The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,318 other followers

Archive for the ‘Mobile Development’ Category

Nick Craver on Twitter: “1. “Are you ready to work on the auth code?” 2. New dev: “Hell yeah, bring it on!” 3.… “

Posted by jpluimers on 2021/01/28

[WayBack] Nick Craver on Twitter: “1. “Are you ready to work on the auth code?” 2. New dev: “Hell yeah, bring it on!” 3.… “.

Relevant because security often is a nightmare:

 

Both threads are a good read.

–jeroen

Read the rest of this entry »

Posted in .NET, Android, Development, Fun, Mobile Development, Software Development, Xamarin Studio | Leave a Comment »

Roderick Gadellaa on Twitter: simple app that (re)sets the volume of the TV to 8% of the max volume every time you turn it on.

Posted by jpluimers on 2021/01/08

[WayBack] Roderick Gadellaa on Twitter: “In case anyone who owns an Android TV is interested: I’ve built a (very, very) simple app that (re)sets the volume of the TV to 8% of the max volume every time you turn it on.  #androidtv #tools…”

[WayBack] Roderick Gadellaa on Twitter: “Some instructions: – You have to sideload it (google is your friend: “how to sideload app on android tv”) – You have to start the app once. It won’t show up on Home, so go to Settings > Apps > TvVolsetr > Open – Android TV 7.0 Nougat or higher required”

[WayBackRoderick Gadellaa auf Twitter: “Some instructions: – You have to sideload it https://t.co/8aK0bmXXFl – You have to start the app once. It won’t show up on Home, so go to Settings > Apps > TvVolsetr > Open – Android TV 7.0 Nougat or higher required”

Follow only the images links from [Archive.is] “how to sideload app on android tv” – Google Search, as the others point to phishing sites.

This image link for instance is useful: [WayBack] How to Sideload Apps on Android TV: Android TV is an excellent product for anyone who wants to expand their current living room setup—it makes easy work of streaming most content, has a slew of games (that are actually worth playing), and is relatively inexpensive. But what happens when an app you want on your TV isn’t available for your device?

Download: [WayBacktvVolsetr.apk

–jeroen

Read the rest of this entry »

Posted in Android, Android Devices, Mobile Development, Power User, Software Development | Leave a Comment »

GitHub – andOTP/andOTP: Open source two-factor authentication for Android

Posted by jpluimers on 2021/01/05

[WayBack] GitHub – andOTP/andOTP: Open source two-factor authentication for Android.

A few highlights:

  • andOTP is a two-factor authentication App for Android 4.4+.It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code.
  • OpenPGP: OpenPGP can be used to easily decrypt the OpenPGP-encrypted backups on your PC.
  • BroadcastReceivers: AndOTP supports a number of broadcasts to perform automated backups, eg. via Tasker. These will get saved to the defined backup directory. These only work when KeyStore is used as the encryption mechanism
    • org.shadowice.flocke.andotp.broadcast.PLAIN_TEXT_BACKUP: Perform a plain text backup. WARNING: This will save your 2FA tokens onto the disk in an unencrypted manner!
    • org.shadowice.flocke.andotp.broadcast.ENCRYPTED_BACKUP: Perform an encrypted backup of your 2FA database using the selected password in settings.
  • All three versions (Google Play, F-Droid and the APKs) are not compatible (not signed by the same key)! You will have to uninstall one to install the other, which will delete all your data. So make sure you have a current backup before switching!

PlayStore: [WayBack] andOTP – Android OTP Authenticator – Apps on Google Play

•  Free and Open-Source
•  Requires minimal permissions:
•  Camera access for QR code scanning
•  Storage access for import and export of the database
•  Encrypted storage with two backends:
•  Android KeyStore (can cause problems, please only use if you absolutely have to)
•  Password / PIN
•  Multiple backup options:
•  Plain-text
•  Password-protected
•  OpenPGP-encrypted
•  Sleek minimalistic Material Design with three different themes:
•  Light
•  Dark
•  Black (for OLED screens)
•  Great Usability
•  Compatible with Google Authenticator

Via: [WayBack] ‘Aanvallen via ss7-protocol om 2fa-sms’jes te onderscheppen nemen toe’ – Computer – Nieuws – Tweakers

Check out @Jaykul’s Tweet: https://twitter.com/Jaykul/status/1091200778121957377

Instead of Google authenticator and Authy

Via https://twitter.com/martinfowler/status/1091097388201230339

Related :

Nope. It’s just a secret encoded in a QR code.

Here’s the docs on the format of the URI in the QR code: https://t.co/AJhT6PFAzx

The QR code delivers a simple, durable, shared secret.

Use U2F if you can. It is much safer, as it cannot be phished or copied.

Depends on your risk model. Device to device transfer would be a good mid-ground, but doesn’t solve the “my phone was stolen/bricked/damaged” scenario.

Which is your bigger risk – duplicating (normally encrypted) secrets or losing your device and access to everything?

 

–jeroen

Posted in Android, Development, Mobile Development, Security, Software Development | Leave a Comment »

Why does my Android application, compiled with development tool XXX version YYY, no longer work?

Posted by jpluimers on 2020/12/29

Still relevant, not limited to Delphi, though other environments often have a better warning system in place: [WayBack] Why does my Android application, compiled with Delphi Rio, no longer work?.

TL;DR: over time, Android and the development tools for it, require you to support more recent Android SDK levels.

Those SDK levels come with different requirements than past ones, so when recompiling, you need to check if you fulfill these requirements.

When you don’t, the application is likely to crash, sometimes without any indication why.

Via: [WayBack] Dalija Prasnikar – Google+ /

[WayBack] Dalija Prasnikar on Twitter: “Why does my Android application, compiled with Delphi Rio, no longer work?”

–jeroen

Posted in Android, Delphi, Development, Mobile Development, Software Development | Leave a Comment »

Making it dead simple to implement @haveibeenpwnd in your applications, including strength warning if found in @troyhunt’s password collection.

Posted by jpluimers on 2020/12/02

I wasn’t aware that Troy Hunt created an API [WayBack] for [WayBack] Have I Been Pwned: Check if your email has been compromised in a data breach.

He did, as I noticed through [WayBack] Michelangelo van Dam on Twitter: “Making it dead simple to implement @haveibeenpwnd in my applications, including strength warning if found in @troyhunt’s password collection. Check out to try it out yourself. #ImproveSecurity #haveibeenpwnd”.

There are in fact plenty of other packages, web-sites and apps using the API as seen on [WayBack] Have I Been Pwned: API consumers.

Many people ask “if it is safe” (often assuming passwords are sent in clear, or hashes are sent in full; my fear is that those people implement security somewhere).

It is safe:

PHP source is at [WayBack] GitHub – DragonBe/hibp: A composer package to verify if a password was previously used in a breach using Have I Been Pwned API.

There is also a [WayBack] composer package at [WayBack] dragonbe/hibp – Packagist.

A really cool thing on it is this:

This project was also the subject of my talk [WayBack] Mutation Testing with Infection where the code base was not only covered by unit tests, but also was subjected to Mutation Testing using [WayBack] Infection to ensure no coding mistakes could slip into the codebase.

Apart from the tests, the most important source is at [WayBack] hibp/Hibp.php at master · DragonBe/hibp · GitHub

Related:

–jeroen

Posted in Development, Mobile Development, PHP, Python, Scripting, Software Development, Web Development | Leave a Comment »

 
<span>%d</span> bloggers like this: