Thursday, March 13, 2014

Steal user data without Internet

Yesterday I happened to download an Android app which did not ask for ANY additional permission to install.My first impression was that this app would not have any advertisements and would be able to steal any of my information.Then,I thought how awesome would it be if an App with no additional permissions could actually steal the user information. So, I used the oldest trick in the book and here is the result

I created a password manager which does not require any additional permissions,giving an impression that all the data remains stored locally.Now at the bottom of the list of accounts is a terms and conditions link which opens in a browser which does not require the permission to use the internet. As you might have already guessed, the URL which opens contains some additional GET parameters which of-course is the username and passwords.

Link to the code block

I have just uploaded this app to play-store, and if it is approved, would be available at

1. I have not added any information yet about this hack on the playstore listing , to get through the approval process.
2. I am not saving the data sent in GET requests because my purpose has been to demonstrate the hack and not to steal information.

Friday, October 4, 2013

Killer Library projects for Android

Here is a list of some of my favorite libraries when it comes to developing for Android. Do give them a try to reduce the amount of code and focus on your app's core functionality.

This one deserves to be in the top of the list. Actionbar was introduced in API-11 of the Android SDK and the support library by Google does not provide a proper backport.This library by Jake Warton is now a part of almost every new Android application developed and is undoubtedly on the top of my list.Works seamlessly with newer views such as NavigationDrawer, SlidingPaneLayout, Fragments etc.

A simple ORM solution for you applications. This is as easy as creating objects and saving to the SQLite database.The setup of classes makes use of java annotations. This saves a whole lot of time on configurations and gives the developer more time to spend on the login than on the syntaxes.Once you use it, you would find it hard to live without it.

Do you always forget to check for null when you getIntent().getExtras()? Think casting findViewById() to a TextView shouldn’t be necessary? RoboGuice 2 will help you.Inject your View, Resource, System Service, or any other object, and let RoboGuice 2 take care of the details.It would make the code slimmer and reduce several common runtime errors.

A powerful and lightweight JSON parser specifically for Android.If you have a web-service returning JSON, use (or some similar tool) to generate the POJOs and with a single line of code, you can parse the JSON using this library. Use GSON along with ActiveAndroid and you can reduce the development time multiple folds.

A neat replacement for toasts. Nicely implemented and highly customizable.Gives your application a notification system which is cleaner and more aesthetic than native toasts and is rightly namex croutons :) .

Another cool library from the developer of Actionbar. It makes the viewpager more usable and enables easier navigation between fragments. The user has a clear idea of where he has navigated.

This is one of my favourites. If you thinking of developing live wallpapers, 3D games, this library might be very handy. One can easily export the 3D models from tools like Blender and render on the devices using openGLES using this library. Adding animations like rotation, scaling on user events is a cakewalk.

Handling large Bitmaps has given nighmares to many Android develoepers. This lightweight library saves the effort of handling bitmaps and provides great support of caching images. One can easily configure how they want to decode the bitmaps in their app. Definately a lifesaver library

Automation testing framework for Android. Developers and testers can generate test cases and ensure that minor changes do not introduce new bugs. Might seem to be an overhead in the early stages of development but helps keep maintainance work easy.

Quickly add support for scanning bar codes in and Android application. Easy to configure and use with high efficiency of scanning.

Tesseract is one highly optimized Optical character reader library available for Android. This is a cross platform library and will require some basic knowledge of using NDK in an Android app.

Plots neat and elegant graphs in various styles. The javadocs might not be great and it might not be all that easy to develop with less number of resources available and large number of classes, but the output is definately worth the effort.


An Android optimized eventbus to help remove the complexity of communication between multiple views and background processes. EventBus decouples event senders and receivers and thus simplifies communication between app components.

Saturday, July 27, 2013

Get Android update immediately for Nexus devices

So you bought a nexus device to get the latest Android updates as soon as Google announces them. Pretty cool, then why your device shows "System is upto date" when you know there is a new version available. Here is how you can cheat the system and get the update right now!

Step 1.
Navigate to System Settings > Applications > All 
and search for "Google Services Framework/Google Framework Services(process"

Step 2.
Force Stop this application and Clear Data.

Step 3.
Navigate to System Settings > About Tablet/phone > System Updates. It will display current date as some past date indicating that the step 2 was successful. Click check now and you would get your much awaited update.

In case it still shows system is upto date, try repeating the steps a couple of times. This little tricks works on Nexus 4, Nexus 7, Nexus 10 and Galaxy Nexus.

NOTE: Some users are facing issues updating apps after the upgrade. You might need to clear the Google Play cache, or remove and add your Google Account once to fix this. Therefore, follow these steps at your own risk.

Sunday, January 20, 2013

Backward compatibility super quick

Setting up a project with ActionBar, NavigationTabs and swipe navigation in less than 2 minutes!

I have always appreciated how Action bar Sherlock provides the latest navigation features for the devices with lower versions of android , but only today did I realize that it is also super easy to configure. Make sure you have the latest versions of ADT and actiobarsherlock configured with your eclipse and follow the steps below to get you project running in less than 2 minutes.

Step 1.

In eclipse navigate to File->New->Other->Android Application Project. Enter the project details and set the Mininum Required SDK,Target SDK and Compile With with the highest available values(must be >11).
Click Next and setup the other values also in the following 2 screens.

Step 2.

Under the Create Activity screen,choose BlankActivity  and in the following screen select either of the options depending on how you want the navigation in your project.

Step 3

Delete the libs\android-support-v4.jar from the project and add the one present in the ActionBar Sherlock project.This is because the project might not compile if the versions of the jars mismatch.

Step 4
Navigate to project Properties->Android->Add Library and add the Action bar project.

Step 5 

Open the Activity's java file and replace the following:
FragmentActivity  ---> SherlockFragmentActivity
getActionBar ---> getSupportActionBar()
gettMenuInflater() --> getSupportMenuInflater()

Step 6 

Remove all imports from the java file and press ctrl+shift+o . Select the packages from the Sherlock Action Bar project for import when prompted.

Step 7

Open the AndroidManifest.xml file and change the minimun sdk version to 8 and the theme to Theme.Sherlock.Light.

This is all and your project would run like a charm on all versions of Android.