alas that's not happening yet!
Overview of Linux/Android security issues.
It's a short condensed description just to get you interested in the topic. There's lots of material on net, you only need to search, read, watch videos.
Linux becomes more vulnerable with more applications with different permissions installed. Same is true for Android.
Say your Phone Exporer has root access, that means it has root access to whole Android. To remove unnecessary risks, this app's root access should be limited to only most necessary functions it needs to operate.
Currently for Android there is no such solution. For Linux there is Apparmor.
http://en.wikipedia.org/wiki/AppArmor
Total root access is obvious vulnerability, but it is at least known one. Let's look at possibility of apps having hidden permissions and what that could mean to you.
Blade Buddy from Market.
On market it does not list permission to "Unique Device ID"(IMEI for GSM and MEID; ESN for CDMA) for free nor for paid version.
That means the author of BB has left the code from free version in paid one. This permission is used by ads to track you. It's not necessary code for ads, but it helps the dev know who clicked on the add and generated him some money. To see your money generating zombie empire stretch across the whole globe.... quite a thrill, isn't it?
So it's a latent code, with no benefit to user and an exploit only calling to be abused.
Unique Device ID allows you to be tracked on net and also where you are physically. GPS is just one way to find you, police for example have scanners to locate your devices physical location by the IMEI code. You can count on the "bad guys" having this technology as well, for it's quite a tool for burglars and other criminals.
The risks of your home being marked as the next dungeon to be looted by some raiders, I mean criminals(or perhaps WoW players sleepwalking and sleepraiding?) or getting your ID and bank details stolen by trojan/hacker is random. Yet the threat would not exist without apps having so flagrant hidden permissions.
Next app with ludicrous permissions
Brightest Flashlight
It does list many permissions, among them "Hardware controls - take pictures and videos ". No, it does not need a permission to take photos through cameras to operate the flashlight. But it's fun nonetheless for the dev to see his trusty peasants, or maybe he just likes to observe people like some watch fish in aquarium or hamsters in cage( "Look at that dork!", "You're one ugly m...f...er","ummm a couple kissing in dark with ma flashlight, what are they searching?", "what's that you eat, mr Korean, brains?" "hey show me that document again.")
You don't even need to run the app yourself. It can be triggered by hacker on background and take a snapshot of you.
On top of this little needless permission it has following hidden permissions:
1. Unique IMSI, read about here http://en.wikipedia.org/wiki/IMSI
2. MCC+MNC (CDMA)
3. Unique Devide ID
4. Cell Tower Name.
That's a lot of needless permissions for flashlight, these are there just to track you the app user and have nothing to do with your comfortable use of the app.
These are just 2 apps with totally needless permissions for their intended functioning. If you don't want your Windows and Linux have such security holes then why do you want your Android have them?! You don't want, that's the point and these apps would not be so popular if people would really know and care about their phone being secure.
It can be stated for sure that above exemplified permissions not listed on market are more useful for pranksters, criminals or someone plainly looking-down-on-all-the-dumb-sheep and not at all for any legitimate, user or customer friendly purposes.
There are very few tools to check for security and privacy problems in apps. That gives a sense that majority of devs do not want Android to be secure and private, because Android is another revenue generating platform through Google ads business of course. Were people more educated about the matter then Google ads business would shrink down as well. A private and secure Android can't be tracked or annoyed with ads. No ads, no profit. No security therefore means profit. Unfortunately this lack of security can be exploited by anyone with criminal or malignant intentions so very easily.
The most important thing is to read the permissions before installing.
If you had read the article I linked. Those permissions don't matter anything really if stuff developers use doesn't reveal what it does, or developer itself doesn't disclose what the app does.
We can safely say that those permissions asked are just to make ordinary users of Android think that all is under their control.
I use Privacy Blocker app and it keeps finding app permissions that are not listed. Even that app doesn't find those permissions which Cyanogenmod permission manager shows. And I've sanitized all my apps, still I find my phone connecting to some odd servers while using certain paid and seemingly legit apps. I even found shapshots from front camera made by some app... and I am checking all permissions I can, even for those not listed.
What seems harmless but could reveal your IP address and potentially other data about you is... advertisements used by apps.
Ads can be far more than just a little annoyance that slows your device. Any file, picture loaded from some location in internet can be used to locate you.
I had a problem of getting phone call bills for calls lasting 10 to 20 secs that I never made after using a slew of market apps, flashlights, fun stuff, etc.
I paid two months for such calls trying to find out which app did it and still don't know which one it was. Skype(phone app has fake IP of Holland but actual connection goes to Moscow... oh come one what is this? Why such hiding? Like anyone would trust their phone's Skype connection stream through Moscow... no thank you! Then wonder still if the phone gets so slow and Skype call quality is so bad even over wifi while Windows Skype does just fine?), Brighest flashlight, some photo editors, and slew of other garbage I've already forgotten about cause I don't use any of it anymore.
First post updated
How about the new 4.3 update..in includes some security and privacy control..will this thing prevent you had mentioned?
Is there any way to reactivate this post? maybe start working on a security enhanced android ROM? I'm agree, Security does matter!
Have you ever wondered what the rainfall is and if you log your own records what other guys around you get?
This Idea came when I searched Playstore and found No hits, not one. This might be because no one on earth cares about amount of rainfall statistics, if that is the case then this thread can be regarded as web trash...
But I have an need for being able to log it on my phone and comparing stats with others
The idea of the app is that you upload your data as rain falls and other users do the same, not only will it be convenient and quick to use android for this but if uploaded to the web, others can access regional data and check different locations rainfall stats(map view maybe).
And the best of all is that once a few people constantly upload information it will escalate into an self sustaining application requiring minimal maintenance and updates.
How hard can it be to develop such an app and what skills will be required?
Hope you can share your thoughts on this topic, if it sound like an epic fail, speak your mind...
OK people
I’m pretty good with IT and the written word but have no coding experience whatsoever. I want to develop a phone App (both iPhone and Android).
The app will include Google mapping technology, Facebook check in capability, account sign up and message system to fellow subscribers and push notifications triggered by geographical location and in app advertising.
I know there are different web based services and software for App development. But I am totally overwhelmed over where to start and I’d rather not learn to code from scratch.
If anyone could point me in the direction of any required reading/research, web tutorials or lectures I would be most grateful. Or if there is software that would allow me to develop the app easily. I don’t really like to idea of signing up with an online service in case I want to move the app to a business model in the future.
Alternatively any affordable services that allow me to keep full control of the app even if I unsubscribe could work.
Thanks in advance
Rumski
This will be useful for you..
http://forum.xda-developers.com/showthread.php?t=1914819
Hi, not sure if this is the right forum to ask this question but is there any free remote control app for android that allows you to hide what you are doing on the device that is being remotely controlled (as well as the one controlling it) and doesn't need authorization every time you use it? I tried teamviewer, but the screen hiding feature is not available for android, while other apps that have this feature aren't free.
Also, I know it's unlikely but is there any app that easily allows you to turn an android device into a personal vpn/proxy server (by redirecting your traffic through it)?
techussr said:
Hi, not sure if this is the right forum to ask this question but is there any free remote control app for android that allows you to hide what you are doing on the device that is being remotely controlled (as well as the one controlling it) and doesn't need authorization every time you use it? I tried teamviewer, but the screen hiding feature is not available for android, while other apps that have this feature aren't free.
Also, I know it's unlikely but is there any app that easily allows you to turn an android device into a personal vpn/proxy server (by redirecting your traffic through it)?
Click to expand...
Click to collapse
Asking about a way to hide what you are doing while remotely controlling another device is very shady business. There is no reason to hide what you are doing unless you are trying to hack someone's device or invade their privacy without them knowing. We will not help you find a way to remotely connect to someone else's device without them knowing and we will not help you hide your activity on your device while making it look like your activity is being done from someone else's device by someone else.
Looking for ways to protect your personal privacy is understandable, but, looking for a way to be sneaky when remotely connecting to other devices is a completely different story and completely unnecessary if your purposes are legitimate.
Droidriven said:
Asking about a way to hide what you are doing while remotely controlling another device is very shady business. There is no reason to hide what you are doing unless you are trying to hack someone's device or invade their privacy without them knowing. We will not help you find a way to remotely connect to someone else's device without them knowing and we will not help you hide your activity on your device while making it look like your activity is being done from someone else's device by someone else.
Looking for ways to protect your personal privacy is understandable, but, looking for a way to be sneaky when remotely connecting to other devices is a completely different story and completely unnecessary if your purposes are legitimate.
Click to expand...
Click to collapse
Sorry, I think I might not have explained myself correctly.
I'm not trying to connect to someone's device without them knowing. I am currently in a different country from where I usually live (and will be for a while) and I need to access a website that is only accesible from that country (which is absolutely stupid, as me accessing that website wouldn't harm anyone in any way). The problem is that this website blocks every comercial VPN. So I read on the Internet that there are a few options that could bypass this, which are paying for a residential proxy (which is kinda expensive), making your own private VPN server in the country where the website is available (which looks quite complex for a person with mundane IT skills like me, but I'm still considering it) or using a remote control program like teamviewer (which seems to be the easiest option).
So I was thinking about asking a relative of mine who lives there if he has any old smartphone he doesn't use anymore so that I could use it to access the website I mentioned via remote control (which he probably does, because he buys new phones almost every year, but if he doesn't I may consider buying one)
The reason why I'm asking about a remote control app that hides the screen is because I just don't feel very comfortable with the idea of anyone in my relative's home (he lives with several people) being able to snoop on the phone whenever they want. It's just a matter of basic privacy.
Regarding why I'm looking for an app that doesn't require authorization every time I want to use it, the reason is basically because it would be a pain in the ass for both myself and my relative as I plan to visit the website relatively often.
It looks like I'm not going to get an answer anyway, but I hope this helps clarify things a bit.