android-security

Google has asked me to address https://support.google.com/faqs/answer/9095419 in my Android app, which basically means not to use the JavaScript injection mechanism for a web page loaded via HTTP. Not using this mechanism (option 1) doesn't work for me. Setting android:usesCleartextTraffic to false also doesn't work, as the app uses non-HTTPS traffic elsewhere. So that leaves me with "you can ensure that any affected WebViews do not load any URLs with HTTP schemes via loadUrl" - which I'm happy to do, as my app only uses file:/// URLs to load content into the WebView, which should be fine

i need to check if the lockscreen does have a Pin or something more secure (Password, Fingerprint etc.). Im able to check if there is a Pin, Password or a Pattern. KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService(Context.KEYGUARD_SERVICE); return keyguardManager.isKeyguardSecure(); My Problem is that i cant detect if the lockscreen is a Pattern or something lower. I tried this: int lockPatternEnable = Settings.Secure.getInt(cr, Settings.Secure.LOCK_PATTERN_ENABLED); but its deprecated and throws me an error. I also tried this: long mode2 = Settings.Secure.getLong

From one year, I have been working over IOT product and the application attached was working fine. Now I am not able to accept call programmatically in higher versions of android. Feature is very important to product. Any help is highly appreciated. Before security patch update November 2016 , Runtime.getRunTime.exec("Command") was working fine to accept call programmatically. Runtime.getRuntime().exec("input keyevent " +Integer.toString(KeyEvent.KEYCODE_HEADSETHOOK)); How to make it possible in Nougat version of android. Looking for any sort of hack. I have opened a thread for the

I use the gorbin/ASNE SDK in my app. I recently received an email from Google with the following subject : "Google Play Warning: SSL Error Handler Vulnerability". In this email, Google explains that my app has an ["unsafe implementation of the WebViewClient.onReceivedSslError handler"] and they recommended me to ["To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise"] here's my implementation of the method : public void

Google has advised that I have an unsafe implementation of the interface X509TrustManager in my Android application and need to change my code as follows: To properly handle SSL certificate validation, change your code in the checkServerTrusted method of your custom X509TrustManager interface to raise either CertificateException or IllegalArgumentException whenever the certificate presented by the server does not meet your expectations. For technical questions, you can post to Stack Overflow and use the tags “android-security” and “TrustManager.” How can the following code be modified to fix

I hava an app in Google Play, I received a mail from Google saying that: Your app(s) listed at the end of this email use an unsafe implementation of the interface X509TrustManager. Specifically, the implementation ignores all SSL certificate validation errors when establishing an HTTPS connection to a remote host, thereby making your app vulnerable to man-in-the-middle attacks. To properly handle SSL certificate validation, change your code in the checkServerTrusted method of your custom X509TrustManager interface to raise either CertificateException or IllegalArgumentException whenever the

Recently one of my app got a security alert from Google Play as below. You app is using an unsafe implementation of the HostnameVerifier . And refer a link to Google Play Help Center article for details regarding to fixing and deadline of vulnerability. Below is my code. HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier(){ public boolean verify(String arg0, SSLSession arg1) { return true; }}); Anyone can explain with example about, what changes should I do to fix this warning? Stan Same here - Insecure Hostname Verifier Detected in APK Your app is using an unsafe