Office Hours — Today, July 28

Yesterday, July 27

Jul 28
3:50 PM
Mark M.
has entered the room
3:55 PM
Mark M.
turned on guest access
EGHDK
has entered the room
EGHDK
Reading d.android.com/training/basics/data-storage/databases.html and it says "A useful set of APIs is available in the SQLiteOpenHelper class. When you use this class to obtain references to your database, the system performs the potentially long-running operations of creating and updating the database only when needed and not during app startup. All you need to do is call getWritableDatabase() or getReadableDatabase()" So does that mean when I make one of those two calls... they don't really do anything until I perform some action (query, insert, remove etc;)? I'm confused why they said that it potentially performs long running operations when needed and NOT at app startup. Not sure why the mentioned startup. I don't have my getWritable in my app class.
Mark M.
hi, EGHDK!
EGHDK
Hello! I've got my questions ready!
Mark M.
"So does that mean when I make one of those two calls... they don't really do anything until I perform some action" -- no
"I'm confused why they said that it potentially performs long running operations when needed and NOT at app startup" -- I presume they are implying that simply creating the SQLiteOpenHelper instance does not do any database I/O
matthew w.
has entered the room
Mark M.
calling getReadableDatabase() or getWritableDatabase() will do database I/O, including executing onCreate() or onUpgrade() of your SQLiteOpenHelper, if needed
matthew w.
Hi Mark
4:00 PM
Mark M.
EGHDK: let me take a question from Matthew, and I will be back with you shortly for your next question
Matthew: hi! how can I help you today?
matthew w.
View paste 
hi With regard to the question i bumped the other day about SqlCipher. When you said that i should hang on to the SqlOpenHelper class
which in turn hangs on to the db object, did you mean place the SqlOpenHelper in the Application object?
Mark M.
it probably should be static in scope
that doesn't necessarily imply a custom Application object
just using the Java singleton pattern would work as well
matthew w.
ok thanks, i've another question if that's ok...bit long winded
Mark M.
let me switch back to EGHDK for his next question, then I'll come back to you
EGHDK: back to you! do you have another question?
matthew w.
o
ok
EGHDK
Yeah, on that same webpage. They show a "contract". In that contract they show a constructor with the comment "//To prevent someone from accidentally instantiating the contract class, give it an empty constructor"
I don't get that. It's a public constructor, how would to prevent anyone? Is it because the class is final?
Mark M.
no, that's probably just a documentation bug
I suspect they really meant for it to be private
4:05 PM
EGHDK
Okay. Just because a class is final doesn't' mean it can't be constructed right?
Mark M.
AFAIK, that just means it cannot be subclassed
I rarely see final used on a class
so I'm possibly missing some of its ramifications
EGHDK
Okay. I'll cross that question off the list. (I heard final is hard to test anyway, so a lot of people don't)
Susheel
has entered the room
Susheel
Hi everybody
Mark M.
EGHDK: let me give the others a shot, and I'll be back with you in a bit
Susheel: the others have each had a question, so it's your turn -- do you have a question?
Susheel
Yes sir, please take a look at this animation...I want to know how to implement the button click animation...I know about circular reveal animation but how can I change the shape of the button before that? http://www.materialup.com/posts/day-001-login-form
Mark M.
I have no idea
that's the sort of thing that if I wanted to do it, and a library didn't offer it, it wouldn't get done
Susheel
hmm
4:10 PM
Mark M.
I am a man who knows his limits, and those sort of animated effects are definitely outside the scope of my expertise
Susheel
I see
Mark M.
I am sorry that I could not be more useful to you on that question
Susheel
no problem, thank you
Mark M.
let me take questions from the others, and I will be back with you in a bit
Matthew: your turn! do you have another question?
matthew w.
sorry i meant ok not o before :)
View paste 
I'm trying to write some mobile device management software that integrates the TeamViewer API. Another part of the requirements
is that the web app part of the system is to send push notifications to the Android app so it can toggle mobile data on/off.
I understand that as of Android 4.x and 5.x this functionality has been removed from the developer's API as it throws a 
NoSuchMethodException. I also understand that developers used to be able to do this via reflection, but that loop hole has been closed too.
I called a company in the UK today that uses SOTI software which apparently can toggle mobile data on standard (non-rooted)Android phones. How is this
done given the above? Is there anything the device administration API can do to enable this functionality?
Mark M.
not in Android 4.x
I have not investigated the stuff added to Android 5.0
but, in a quick scan of DevicePolicyManager, I don't see anything related to mobile data
matthew w.
i believe the phones that this company use in the uk are 4.x and SOTI can manipulate this functionality
Mark M.
though setSecureSetting() may give you some options, but that is only for device owner apps
matthew w.
any ideas how?
Mark M.
I have no idea what a SOTI is
and I have never really looked in mobile data control
until and unless it gets into DevicePolicyManager or related areas, anything else is a security flaw, IMHO
matthew w.
what is setSecureSettings?
Mark M.
that's a method on DevicePolicyManager, that allows you to manipulate the contents of Settings.Secure
4:15 PM
Mark M.
however, looking at the JavaDocs for it, there are only four settings that can be manipulated, and none seem to pertain to mobile data
note that there may be some manufacturer-specific APIs that could allow you to affect the availability of mobile data
matthew w.
i'm thinking that system apps have permissions to do this, is there a way of granting standard app this priverledge
ah well SOTI is a partner of Samsung
Mark M.
as I hinted at previously, I hope not, outside of something in the device admin/device owner area
but, this level of hacking is not my area of expertise, any more than are fancy animations :-)
and I would have guessed that soti was a type of pasta or rice dish :-)
anyway, let me take questions from the others, and I will be back with you in a bit
EGHDK: back to you! do you have another question?
EGHDK
Follow up question to a question I asked a couple of weeks ago about a flat file. You pointed me to the wiki. Which helped, but I was confused at this line "...when not being used, is stored on its host computer system as an ordinary, non-indexed "flat" file." What is meant by non-indexed? Non searchable?
Susheel
has left the room
Mark M.
probably they are drawing contrasts to classic databases (e.g., relational databases with SQL), where columns can be indexed and queries can be performed
matthew w.
lol rice dish, so do you think that Samsung have changed the standard ROM to include setMobileData(boolean)
ok talk in a bit
Mark M.
a flat file is the sort of file that you can create in Notepad/vi/emacs/Sublime Text/etc.
4:20 PM
EGHDK
so... like a .txt file?
Mark M.
right'
or a CSV file
EGHDK
Or basically is a flat file... a plain text file. nothing special. no mime type or anything type of file.
Mark M.
or a JSON file
or an XML file
EGHDK
gotcha. okay. that seems to make sense.
Mark M.
whether there is a MIME type depends on what is in the file
EGHDK
got it. yeah. makes sense. what you said about it being a type of file you can open up in notepad/vim/nano and such
Mark M.
let me switch back to Matthew, and I'll return to you for your next question shortly
Matthew: your turn!
with respect to your Samsung comment, they might have something in their Mobile SDK for that, but I'd be a bit surprised
KNOX would be far more likely to have stuff for that, but I haven't tuned into how much of an SDK that KNOX has
matthew w.
i'm just trying to undrstand how SOTI can manipulate this feature
what is knox?
Mark M.
that's Samsung's enterprise security framework
https://www.samsungknox.com/en
4:25 PM
matthew w.
The contract i'm doing in my spare time , the company wants BG data switched off
how does this effect things like TeamViewer?
and push notifications
Mark M.
I don't know what TeamViewer has to do with any of this
matthew w.
they want it turned off because employees are using too much data
Mark M.
GCM requires a network connection, and so if you do not have mobile data, and the device is not on WiFi, GCM should not work
EGHDK
Matthew I think you can see if the data source is coming from wifi or data, and then maybe show a popup.
Mark M.
IOW, you should get the same effect as if the device is in airplane mode
EGHDK
and direct them to settings?
nevermind. misunderstood. didn't know you meant background data and not just data.
Mark M.
Android doesn't strictly differentiate between "background data" and anything else (e.g., bandwidth used by foreground apps)
IMHO, the answer isn't to block mobile data, but to monitor its usage and have relevant penalties for overuse
you could accomplish that with TrafficStats and kin
also note that a side-effect of the Android M "doze mode" and "app standby" means that apps not in the foreground, on devices not on a charger, will not run as much, which may help with bandwidth usage in the background
4:30 PM
matthew w.
or maybe monitor usage and capping levels? then alert the main system that that user is near limit?
Mark M.
right
matthew w.
The company i am doing this contract for has had employees use upto £1800 worth of data!
so he is paranoid about data usage
EGHDK
Matthew, your question is a good candidate for stack overflow in my opinion. I feel as someone else has run into the same requirement at some point and might be able to give you some good advice.
Mark M.
Matthew: let me take another question from EGHDK, and I will be back with you shortly
EGHDK: back to you! do you have another question?
matthew w.
EGHDK yes i'll post something tommorrow :)
EGHDK
AFAIK only one camera app can access the camera at one time right? Do you know if the same goes for the hardware mic?
Mark M.
"AFAIK only one camera app can access the camera at one time right?" -- correct
"Do you know if the same goes for the hardware mic?" -- I would assume that only one app has microphone access at a time, and I would hope that's the case for privacy reasons
but I do not know for certain
4:35 PM
EGHDK
Just curious if theres any way to have an app open and if it can detect if my mic is on.
4:35 PM
Mark M.
there might be something in the audio ducking APIs for that, on AudioManager
that's mostly for output, but it may have some input options
EGHDK
Like I was thinkingof making an app called "Is my mic on?" and it would just detect if someone else is using the mic currently.
Mark M.
hmmm... other than muting the mic, I don't see anything else on AudioManager
you could always try opening the mic, and if it fails, assume that it is in use
EGHDK
Can I mute the mic without opening it?
Mark M.
AudioManager has a setMicrophoneMute() method
"This method should only be used by applications that replace the platform-wide management of audio settings or the main telephony application."
I have never tried it
EGHDK
gotcha. thanks.
Mark M.
let me give Matthew another shot, and I'll be back with you shortly
Matthew: back to you! do you have another question?
matthew w.
no i think that ok for now. thanks to you both! bue for now.
Mark M.
OK
EGHDK: the floor is yours!
4:40 PM
matthew w.
has left the room
EGHDK
Similar thing about mic... with screen being recorded. any way to detect it?
this mms bug onandroid just got me thinking about stuff
Mark M.
I haven't played with Android 5.0's screen capture/recording stuff
EGHDK
is android 5.0 the only one with native screen capturing?
Mark M.
programmatically, yes
EGHDK
there were always some apps to claim screen recording.
Mark M.
developers can use the screenrecord utility
rooted apps can do screen recording
rephrase that: apps that run on rooted devices that have superuser privileges can do screen recording
4:45 PM
EGHDK
okay. but that was pre 5.0 right?
5.0+ you can do native screen cap?
Mark M.
yes, Android 5.0 offers native screen capture and screen recording
you basically have to go through some system stuff that pops up a dialog to confirm with the user that this is OK
EGHDK
any thoughts on the stagefrieght mms exploit?
Mark M.
can you be more specific?
EGHDK
i feel like this is something you would write a blog post about.
Mark M.
it's not really programming related
EGHDK
Just how the exploit is going to leave so many devices vulnerable.
Mark M.
I mean, there are lots of security flaws in Android
4:50 PM
Mark M.
other than "don't play multimedia assets that you did not create yourself", I am unaware of anything that developers can do specifically with respect to this flaw
and since many apps are designed to play multimedia assets created by others (e.g., your typical music and video players), that's not especially useful advice
the particular concern of the auto-playing of MMS messages is much more an end-user thing
EGHDK
Yeah, is there a list of android security bugs? since you said "there are lots of security flaws in android"?
Mark M.
I'm sure somebody has a list somewhere
I don't have a link handy
EGHDK
I guess I expected there to be some... didn't think that there were "lots"
Mark M.
I suppose it depends on your definition of "security bugs" and "lots"
this is probably the worst one for general Android itself, though some of the WebView bugs were close
(and the WebView ones *were* a place where developers could help secure their own apps)
EGHDK
Well whether or not theres a security issue that I can defensively code around is good.
I think I heard once that android intent extras were not safe.
Mark M.
that depends on what you mean by "safe"
4:55 PM
EGHDK
could be intercepted or leaked
Mark M.
the only security flaw that I know of related to extras was that, prior to Android 4.1/4.2 or thereabouts, any app could get to the extras on the Intent that was associated with the top of the task for any task
EGHDK
thats pretty serious.
Mark M.
yeah, it wasn't great
EGHDK
if you pass usernames and passwords along
Mark M.
right
EGHDK
i guess, I know you have some security stuff in your book, but any go to place for these kinds of things. intrigued more and more about it
Mark M.
sorry, but I don't really have general-purpose links for you on this
can I ask you for a small favor?
EGHDK
No problem. Figured I'd ask.
Mark M.
can you try reaching the commonsware.com Web server?
EGHDK
Sure.
Nope. Hanging.
Mark M.
interesting
I can't get to it either, but other locations seem to be able to
EGHDK
Nope. I can't. I was able to at the start of this office hour though.
Mark M.
right, it clearly was sometime after Susheel joined
or, whatever the problem is wasn't affecting Susheel's connection
just another problem to deal with
5:00 PM
Mark M.
any last quick question?
5:00 PM
Mark M.
OK, that's a wrap for today's chat
the transcript will be posted sometime, once I get my server issues worked out
EGHDK
Thanks for the help mark. Good luck troubleshooting your site
Mark M.
the next chat is Thursday at 7:30pm US Eastern
have a pleasant day!
EGHDK
has left the room
Mark M.
turned off guest access

Yesterday, July 27

 

Office Hours

People in this transcript

  • EGHDK
  • Mark Murphy
  • matthew womersley
  • Susheel