Hi all, I have just released my first App onto the Android Market so I thought I would post about it on here.
It a simple lightweight App which allows you to store you login information for different websites that you use. The app will also allow you to quickly copy and paste the information into the fields on the website.
All the passwords are encrypted and stored into Android's built in database. When you want to login to a website you can the load the website from the App, which will automatically copy the username allowing you to paste it into the field on the website. Also, when you load the website from the App it will create a notification which, when clicked copies the password for the website you selected allowing you to paste in to the password field. This provides a simple and quick solution to logging in and it also means that people who are standing around you cannot see you enter your password.
The app can be found on the market by searching for Boardies Password Manager. There are two version, a free version which is ad supported and a donate version which has the ads removed.
I hope you find this app useful and would to hear your comments.
Related
NM. I answered my own question. The log in screen was misleading. Have to stop multi tasking when I do these things. @ me.
KOF33 said:
NM. I answered my own question. The log in screen was misleading. Have to stop multi tasking when I do these things. @ me.
Click to expand...
Click to collapse
Just for fun, the answer is most definitely *NO*. Not if you have any personal information on your google account since this would allow that app to not only steal all your personal information, it would allow the app author to hijack your account, send your login credentials to china, etc.
lbcoder said:
Just for fun, the answer is most definitely *NO*. Not if you have any personal information on your google account since this would allow that app to not only steal all your personal information, it would allow the app author to hijack your account, send your login credentials to china, etc.
Click to expand...
Click to collapse
So can't use GDoc or Greed?
cigar3tte said:
So can't use GDoc or Greed?
Click to expand...
Click to collapse
I wouldnt...
Unless you know the code and compiled it yourself.
Or if you definitely don't have any sensitive info on your account.
There's no telling what they'll do with it.
Do you know the author? Have you met them? Do you even know what country they're in?
If you have a rooted device then id watch out for any apps you install, I've read about malware that uploads you browser.db and other data, and we all know that google didn't implement encryption into password storage.
I'm developing a shell app to do this over adb or on the phone console I have implemented
Browser database
Contact database
Ebuddy password
you could always use a password you just made up out of the blue. the app won't be able to recognize whether it's your actual gmail password or not.
tazz9690 said:
you could always use a password you just made up out of the blue. the app won't be able to recognize whether it's your actual gmail password or not.
Click to expand...
Click to collapse
Well the app that made me ask didnt "Require" it. But just recently after that A Gmail/Fbook sync app asks for both passwords.
Without it it wont work. I dont feel comfortable giving my PW to some random app.
Sudox-
Do you mean installing from non marketplace ?
Even rooted marketplace should be ok no ?
Ive never looked extensively at the safety precautions Google implemented.
KOF33 said:
Well the app that made me ask didnt "Require" it. But just recently after that A Gmail/Fbook sync app asks for both passwords.
Without it it wont work. I dont feel comfortable giving my PW to some random app.
Sudox-
Do you mean installing from non marketplace ?
Even rooted marketplace should be ok no ?
Ive never looked extensively at the safety precautions Google implemented.
Click to expand...
Click to collapse
The only thing that the market gives you is a partial assurance that the publisher's market account can be traced back to them based on the credit card number that was used to sign up. Google does NOT security verify the applications that are posted there. The security is built in to the OS -- and note that the app shows you what kind of data it can access at install time. It is therefore UP TO YOU to ensure that the application doesn't get any information that you would consider "sensitive".
And as for root access... this is a potential danger if you aren't careful about limiting root access from certain applications. The community-root scheme is fairly OK, but any program to which you grant ROOT PERMISSION will have access to *everything*. Be careful about what applications you give root to.
lbcoder said:
The only thing that the market gives you is a partial assurance that the publisher's market account can be traced back to them based on the credit card number that was used to sign up. Google does NOT security verify the applications that are posted there. The security is built in to the OS -- and note that the app shows you what kind of data it can access at install time. It is therefore UP TO YOU to ensure that the application doesn't get any information that you would consider "sensitive".
And as for root access... this is a potential danger if you aren't careful about limiting root access from certain applications. The community-root scheme is fairly OK, but any program to which you grant ROOT PERMISSION will have access to *everything*. Be careful about what applications you give root to.
Click to expand...
Click to collapse
This is something I have been wondering for a while now. Say you grant an app SU rights, however upon installation that app did not specify "Internet Access", meaning that the permissions for that program do not allow access to the internet (for sending of any information it could possibly gather). Can that app somehow access the internet, or modify it's own permissions in packages.xml?
daveid said:
This is something I have been wondering for a while now. Say you grant an app SU rights, however upon installation that app did not specify "Internet Access", meaning that the permissions for that program do not allow access to the internet (for sending of any information it could possibly gather). Can that app somehow access the internet, or modify it's own permissions in packages.xml?
