 | LEIF UNEUS on Delphi intrinsic functions tha… |
 | HeartWare on Delphi intrinsic functions tha… |
 | lhengen on Delphi: not all lists need to… |
 | abouchez on The magic “procedure Tou… |
 | dummzeuch on Delphi: getting the name of th… |
Posted by jpluimers on 2021/01/28
[WayBack] Nick Craver on Twitter: “1. “Are you ready to work on the auth code?” 2. New dev: “Hell yeah, bring it on!” 3.… “.
Relevant because security often is a nightmare:
Both threads are a good read.
–jeroen
Posted in .NET, Android, Development, Fun, Mobile Development, Software Development, Xamarin Studio | Leave a Comment »
Posted by jpluimers on 2021/01/08
[WayBack] Roderick Gadellaa on Twitter: “In case anyone who owns an Android TV is interested: I’ve built a (very, very) simple app that (re)sets the volume of the TV to 8% of the max volume every time you turn it on. #androidtv #tools…”
[WayBack] Roderick Gadellaa on Twitter: “Some instructions: – You have to sideload it (google is your friend: “how to sideload app on android tv”) – You have to start the app once. It won’t show up on Home, so go to Settings > Apps > TvVolsetr > Open – Android TV 7.0 Nougat or higher required”
[WayBack] Roderick Gadellaa auf Twitter: “Some instructions: – You have to sideload it https://t.co/8aK0bmXXFl – You have to start the app once. It won’t show up on Home, so go to Settings > Apps > TvVolsetr > Open – Android TV 7.0 Nougat or higher required”
Follow only the images links from [Archive.is] “how to sideload app on android tv” – Google Search, as the others point to phishing sites.
This image link for instance is useful: [WayBack] How to Sideload Apps on Android TV: Android TV is an excellent product for anyone who wants to expand their current living room setup—it makes easy work of streaming most content, has a slew of games (that are actually worth playing), and is relatively inexpensive. But what happens when an app you want on your TV isn’t available for your device?
Download: [WayBack] tvVolsetr.apk
–jeroen
Posted in Android, Android Devices, Mobile Development, Power User, Software Development | Leave a Comment »
Posted by jpluimers on 2021/01/05
[WayBack] GitHub – andOTP/andOTP: Open source two-factor authentication for Android.
A few highlights:
PlayStore: [WayBack] andOTP – Android OTP Authenticator – Apps on Google Play
• Free and Open-Source
• Requires minimal permissions:
• Camera access for QR code scanning
• Storage access for import and export of the database
• Encrypted storage with two backends:
• Android KeyStore (can cause problems, please only use if you absolutely have to)
• Password / PIN
• Multiple backup options:
• Plain-text
• Password-protected
• OpenPGP-encrypted
• Sleek minimalistic Material Design with three different themes:
• Light
• Dark
• Black (for OLED screens)
• Great Usability
• Compatible with Google Authenticator
Via: [WayBack] ‘Aanvallen via ss7-protocol om 2fa-sms’jes te onderscheppen nemen toe’ – Computer – Nieuws – Tweakers
Check out @Jaykul’s Tweet: https://twitter.com/Jaykul/status/1091200778121957377
Instead of Google authenticator and Authy
Via https://twitter.com/martinfowler/status/1091097388201230339
Related :
Nope. It’s just a secret encoded in a QR code.
Here’s the docs on the format of the URI in the QR code: https://t.co/AJhT6PFAzx
The QR code delivers a simple, durable, shared secret.
Use U2F if you can. It is much safer, as it cannot be phished or copied.
Depends on your risk model. Device to device transfer would be a good mid-ground, but doesn’t solve the “my phone was stolen/bricked/damaged” scenario.
Which is your bigger risk – duplicating (normally encrypted) secrets or losing your device and access to everything?
github.com/.../Key-Uri-Format The QR code delivers a simple, durable, shared secret. Use U2F if you can. It is much safer, as it cannot be phished or copied.”
–jeroen
Posted in Android, Development, Mobile Development, Security, Software Development | Leave a Comment »
Posted by jpluimers on 2020/12/29
Still relevant, not limited to Delphi, though other environments often have a better warning system in place: [WayBack] Why does my Android application, compiled with Delphi Rio, no longer work?.
TL;DR: over time, Android and the development tools for it, require you to support more recent Android SDK levels.
Those SDK levels come with different requirements than past ones, so when recompiling, you need to check if you fulfill these requirements.
When you don’t, the application is likely to crash, sometimes without any indication why.
Via: [WayBack] Dalija Prasnikar – Google+ /
[WayBack] Dalija Prasnikar on Twitter: “Why does my Android application, compiled with Delphi Rio, no longer work?”
–jeroen
Posted in Android, Delphi, Development, Mobile Development, Software Development | Leave a Comment »
Posted by jpluimers on 2020/08/06
Sometimes you cannot avoid handling passwords in your application. When you do,
In practice, this usually comes down to storing them as arrays (character or byte arrays), not strings.
This holds for many other platforms outside Java as well: strings are usually managed in one way or the other, so they cannot be wiped
References:
For actual storage of passwords, you always have the risk of retrieval: when a “bad guy” gets physical access to a device, it is basically hosed.
A KeyStore can only do so much against it: if your APK can be downloaded, it can be reverse-engineered revealing the exact steps how the store is accessed, reproducing the steps needed to hack into the underlying protected data/functionality.
The keystore can be forgetful…
You’ve just moved in to a new house and have been given the master key for the front door. You only have one of these so you know you need to keep it safe. Your really paranoid so you hire an armed guard, whose sole job is to protect this key, in fact, this is all he has been trained to do and has a catchy slogan of “need to protect a key, its what I was born to do!”. You install an extra lock on your front door as you feel the bodyguard isn’t enough, this is a rough area anyway and who’s going to make sure no-ones about to break in and steal all your crap. You return to your key guard only to be informed he has thrown the key away. You shout and scream at him but he just blankly says “I don’t have it anymore, I didn’t think it was important”. You can’t contain your anger “What the hell, your a jerk! You had one thing to do and you failed, this causes me a lot of problems, why didn’t you tell me you might do this?! What do I do now?!”
[WayBack] Android Security: The Forgetful Keystore – SystemDotRun – Dorian Cussen’s Super Blog
–jeroen
Posted in Android, Development, Java, Java Platform, Mobile Development, Power User, Security, Software Development | Leave a Comment »
