Hi Mark

hello, Susheel!

how can I help you today?

Hi GUys

hello, Liam

Susheel: you arrived first, do you have a question?

So my question is we can define an onclicklistener for a button in a class that extends activity. Is it possible for me to define the same onclicklistener in another class that does not extend activity?

you can implement the OnClickListener on pretty much anything you want

some of my examples implement it on a Fragment, IIRC

can i also use settext from another class?

if "another class" has access to an object that is an instance of a class with a setText() method, then yes

(hello, EGHDK, be with you in a bit!)

ok

Susheel: let me take questions from the others, and I'll be back with you shortly

Liam: your turn -- do you have a question?

sure

I am following up on a question that you answered on stackOverflow. You suggested that I Add a constructor to GetDataCallback.

The problem it is telling my my method is undefined

OK

there is not a lot that I can do to help you

Is there a way to share some code? Maybe just paste

I am wondering if I am adding the constructor incorrectly

you are welcome to paste in a URL, or upload a file (there's an "Upload a file" link on the right)

Okay, thanks. Lets move on to someone else while i do that

OK

EGHDK: do you have a question?

yes

I received an email from an "Android pen tester" and he basically decompiled my application, and provided me with some "solutions" on how to secure it. I was wondering if theres any way to see if my applications has any fundamental security holes.

let me guess -- this was unsolicited by you?

Yes

great

But I looked into it and he seemed to have valid points.

I'm just not much of a fan of the "squeegeeman" approach these people take

but, in general, it's not like there's a magic button somewhere that you use to make your app secure

I cover a number of security issues in my book

and there are books on Android security

and so there's a fair amount that you can read up on the subject

beyond that, there's not a lot that I can do for you in the abstract

Well I was looking if there should be anything that I could look at to make sure none of my intent are leaking data

back in the day, we called it "desk checking"

IOW, you look at your code

and see what you are putting in your Intents

and where you are using them

Like, he said in my manifest I was export=true a reciever, which I did by accident.

Which I didn't realize. Then The person that emailed me said that my sendBroadcast should be LocalBroadcastManager.sendBroadcast()

the export=true might have been caught by Lint -- I forget what it complains about with respect to a receiver

in terms of whether LocalBroadcastManager is appropriate for your use case, I can't say

as I don't know your app or how you were using the broadcast

Yeah. I guess I realize the road I'm heading down is "read more on security" I just wish there was a basic mark down of things that are dangerous.

I seem to recall that there are some published checklists out there

though I don't have any URLs handy

besides, "dangerous" is relative and indeterminate in general

Okay, I will try to look into them. Any specific google search you think I should try... besisdes "Android app security checklist"?

that one sounds fine

I guess so.

let me take questions from the others, and I'll be back with you in a bit

Susheel: do you have another question?

Coming back to my question, is it possible to just send the reference of the button to another class and then define the onclicklistener there? Can I also send the reference of the textview to the new class and then use settext from the second class?

Could I do this without using fragments?

barring garbage collection issues, yes

EGHDK also maybe make sure you are obfuscating the code. Or was he still able to de compile that?

Button and TextView are just Java classes

their instances are just Java objects

ok

if you want to create a SusheelController that manages the button events and updating the TextView, go right ahead

I would need to pass the references for the objects, right? like R.id.button1

probably not

I mean, you could, but then you may not have any way to access those via their IDs

in general, your question is very abstract

there may be specific Android things that are bad practices in this area, but I cannot tell you if what you are going to do violates any of those, as I have no idea what you are trying to do

outside of that, these are just Java objects

Ok let me point you to my stackoverflow question if that is ok...http://stackoverflow.com/questions/2423500...#

ok

but you don't have another class there

I do not know what you are expecting people to tell you

Sorry for not asking you a clear question....my project has too many buttons in the layout and I have many onclicklisteners to implement. I don't want to implement them in the same class as it is becoming lengthy code wise...

so, write a class that implements OnClickListener

and do what you want

I am not just implementing onclicklisteners for each button but also onlongclick and ontouch too..

and create an instance of that class and associate it with the button via setOnClickListener() in your activity or fragment, as you are wiring up the events

ok

then write a class that implements OnClickListener and OnLongClickListener and OnMotionEventListener (or whatever the last one is)

Perfect....sorry I didn't ask my question clearly

Gotcha

Liam: your turn

OKay, thanks Mark.

you have two constructors on your GetDataCallback class

yes, I found that via a search

you do not appear to need, or want, the zero-argument constructor

Yeah, I dont need that one.

