The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,276 other followers

Archive for the ‘Android’ Category

Nick Craver on Twitter: “1. “Are you ready to work on the auth code?” 2. New dev: “Hell yeah, bring it on!” 3.… “

Posted by jpluimers on 2021/01/28

[WayBack] Nick Craver on Twitter: “1. “Are you ready to work on the auth code?” 2. New dev: “Hell yeah, bring it on!” 3.… “.

Relevant because security often is a nightmare:

 

Both threads are a good read.

–jeroen

Read the rest of this entry »

Posted in .NET, Android, Development, Fun, Mobile Development, Software Development, Xamarin Studio | Leave a Comment »

Roderick Gadellaa on Twitter: simple app that (re)sets the volume of the TV to 8% of the max volume every time you turn it on.

Posted by jpluimers on 2021/01/08

[WayBack] Roderick Gadellaa on Twitter: “In case anyone who owns an Android TV is interested: I’ve built a (very, very) simple app that (re)sets the volume of the TV to 8% of the max volume every time you turn it on.  #androidtv #tools…”

[WayBack] Roderick Gadellaa on Twitter: “Some instructions: – You have to sideload it (google is your friend: “how to sideload app on android tv”) – You have to start the app once. It won’t show up on Home, so go to Settings > Apps > TvVolsetr > Open – Android TV 7.0 Nougat or higher required”

[WayBackRoderick Gadellaa auf Twitter: “Some instructions: – You have to sideload it https://t.co/8aK0bmXXFl – You have to start the app once. It won’t show up on Home, so go to Settings > Apps > TvVolsetr > Open – Android TV 7.0 Nougat or higher required”

Follow only the images links from [Archive.is] “how to sideload app on android tv” – Google Search, as the others point to phishing sites.

This image link for instance is useful: [WayBack] How to Sideload Apps on Android TV: Android TV is an excellent product for anyone who wants to expand their current living room setup—it makes easy work of streaming most content, has a slew of games (that are actually worth playing), and is relatively inexpensive. But what happens when an app you want on your TV isn’t available for your device?

Download: [WayBacktvVolsetr.apk

–jeroen

Read the rest of this entry »

Posted in Android, Android Devices, Mobile Development, Power User, Software Development | Leave a Comment »

GitHub – andOTP/andOTP: Open source two-factor authentication for Android

Posted by jpluimers on 2021/01/05

[WayBack] GitHub – andOTP/andOTP: Open source two-factor authentication for Android.

A few highlights:

  • andOTP is a two-factor authentication App for Android 4.4+.It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code.
  • OpenPGP: OpenPGP can be used to easily decrypt the OpenPGP-encrypted backups on your PC.
  • BroadcastReceivers: AndOTP supports a number of broadcasts to perform automated backups, eg. via Tasker. These will get saved to the defined backup directory. These only work when KeyStore is used as the encryption mechanism
    • org.shadowice.flocke.andotp.broadcast.PLAIN_TEXT_BACKUP: Perform a plain text backup. WARNING: This will save your 2FA tokens onto the disk in an unencrypted manner!
    • org.shadowice.flocke.andotp.broadcast.ENCRYPTED_BACKUP: Perform an encrypted backup of your 2FA database using the selected password in settings.
  • All three versions (Google Play, F-Droid and the APKs) are not compatible (not signed by the same key)! You will have to uninstall one to install the other, which will delete all your data. So make sure you have a current backup before switching!

PlayStore: [WayBack] andOTP – Android OTP Authenticator – Apps on Google Play

•  Free and Open-Source
•  Requires minimal permissions:
•  Camera access for QR code scanning
•  Storage access for import and export of the database
•  Encrypted storage with two backends:
•  Android KeyStore (can cause problems, please only use if you absolutely have to)
•  Password / PIN
•  Multiple backup options:
•  Plain-text
•  Password-protected
•  OpenPGP-encrypted
•  Sleek minimalistic Material Design with three different themes:
•  Light
•  Dark
•  Black (for OLED screens)
•  Great Usability
•  Compatible with Google Authenticator

Via: [WayBack] ‘Aanvallen via ss7-protocol om 2fa-sms’jes te onderscheppen nemen toe’ – Computer – Nieuws – Tweakers

Check out @Jaykul’s Tweet: https://twitter.com/Jaykul/status/1091200778121957377

Instead of Google authenticator and Authy

Via https://twitter.com/martinfowler/status/1091097388201230339

Related :

Nope. It’s just a secret encoded in a QR code.

Here’s the docs on the format of the URI in the QR code: https://t.co/AJhT6PFAzx

The QR code delivers a simple, durable, shared secret.

Use U2F if you can. It is much safer, as it cannot be phished or copied.

Depends on your risk model. Device to device transfer would be a good mid-ground, but doesn’t solve the “my phone was stolen/bricked/damaged” scenario.

Which is your bigger risk – duplicating (normally encrypted) secrets or losing your device and access to everything?

 

–jeroen

Posted in Android, Development, Mobile Development, Security, Software Development | Leave a Comment »

Why does my Android application, compiled with development tool XXX version YYY, no longer work?

Posted by jpluimers on 2020/12/29

Still relevant, not limited to Delphi, though other environments often have a better warning system in place: [WayBack] Why does my Android application, compiled with Delphi Rio, no longer work?.

TL;DR: over time, Android and the development tools for it, require you to support more recent Android SDK levels.

Those SDK levels come with different requirements than past ones, so when recompiling, you need to check if you fulfill these requirements.

When you don’t, the application is likely to crash, sometimes without any indication why.

Via: [WayBack] Dalija Prasnikar – Google+ /

[WayBack] Dalija Prasnikar on Twitter: “Why does my Android application, compiled with Delphi Rio, no longer work?”

–jeroen

Posted in Android, Delphi, Development, Mobile Development, Software Development | Leave a Comment »

Android passwords: store as transient as possible using arrays in stead of strings

Posted by jpluimers on 2020/08/06

Sometimes you cannot avoid handling passwords in your application. When you do,

  • keep them around as short as possible
  • store them in data types that are not garbage collected
  • wipe the storage as soon as you are done

In practice, this usually comes down to storing them as arrays (character or byte arrays), not strings.

This holds for many other platforms outside Java as well: strings are usually managed in one way or the other, so they cannot be wiped

References:

For actual storage of passwords, you always have the risk of retrieval: when a “bad guy” gets physical access to a device, it is basically hosed.

A KeyStore can only do so much against it: if your APK can be downloaded, it can be reverse-engineered revealing the exact steps how the store is accessed, reproducing the steps needed to hack into the underlying protected data/functionality.

The keystore can be forgetful…

You’ve just moved in to a new house and have been given the master key for the front door. You only have one of these so you know you need to keep it safe. Your really paranoid so you hire an armed guard, whose sole job is to protect this key, in fact, this is all he has been trained to do and has a catchy slogan of “need to protect a key, its what I was born to do!”. You install an extra lock on your front door as you feel the bodyguard isn’t enough, this is a rough area anyway and who’s going to make sure no-ones about to break in and steal all your crap. You return to your key guard only to be informed he has thrown the key away. You shout and scream at him but he just blankly says “I don’t have it anymore, I didn’t think it was important”. You can’t contain your anger “What the hell, your a jerk! You had one thing to do and you failed, this causes me a lot of problems, why didn’t you tell me you might do this?! What do I do now?!”

[WayBack] Android Security: The Forgetful Keystore – SystemDotRun – Dorian Cussen’s Super Blog

–jeroen

Posted in Android, Development, Java, Java Platform, Mobile Development, Power User, Security, Software Development | Leave a Comment »

 
%d bloggers like this: