Hello everyone,
I come to you for some advice about an application I'm developing for Android 1.6 and higher.
Specifically, this application must be able to query a remote MySQL database and display the retrieved data. It need also be able to UPDATE data on this databse and that is where things get complicated ...
For selection queries, I wrote a small PHP script on the remote server that retrieves the desired data in the database and encodes them in JSON. From my Android application, I have no problem to retrieve, process and display them.
Now I wonder about the solution (if there is one ...) to run UPDATE from my application on the remote database. For now, I see only two solutions:
- Develop a webService on the server with an update method. Several problems with that: it seems webServices on Android are not easy (not native, have to go through external libs). Moreover, as it's UPDATE query, I want to make sure nobody else can use this webService.
- Alternatively, write a PHP script that makes the UPDATE and call it via HTTP. Same problem as webService: I want to secure this call to be sure that only I can use this script. These scripts can be integrated into an application already present on my server and which is secured by login / password. So, if it is possible to manage PHP sessions from Android, it's won! but Ican't find anything about it ...
What do you think? Ideas?
Thx!
These apps allow you to remotely access your phone from a web browser. However, they all run a web server on the phone, and I cannot connect to any of the over 3g (Verizon).
LazyDroid Web Desktop
Remote Desktop
Remote Web Desktop
I want to move the web server off phone, and (hopefully) onto private sites.google.com site. App Engine might be necessary, but I'm hoping this could be done solely in JS.
The hosting site would provide the UI, and interact with the phone using C2DM (the magic that powers Chrome2Phone, GMail, and installing apps from the web Market).
The UI is pretty obvious. It just needs a whiz to create HTML, Javascript, etc.
The C2DM backend is a still a bit mystifying to me... and searching for c2dm and javascript does not yield any obvious working implementations. But it seems plausible. Push a command to the phone, phone returns/uploads data to website, and UI updates.
Then there is the Android end. Well, there are the 3 projects above, Tasker for a quasi-hackish approach, and RPC (promising, but it seems like a WIP).
Thoughts? Volunteers? Geniuses?
Ooo... 2 birds with one stone!
This would also kill 2 birds with one stone.
No more typing in dynamic IP addresses! You get to use DNS to handle the connections. Bookmark your site in your desktop browser (it is always the same!). And set a preference in the Android app.
On lazydroid i've in planning some kind of trick that will let you connect behind firewall ... similar to a vpn...
CloudsITA said:
On lazydroid i've in planning some kind of trick that will let you connect behind firewall ... similar to a vpn...
Click to expand...
Click to collapse
I tried it again last week, and it is still unsuccessful. Webkey is currently the only application that I can successfully use to reach my phone.
Now, I could be wrong, but I believe all of these apps run a web server on the phone. I get a lovely, private 10.x.x.x IP address, which I can't reverse the route to. I have tried and failed to get DynDNS to work.
I have been looking into a solution since my original post. I have not had any time to do code squat, but I have loosely figured out all of the parts.
The big architectural difference I have been seeking is removing the server from the phone. I am not an Android expert, but I don't believe it even requires a running service. (Thank you, C2DM.)
With the app-webservice separation, you can work a "protocol" that reduces the overall bandwidth used... and thus improve battery life. Put all the "hard work" on a webserver, and (things get fuzzy here) possibly push it off onto the client browser (JS).
C2DM Browser Links
I could probably make something like WebKey but with C2DM and some more features. If you want you can give suggestions and I'll start making on saturday (after my exams). It would probably be possible in javascript for the actual sending from server and php just for logging in to your google account. The phone would just be registered on the server and no services (just as you wanted )
nebkat said:
I could probably make something like WebKey but with C2DM and some more features. If you want you can give suggestions and I'll start making on saturday (after my exams). It would probably be possible in javascript for the actual sending from server and php just for logging in to your google account. The phone would just be registered on the server and no services (just as you wanted )
Click to expand...
Click to collapse
I am not sure "more features" is necessarily the direction I'm headed. I am focused on making a "seamless" experience (i.e. less separation of phone and computer).
I was headed to App Engine (Python bias + easy Google integration). I have a project created. I haven't pulled together the various examples to make the core, but it seems <naive>simple</naive>. Stir in some templates, CSS, a sprinkling of JS, and voila!
The big "tricky" part that I can't convert from f***ing magic to a clear approach is the data link in the server. I want to avoid any storage to a Google disk, or otherwise, even temporarily. No stored data = easy privacy policy.
nebkat, if you're really chomping at the bit to code, here's my Android client concept.
- C2DM is a wake-up call. (cheat an borrow ChromeToPhone's ID to begin with)
- Connect to web server, send "I'm here," and wait for further instructions (Channels API/Comet/AJAX/.........)
