jm + android   46

NetGuard
Excellent network monitor app for Android, comes recommended by @redacted in the ITC Slack. Inserts itself as a VPN to capture traffic, and looks like it should work well. Supports ad blocking using a hosts file.
android  ad-blocking  ads  netguard  apps 
january 2017 by jm
Unbundling Pokémon Go
tl;dr: on Android, it's a Unity app, talking HTTPS to the backend, using protobuf over HTTP. Interesting notes about the use of certificate pinning and how they should be doing that
https  http  protobuf  pokemon-go  pokemon  apps  android  reversing 
july 2016 by jm
NVIDIA SHIELD Android TV Pro
'Best Plex Media Server' -- this looks pretty superb for EUR240 or thereabouts
media-servers  plex  video  home  tv  toget  nvidia  shield  android 
july 2016 by jm
Push notifications delayed, Hearbeat Interval not reliable - Google Product Forums
Good thread on GCM notifications and their interactions with NAT -- they are delivered over a single TCP connection to port 5228 to the google servers, kept alive, and NAT timeouts can hang the conn resulting in delayed notifications.

Particularly useful is the *#*#426#*#* dial code, which displays a log screen on Android devices with GCM debugging info.
android  gcm  google  push-notifications  nat  tcp 
june 2016 by jm
Why the Very Silly Oracle v. Google Trial Actually Matters
If it’s illegal to write clean room implementations of APIs, then no one has clean hands. The now-shelved open source project Apache Harmony, like Android, reimplemented Java SE, and tech giant IBM contributed code to that project. Oracle itself built its business off a proprietary implementation of SQL, which was created by IBM. The proposition “Reimplementations of APIs are infringements” creates a recursive rabbit hole of liability that spans across the industry. Even the very 37 Java APIs at issue in this trial contain reimplementations of other APIs. Google witness Joshua Bloch—who, while at Sun Microsystems, wrote many of the Java APIs—testified that specific Java APIs are reimplementations of other APIs from Perl 5 and the C programming language.
apis  fair-use  copyright  ip  android  java  google  oracle  law 
may 2016 by jm
View & diagnose Google Cloud Messaging (GCM) statistics
Looks like GCM now offers a way to determine if a message got delivered, via the GCM diagnostics console
gcm  google  push-notifications  android  messaging 
february 2016 by jm
excellent offline mapping app MAPS.ME goes open source
"MAPS.ME is an open source cross-platform offline maps application, built on top of crowd-sourced OpenStreetMap data. It was publicly released for iOS and Android."
maps.me  mapping  maps  open-source  apache  ios  android  mobile 
september 2015 by jm
Someone discovered that the Facebook iOS application is composed of over 18,000 classes. : programming
_FBGraphQLConnectionStorePersistentPageLoaderOperationDelegate-Protocol.h
_FBReactionAcornSportsContentSettingsSetShouldNotPushNotificationsMutationCall.h
FBBoostedComponentCreateInputDataCreativeObjectStorySpecLinkDataCallToActionValue.h
FBEventUpdateNotificationSubscriptionLevelMutationOptimisticPayloadFactoryProtocol-Protocol.h


I just threw up a little.

See also https://www.facebook.com/notes/facebook-engineering/under-the-hood-dalvik-patch-for-facebook-for-android/10151345597798920 , in which the FB Android devs happily reveal that they hot-patch the Dalvik VM at runtime to work around a limit -- rather than refactoring their app.
facebook  horrors  coding  ios  android  dalvik  hot-patching  apps 
august 2015 by jm
A simple guide to 9-patch for Android UI
This is a nifty hack. TIL!

'9-patch uses png transparency to do an advanced form of 9-slice or scale9. The guides are straight, 1-pixel black lines drawn on the edge of your image that define the scaling and fill of your image. By naming your image file name.9.png, Android will recognize the 9.png format and use the black guides to scale and fill your bitmaps.'
android  design  9-patch  scaling  images  bitmaps  scale9  9-slice  ui  graphics 
july 2015 by jm
OkHttp
A new HTTP client library for Android and Java, with a lot of nice features:
HTTP/2 and SPDY support allows all requests to the same host to share a socket.

Connection pooling reduces request latency (if SPDY isn’t available).

Transparent GZIP shrinks download sizes.

Response caching avoids the network completely for repeat requests.

