Good day all,
I have a java based phone (samsung star 2 5260) and it's three weeks that I'm trying to come up with a solution to receive notification on received emails.
The phone configures a periodic check for a minimum of 30 minutes, but I need a much more frequent control (five minutes maximum).
I have tried countless solutions, and I've come up with the closest one, being a custom mujmail midlet that supports my gmail mailbox over imap, deployed thanks to the netbeans editor.
Point is, I've modified mujmail's polling to run on the background, but audio does not play when the phone is locked, so even if the midlet checks and receives emails, it's unable to notify me. The application minimizes and keeps on running, but it's unable to tell me that new mail has arrived.
I've even tried sending an sms when there's new mail, but was unable to sign the application (looks like ktoolbar produces 1024 bit certificates, and thawte, verisign, etc. will only produce 2048 bit certs since a few years.), and so it'll always ask authorization, which renders this approach useless.
So I'm desperate to find an alternative.
And I was hoping that we can in some way emulate the 'system alert' that the phone uses when it's locked and you receive an sms (audio cue).
Is this a j2me functionality, or is it specific to the samsung sdk?
Does anybody have an idea of how to access this functionality from inside a midlet?
Is there a way to create a midlet in the trusted third party domain without signing it?
I know j2me is an old subject, but hopefully someone here is still knowledgeable about it.
Thanks in advance.
Looks like you're expecting too much from JavaME.
If it's possible to do what you want, you can be certain that it requires signing.
Basically you have to sign your MIDlet with a certificate that is supported on your phone. Most developers go for Thawte or Verisign, because their certificates are supported on the most devices.
If you're only interested in getting this to run on your own phone, it's possible you can find a much cheaper provider, like e.g. Samsung themselves. But I admit I don't know.
In any case, there's no way around signing, when you want to do things like this with JavaME.
(Well.... there's a tiny slim chance that your phone lets you set permissions, like "Never ask" in the MIDlet properties on the phone after installation, but only a tiny slim chance).
Even after signing your MIDlet, it still won't be able to wake up the phone. JavaME is a sandbox. If the user puts the phone to sleep, then JavaME can't wake it up. (At least not without special API's, which I don't think exists).
If it was me, I'd investigate this approach:
Implement PushRegistry timer to launch the MIDlet ever 5 minutes. This should theoretically launch the MIDlet despite the phone sleeping. (But not if it's turned off).
Then attempt if you can play an alarm sound here.
If you can't, then I'd look into sending an SMS to myself.
Related
Every application that generates dynamic content must have a server whose address is embedded inside the application to enable communication with server.
Now in the case of WhatsApp definitely they have also embed the server's address inside the WhatsApp application. For example someone reverse engineer the WhatsApp apk and found the address of the server, as well as he also found the parameters and all the stuff that the application sends to the server (i-e session, token, authentication key etc etc) for successful communication, so is that mean he can use these same parameters structure and the server address in different third party app to play/communicate with the WhatsApp server? Because server is just an electronic device that works on the digital signals and thats it. Server don't know that these parameters are coming from the authorized WhatsApp apk or from third party apk.
If yes, then don't you guys think that there should be solution to that problem?
If no, then what are the techniques and algorithms they are using to stop requests from unauthorized/fake apps.
I believe not any employee from WhatsApp will answer here to share the algorithm, but i know SOF is full of geeks, if someone knows how WhatsApp stops these kind of issues please share, otherwise i will be still glad to know about the advice and ideas that you guys have in your mind for the best security practices.
How banking, paypal etc and messaging apps including WhatsApp works in that scenario and how they stop the issue that i described above?
Important:
I am not going to reverse engineer the WhatsApp, i am just creating a server and fighting with this issue to be solved to secure my server and only accept request from my app but stop requests from unauthorized/fake apps.
Thanks & respect to all in advance who will contribute.
There is no way to prevent malicious reverse-engineering, resulting in a fake app pretending to be the real thing. While you are working on your server, you need to do defensive programming, that is, your server shouldn't assume that the request was sent via the app. So, if you protect your server against all kinds of malicious and deliberate misuses, then your server is safe.
However, that's easier said than done, because your project is developed by a finite amount of people and - if it becomes successful then - the audience contains a swarm of smart bad people.
You will therefore need to detect a subset of features that you need to absolutely protect against misuses and prioritize testing and improving those, by thinking with the mind of a fictional hacker, who would like to either gain unearned profits or do harm to your project. Schizophrenic, I know, but you need to do that on the server. You also need to improve the security of less than critical features, but at a lower priority and log the requests you get, so if SHTF, then you will have at least a chance to deduce what caused it and how.
If the phone app is in your hands as well, then you might implement some additional authentication for each version, like generating a version token for each user that downloads your app. Since the version token generator algorithm would not be in the hands of hackers, they would have to solve that on a per user basis, which is extremely laborius to solve this for several users if done by hand and if they work it out in a way to make it automatic, their solution would be viable only for a version.
So, there is no 100% accuracy in this area, but you can make life very hard and miserable for people payed to hack through your application.
I want to make an application which will send information to a server about user's location every 30min. It is needed to provide location specific push notifications.
I need such functionality for Android/iOS, which would work in background (also if device is restarted). I found some articles covering background services and I created background service doing that, but after phone is restarted it won't work.
Is it possible with Android and iOS? How can I achieve that?
With iOS, no. With Android, yes.
Apple has gone to great lengths to limit what apps can do. You can do some things in the background for an extended period of time (GPS, play audio, Voip, etc), but after a reboot your app will not be restarted until the user opens it again. There are exceptions to this. Voip apps are allowed to restart after a reboot, but apple will not approve your app for the App Store unless you actually have a place for a user in your app to use the Voip feature. Geofences are a possibility, but I haven't had experience with that feature yet. In my experience, Apple does whatever they can to make sure your app doesn't run forever.
With android, there is more flexibility and what you propose is totally possible. I've listed some important links below, since most of those solutions are far better documented than what I can do here.
Essentially you need to register as a boot receiver and then send an intent to start a titanium android service when the boot event is received. I don't have experience with starting a titanium service, but I'm sure its a simple intent you need to fire. Either way you'll need a module for this native code. I attached a link to a bencoding titanium module that may help you, although there may be some others out there. You may even need to code one yourself.
Samsung is notorious for stopping your app with their SPCM feature. You may want to familiarize yourself with it. I've added a stackoverflow discussion link below.
I don't know all of your system requirements but honestly, for any app I would try my best to not run forever. It will hurt the battery life for your users and will add a lot of complexity. Maybe you could simply have the app check the GPS coordinates when it receives a push notification and decide right there and then whether to present a notification to the user? Just something to consider.
Either way good luck!
How to start an Application on startup?
http://docs.appcelerator.com/platform/latest/#!/guide/Android_Services
https://github.com/benbahrenburg/benCoding.Android.Tools
Dealing with Samsung SPCM killer
I need to ask my clients to send me the udid of their iOS devices in order to add them to an adhoc distribution profile. The main problem is that they are used to iOS but not much to computers. Anyway, it would be a pain for me to explain them how to install iTunes (or even Xcode) to get the udid. Most of the tutorials which describe the iTunes process are in english, I don't want to loose time to translate one of them. And even if I do it, I fear that they will not appreciate loosing their time following it. Any suggestion ?
I use a web online tool at http://www.easy-udid.com to get my customers UDID, I think it's the easiest way for them.
Also you can use service http://udid.io
It is easier because you don't need to ask your clients to write your email address. You just send them link “http://get.udid.io/?mail=your#mail.com” and they will need only 5 taps to send UDID on "your#mail.com"
This question is no longer active - I have been officially notified by the company that we're dropping Android and going with a system that is specifically designed for business use.