But same problem even when i remove it

and what is the problem, specifically?

When i instantiate an instance it tells me that it does not recognize the constructor

by it I mean eclipse

are you getting an error at compile time?

Nope. I won't even let me get there

Eclipse*

that means that you are getting an error at compile time

where and how are you creating the GetDataCallback instance

O sorry. Yeah, then I am.

I will upload that too. Might want to move on again for now

and are you *sure* that you are using the *right* GetDataCallback class?

actually, that's your problem

*your* class is not named GetDataCallback

your class is named DataCallback

Hmm okay. I will look at that. Thanks

EGHDK: do you have another question?

Eh. I was just going to say. So Android Apps have 4 main components correct?

With activities... can another app start any of my activities?

only if those activities are exported

activities are exported by default if they have an <intent-filter>

otherwise, they are not exported by default

Okay, so thats where export comes in.

What about services?

you *could* override that via android:exported, but that's not a good idea

Same thing?

same as activities

receivers are the same as activities

Got it.

So this same guy said to register my broadcast, and sendBroadcast with LocalBroadCast manager, then he goes on that I should create a signature level permission

and then registereciever with my permission...

So which one should I do? Custom permission with signature protection level... or LocalBroadcastManager... or does it seem to do the same thing?

um, if this is all for the same receiver/broadcast, then this guy is just tossing random concepts together

Yeah it is.

if you are trying to communicate within your process, you are better off using an in-process event bus

LocalBroadcastManager is one such bus

I have a chapter on event buses

and I will be switching more of the book over to using them as part of this summer's Big Book Pivot

Okay great Mark. Thanks. When is that pivot due to hit?

partly in Version 5.9 (after Google I|O), partly in Version 6.0 (early September)

An android application is fairly well sandboxed (from what I've read) so it seems like the only loop holes will have to be if broadcast are global, and if activities and services are exported... right?

EGHDK: let me take questions from the others, and I will be back with you in a bit

Susheel: do you have another question?

Alright. Thanks

No Mark. Thanks for your help, I just understood what you meant finally. Thanks :)

OK, if you come up with another question, let me know and I'll add you back into the rotation

Liam: your turn

Mark. I am not sure if I am understanding that I am using the wrong GetDataCallback

your constructor is on a class named DataCallBack

I just uploaded an example of how I am trying to use the class

and there you are not using GetDataCallback

however, you may not be able to use an anonymous inner class there

I cannot recall trying that with an object without a zero-argument constructor

put your logic inside the DataCallBack class itself, in whatever sort of method(s) you need

Okay, just taking a second to digest that

So i have DataCallBack extends GetDataCallBack

right

I was thinking that I my constructor needs to match the name of the class " DataCallBack"

correct

Then when i go to instantiate it tells me that I dont have a constructor defined

which it looks like i do

what is the **exact** error message that Eclipse gives you?

The constructor DataCallBack() is undefined

that gets back to my point from just above -- I do not think that you can use your anonymous inner class syntax (in your second uploaded file) for a class without a zero-argument constructor

since the anonymous inner class syntax is just syntactic sugar, you will need to do something else, such as either putting your business logic in DataCallBack, creating subclasses of DataCallBack that contains the logic, etc.

okay, sorry. I am still learning the lingo. I think I am with you. I need a full instantiation then

I am not completely clear on what "full instantiation" means in this context

ponder this for a bit, and I'll be back with you after another question from EGHDK

sounds good thanks

EGHDK: your turn! do you have another question?

Hello, everybody.

An android application is fairly well sandboxed (from what I've read) so it seems like the only loop holes will have to be if broadcast are global, and if activities and services are exported... right?

(hello, Jeff -- I will be with you shortly!)

that certainly goes a long way towards helping

My last question regarding security is that this person said that when I'm uploading a file, I put up a notification, he said that he can get the app notification to go away.

so?

So my file is still uploading, but the notification gets cleared... so are notifications a threat because they provide another way to get into my application?

not really

It's definitely a "so?!" vulnerability... but it just got me thinking of what else is a problem with notifications.

that is a bit open-ended for the purposes of this chat room, especially when it is crowded

Thanks for the help Mark. I am going to do some reading and be back!

Oh wait. Last thing, I have my GCM reciever export=true. It wouldn't work if it was false... right?

right

Sorry this (It's definitely a "so?!" vulnerability... but it just got me thinking of what else is a problem with notifications.) wasn't a question. Just a statement.

OK

Thanks

Jeff: your turn! do you have a question?

Yes.

Jeff: go ahead

Currently, I am wrestling with a focus issue. I have a ListView with rows that each contain an EditText used only for numeric data. If I touch on one of the EditText elements when the keyboard is already displayed the keyboard remains numeric. However, if the keyboard is hidden and I touch on one it doesn't work properly.

What happens is suddenly the keyboard will switch to QWERTY and the actionbar "steals" focus.

I tried disabling the Actionbar's "home" button, but it just continues to steal focus by highlighting the first tab.

I have tried dozens of solutions I found on SO but nothing seems to let me try to keep focus on the touched EditText element.

this is why I avoid EditTexts in ListView rows

I had a feeling you would say that.

or, rather, this sort of thing is why I avoid EditTexts in ListView rows

as to why the action bar is getting involved, I haven't a clue

Personally, I agree with you, but this was a requirement given to me.

out of curiosity, which action bar implementation is this?

API 19

and with respect to the requirement, if the requirement is "a vertically scrolling thingy with EditText widgets", consider a LinearLayout in a ScrollView, if there won't be all that many rows

by "API 19", you mean the native action bar implementation? (versus AppCompat or ActionBarSherlock)

This only happens if the keyboard wasn't already visible. What happens is the numeric keyboard gets displayed, but then it gets replaced by the QWERTY keyboard a second later. If I try typing I can see that my first tab gets highlighted.

Yes, native.

do you happen to have any EditText-ish things in the action bar, like a SearchView?

Yes, I have a searchview. I tried setting it to be unfocusable but that didn't work.

try temporarily removing it and see if it helps -- it might narrow down your problem somewhat

off the cuff, this feels like a platform bug

I was hoping to find a way to set each tab to be unfocusable as well, but I haven't been able to yet.

but one that doesn't get run across much because, like, who uses EditTexts in ListView rows? :-)

I'll explain the requirement to see if there is a better solution.

The user needs to be able to update a list of things and then send them off for server processing as they go. Sort of like a checklist. I originally had it where a dialog would pop up to allow them to update the field in question, but it was determined this was too tedious; it is preferred to just update the fields all on the listview and then submit them in a batch.

I know I will have to handle saving the updated data as the rows get scrolled off, which I am not looking forward to doing but...

I'm open to alternatives.

how big is the list of things, in terms of number of rows?

user specific. the data comes from a database which could potentially be very large.

I'd mock up a LinearLayout in a ScrollView and see if it gives you the same behavior

if it does not, you then have a choice of attacking your current problem (and I haven't a clue what to do other than try removing the SearchView)

or cooking up your own "row recycling"

I have read several people on SO mention that suggestion. I might just do that. (linearlayout + scrollview).

Is there any tool that would allow me to view what's getting focus?

you seem to know what's getting the focus

what you don't know is why

and I don't know of a tool that will be able to tell you why

I'm just guessing because when the QWERTY keyboard comes up I try to type and the first tab gets highlighted in blue.

Hierarchy View should have focus information in it

I was hoping to find some way to disable focus to the tabs but I can't seem to find a method for that.

and perhaps uiautomatorviewer

bear in mind that all this focus shenanigans will screw with your accessibility

I'll try disabling the searchview first.

I'm fortunate in this situation as it is an "internal" app and will only be used on one device by a limited number of users.

give 'em all devices with physical keyboards :-)

lol.

EGHDK: do you have another (quick) question?

Reading thorugh my java 101 books, I highlighted some things and wrote down some questions that I had when reading. Sorry if they are super simple/stupid questions. Why do arrays have length and arraylist have size and not getLength or getSize?

Is there anything I can read online explaining the case against EditText in ListView?

Jeff: beats me -- I haven't thought about EditTexts in ListView rows in ages

ok, thanks.

arrays are primitives, not objects

length is a property (a.k.a., field, data member)

for whatever reason, the authors of Java elected to go with size() on collections like ArrayList

possibly to help distinguish them

but, you'll have to ask Bill Joy or one of the Java creators

Numeric primitives in java are all signed. What does that mean?

they can be negative

and that's a wrap for today's chat

So signed means they can have either 10 or -10?

the next one is Wednesday at 10am US Eastern Time

EGHDK: yes

Alright, I'll continue on wednesday with my list. Hah. Thanks commonsware!

the transcript for this chat will appear on http://commonsware.com/office-hours/ shortly

have a pleasant day!