OkHttp perseveres when the network is troublesome: it will silently recover from common connection problems. If your service has multiple IP addresses OkHttp will attempt alternate addresses if the first connect fails. This is necessary for IPv4+IPv6 and for services hosted in redundant data centers. OkHttp initiates new connections with modern TLS features (SNI, ALPN), and falls back to TLS 1.0 if the handshake fails.

Using OkHttp is easy. Its 2.0 API is designed with fluent builders and immutability. It supports both synchronous blocking calls and async calls with callbacks.
android  http  java  libraries  okhttp  http2  spdy  microservices  jdk 
july 2015 by jm
Facebook Infer
New static analysis goodnews, freshly open-sourced by Facebook:
Facebook Infer uses logic to do reasoning about a program's execution, but reasoning at this scale — for large applications built from millions of lines of source code — is hard. Theoretically, the number of possibilities that need to be checked is more than the number of estimated atoms in the observable universe. Furthermore, at Facebook our code is not a fixed artifact but an evolving system, updated frequently and concurrently by many developers. It is not unusual to see more than a thousand modifications to our mobile code submitted for review in a given day. The requirements on the program analyzer then become even more challenging because we expect a tool to report quickly on these code modifications — in the region of 10 minutes — to fit in with developers' workflow. Coping with this scale and velocity requires advanced mathematical techniques. Facebook Infer uses two such techniques: separation logic and bi-abduction.

Separation logic is a theory that allows Facebook Infer's analysis to reason about small, independent parts of the application storage, rather than having to consider the entirety of the memory potentially at every step. That would be a daunting task on modern processors with their large addressable virtual memories.

Bi-abduction is a logical inference technique that allows Facebook Infer to discover properties about the behavior of independent parts of the application code. By storing these properties between runs, Facebook Infer needs to analyze only the parts of the software that have changed, reusing the results of its previous analysis where it can.

By combining these approaches, our analyzer is able to find complex problems in modifications to an application built from millions of lines of code, in minutes.


(via Bryan O'Sullivan)
via:bos  infer  facebook  static-analysis  lint  code  java  ios  android  coding  bugs 
june 2015 by jm
Buck
A high-performance java build tool, from Facebook. Make-like
android  build  java  make  coding  facebook 
june 2015 by jm
murbul comments on The security issue of Blockchain.info's Android Wallet is not about system's entropy. It's their own BUGs on PRNG again!
I was in the middle of writing a breakdown of what went wrong, but you've beat me to it.
Basically, they have a LinuxSecureRandom class that's supposed to override the standard SecureRandom. This class reads from /dev/urandom and should provide cryptographically secure random values.
They also seed the generator using SecureRandom#setSeed with data pulled from random.org. With their custom SecureRandom, this is safe because it mixes the entropy using XOR, so even if the random.org data is dodgy it won't reduce security. It's just an added bonus.
BUT! On some devices under some circumstances, the LinuxSecureRandom class doesn't get registered. This is likely because /dev/urandom doesn't exist or can't be accessed for some reason. Instead of screaming bloody murder like any sensible implementation would, they just ignore that and fall back to using the standard SecureRandom.
If the above happens, there's a problem because the default implementation of SecureRandom#setSeed doesn't mix. If you set the seed, it replaces the entropy entirely. So now the entropy is coming solely from random.org.
And the final mistake: They were using HTTP instead of HTTPS to make the webservice call to random.org. On Jan 4, random.org started enforcing HTTPS and returning a 301 Permanently Moved error for HTTP - see https://www.random.org/news/. So since that date, the entropy has actually been the error message (turned into bytes) instead of the expected 256-bit number. Using that seed, SecureRandom will generate the private key for address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F 100% of the time. Ouch. This is around the time that address first appears, so the timeline matches.
I haven't had a thorough look at what they've replaced it with in the latest version, but initial impressions are that it's not ideal. Not disastrous, but not good.


Always check return values; always check HTTP status codes.
bugs  android  fail  securerandom  random  prng  blockchain.info  bitcoin  http  randomness  entropy  error-checking 
may 2015 by jm
repo
'The multiple repository tool'. How Google kludged around the split-repo problem when you don't have a monorepo.
kludges  git  monorepo  monorepi  google  android  aosp  repo  coding  version-control  dvcs 
may 2015 by jm
"Everything you've ever said to Siri/Cortana has been recorded...and I get to listen to it"
This should be a reminder.
At first, I though these sound bites were completely random. Then I began to notice a pattern. Soon, I realized that I was hearing peoples commands given to their mobile devices. Guys, I'm telling you, if you've said it to your phone, it's been recorded...and there's a damn good chance a 3rd party is going to hear it.
privacy  google  siri  cortana  android  voice-recognition  outsourcing  mobile 
march 2015 by jm
Proving that Android’s, Java’s and Python’s sorting algorithm is broken (and showing how to fix it)
Wow, this is excellent work. A formal verification of Tim Peters' TimSort failed, resulting in a bugfix:
While attempting to verify TimSort, we failed to establish its instance invariant. Analysing the reason, we discovered a bug in TimSort’s implementation leading to an ArrayOutOfBoundsException for certain inputs. We suggested a proper fix for the culprit method (without losing measurable performance) and we have formally proven that the fix actually is correct and that this bug no longer persists.
timsort  algorithms  android  java  python  sorting  formal-methods  proofs  openjdk 
february 2015 by jm
Do not use 'YYYY' or '%G' in time format specifiers
Formats the year based on ISO week numbering, which often is not what you want. Both have been responsible for high-profile production bugs (in Apple and Android).
apple  android  bugs  time  date  year  iso  week  formatting  strftime  posix 
january 2015 by jm
Fixing tethering on Android KitKat
Google made a change in Android 4.4 which allows operators to know when users are using tethering and conveniently block tethered devices from accessing internet. This can be fixed permanently using the following procedure.


Well this is stupid. (via Tony Finch)
via:fanf  tethering  android  mobile 
december 2014 by jm
Tesco Hudl 2 review: a lot of tablet for the money
wow, an actually quite-good cheapo Android tablet from Tesco for UKP65 of Clubcard vouchers, recommended by conoro. Good for the kids
hudl  tesco  tablets  android  devices 
october 2014 by jm
Six things we know from the latest FinFisher documents | Privacy International
The publishing of materials from a support server belonging to surveillance-industry giant Gamma International has provided a trove of information for technologists, security researchers and activists. This has given the world a direct insight into a tight-knit industry, which demands secrecy for themselves and their clients, but ultimately assists in the violation human rights of ordinary people without care or reproach. Now for the first time, there is solid confirmation of Gamma's activities from inside the company's own files, despite their denials, on their clients and support provided to a range of governments.
finfisher  gamma-international  privacy  surveillance  iphone  android  rootkits  wiretapping  germany  privacy-international  spying  bahrain  turkmenistan  arab-spring  egypt  phones  mobile 
august 2014 by jm
Stuck in the iMessage abyss? Here’s how to get your texts back
some potential (apocryphal) workarounds for this extremely annoying Apple bug
apple  bugs  imessage  sms  phones  mobile  android  hacks 
may 2014 by jm
iMessage purgatory
Oh Apple, you asshats. This is some seriously shitty programming. iMessage on iOS devices caches the "iMessage-capable" flag for all numbers, indefinitely, so if you switch from iPhone to Android, messages from your friends' iPhones won't get delivered to you henceforth -- and to add insult to injury, it claims they do with a "Delivered." status appearing under the message. This is happening to me right now...
apple  sms  messaging  phones  mobile  imessage  android  fail  bad-programming  bugs 
may 2014 by jm
Android 4.4 KitKat Problems: HTC UK Speaks Out About HTC One Update Issues
Good advice on improving battery life with the KitKat 4.4.2 point release on a HTC One. I had serious battery problems, but they seem to have been resolved by following this advice
wifi  kitkat  android  4.4.2  htc-one  htc  battery  blinkfeed  mobile  phones 
may 2014 by jm
Oisin's mobile app release checklist
'This form is to document the testing that has been done on each app version before submitting to the App Store. For each item, indicate Yes if the testing has been done, Not Applicable if the testing does not apply (eg testing audio for an app that doesn’t play any), or No if the testing has not been done for another reason.'
apps  checklists  release  coding  ios  android  mobile  ohurley 
may 2014 by jm
Coding For Life (Battery Life, That Is)
great presentation on Android mobile battery life, and what to avoid
presentations  via:sergio  android  mobile  battery  battery-life  3g  wifi  gprs  hardware 
may 2014 by jm
Daring Fireball: Rethinking What We Mean by 'Mobile Web'
We shouldn’t think of “the web” as only what renders in web browsers. We should think of the web as anything transmitted using HTTP and HTTPS. Apps and websites are peers, not competitors. They’re all just clients to the same services.

