android-security

问题 I am using Cordova 5.1.1. I want to call network URL from CordovaWebview in android. My Android OS version is 4.4.2. Here is my code from Android Side. Android content_main.xml file:- <RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" xmlns:app="http://schemas.android.com/apk/res-auto" android:layout_width="match_parent" android:layout_height="match_parent" android:paddingLeft="@dimen/activity_horizontal_margin" android

问题 From one year, I have been working over IOT product and the application attached was working fine. Now I am not able to accept call programmatically in higher versions of android. Feature is very important to product. Any help is highly appreciated. Before security patch update November 2016 , Runtime.getRunTime.exec("Command") was working fine to accept call programmatically. Runtime.getRuntime().exec("input keyevent " +Integer.toString(KeyEvent.KEYCODE_HEADSETHOOK)); How to make it possible

问题 We are developing live streaming video application. So we need to give secure for Audio & Video content. What I am tried I am able to restrict screenshots & video content with help of following code activity.getWindow().setFlags(WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.FLAG_SECURE); But I can't restrict audio recording through other apps. How to restrict the audio recording by other apps? 回答1: I've never heard of such official tools in Android that would simplify

问题 I need to tell if my keys created are in the hardware backed AndroidKeyStore(TEE or SE) or the software backed implementation. I understand that for api < 23 I should be using KeyChain.isBoundKeyAlgorithm(algorithm) and for api >= 23 I should use keyInfo.isInsideSecureHardware . However, I have a Nexus 6, Android 7.1.1 api level 25. I created a keypair in AndroidKeyStore and when I call keyInfo.isInsideSecureHardware , it returns false but when i try calling KeyChain.isBoundKeyAlgorithm

问题 It is known to all that to block an Activity/Fragment we can use: window.setFlag(WindowManager.LayoutManager.FLAG_SECURE, WindowManager.LayoutManager.FLAG_SECURE) But this flag blocks the View from Activity. If you have one bootomNav with 3 Fragments and needs to block just the tab 1. In the moment setFlag is bloked all Fragments. There is any FLAG_XXXXX for unblock the screenshot? 来源： https://stackoverflow.com/questions/59036381/block-and-unblock-screenshot-of-some-fragment

问题 I am using Dexguard in my app and I want to obfuscate a class which extends Activity class, I get to know that it is hard because it is referenced in Manifest file. My question is: is there any way to obfuscate a class which it is referenced in Manifest file? 回答1: Wherever possible, DexGuard obfuscates the names of classes, fields, methods, resources, resource files, asset files, and native libraries, and it adapts their occurrences in the code, the manifest, and other resources. More

问题 I am trying to get phone number from my device programmatically. I am trying with the following code: TelephonyManager tMgr = (TelephonyManager) getApplicationContext().getSystemService(Context.TELEPHONY_SERVICE); mPhoneNumber = tMgr.getLine1Number(); I have declared the below permissions in manifest file: <uses-permission android:name="android.permission.INTERNET" /> <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> <uses-permission android:name="android.permission

问题 I've received this email after publishing my app on playstore: Hello Google Play Developer, We reviewed [MyAppName], with package name com.example.myappname, and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user information or damage a user’s device, and may be considered to be in violation of our Malicious Behavior policy. Below is the list of issues and the corresponding APK versions that were detected in your

问题 I just received the following email from Google Play 'Hello Google Play Developer, We detected that your app(s) listed at the end of this email are invoking the in-app billing service without setting a target package for the intent. This can enable a malicious package to bypass the Play store billing system and access items that have not been purchased. Next Steps If you are using IabHelper, please start using the latest SDK. If you are manually invoking the in-app billing service, make sure

问题 Does Android WebView support HSTS? 回答1: Yes, second this website: http://caniuse.com/#search=hsts since android 4.4 Main changes: Certificate pinning Trusted CA's Add CA's to debug Limit CA's Add CA's hierarchy... But the most important thing will be enabled on the new android N in an res/xml/network_security_config.xml like this: https://koz.io/network-security-policy-configuration-for-android-apps/ <domain-config hstsEnforced=[True|False] cleartextTrafficPermitted=[True|False]> <domain