- make the command set extensible
- each command is blockable in the client. (Permission control is set on the phone, not remotely.)
- After N minutes of no activity, send a "good bye," disconnect from the server, and fade into the background.
Don't worry, I'm very experienced with the server side stuff and I know exactly what you want. The only information stored on the sever side would be google account, the device c2dm registration id and some logging features just for statistics. A password could be set on the phone that would be sha512 hashed on the ajax request and would be sent to the phone. Even if a hacker found the hash, it would be useless without being logged in to the persons google account or knowing the server side auth token.
For now i'll just make the reciever, processor and command output and later on the extra security and ui stuff. It will work exactly the same way as Chrome2Phone except it will have server side php and the different commands. The connection from pc to phone will be something like this.
user command -> ajax request -> php c2dm request -> phone
phone -> php server http request -> controller page status
BTW I'm saving up for a Nexus S, how much would people pay for this type of app? There would definitely be a free version, but I just need to get the Nexus S because I have a Galaxy Spica now and it isn't the best for app development. I'm new to how stuff at xda works, would a donate version get me enoguh for the Nexus?
nebkat said:
Don't worry, ... <snip> ... auth token.
Click to expand...
Click to collapse
Alrighty then. I'm feeling like I can stop contemplating implementing this.
BTW I'm saving up for a Nexus S, how much would people pay for this type of app? There would definitely be a free version, but I just need to get the Nexus S because I have a Galaxy Spica now and it isn't the best for app development. I'm new to how stuff at xda works, would a donate version get me enoguh for the Nexus?
Click to expand...
Click to collapse
Since I was learning the ins and outs of App Engine, I read their quota rules and realized if this were popular it would require funding. I don't know where you are going to your web server, but I assume you'll have to pay someone to keep it running. But I had thought about $$$ already.
"Give away the razor, and sell them the blades."
Make the app free, no feature restrictions.
You get your money through various "membership" levels on the server. (See the account levels at fastmail.fm for an example.) So, you can use the app for free, but you only get, say, 2-3 MB of traffic per day, and only X sessions per day. Need more? See the pricing chart.
user command -> ajax request -> php c2dm request -> phone
phone -> php server http request -> controller page status
Click to expand...
Click to collapse
user command -> php server http request -> phone
phone -> php server http request -> controller page status
user command -> php server http request -> phone
lather, rinse, repeat.
C2DM is not deterministic, and acts up in low signal conditions. So, I made a decision to only use C2DM to initiate a session. Once both ends are connected to the server, everything goes over HTTP.
Oh.... and not that we need another Lookout/Phone Finder, but a shared-secret SMS code for the case where "they" have shut down the data connection.
I have my own server nebkat.com and there is nothing on it anyway.
The only other way to make "push" requests to the phone is with WebSockets. It would probably be better than c2dm because we have full control over what gets sent (google limits some requests). The advantage of WebSockets is that they send no header information which means that we could send our messages in 20 to 30 bytes.
I'll look into more detail on friday.
With web sockets won't you need to ensure the phone has a routable, external IP address? I know, for one, t-mobile does not expose an external IP address for their phones. Unless, of course, if the phone is connected over WiFi. C2DM works great for me (I have used a couple of apps with it and it is really useful).
MrGibbage said:
With web sockets won't you need to ensure the phone has a routable, external IP address? I know, for one, t-mobile does not expose an external IP address for their phones. Unless, of course, if the phone is connected over WiFi. C2DM works great for me (I have used a couple of apps with it and it is really useful).
Click to expand...
Click to collapse
No, WS is server initiated and the ip address' shouldn't make a difference.
MrGibbage said:
With web sockets won't you need to ensure the phone has a routable, external IP address? I know, for one, t-mobile does not expose an external IP address for their phones. Unless, of course, if the phone is connected over WiFi. C2DM works great for me (I have used a couple of apps with it and it is really useful).
Click to expand...
Click to collapse
You need an valid external IP address if you are attempting to initiate contact with your phone, which is why the 4-5 apps I've mentioned do not work on carriers like t-mo and verizon.
But the phone can establish a connection, and the carrier NATs (or whatever) will handle the routing for outgoing and incoming data.
I think the right questions are: Will Verizon/T-Mo allow the ports and protocol for WebSockets? Do Android and desktop browsers implement the draft API correctly and consistently?
I like C2DM. I works well when you have a good connection. But there are 3 issues with it.
1) The message size limit is 1024 bytes. Not ideal for file transfers.
2) In a poor signal areas, since the service retries sending messages, you will get delayed and/or duplicate messages. I work in a large "concrete" building, so I get this behavior often enough that I don't want to rely on it.
3) I believe there is a limit on the number of messages you can send. So, hunting around the filesystem could hit this limit (but unlikely in reality... I hope.)
It would be interesting to see exactly how those apps handle all of the data. Do they only use C2DM, or do they hand over to another protocol?
Ok my exams are over and I am starting with it. I'll give updates on this thread
The training center I work for is piloting a bunch of mobile devices to distribute to users . The devices need to be able to access only a select number of websites and a few in house apps (a sad use for these wonderful devices). I have rooted one of our Nexus 7s and disabled most of the default apps. I then just password protected all of the apps that I must keep like Titanium backup, settings, etc. What I can't figure out is how to lock chrome so that it can only go to certain websites. Does anyone know how i could do this?
marcymtz said:
The training center I work for is piloting a bunch of mobile devices to distribute to users . The devices need to be able to access only a select number of websites and a few in house apps (a sad use for these wonderful devices). I have rooted one of our Nexus 7s and disabled most of the default apps. I then just password protected all of the apps that I must keep like Titanium backup, settings, etc. What I can't figure out is how to lock chrome so that it can only go to certain websites. Does anyone know how i could do this?
Click to expand...
Click to collapse
Android doesn't have parental settings like a computer with security software like kaspersky or McAfee. It also doesn't have such a software that prevents you from accessing sites you don't want it to be accessed. You can tell the IT department to set the privacy settings so when the sites are typed, it'll be blocked.
Sent from my Nexus 4 using Tapatalk 2
I'd address this by having them contact a specific access point that accessed a specific proxy (that they were configured to use) with the list of sites.
Squid isn't bad to configure.
drop the default route (ip route del default), add the desired DNS hostname translations to /etc/hosts -> /system/etc/hosts, and then add back in individual routes (ip route add) to the ip blocks named in /etc/hosts.
This would need to be repeated every time the DHCP lease renewed, as the renewal process will certainly re-insert the default gateway route, and the current IP might change.
A better solution would also compromise or replace DNS lookups with the same domain name whitelist, and every DNS lookup not in the whitelist would blackhole to the loopback (127.0.0.1) device.
You didn't say whether or not these devices are "in the wild" (either 3G or random WiFi hotspots). If the devices are captive (getting DHCP leases from a corporate/business access point) there are plenty of other tricks that can be played at the default gateway.
Note also that it is pretty typical for "web sites" to pull content from all over creation, or use load-balancing services (e.g. akamai) where the name-to-IP translation can't be readily predicted in advance,
Both of those factors might condemn you to be perpetually editing your hostname whitelist and routing table instructions.
good luck
I am supposed to develop a group messaging app (IM client) using WLAN ,its a term project.This app is supposed to list all the available users that are connected over the wlan and provide the user with the options ,to create a group ,send group messages or send messages individually over the wlan.I have had experience of developing android apps in the past but none of them have ever been network based.
I need to know :
1.what Internet protocols will be used .(sip? ,voip?) for DNS etc ,yeah i have below meager networking knowledge.
2.what areas do i need to research any links to resources will be quite helpfull .
3.any open source app that offers the same functionality
4.do i need to set up a server aswell ?
I would be really thankfull for your advice on this .
Take a look at XMPP which is an extendable and open source messaging protocol.
DNS is just used to convert names to numbers, so you'd give your server a name and create a DNS A record, then the clients would use that name to locate the server. XMPP works over TCP/IP which is useful as it's implemented in every operating system I'm aware of. There are also XMPP clients (which is a protocol that works on top of TCP/IP) for all platforms out there as well.
Check wikipedia for XMPP to give you background information, then look at something like openfire as a server implementation, it's pretty simple to setup and has a web based configuration.
Configure Microsoft Communicator
I am creating a new type of security application that sits at OSI Layer 2/3 and encrypts packets of data flowing between devices. With this proven technology, I can create apps such as Secure Skype, Private Messenger and so forth and I can do things such as blend Triple DES and AES 256 bit encryption (this will eventually be an open source encryption platform) on the same communication channel. We run underneath higher level, more limited, options such as SSL and VPN and we have been working on desktops for years.
The problem is that I cannot figure out how to port my Linux version over to Android due to the need to have admin rights for my app. I do NOT want to try to force people to root their phone and I am looking for some legal option.
In Windows and Apple, you can get your code verified - in Windows it is called Windows Logo verification. In those case, your code is run through a whole series of tests, the source code is signed and that cert is then authorized for admin rights.
Given how Android works, it would seem that a similar option should exist but I cannot find anything.
Can somebody please point me in the right direction?
Thank you very much for your time.
You can give your app administrator permission only for rooted devices.