Hi,
Here my scenario is something like i developed am android application which requires login authentication from user before performing any further operations,but i found that for instrumaentation testing they use commands like

am start <packagename> <activity name>

to start a particular activity,which makes my application insecure so i needs a solution to avoid this,because i saw in instrumentation testing they will have different testcases for different activities where this above command comes into picture to do undergo testing on that particular activity.


i am running on this quite for a long time.so your ideas wiull be appreciated

banu

Hi banu,

Making an Android app totally secure is pretty hard if not impossible because in the end, it is Java and can be broken down and examined fairly easily. You can do things to make that job harder, but in the end it can almost always be done.

I suggest that you make your individual activities all check some global variables that are set by the logon activity. That way if any of the pieces are started independently they will not work. You should do what you can to make this hard to find in the code too.

I'm sorry there is not better news but I think Android is inherently insecure and encourages shenanigans.

Hope this helps.

Phyll

Hi Phyll,
Thanks For your reply!!!!
As my understanding is correct, you said i need to set a global variable say i set a flag and making it as true after login so that each and every activity i need to check that flag in OnResume() am i correct.

I tried this soln,it was working pretty well in someactivities but if you are aware of GuiceActivity, i am using that to pass data between activities,
so before calling OnCreate of the called activity it is trying to assign that variable using Injectview annotation which will fail when i start that activity from adb shell which shows me force close.

and my doubt is ,is this above idea is the correct way of handling this?

Waiting for your reply


Banu

Hi banu,

I'm not familiar with Guice other than what I have seen about it on the internet but it seems like the same idea. You have your variables globally in this framework and use them from there. If this gets the job done and helps with the obfuscation of your code then that should be fine. Global variables made in the application scope is probably easier but I'm not sure that is what you want if you have a more complicated way to do it like Guice and already implemented.

I'm not one much for right and wrong. Whatever gets the job done and works good is right in my book.

Hope this helps.

Phyll

ok phyll,

thanx for your suggestion, i will try with setting global variables,

Banu