+1. Finally, a Daring Fireball post I agree with.
daring-fireball  apps  web  http  https  mobile  apple  android  browsers 
april 2014 by jm
Issue 122 - android-query - HTTP 204 Response results in Network Error (-101)
an empty 204 response to a HTTP PUT will trigger this. See also https://code.google.com/p/android/issues/detail?id=24672, '"java.io.IOException: unexpected end of stream" on HttpURLConnection HEAD call'.
http  urlconnection  httpurlconnection  java  android  dalvik  bugs  204  head  get  exceptions 
march 2014 by jm
Randomly Failed! The State of Randomness in Current Java Implementations
This would appear to be the paper which sparked off the drama around BitCoin thefts from wallets generated on Android devices:

The SecureRandom PRNG is the primary source of randomness for Java and is used e.g., by cryptographic operations. This underlines its importance regarding security. Some of fallback solutions of the investigated implementations [are] revealed to be weak and predictable or capable of being influenced. Very alarming are the defects found in Apache Harmony, since it is partly used by Android.


More on the BitCoin drama: https://bitcointalk.org/index.php?topic=271486.40 , http://bitcoin.org/en/alert/2013-08-11-android
android  java  prng  random  security  bugs  apache-harmony  apache  crypto  bitcoin  papers 
august 2013 by jm
Google Cloud Messaging for Android
GCM is a service that allows you to send data from your server to your users' Android-powered device, and also to receive messages from devices on the same connection. The GCM service handles all aspects of queueing of messages and delivery to the target Android application running on the target device. GCM is completely free no matter how big your messaging needs are, and there are no quotas.
gcm  messaging  android  google  push 
july 2013 by jm
A History Of Ireland In 100 Objects
Now free!
The Royal Irish Academy, the National Museum of Ireland, and The Irish Times are collaborating with the EU Presidency, the Department of Foreign Affairs and Trade and Adobe to bring you a gift of A History of Ireland in 100 objects ‘from the people of Ireland to the people of the world’ for St Patrick’s Day. It is available as an interactive app for Apple iPhone and iPad, for most Android tablets and on the Kindle Fire, from our website, as well as associated app stores. You can also experience the book on your computer, smartphone or eReader by clicking on the 'eBook' button below. The gift is free to download until the end of March. 
free  st-patricks-day  museum  ireland  history  objects  eu  apps  iphone  ipad  android  books  ebooks 
march 2013 by jm
Dropbox Sync API
Give your app its own private Dropbox client and leave the syncing to us.
apps  dropbox  synchronization  sync  ios  android  api 
march 2013 by jm
Pushover: Simple Mobile Notifications for Android and iOS
'Pushover makes it easy to send real-time notifications to your Android and iOS devices.' extremely simple HTTPS API; 'Pushover has no monthly subscription fees and users will always be able to receive unlimited messages for free. Most applications can send messages for free, subject to monthly limits.' Also supported by ifttt.com
ios  android  iphone  push  messaging 
january 2013 by jm
UK Channel 4 News Demo – Contactless Payment Cards – viaForensics
'During an interview with the Channel 4 correspondent we were able to touch his wallet with an Android phone while he was distracted and capture his credit card details.' ... 'viaForensics found that there are many cards in circulation, including recently issued cards, which are giving up the full card number, expiry, surname and initials.' Barclays security fail hits the headlines (via Tony Finch)
via:fanf  channel-4  news  barclays-bank  uk  banking  nfc  wireless  android  via-forensics  contactless-cards 
may 2012 by jm
BikeDroid
Warren's Android app to track DublinBike availability: 'Use BikeDroid to locate the nearest free bike or stand to you. Get real-time status of all bike stands displayed on a map of your city.'
bikes  dublinbikes  apps  android  mobile  from delicious
february 2011 by jm
Dublin Bikes 2 Go!
'an [unofficial] mobile web application that the public can use to find 'Dublin Bikes' stations and information about bike availability'
bikes  dublin  dublinbikes  cycling  mobile  apps  iphone  android  from delicious
february 2011 by jm
FareBot: Read data from public transit cards with your NFC-equipped Android phone - codebutler
'When demonstrating FareBot, many people are surprised to learn that much of the data on their ORCA card is not encrypted or protected. This fact is published by ORCA, but is not commonly known and may be of concern to some people who would rather not broadcast where they’ve been to anyone who can brush against the outside of their wallet. Transit agencies across the board should do a better job explaining to riders how the cards work and what the privacy implications are.' (via Boing Boing)
via:boingboing  privacy  android  rfid  security  transit  mobile  encryption  mifare  desfire  farebot  from delicious
february 2011 by jm
good investigation into an Android WebKit exploit
already fixed in Froyo, but still -- interesting write-up from Sophos. good to see Google have chosen to separate all apps into individual uids, too
froyo  google  apps  phones  smartphones  android  webkit  exploits  security  from delicious
november 2010 by jm
Twitter OAuth-evasion backdoor
rather than force users of their official Android client to upgrade come the OAuthpocalypse, like everyone else has had to, they added a custom basic-auth backdoor: append "?source=twitterandroid" to the URLs. hilarity. apparently this also works for all other clients, too
twitter  oauth  funny  dailywtf  android  security  from delicious
september 2010 by jm
DocScanner
document scanner app for the iPhone/Android smartphones; take a photo of a doc, it'll fix geometry, remove shadows, white balance and sharpen appropriately, generate PDFs and image files, and upload to Evernote for OCRing. EUR4.99 though
android  apps  evernote  iphone  mobile  ocr  pdf  document  scanner  scan  from delicious
july 2010 by jm
Malicious App In Android Market
phisher creates a banking app for Android phones which relays the authorization details to another site, possible because of insufficient app vetting (via Mulley)
apps  iphone  android  smartphones  phones  mobile  phishing  security  banking  fraud  from delicious
january 2010 by jm
All Android Phones
so many! Saw a Hero last night, it looked pretty swish -- although not quite as pretty as the iPhone ;)
phones  android  htc  hero  os  g1  mobile  tech  shopping  from delicious
november 2009 by jm
HTC Hero is on Meteor
according to Fergal, at half of the price of O2's iPhone "deal"
htc  hero  o2  iphone  android  phones  mobile  ireland  meteor  from delicious
november 2009 by jm

