Android OS is designed to isolate the access to data of an application from others. Through linux-permission base, Android encloses application data and protects them from other users.
In other word, we can’t get data without launching the owner app or other apps which are allowed by the owner one.
Android inherits the set of features in Linux, including the power of a root user. However, unlike the root user in Linux which is normally assigned to the possessor of the device, the root user in Android doesn’t really “exist”.
To be more specific, by default, there is no way to execute some tasks as a root user on Android. Curious people have to find other ways to inject a root into the Android system. …
In Android, when a phone is powered on but the user has not unlocked the device yet, most user applications and user data are not accessible.
Prior to Android 7, the system was designed to be inactive during this state; no user action can take place, only system services could be launched normally. Fortunately, from Android 7, to respond to the demand of some particular functionalities like alarms or reminders, Google has introduced Direct Boot mode that enables a quick access to these components.
The purpose of Direct Boot mode is to get access to data when device is not unlocked. …
At ModuloTech, on Friday afternoons, Android Team often organizes a team building session where we play, compete, have fun and also learn new things together.
The topics of the sessions are diverse : coding games, tech talks, Android quizzes or Capture The Flag sessions(CTFs).
In this article, I will introduce one of the CTFs that we did at ModuloTech.
Since this was our first CTF session, we started with something simple to get to know the reverse engine and to see how our codes can be vulnerable.
You can download the apk at our github repo.
The requirement for this CTF is to get the given “flags” string displayed on the screen and take screenshots of those flags. …
As an engineer, our ability is not limited to making codes but it is also finding solutions for problems we encounter in our daily working.
Development is a process to bring digital solutions to a problem in real life. However, it also poses issues that we have to deal with.
In this article, we will discuss some tips to solve these issues in Android development.
A common situation we often encounter is working simultaneously on two multi-module projects A and B, both of which depend on module C.
However, A and B work with different commits or branches of module C. …
Since location has now become sensitive data, Android restricts its usage, especially in background apps.
Before Android 9, there was no diversion of location permission. Foreground and background apps used the same resource.
However, Google started to realise that apps were abusing this type of data, they decided to add a few layers to protect users by separating location resources into background and foreground.
As a result, this adds a few extra work for Android developers to require location permission in their apps.
Before going into detail, let’s take a look at the changelogs in several latest Android versions.
We, as Android developers, should be quite familiar with layout xml file. There is no doubt that the skill we master the most in Android development is doing layout xml because we do it everyday, in every feature and for every single UI piece. Back to the old days when ConstraintLayout had not appeared yet, layouting was still very poor and naive. Since ConstraintLayout came out as a new approach to do layout job, layouting has become sexier and more efficient. The benefits of ConstraintLayout are undeniable, however, people still often make some mistakes that undermine all these benefits.
In this article, we will find out some very common mistakes that we encounter regularly in daily coding. …
In the previous blog, I have talked about what Datastore is, why it is created and also made a quick comparison with SharePreference. In this blog, we will see how to implement it.
First, we need to configure some dependencies and plugins to our project.
Add this plugin on top of build.gradle file of the desired module:
plugins {
id "com.google.protobuf" version "0.8.12"
}
Next, add the protobuf convention to the same build.gralde file:
protobuf {
protoc {
artifact = "com.google.protobuf:protoc:3.10.0"
}
generateProtoTasks {
all().each { task ->
task.builtins {
java {
option 'lite'
}
}
}
}
}
And then this…
This is the first blog in a series of 2 about Datastore. You can find the next blog about the implementation of Datastore here:
Jetpack DataStore is a data storage solution that allows you to store key-value pairs or typed objects with protocol buffers.
To put it simply, Datastore is an upgraded version of SharePreference with the same purpose but new and more effective mechanisms. “The same purpose” means that Datastore only supports key-value pairs storage but not large, complex and structural datasets. …
In Kotlin, there are a bunch of modifier keywords that are very useful in some use cases. Some of them are already well-known because of their high applicability such as: inline, inner, lateinit, reified, open, override etc. In contrast, several ones are not largely known because there is not often use case that requires these features.
In this article, we will discover such a keyword: tailrec
, and what it provides.
According to the official documentation:
tailrec marks a function as tail-recursive (allowing the compiler to replace recursion with iteration)
Following this definition, there must be something wrong with a recursive function since the compiler has to replace it with an iteration (for
loop for instance). …
Security is always one of the most essential criterions that has been focused on in Android OS from its ground up until the latest updated versions. In this article, we will discover a couple of models that define how Android behaves.
Before diving into the detail, it is worth noting that Android platform makes use of Linux, so its features are often based on the principles of Linux.
The foundation of the Android application security model is that no two applications running on the same device should be able to access each other’s data without authorization.
They should not affect the operation of other applications, either. These are the concepts of an Application Sandbox. It takes advantages of Linux user-based protection to isolate resources for each application and assign a unique user identifier (UID). That means each application will be running under its own user and its own virtual machine (VM), Dalvik or ART, so each process executes independently from one another. However, do not mistake the above concept with a virtual machine (in term of virtualization) like VirtualBox or VMWare on which one can run a malware without harming remaining parts of the system. It is simply a game of permission. From Linux viewpoint, a user can only access or execute data whose it has the permission, the behavior in Android stays the same except the fact that each application is now associated to a unique user. An app owns its private data directory that is protected by the system of permission and can only be accessible from the application owner. An exception where two apps can be processed under the same user and share the same VM is when they use a shareUserId tag which is declared in AndroidManifest.xml: …
About