Does anyone know if there is a Guide/CheatSheet for Security Testing Apps on Android?
I am a software tester and whilst I know my way around security testing for the web, I'm looking for a jump start in Security Testing for Android. Just the basics really, things like how to manipulate text fields, cause buffer overruns etc in Apps.
An example case would be an app which we are developing that allows a user to input free text. I want to be able to prove the point that we need to sanitise the user's input here, so ideally, I'd like to know of a string that I can enter, which will cause an undesired effect on the page which displays the user's input.
eg, In a web page, I enter "<IMG SRC=javascript:alert('Sanitise User Input')>" and an alert is fired on displaying that input.
Like I say, I know my way around this type of thing for the web, but I'm not an Android Dev and I don't know how to manipulate the code with my input.
So, Does anyone have any pointers/source of info/ideas?
Thanks Folks,
Noodoo
(Long-time lurker, infrequent poster)
Related
Hi, sorry l haven't yet reached the minimum 10 posts, but l'm having trouble finding information online, mainly due to my naivety with programming, and l'd really appreciate any sort of advice.
I'm creating an android application that will sniff the entire network and display the results to screen. I'm aware of similar applications in the market however from my research l have found them to only monitor the packets on the device itself, not including the other traffic on the network (caused by other devices).
make sense? It is possible to tap into the network and intercept every packet right? l believe this is known as "monitor mode"? I'm using a Transformer Prime.
well anyway, l've created my UI, and have root access, installed TCPDUMP and works well through the terminal emulator.
Now to my question, How would I go about implementing TCPDUMP into my application to compute the necessary commands? Once I've created the strings to send, how would I actually send them to TCPDUMP and relay the information across to my app?
I hope this makes sense, once again l'm sorry for my noobness.
Thanks
Hi all
I am developing an app in which I would like to allow user-generated content. Specifically, this will be a remote control application, and I would like people to be able to add custom layouts, capable of sending "events" through the app, but I am not sure how to do so.
There are a couple of ways I have been looking at. The first is using a WebView so that this content can be developed in HTML. This would be nice and easy from their point of view, but it does have it's downsides, especially where security is concerned. If I was to do this, I would want to bind a "send" Javascript interface to my app, but disallow any other Javascript (I do not, for example, want it to be able to relay the button presses to some other place). I'm not sure exactly how I could do this.
The second way I can see would be to use an XML file and build up the layout from that. Here, the only way I could see it to parse the XML file and programatically build the layout. This seems a lot of work, and I would rather avoid that.
A third way would be to import a layout purely as an image plus an XML file describing hot-spots for triggering events. This seems to have too many limitations.
The final option is to expose an interface to other apps, and allow users to build separate applications which hook in to provide these layouts. This seems a terrible approach for such a simple objective.
So, does anyone know of a simple way to do what I am after, or any comments on the options listed above? Has anyone done anything similar, or know of an open-source project which acheives something similar?
Thanks in advance
Hi Guys,
I am planning to make an Android App which will act as a virtual Meditation hall, where many others would have connected to, and this App, should show me the count of the number of people that are currently logged in, it must also show me, the current Idea or Notion or say, a goal, for which the people are meditating, Now, just to clarify, in case you are wondering, In Yoga, there is a practice of Group meditation with a unified thought or unified mental state, so, I am planning to emulate this real life activity, for the Yogic practitioners, also.
Anyways, here is how i imagined it would be,
Module 1: Connect to the server
Module 2: log in
Module 3: Suspension, where the user simply keeps the app on and it will update the status of the hall, i.e. whether any new members have joined in or any has left.
Module 4: exit
Now, I must say, that the only background i have is of Flash, and I am not sure how this would help me out, but I just want to know
1) how to implement modules 1,2,3,4. i.e what is the programming elements i should use, no need for detailed explanation, just to point me out to what to study, because i am just about to start learning android programming and i need to have this app up and running ASAP.
If possible, i would also like to hear how you would segment this app idea into your own modules, if you have any advice on it.
P.S Please bear with me if i had commited any of the noobish mistakes of asking in a wrong category or asking something redundant as I am new to this and It was not intentional.
Thank you
Hi folks,
I have had this idea in my mind for a couple of years now and would like to get on with it and stop dreaming about it and just jump in and do it already!
My experience during the past 20 years has been working as a programmer on MSSQL and VB and VB.net with good working knowledge of C, HTML5, Javascript, VB, VC, Access, MSSQL, MySQL, PHP, CSS, some Java, etc...
I don't mind learning new skills and actually looking forward to getting started, but I need to know that I am not barking up the wrong tree.
I intend to make this an open source project and not as a commercial product.
My dream is to make my phone, my voice-driven computer. Where the phone might not have enough resources, I need to use my main computer as top tier and act as server.
I know ubuntu touch might be a contender but it lacks many drivers for GPS, Propriety drivers, etc...
Let me tell you about my idea first as a high level plan due to my ignorance of the details of this implementation.
I want to make my phone (Nexus 4) be able to listen to my commands via a Bluetooth headset (Through a speech recognition engine), and tell me in in natural speech, things that I need to know or care about. For example: "You have a new email from David. Do you want me to read it or display it?" Sort of like what is now a movie called "Her" without the science fiction and the lovey dovey story part .
I want to write an internet agent that would search the net (from a list of sites) for what I am interested (through an AI program like freehal.net), and keep them for display in the order of relevance when I query it.
I also need to take over the telephony hardware when needed. For example: A call comes in, I want to be able to look-up their number in my database of contacts, if an entry is found, to tell me "Sam is calling. Do you want to answer it?"
I also want to keep a black list table where I know they are trying to sell me something and answer the phone (without me pushing any buttons) and tell them that I am not interested in answering their calls and that they are on my black list. Then hangup. Without sending them to voice mail.
I tried asking the android community on Google 2 years ago to ask why the SDK doesn't provide telephony API front end to answer the call without user interaction, but got no replies.
I've installed ubuntu on my laptop to learn Linux and got it working properly after a couple of days and have downloaded and installed all the programs and sdks I think I'd need. There are a lot of interesting projects in AI and user agents going on and I like to participate in them once I am up to par with the linux environment.
Can anyone give me some guidance, pointers or what to look for. If there are any project in development that I could join, would be much appreciated.
I tried to explain my interest as best as I could. If you need more info, please let me know.
Thanks for all your help guys.
Apologies if this isn't the type of development question that goes on XDA, but if it isn't, could you please tell me where people go with questions like these? I'm working on my first android application and could use the guidance.
I'm setting up a screen with a search that is querying a SQLite file. I want the search to re-run with every letter entered and show the results in a listview. The full list is on the order of 600-700 items, so we're not talking anything huge.
I'm using ADO instead of ORM because I'm much more familiar with ADO, but if there are enough compelling reasons to switch to ORM I'll bite the bullet and do some reading.
So all that explained, what's the right way to filter the list view. Do you re-run the sql query every letter press, or do you directly modify the data supplier which feeds listview?