related tags

2g  3g  4.4.2  4g  9-patch  9-slice  ad-blocking  ads  algorithms  android  aosp  apache  apache-harmony  api  apis  apple  apps  arab-spring  bad-programming  bahrain  banking  barclays-bank  battery  battery-life  bikes  bitcoin  bitmaps  blinkfeed  blockchain.info  books  browsers  bugs  build  channel-4  checklists  code  coding  contactless-cards  copyright  cortana  crypto  cycling  dailywtf  dalvik  daring-fireball  date  desfire  design  devices  document  dropbox  dublin  dublinbikes  dvcs  ebooks  egypt  encryption  entropy  error-checking  eu  evernote  exceptions  exploits  facebook  fail  fair-use  farebot  finfisher  formal-methods  formatting  fraud  free  froyo  funny  g1  gamma-international  gcm  germany  get  git  google  gprs  graphics  hacking  hacks  hardware  head  hero  history  home  horrors  hot-patching  htc  htc-one  http  http2  https  httpurlconnection  hudl  images  imessage  infer  ios  ip  ipad  iphone  ireland  iso  java  jdk  kitkat  kludges  law  libraries  lint  llama  locale  location  lock-in  make  mapping  maps  maps.me  media-servers  messaging  meteor  microservices  mifare  mobile  monorepi  monorepo  museum  nat  netguard  news  nfc  nvidia  o2  oauth  objects  ocr  ohurley  okhttp  open-source  openjdk  oracle  os  outsourcing  papers  pdf  phishing  phone  phones  photos  pictures  plex  pokemon  pokemon-go  posix  presentations  privacy  privacy-international  prng  proofs  protobuf  push  push-notifications  python  random  randomness  release  repo  reversing  rfid  rootkits  scale9  scaling  scan  scanner  securerandom  security  shield  shopping  siri  smartphone  smartphones  sms  sorting  spdy  spying  st-patricks-day  static-analysis  strftime  surveillance  switch  sync  synchronization  tablets  tcp  tech  tesco  tethering  time  timsort  tips  toget  transit  turkmenistan  tv  twitter  ui  uk  urlconnection  version-control  via-forensics  via:boingboing  via:bos  via:fanf  via:sergio  video  voice-recognition  web  webkit  week  wifi  wireless  wiretapping  year 

Copy this bookmark:



description:


tags: