I'm currently developing an application which consists on an Android client for SCEP protocol. This protocol provides an automatic method of certificate enrollment and renewal for mobile devices into a PKI.
Due to that, I'm facing with the problem that with the Android version I'm using (4.2) I'm not able to remove user certificates to execute renewal process.
I don't mind if it can be done silently or not, I just want to know if user-certificates removal from Android KeyStore can be done programatically on a non-rooted Android device.
Thanks in advance.
Related
enter image description here
Is it possible to turn on off (hide) the samsung secure folder through code in android java? Is there any Api or other way to do this function from another app?
I want to create an android app that connects to internet and it has a simple socket.io that gets the turn on / off (hide/unhide) command from server and hides or unhides the devices secure folder.
is it possible?
thanks.
Samsung secure folder is a proprietary feature from Samsung OEM. They do not provide any api to any third party application to do any changes to this or any of there features. Any hack that you may devise would be temporary and futile as they are quite active in terminating such attempts.
I am currently following this guide: https://developer.android.com/training/sign-in/biometric-auth, and using android 11 to test it.
I want to use fingerprint authentication in my app, however the code from the link above works only with the fingerprint that is stored on the device. Meaning it doesn't work unless you have set up fingerprint authentication as your lock screen.
Is it possible to store fingerprint credentials in an android app which will be independent of the device's fingerprint?
Is it possible to store fingerprint credentials in an android app which will be independent of the device's fingerprint?
No, sorry, not with stock Android biometrics support.
We have a Java based web application and an android app for our enterprise needs. We would like to remotely push the android app from the web application and we don't know how to achieve this. After searching in Google, I found Android EMM but did not understand what that is exactly as there were no other blogs or tutorials other than the Google site which was difficult for me to understand.
It is similar to MDM solution but do MDM servers have an app preinstalled in the devices so that the installed app manages the installation of other apps?
Can anybody tell how to remotely push the android app from my web application?
To remotely push an app to an Android device you need to manage this device, you cannot just push an app on anyone's device. To manage a device you need to set up this device as managed, which will require a factory reset.
If you want to pursue this approach you can try the Android Management API.
You can just upload .apk file to your server and provide a link to the user. This is a very simple solution but requires user to agree "install apk from third party sources". In this case, a user needs to agree with installing apk.
If you want to install apk without user agreement you need to activate Device Owner on Android (Fred mentioned in the comment this approach).
My backup harddrive is completely broken, and my working pc is after format since that time. I've checked drive by some recovery software, but i can't find any .keystore files on list. Is there any other way to recover keystore? I need this to update my app...
If you lost your keystore file,there is no way that you can update your app in google play and it will cause a signature error.
The only way is create an app with a new package name and upload it to play.
https://developer.android.com/tools/publishing/app-signing.html
Warning: Keep your keystore and private key in a safe and secure
place, and ensure that you have secure backups of them. If you publish
an app to Google Play and then lose the key with which you signed your
app, you will not be able to publish any updates to your app, since
you must always sign all versions of your app with the same key.
I am using the "chrome://inspect/devices" and monitoring the http traffic for an Android application. This only works with the Android 4.4/KitKat. Within this tool, the set-cookie and cookie data does not show. Is there another tool or how can I configure this tool to show the cookie data for each request. The "cookie" store set of cookies do appear but not for each individual request between the server and client/Android device.
I believe this hybrid Cordova based web view is masking the cookies. I don't know how.
More information:
http://code.google.com/p/chromium/issues/detail?id=403490
Note: this is monitoring traffic between the Android device and a host PC, monitoring the traffic on the host PC.
Note: It looks like it is a "webview" or application/api/library issue. We are using Cordova to build this application. It is a hybrid/web-view application, I don't know why or how it could explicitly hide the cookie information? I was curious if anyone has any more detail on how a webview could hide cookies.
Since you mention
Is there another tool
I am going to jump at this part and offer you a different tool, i.e. Fiddler.
You can set up Fiddler with proxy
Change the Android device network settings to go through the proxy.
Now, you can capture complete network requests inclusive of any request made from the device.
So perfect for development, if I may say so.
Source - http://www.cantoni.org/2013/11/06/capture-android-web-traffic-fiddler
Helps to ease a painful debugging experience, to a pleasant one.
Some freebies
Fiddler also allows to break on http requests, modify the content, reissue requests without having to write any piece of code.
And another factor, it works for any Android release, iOS or Windows Phone or any device that supports proxy.
No SDKs required to do this!
If you are using a mac, you can checkout Charles network inspector.
Hope this helps!
Note - This answer is purely to help in inspecting the network traffic.
Update - HTTPS traffic
Install Fiddler Certificate to Android
As a final step to improve the debugging of secure HTTPS connections,
we can install a Fiddler “root” certificate on the Android device.
(Note: If your device does not already have a PIN or password, you
will need to set one up before installing the certificate.)
Steps:
On Android start the Chrome browser
Navigate to
http://ipv4.fiddler:8888/
Tap on the link for the “Fiddler Root
Certificate”
Name the certificate “Fiddler” and install it (entering
your PIN or password if prompted)
With this test certificate
installed, you should now be able to visit SSL sites from the Android
Chrome browser and not receive any certificate warnings. The network
traffic should also be viewable in Fiddler. Good test sites are those
which always force secure HTTPS connections, like the Wells Fargo
mobile site at https://wellsfargo.com/.
Exercpt from the posted link.
Have a look at the WebViews CookieManager. Specifically look at the 'allowFileSchemeCookies' and 'setAcceptFileSchemeCookies' methods. If they are false by default that may be the culprit.