Office Hours — Today, May 13

Thursday, May 11

May 13
8:55 AM
Mark M.
has entered the room
Mark M.
turned on guest access
Mark M.
test
9:05 AM
jamshaid
has entered the room
jamshaid
goodday
Mark M.
hello, jamshaid!
how can I help you today?
jamshaid
View paste 
i have a question.First its related to services.
So i have two applications which i make.And i want that Application A is able to call application B service with no UI.
i thought best wayto go about it is to use Services
And bound services with messenger and handler
as there are so many types i am on the right path here
Mark M.
if you are going to use a bound service, you do not necessarily need to use Messenger and Handler
you can create your own custom callback in AIDL
I cover this in my chapter on remote services and the binding pattern, with an example
jamshaid
thanks i have checked it.Its just the messenger way seemed more simple
what i understood is that one is multithreaded and messenger just has a single thread
Mark M.
Messenger has nothing to do with threads
a Messenger is tied to a Handler
a Handler is tied to a thread, either the main application thread or another HandlerThread
9:10 AM
Mark M.
using a custom AIDL callback, that callback will be called on an arbitrary binder thread, and you should try to not tie up that thread too long
you are certainly welcome to use Messenger if you feel more comfortable with it
note that Messenger does not require a bound service, though
and so you need to think through what the long-term ramifications are for Application B's process
why is A calling B's service? is A controlling B's behavior?
jamshaid
View paste 
my appplication A has two functions to install an APK and uninstall apk.
application B can also do that sometimes so it calls application A
Mark M.
OK, that's rather strange
but, regardless, a bound service is not a great solution here
Application A needs to be able to complete the work that Application B requests, and that may take quite some time
with a purely bound service, A's service will be destroyed once B unbinds
and the work might not be done yet
A's service should be started, via startService(), so A can control how long A's service runs
(at least until Android O, when a few things related to your project will change)
jamshaid
View paste 
as i have system certificate i have system permissions to install and uninstall an app.So i have an application A which lists and manages all that is installed on the device.

And i was thinking ot make an update app that has some buisness logic but wnats to sometimes update an app so it requests this service so its central to one place
9:15 AM
jamshaid
is it possible to have an app which has a service always running
?
Mark M.
your scenario most likely is valid; it's not especially common, as few developers are working in places where they can write system apps
jamshaid
just a service no UI
Mark M.
in your scenario, probably
for ordinary app developers, no, particularly on Android O
however, your scenario gets into stuff that I do not have much experience with
jamshaid
ok thanks
one other thing which might be general. i use messenger and have a handler
something like this
View paste (3 more lines) 
public class MessengerService extends Service {
    /** Command to the service to display a message */
    static final int MSG_SAY_HELLO = 1;

    /**
     * Handler of incoming messages from clients.
     */
    class IncomingHandler extends Handler {
        @Override
        public void handleMessage(Message msg) {
            switch (msg.what) {
                case MSG_SAY_HELLO:
                    Toast.makeText(getApplicationContext(), "hello!", Toast.LENGTH_SHORT).show();
                    break;
                default:
...
if in handleMessage i have another callback how can i wait for it .As i understand handlemessage will execute and then return?
Mark M.
most likely, the best answer is "do not wait for it; deliver the results of the work asynchronously"
handleMessage() will block whatever thread you have the Handler tied to
technically, there's nothing stopping you from making some sort of long blocking call from handleMessage()
jamshaid
how can i tie a thread to the handler for example.I thought if i make an async task then i cannot reply using messenger back to client
9:20 AM
Mark M.
since you are creating a custom Handler subclass, you would need to create an instance of it via the constructor that takes a Looper as a parameter
where your Looper is tied to some thread (e.g., comes from a HandlerThread)
however, you cannot readily fork a background thread from inside handleMessage(), then wait for that thread to complete
jamshaid
generally if one has a callback inside a function it wont wait and execute
one should use this approach like u shared
or is it specific to this case that i should use a loooper
i have not used it before i will check the book
Mark M.
I do not cover Handler much in the book, mainly because IMHO developers should be using higher-level patterns
in your scenario, using a low-level solution like this may be fine
again, your scenario is unusual
jamshaid
another thing eventbus like one from greenrobot is limited to just the same process
is that correct
Mark M.
correct
jamshaid
in the security chapter you listed that self signed certificate might be better in some situation.
9:25 AM
jamshaid
which scenarios this could be?
Mark M.
this would be for when an Android app is talking to a server
if that server is only supporting app clients -- not Web browsers -- there is no advantage in using a CA-signed certificate
CA-signed certificates are for cases where arbitrary clients (typically Web browsers) need to talk to the server
jamshaid
if one has both web browsers and app clients
what you think is more secure self signed or CA
Mark M.
if they are all talking to the same server (or server farm), you have no choice but to use a CA-signed certificate, as browsers do not accept self-signed certificates (except by having the user do stuff that users are not used to doing)
jamshaid
View paste 
so the web server supports both web browsers and enterprise apps.is it more secure to secure the api end points for android based client app with self signed certificate.

Would that mean in the end what is more secure the server vs CA authority.As i read the book one should also restrict the CAs that are accepted and CAs can also be hacked.
9:30 AM
Mark M.
"is it more secure to secure the api end points for android based client app with self signed certificate" -- that may or may not be possible; talk to your server team
using a self-signed certificate, overall, has equivalent security to implementing certificate pinning
jamshaid
ok
Mark M.
the advantage of the self-signed certificate is that you have more control over things like lifetime
jamshaid
one of my peers thinks if the wifi is secured using 802.1x EAP or some secure https is not necessary
Mark M.
WiFi isn't relevant, unless the server is not on the Internet
jamshaid
thanks
9:35 AM
jamshaid
i get this message on android device where upon putting the usb otg
i get this system dialog if i want to change my default write disk
i wnated to get rid of it i saw on stackoverflow u had a comment
but unsucessful was wondering if u had more to share on it
Mark M.
I do not know what you are referring to, sorry
jamshaid
i meant this
http://stackoverflow.com/questions/36425636/how...
Mark M.
well, I meant what I said
that is not a standard Android dialog
that is coming from something specific to that device from that manufacturer
if you have questions or concerns about it, you need to talk to the manufacturer
9:40 AM
jamshaid
sorry i just realized that wiko is not some developer but the device manufacturer
Mark M.
I assume that's a device manufacturer, from the context of the question
I do not recall hearing of them
jamshaid
yes you are right
Mark M.
but, there are many small device manufacturers out there
jamshaid
is it possible to restrict in android all internet communication to a single ip
in past i used the vpn but was just wondering if there is another way u came across
Mark M.
no, I was going to suggest a VpnService as a possibility
there may be other options for people in position to customize the firmware, as you appear to be
however, that is outside my areas of expertise
jamshaid
actually just have to possibiity to get the app signed but not to customize firmware so ...but thanks
9:45 AM
jamshaid
thanks alot for your answers i will look into looper and try.
Mark M.
you're welcome!
10:00 AM
Mark M.
that's a wrap for today's chat
the next chat is Monday at 4pm US Eastern
jamshaid
thanks
Mark M.
this chat's transcript will be uploaded to https://commonsware.com/office-hours/ shortly
have a pleasant day!
jamshaid
has left the room
Mark M.
turned off guest access

Thursday, May 11

 

Office Hours

People in this transcript

  • jamshaid
  • Mark Murphy