Unit 6

Security and application deployment

SMS telephony

• Android provides a class SmsManager to manage SMS operations such as sending data,
text, and pdu SMS messages.

• To create an object, invoke the static getDefault() method.

• It requires the need SEND_SMS permission by mentioning this in the manifest file

<uses-permission android:name=“android.permission.SEND_SMS>

Methods

static SmsManager getDefault()

void sendDataMessage(String destinationAddress, String scAddress, String text, PendingIntent

sentIntent, PendingIntent deliveryIntent)

Intent also can be used to send messages.

Location based services

• Android location APIs make it easy to build location-aware applications, without needing to
focus on the details of the underlying location technology.

• This becomes possible with the help of Google Play services, which facilitates adding location
awareness to your app with automated location tracking, geofencing, and activity
recognition.

• Location-Based Services in Android provides us with feature to help us in various ways. It

enables us to create an application that is capable of detecting the current location of the
devices. Android makes use of information from GPS and WiFi networks to get the location
of the device on the Earth
 • Android Location is a data class representing a geographic location.

• A location may consist of a latitude, longitude, timestamp, and other information such as
bearing, altitude and velocity.

• Methods

getLatitude() – returns latitude in degrees

getLongitude() – returns longitude in degrees

getAccuracy() – returns estimate accuracy of this location in meters

getAltitude() – returns the altitude, in metres above sea level

reset() - clears the contents of the location

To get the current location, create a location client which is LocationClient object, connect it to
Location Services using connect() method, and then call its getLastLocation() method.

This method returns the most recent location in the form of Location object that contains latitude
and longitude coordinates and other information.

To have location based functionality in your activity, you will have to implement two interfaces:
GooglePlayServicesClient.ConnectionCallbacks
GooglePlayServicesClient.OnConnectionFailedListener
To get an API key

The API key is a unique identifier that authenticates requests associated with the project for usage
and billing purposes. At least one API key must be associated with the project.

Go to google maps platform

Click get started button

Click on the Google Cloud Platform home in the upper left corner

Click on Billing to make sure your billing details are up-to-date. If they are not, your Google Maps will
not work properly.

Once you’ve confirmed your billing is up-to-date, click on the Google Cloud Platform home in upper
left corner again.

To get an API key

Hover to APIs & Services and go to Credentials.Hover to APIs & Services and go to Credentials.

If you want to use an existing project, select it from the list. Otherwise, select ‘Create a new project’
and enter a project name.

Click Create credentials and select API key. You will see a new dialog that displays the newly created
API key.

To get an API key

Click the Close button in the API key dialogue. Your new API key will be listed on
the Credentials page under API keys.

To add API to the project

In android manifest file add the following as a child of <application> and insert it just before
</application>

<meta-data android:name=“com.google.android.geo.API_KEY” android:value = “value”/>

Paste the API key value as value

Android Google map

Android provides facility to use and integrate google map in the application. It navigate location
direction, displays the current location, search location etc

Types of google maps

Normal – this type of map displays typical road map, natural features like river and some features
built by human

Hybrid – this type of map displays satellite photograph data with typical road maps.

Satellite – this type displays satellite photograph but not road maps

Terrain – this type displays photographic data. This contain concour lines, colours and labels

Methods of Google map

getMyLocation() – this method returns the currently displayed user location

Snapshot() – this takes a snapshot of the map

Zoom controls

In android, ZoomControls class is used for zooming

It has two buttons, ZoomIn and ZoomOut used to control zooming functionality
Methods of ZoomControls

hide()-this is used to hide the zoom controls from the screen

show() – this is used to show the zoom controls

Show marker on a location

In the google map instance method addMarker can be invoked by passing MarkerOptions as
parameter

Eg:

googleMap.addMarker(new MarkerOptions().position(TIMES_SQUARE));
Geocode and Reverse Geocoding

Geocorder - A class for handling geocoding and reverse geocoding.

Geocoding is the process of transforming a street address or other description of a location into a
(latitude, longitude) coordinate. Reverse geocoding is the process of transforming a (latitude,
longitude) coordinate into a (partial) address.
The amount of detail in a reverse geocoded location description may vary, for example one might
contain the full street address of the closest building, while another might contain only a city name
and postal code.

The Geocoder class requires a backend service that is not included in the core android framework.
The Geocoder query methods will return an empty list if there no backend service in the platform.
Use the isPresent() method to determine whether a Geocoder implementation exists.

Geocode and Reverse Geocoding

Geocorder - A class for handling geocoding and reverse geocoding.

Geocoding is the process of transforming a street address or other description of a location into a
(latitude, longitude) coordinate. Reverse geocoding is the process of transforming a (latitude,
longitude) coordinate into a (partial) address.

The amount of detail in a reverse geocoded location description may vary, for example one might
contain the full street address of the closest building, while another might contain only a city name
and postal code.

The Geocoder class requires a backend service that is not included in the core android framework.
The Geocoder query methods will return an empty list if there no backend service in the platform.
Use the isPresent() method to determine whether a Geocoder implementation exists.

Android security model

Android security program

Android pursues to be the most safe and usable OS for mobile platforms by the following objectives

-Protection for app and user data

-Protection of system resources

-Android app isolation from the system

To achieve these objectives, android provides the following key security features

- Strong security at the OS level through Linux kernel

- Mandatory app sandbox for all apps

- Secure IPC
- App signing

- App defined and user granted permissions

- Android security program

- Using permissions

- Android application cannot do anything that would adversely impact the user experience or
any data on the device

- To make use of protected features of the device, one or more permissions <uses-
permission> tags should be declared in AndroidManifest.xml

- <uses-permission android:name=“android.permission.RECEIVE_SMS/>

- At application install time, permissions requested by the application are granted to it by the
package installer, based on checks against the signatures of the applications declaring those
permissions and/or interaction with the user.

- Android security program

- Using permissions

- No check with the user are done while an application is running: it either was granted a
permission when installed and can use the feature as desired or the permission was not
granted and any attempt to use the feature will fail without prompting the user

- For eg: the sendBroadcast(intent) method checks permissions as data is being delivered to
each receiver, after the method call has returned

- Permissions provided by the android system can be found in Manifest.permission. Any

application may define and enforce its own permissions.

- Android security program

- Declaring permission and enforcing permission

- To enforce own permission, first declare them in the AndroidManifest.xml file using one or
more <permission> tag

- <permission

- Android:name=“name”

- Android:label=“@string/label”

- Android:description=“description”

- Android:permissionGroup = “android:permission-group.name”

- Android:protectionLevel = [“normal”|”dangerous”|”signature]

- Android security program

- Android:description - A user-readable description of the permission, longer and more

informative than the label. It may be displayed to explain the permission to the user — for
example, when the user is asked whether to grant the permission to another application.
- This attribute must be set as a reference to a string resource

- Android:label-A name for the permission, one that can be displayed to users.As a
convenience, the label can be directly set as a raw string while programmer is developing
the application. However, when the application is ready to be published, it should be set as a
reference to a string resource, so that it can be localized like other strings in the user
interface.

- Android security program

- Android:name - The name of the permission. This is the name that will be used in code to
refer to the permission — for example, in a <uses-permission> element and the permission
attributes of application components

- Android:permissionGroup - Assigns this permission to a group. The value of this attribute is

the name of the group, which must be declared with the<permission-group> element in this
or another application. If this attribute is not set, the permission does not belong to a group.

- Android:protectionLevel-Characterizes the potential risk implied in the permission and

indicates the procedure the system should follow when determining whether or not to grant
the permission to an application requesting it.

- Each protection level consists of a base permission type and zero or more flags. For Eg – the
dangerous protection level has no flags, In contrast, the protection level
“signature|privileged” is a combination of the signature base permission type and privileged
flag

- Android security program

- Values

- Normal - The default value. A lower-risk permission that gives requesting applications access
to isolated application-level features, with minimal risk to other applications, the system, or
the user. The system automatically grants this type of permission to a requesting application
at installation, without asking for the user's explicit approval (though the user always has the
option to review these permissions before installing)

- Dangerous - A higher-risk permission that would give a requesting application access to

private user data or control over the device that can negatively impact the user. Because this
type of permission introduces potential risk, the system may not automatically grant it to
the requesting application. For example, any dangerous permissions requested by an
application may be displayed to the user and require confirmation before proceeding, or
some other approach may be taken to avoid the user automatically allowing the use of such
facilities.

- Android security program

- Values

- Signature - A permission that the system grants only if the requesting application is signed
with the same certificate as the application that declared the permission. If the certificates
match, the system automatically grants the permission without notifying the user or asking
for the user's explicit approval.
 - Generate upload key for android app

- To publish an app in Google play store, first we need to generate signed APK version of our
application

- Open android studio

- In the menu bar, click Build > Generate Signed Bundle/APK.

- In the Generate Signed Bundle or APK dialog, select Android App Bundle or APK and
click Next.

- Below the field for Key store path, click Create new.

- On the New Key Store window, provide the following information for your keystore and key

Generate upload key for android app

Keystore

• Key store path: Select the location where your keystore should be created.

• Password: Create and confirm a secure password for your keystore

Key

• Alias: Enter an identifying name for your key.

• Password: Create and confirm a secure password for your key. This should be
different from the password you chose for your keystore.

• Validity (years): Set the length of time in years that your key will be valid. Your key
should be valid for at least 25 years, so you can sign app updates with the same key
through the lifespan of your app.

• Certificate: Enter some information about yourself for your certificate. This
information is not displayed in your app, but is included in your certificate as part of
the APK.

• Generate signed APK for android app

• If you already have an upload key, use it to sign your app.

• To sign your app using Android Studio, and export an existing app signing key

• If you don’t currently have the Generate Signed Bundle or APK dialog open, click Build >
Generate Signed Bundle/APK.

• In the Generate Signed Bundle or APK dialog, select either Android App Bundle or APK and
click Next.

• Select a module from the drop down.

• Specify the path to your keystore, the alias for your key, and enter the passwords for both.

• Generate signed APK for android app

• If you already have an upload key, use it to sign your app.

 • To sign your app using Android Studio, and export an existing app signing key

• If you don’t currently have the Generate Signed Bundle or APK dialog open, click Build >
Generate Signed Bundle/APK.

• In the Generate Signed Bundle or APK dialog, select either Android App Bundle or APK and
click Next.

• Select a module from the drop down.

• Specify the path to your keystore, the alias for your key, and enter the passwords for both.

• Click Next.

• In the next window, select a destination folder for your signed app, select the build type,
choose the product flavor(s) if applicable.

• Click finish

• After Android Studio finishes building your signed app, you can either locate or analyze your
app by clicking on the appropriate option in the pop-up notification.

Become a publisher

Publishing is the general process that makes your android applications available to users

When you publish an android application, you perform two main tasks

-you prepare the application for release

-you release the application to users

Preparing the app for release

Preparing app for release is a multistep process with the following steps

- Configuring the app for release

- Building and signing a release version of the app

- Testing the release version of the app

- Updating app resources for release

- Preparing remote servers and services that the app depends on

- Become a publisher

- Releasing the app to users

- Apps can be release in google play store or in the website

- Releasing through google play store

- Prepare promotional materials

- Configuring options and uploading assets

- Publishing the release version of the app