Click to expand...
Click to collapse
Yes, any app with root access *can* change its own permissions, yes, any app with root access can access the internet, even withOUT internet permissions, and yes, an update to the app can come with additional permissions than an earlier version.
Note possible attack;
publish an app withOUT internet and/or read contacts permission,
app tries to send sensitive information to china -- permission denied, catch exception, no visible effect to the user. App granted ROOT access, alters /data/system/packages.xml to add internet and read contacts permissions and immediately the phone "randomly" reboots, upon reboot, that app has permissions required to send sensitive information to china.
And yes, the root app is NOT completely secure/trustworthy. There are several vulnerabilities that need to be considered...
1) A *pair* of apps can conspire to break out... i.e., one "trusted" app with root can modify a DIFFERENT app into the whitelist. This can include granting blanket root access.
2) The userid of an uninstalled application may remain in the whitelist, allowing it to be replaced by a *different* app that could later use that root access to do all kinds of nasty things.
In general, a better form for the community root database app would be along the following lines;
1) There should be NO WHITELIST.
2) The root permission state should remain in *memory* for a limited period of time (i.e. 1 minute).
3) The root app should request a PASSWORD (to prevent other people from tampering with it) -- store a password hash in the app's home directory,
4) The root app should be *forced* to be a *system* app in order to eliminate possibility of other user uninstalling and reinstalling it to bypass the password.
1 and 2 should be considered essential. 3 and 4 make it bulletproof, but still can't possibly do anything to stop an app given root from running amok.
In fact, note this;
Even WITH a secured root app, all any app needs is a MOMENT with root to do severe nastiness -- like give itself its very own su command that can't be stopped by the root-app...
Note: in order to *really* give decent security, the su command/app should work more like 'sudo' than like 'su'.
I.e., some app runs "sudo somecommand". This invokes the "sudo" app, which says... "XYZ is attempting to run this command as root: ---. Do you want to allow it?" You know, it is a much stronger position to be in if you can see *exactly* what some root-wanting app is trying to run. Also, nice to prevent some app from just going off as root any time it wants to.
How does the Android community ban apps that ask for crazy permissions? For people who root and have some level of sophistication - we're not going to fall for bad behaving apps.
But for all those who don't even know what permissions are, they need to be warned.
Take a look at this one:
https://market.android.com/details?id=com.antonio.fashion&feature=search_result
Comes from a banned company called Plankton that rebranded itself as StartApp.
I feel sorry for people that install this and can't get rid of all the nasty stuff they injected into their device.
Android Market said:
Permissions
This application has access to the following:
Network communication
full Internet access
Allows an application to create network sockets.
Your personal information
write Browser's history and bookmarks
Allows an application to modify the Browser's history or bookmarks stored on your device. Malicious applications can use this to erase or modify your Browser's data.
read Browser's history and bookmarks
Allows the application to read all the URLs that the Browser has visited, and all of the Browser's bookmarks.
Phone calls
read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
Storage
modify/delete USB storage contents modify/delete SD card contents
Allows an application to write to the USB storage. Allows an application to write to the SD card.
Show all
Network communication
view network state
Allows an application to view the state of all networks.
view Wi-Fi state
Allows an application to view the information about the state of Wi-Fi.
System tools
automatically start at boot
Allows an application to have itself started as soon as the system has finished booting. This can make it take longer to start the device and allow the application to slow down the overall device by always running.
Click to expand...
Click to collapse
I have a problem with an app that supposedly just displays pictures but needs access to my phone, my browser AND starts on boot. The network communication and SD modify I understand since it needs to retrieve the pictures from somewhere and save them in the memory other than the internal one but the rest of the permissions are just completely unnecessary.
Wow that's crazy, I fully agree!
Wow! Those permissions are crazy. That company should be banned. People are having a similar issue with the Amazon "Free app of the day" today. It's a game that is asking for a ton of permissions. There were a lot of complaints and the developer remarked on their Twitter account that they accidentally uploaded a version with "remnant permissions." Ya..right. Too many companies are getting away with this "we accidentally uploaded a test/alpha/beta/developer...etc version of our app." *rolls eyes
Sent from my PC36100 using xda premium
Hello
I'm currently using the official Facebook SDK to log in with my app, using the "com.facebook.widget.LoginButton" and it works perfectly.
