android-security

How to detect/identify if device Lock Screen setting is set to None?

﹥>﹥吖頭↗ 提交于 2019-12-08 23:01:38
I need to check before enabling my application if the device has no security defined on setting. Can't have set: Pattern, PIN, Password and even Swipe. Does anyone know a way to check if the lock screen setting is not enabled? Alternately, can we check which of the above lock screen settings is enabled? Thanks! You can use KeyguardManager - it's isSecureMethod() should return false in Your case. http://developer.android.com/reference/android/app/KeyguardManager.html 来源: https://stackoverflow.com/questions/37194314/how-to-detect-identify-if-device-lock-screen-setting-is-set-to-none

How are Android Instant apps started/loaded?

时间秒杀一切 提交于 2019-12-08 11:37:17
问题 I am trying to understand at a little bit lower level how Android Instant Applications work, as well as analyse a bit the security aspect. I know you create an app, it has its modules and activities, and you need to specify an URL entry-point for each feature module. Now, I have my application, I have my link, I browse to it. Two questions here: 1) How does Android, my browser, DNS, whatever parses that link, know that it's not a normally browsable internet link, but that it's actually an

Google Play warning: Your app contains a Cross-App Scripting Vulnerability

社会主义新天地 提交于 2019-12-08 07:10:55
问题 Good day all, I got a email from google play regarding Cross-App Scripting Vulnerability in one or more my published apps. I am using WebView in my apps, so they says my app contains webView Cross-App Scripting issue which can allow malicious apps to steal user cookies and other data . And They give what action I am going to take, that is Action required Please follow the steps below to fix the issue with your apps (listed at the end of this email). You can refer to the notice in your Play

In Android, JavaScript Interface Injection Vulnerability

大憨熊 提交于 2019-12-08 03:35:00
问题 My application received [Remediation for JavaScript Interface Injection Vulnerability] from Google PlayStore. Webview control via javascript interface in non-https webpage. This is my solution. It is correct for this issue? or how to modify? public boolean shouldOverrideUrlLoading(WebView view, WebResourceRequest request) { if(request.getUrl().getHost().equals("mydomain.com")) { view.addJavascriptInterface(new MyJavaScriptInterface(), "myview"); } else { view.removeJavascriptInterface("myview

Permission for reading/writing to the root folder in Android

纵然是瞬间 提交于 2019-12-07 10:25:12
问题 Are there any permissions I can/must declare in my app, if I want the app to be able to scan the whole "/" folder (say to search for all .txt files e.g. recursively)? I am getting just null so far (when calling File.listFiles ) no matter what permissions I try. I guess I am missing something. 回答1: Unless you root your device, it is impossible to do any operations on the root directory on a non-rooted device because a third party app will run as a normal user and won't have the root

SSL Warning from google play

。_饼干妹妹 提交于 2019-12-06 21:17:52
问题 Got warning from google play. How can i handle "SSL Error Handler Vulnerability" of unsafe implementation of the WebViewClient.onReceivedSslError handler. "Please address this vulnerability as soon as possible and increment the version number of the upgraded APK. To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise." 回答1: I have

Google Play warning: Your App may be leaking developer credentials

时光毁灭记忆、已成空白 提交于 2019-12-06 12:47:06
Please, explain me, what is it? I have received a message from GP, with this text: Hello Google Play Developer, We detected that your app(s) listed at the end of this email are potentially leaking credentials used to make network requests (HTTP and FTP). Please check for cases where you use url-encoded basic access authentication, for example a URL such as https://username:password@www.example.com/ . We recommend that you immediately change the credentials and redesign your app to avoid including them. Next steps Sign in to your Developer Console and submit the updated version of your app.

Ask for unlock pattern - Android

我的梦境 提交于 2019-12-06 01:06:26
问题 Is there a way, I can ask a user for perform the unlock operation on his phone using the set pattern(passcode, fingerprint, etc) to access certain features of my application? For example, in iOS, I generate an OTP based on a QR code. I can ask the user for the unlock pin before showing him the generated OTP token. I want the same for my android application. This prevents the misuse of the application. 回答1: You can create that intent with the KeyguardManager class, using the

How to securely share data between two or more applications in android?

徘徊边缘 提交于 2019-12-05 22:58:31
问题 I am making an application framework for the enterprise environment which involves data sharing between two or more applications from the device memory . This data needs to be stored on the device and accessible to only a few applications (which can be identified by the certificates used to install them) . Also, it needs to be stored in a secure way so as to be not accessible to other third party applications . Which is the best way to implement this functionality ? I have read up about

Cause of “This app contains code that attempts to bypass android's security protections”

别来无恙 提交于 2019-12-05 16:17:12
问题 I have been working on a very benign Android application for a couple months now and all of a sudden I started getting this message on my device when I try to re-install it from IntelliJ. My question is, what sort of things would cause Android OS to display this message? If I were to ever release this app, I certainly would not want my users to have to see this before installing. 回答1: I had the same problem and it was caused by gradle plugin v2.2.0 (beta version and also RC). When I changed
订阅 android-security