In our two sister companies we installed almost 500 android phones assuming they'd have security capabilities similar to Linux that would allow us to provide business phones to our employees but limit their access to apps. Unfortunately we've since found out that we were hugely mistaken. Android has decided that whoever has possession of the phone should have full access to everything. Unfortunately for us this has been a business nightmare, with huge data overages, employees downloading and installing anything and everything they can get their hands on from Play Store, the apps we need to run constantly being stopped by the task manager because too many apps are running at the same time with our employees arguing that the apps are buggy or the phone is broken. Due to our type of operation, the phones are passed from one employee to another often for weeks at a time before a supervisor or technician has access to them.
We absolutely need to either secure the phones or get rid of them. So...
From within a service, how do I capture when an employee clicks on an unauthorized app either from the desktop or from the applications menu? I've spent the last 2 days searching Google for an answer, but have turned up nothing. I know it can be done, because I have a couple of apps on my personal phone that do so.
We're using Android 2.2
Why not uninstall Google play store from the phones? And any other apps which are not needed?
It might be easiest too just install a parental control app. Here's an example, though this particular one may not meet all your needs: https://play.google.com/store/apps/details?id=com.kiddoware.kidsplace
Have a look at the 3CX Mobile Device Manager. The sign up process is free and easy. Then you just need to download the app to each phone from GooglePlay and get it set up. I would be interested in knowing if you proceed with it and if it does everything you need it to.
How would one go about capturing users keystrokes in the SMS composer on the Symbian OS, specifically for a Nokia N73 (or any of the symbian supported devices http://en.wikipedia.org/wiki/Symbian_OS#Devices_that_have_used_the_Symbian_OS)? I'm new to symbian development and I'm trying to write an application to analyse writing styles of those who send SMSs. Any information (or push in the right direction) would be great.
Many Thanks,
A
Actually, you can capture keystrokes destined for any application in Symbian OS.
RWindowGroup::CaptureKey() and RWindowGroup::CaptureLongKey() allow your executable to capture keys from any applicaton, whether yours is in the foreground or not.
However, in this case this may prove to be tedious - these two functions work by capturing specific key codes and modifier combinations, so you would have to set up a lot of captures to deal with all the key combinations in the SMS composer.
You would also have to pass the event on to the SMS composer once your exectuable had captured it. Whilst nominally possible using RWsSession::SendEventToWindowGroup() or TApaTask::SendKey(), there are complexities involved the events arrive in right order (i.e. key down, key event, key up) and behaviour of different FEPs (Front End Processors) for user input.
So whilst it is nominally feasible to do what you require as above, it would prove to be tedious to implement and test, bordering on the risky. If all you want to do is analyse writing style to collect data (rather than in a product app), you might be better off writing your own SMS composer - there are plenty of examples on the Forum Nokia web site of editors and SMS sending.
On a related note - is there an API that can detect all the keys being pressed at once as I stamp on my Symbian phone in frustration at its APIs? ;-)
Well, there are several levels to answering to your question.
The keystrokes are actually captured by the message editor application. So, either it provides an API to feed you all its keystrokes (you can look for one on http://forum.nokia.com. You'll find the message editor API but it will be mostly about re-using GUI controls and not what you're looking for) or you would need a transparent application of your own that stays in the foreground and captures keystrokes before feeding them back to whatever application happens to be right behind. Fortunately (for obvious security reasons), Symbian OS will not allow you to do the later.
You can, however, have your own application read messages when they are saved in the phone memory: when they are saved in the Draft folder or in the SMS Outbox.
The obligatory shameless plug: I would advise reading the messaging chapter of http://www.quickrecipesonsymbianos.com in order to understand how to use the Symbian Message Store
The classes of interest in your case are : CmsvEntry, CMsvSession, MMsvSessionObserver, CMsvOperation and CSmsClientMtm.