Of course, under certain conditions.

Image for post
Image for post
Image by krzysztof-m from Pixabay

Android OS is designed to isolate the access to data of an application from others. Through linux-permission base, Android encloses application data and protects them from other users.

In other word, we can’t get data without launching the owner app or other apps which are allowed by the owner one.

Android inherits the set of features in Linux, including the power of a root user. However, unlike the root user in Linux which is normally assigned to the possessor of the device, the root user in Android doesn’t really “exist”.

To be more specific, by default, there is no way to execute some tasks as a root user on Android. Curious people have to find other ways to inject a root into the Android system. …


Different locations of data storage in Android.

Image for post
Image for post
Photo by Meghraj Neupane on Unsplash

In Android, when a phone is powered on but the user has not unlocked the device yet, most user applications and user data are not accessible.

Prior to Android 7, the system was designed to be inactive during this state; no user action can take place, only system services could be launched normally. Fortunately, from Android 7, to respond to the demand of some particular functionalities like alarms or reminders, Google has introduced Direct Boot mode that enables a quick access to these components.

The purpose of Direct Boot mode is to get access to data when device is not unlocked.


Game time, play to learn

Android CTF at Modulotech
Android CTF at Modulotech
Ảnh của Christina Morillo từ Pexels

At ModuloTech, on Friday afternoons, Android Team often organizes a team building session where we play, compete, have fun and also learn new things together.

The topics of the sessions are diverse : coding games, tech talks, Android quizzes or Capture The Flag sessions(CTFs).

In this article, I will introduce one of the CTFs that we did at ModuloTech.

Since this was our first CTF session, we started with something simple to get to know the reverse engine and to see how our codes can be vulnerable.

You can download the apk at our github repo.

Goal

The requirement for this CTF is to get the given “flags” string displayed on the screen and take screenshots of those flags. …


Make your daily coding less tiring

Android development tips
Android development tips
Photo by Markus Winkler from Pexels

As an engineer, our ability is not limited to making codes but it is also finding solutions for problems we encounter in our daily working.

Development is a process to bring digital solutions to a problem in real life. However, it also poses issues that we have to deal with.

In this article, we will discuss some tips to solve these issues in Android development.

1. Startup task

A common situation we often encounter is working simultaneously on two multi-module projects A and B, both of which depend on module C.

However, A and B work with different commits or branches of module C. …


Best practices for requesting background location in Android.

Android Location in background
Android Location in background
Photo by Jake Davies on Unsplash

Since location has now become sensitive data, Android restricts its usage, especially in background apps.

Before Android 9, there was no diversion of location permission. Foreground and background apps used the same resource.

However, Google started to realise that apps were abusing this type of data, they decided to add a few layers to protect users by separating location resources into background and foreground.

As a result, this adds a few extra work for Android developers to require location permission in their apps.

Before going into detail, let’s take a look at the changelogs in several latest Android versions.

  • From Android 8: background apps can only retrieve user’s location a few times each hour. …


Layouting is an art and we should be artists.

Layout xml in Android
Layout xml in Android
Photo by Halacious on Unsplash

We, as Android developers, should be quite familiar with layout xml file. There is no doubt that the skill we master the most in Android development is doing layout xml because we do it everyday, in every feature and for every single UI piece. Back to the old days when ConstraintLayout had not appeared yet, layouting was still very poor and naive. Since ConstraintLayout came out as a new approach to do layout job, layouting has become sexier and more efficient. The benefits of ConstraintLayout are undeniable, however, people still often make some mistakes that undermine all these benefits.

In this article, we will find out some very common mistakes that we encounter regularly in daily coding. …


It’s time to write some codes.

Datastore implementation
Datastore implementation

In the previous blog, I have talked about what Datastore is, why it is created and also made a quick comparison with SharePreference. In this blog, we will see how to implement it.

Configuration

First, we need to configure some dependencies and plugins to our project.

Add this plugin on top of build.gradle file of the desired module:

plugins {
id "com.google.protobuf" version "0.8.12"
}

Next, add the protobuf convention to the same build.gralde file:

protobuf {
protoc {
artifact = "com.google.protobuf:protoc:3.10.0"
}

generateProtoTasks {
all().each { task ->
task.builtins {
java {
option 'lite'
}
}
}
}
}

And then this…


Google Android Team has just released a new library as a part of Android Jetpack with the aim to solve the flaws of SharePreference. Let’s give it a look.

Jetpack Datastore
Jetpack Datastore
Photo by Brett Sayles on pexel.com

This is the first blog in a series of 2 about Datastore. You can find the next blog about the implementation of Datastore here:

What is Datastore?

Jetpack DataStore is a data storage solution that allows you to store key-value pairs or typed objects with protocol buffers.

To put it simply, Datastore is an upgraded version of SharePreference with the same purpose but new and more effective mechanisms. “The same purpose” means that Datastore only supports key-value pairs storage but not large, complex and structural datasets. …


Have you heard about the modifier keyword tailrec in Kotlin? Do you know the idea behind this interesting keyword and how it is used?

Recursive gates
Recursive gates
Image by Tuan Hung Nguyen from Pixabay

In Kotlin, there are a bunch of modifier keywords that are very useful in some use cases. Some of them are already well-known because of their high applicability such as: inline, inner, lateinit, reified, open, override etc. In contrast, several ones are not largely known because there is not often use case that requires these features.

In this article, we will discover such a keyword: tailrec, and what it provides.

According to the official documentation:

tailrec marks a function as tail-recursive (allowing the compiler to replace recursion with iteration)

Following this definition, there must be something wrong with a recursive function since the compiler has to replace it with an iteration (for loop for instance). …


The underlying security architecture that builds a strong and secure Operating System as Android is now.

A secure Android phone
A secure Android phone
Photo by Dan Nelson on Unsplash

Security is always one of the most essential criterions that has been focused on in Android OS from its ground up until the latest updated versions. In this article, we will discover a couple of models that define how Android behaves.

Before diving into the detail, it is worth noting that Android platform makes use of Linux, so its features are often based on the principles of Linux.

1. Application Sandbox

The foundation of the Android application security model is that no two applications running on the same device should be able to access each other’s data without authorization.

They should not affect the operation of other applications, either. These are the concepts of an Application Sandbox. It takes advantages of Linux user-based protection to isolate resources for each application and assign a unique user identifier (UID). That means each application will be running under its own user and its own virtual machine (VM), Dalvik or ART, so each process executes independently from one another. However, do not mistake the above concept with a virtual machine (in term of virtualization) like VirtualBox or VMWare on which one can run a malware without harming remaining parts of the system. It is simply a game of permission. From Linux viewpoint, a user can only access or execute data whose it has the permission, the behavior in Android stays the same except the fact that each application is now associated to a unique user. An app owns its private data directory that is protected by the system of permission and can only be accessible from the application owner. An exception where two apps can be processed under the same user and share the same VM is when they use a shareUserId tag which is declared in AndroidManifest.xml:

About

Lam Pham

Android Developer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store