But i would rather be able to use my own EditText fields to input the login information and then simply use that to log in with Facebook.
So i would need to relay the EditText information to the proper fields in facebook.
Is this at all possible? Or is the Facebook SDK locked down to only use their own login button?
- Moon
Hi,
You can change the look and feel of the Facebook login button, but you can't ask for the user and password inside your app. If you could do that, you could easily stole the users credentials. That's the reason why the user have to input the credentials inside the Facebook app.
Hello,
I wanted to ask a question about the difference in permissions for an app that are shown on the Play store and in App Privacy area of the setting.
For example, when I downloaded Accuweather Platinum from Play store, I was told that the app will have access to Identity, Location, and Photos/Media/Files. For Identity, it further stated that it "uses one or more of: accounts on the device, profile data."
I found it rather intrusive that a weather app would want access to my identity information, be it anything. Especially, since their privacy policy dictates that they can track user behavior on ANY site the user visits and not just on AccuWeather site.
But when I go to Settings -> App Privacy -> AccuWeahter, I only see the permissions listed as "coarse location, fine location, vibrate, keep awake" and the check boxes are there to block either one or all of them (location, vibrate, keep awake.)
Can someone please help me understand how this works. Why did Google Play mention that app will have access to my identity information and if the app really has that access, why won't App Privacy allow me to restrict that access.
Thanks
I've been trying to find out how the new google play permissions work too. I don't know what permissions have changed any more because it only lists all permissions and doesn't makr the new ones, so you have to go back to the Application settings and look at what they currently use and then, like you say, work out how they line up. I think google has succeeded in gettting people to not care anymore about permissions. Why take away the visibility and control of it all? Anyway, hope I can find something that can help. In the meantime, I just won't update apps with changed permissions.
I do have an app that now says "uses one or more of: accounts on the device, profile data." and their response was "We made changes that were required by play services and advertising network". I find that a bit hard to believe.
Edit: Having said that I just came across this: http://forum.xda-developers.com/xposed/modules/playpermissionsexposed-fix-play-store-t2783076. You'll need to be rooted and have xposed framework installed though.
I have a question about the password auto-fill for apps and chrome browser websites. I have not spent enough time in oxygen os to know.
I usually used pixel-like roms and the passwords would just appear in the username and passwords areas and all i had to do was click next. An in some compatible apps it will just auto login bypassing the login screen i.e. Spotify.
On this rom though, when coming to a login page, the password and login fields are blank until i click on them. Then a prompt come up from the bottom the screen with an option to fill it in for me.
Is this just the way oxygen os handles passwords and if so is there a way to make it autofill like in pixels?
Or is something setup wrong in my phone? Thanks in advance.
Honestly, you're probably better off using a dedicated app to auto fill passwords instead of using the auto fill by Google or the rom. An app would be independent from the system and is generally a much safer alternative. Try something like KeepassDX, it has a dedicated keyboard to auto fill the password and supports fingerprint authentication. It's not exactly what you want but with the fingerprint and keyboard I feel like it could come close, but only a few extra steps. Then you wouldn't have to worry about the ROM bugging out while handling your passwords. Just an option if you can't get it working right.
Thank you for your input but i wasnt looking for a google replacement.
I was asking specifically about google's password autofill.
Im on the OnePlus 7 port ob9. It is the best 4om i have tried yet. But this password thing is having me do an extra 2 clicks every time i have to type .y password.
Stalix said:
Thank you for your input but i wasnt looking for a google replacement.
I was asking specifically about google's password autofill.
Im on the OnePlus 7 port ob9. It is the best 4om i have tried yet. But this password thing is having me do an extra 2 clicks every time i have to type .y password.
Click to expand...
Click to collapse
Open chrome browser, open menu upper right (the vertical dots) then Password section.
I guess apps using Chrome Webview or having a chromium based browser built in to display web pages will be able to handle passwords, if you use Android System Webview (default) and not another one.
passwords.google.com to see your recorded passwords and access to help pages. You can access this settings in system settings > accounts > 'your Google account' also
You're not on a Pixel phone, Google services integration in system is not the same. That's not an OOS matter but a 'non Pixel' matter.
So i found the solution. I just uninstalled all chrome updates so it reverted to the original chrome version the rom came with. Went to multiple login pages and the passwords and usernames autofilled just perfectly just like on all other roms. So i updated back to the latest chrome and the passwords still autofill properly.
Something must have messed up during chrome updates. Just haply to get my autofill working. Yah