Friday, December 9, 2016

Android Signature scheme v2

What's new in Android security N...
DroidCon London 2016 conference video 

In Android Studio 2.2+ and gradle 2.2.0+ Google adds APK signature scheme v2 to combat unauthorized modifications to apk files. It improves apk’s verification speed and detects unauthorized changes.
More info jira:
To enable add flag v2SigningEnabled true in build.gradle (Module: app)
 android {
    ...
    defaultConfig { ... }
    signingConfigs {
      release {
        storeFile file("myreleasekey.keystore")
        storePassword "password"
        keyAlias "MyReleaseKey"
        keyPassword "password"
        v2SigningEnabled true
      }
    }
  }

To verified that the apk is sign with scheme v2 you need an android device running "Android N". Use below command, if output is =1 it was sign with signature v1 and if output is =2 means it was sign with signature v2.
$ adb shell pm dump myPackageName | grep apkSigningVersion



Security feature it's only supported in Android N. Once Android N becomes popular it will be good to turn on the flag to enable signature scheme v2.

"Google signature PR commit":
(scrrenshot below)

Make signapk sign using APK Signature Scheme v2.

APKs are now signed with the usual JAR signature scheme and then
with the APK Signature Scheme v2.

APK Signature Scheme v2 is a whole-file signature scheme which aims
to protect every single bit of the APK as opposed to the JAR signature
scheme which protects only the names and uncompressed contents of ZIP
entries.

The two main goals of APK Signature Scheme v2 are:
1. Detect any unauthorized modifications to the APK. This is achieved
   by making the signature cover every byte of the APK being signed.
2. Enable much faster signature and integrity verification. This is
   achieved by requiring only a minimal amount of APK parsing before
   the signature is verified, thus completely bypassing ZIP entry
   decompression and by making integrity verification parallelizable
   by employing a hash tree.


Android Source code explain

Read this http://elinux.org/Master-android :)

Thursday, July 28, 2016

Android Debugging

Two great ways to debug better. Happy testing.

1. In Android Studio add font color to logcat.

  • How to add color font to logcat follow the below steps:
  1.  Open Android Studio
  2. Preferences -> Editor -> Colors & Fonts -> Android Logcat.
  3. Click button ‘Save As’, and name your new Scheme. (uncheck ‘Use inherited attributes’)
  4. In the right side select a color for each component: Assert, Debug, Error, Info, Verbose, Warning.



2. Add color to terminal adb logcat.
  • Take a look at this tool from Jake Wharton pidcast:
Easy to use.
Install: $brew install pidcat
Use: $adb logcat -v brief | pidcat com.myPackage.Name 

Third party tool optioon: Mac tool LogRabbit  http://lograbbit.com $10


Let me know if you have any questions.

Thursday, July 21, 2016

Update Android SDK and Tools from terminal

1. Open Terminal and type below commands.

Opens Android SDK Manager UI. (same as
$android

Software available to update
$android list sdk -a

Install software
$android update sdk -a -u -t #
$enter 'y' to accept license

-----------------------------------------
Example
$android list sdk -a

outputs:
140- GPU Debugging tools, revision 3.1
141- GPU Debugging tools, revision 1.0.3
142- Android Support Repository, revision 34

We want to update "Android Support Repository, revision 34".
we need to use below command:
$android update sdk -a -u -t 142
$enter 'y' to accept license 
Done command installs Android Support Repository, revision 34 :)

 

Wednesday, July 20, 2016

In Android Studio 2.2 gradlew command can donwload android.sdk dependencies


For more info watch video from GoogleIO 2016 What's new in Android Development tools (min 11:55-12:15)


Gradle Build System release notes

Add to gradle.properties:
android.builder.sdkDownload=true

According to this post:
Command will only download android sdk, it will not download google service, repository etc..

Saturday, May 21, 2016

Wednesday, April 6, 2016

Kotlin Tutorials

Kotlin could be the future of Android Development :)

Todo App in Kotlin: https://lordraydenmk.github.io/2016/converting-a-todo-app-to-kotlin-part-1/

Book writer: http://antonioleiva.com/api-request-kotlin/
Book: https://leanpub.com/kotlin-for-android-developers/
ebook sample: file:///Users/andres/Downloads/kotlin-for-android-developers-sample.pdf

Testing:
*** read http://blog.wittchen.biz.pl/hello-kotlin/
It’s also worth mentioning that there is a project created in Kotlin by JetBrains called Spek which is a specification framework for the JVM and you can use it for writing unit tests in the JVM projects in order to get human readable output.


Build
Kotlin Meets Gradle I was lucky to attend this talk by the creator of Gradle.

Jake Wharton's notes:

**** read https://docs.google.com/document/d/1ReS3ep-hjxWA8kZi0YqDbEhCqTt29hG8P44aA9W0DM8/edit#heading=h.famdx8ejbd

Youtube tutorial:
https://www.youtube.com/watch?v=A2LukgT2mKc

koterknife:
https://github.com/JakeWharton/kotterknife

Tutorials:

https://www.youtube.com/watch?v=SI2HiSLDFFs
http://antonioleiva.com/kotlin-awesome-tricks-for-android/

Official kotlin tutorials:

http://try.kotlinlang.org/#/Kotlin%20Koans/Introduction/Strings/Task.kt






Wednesday, March 30, 2016

Sign Android apk using gradle.


1. With Android Studio create a new release key.
***Save android.kesytore in a safe place and don't forget the password.

2. Put this into ~/.gradle/gradle.properties
RELEASE_STORE_FILE=/../PathToYour/keystore
RELEASE_STORE_PASSWORD=*****
RELEASE_KEY_ALIAS=*****
RELEASE_KEY_PASSWORD=*****
Modify your build.gradle like this: 
...
signingConfigs {

   release {
       storeFile file(RELEASE_STORE_FILE)
       storePassword RELEASE_STORE_PASSWORD
       keyAlias RELEASE_KEY_ALIAS
       keyPassword RELEASE_KEY_PASSWORD
   }
}

buildTypes {
        release {
            signingConfig signingConfigs.release
        }
}
....

3. Then in terminal run: $./gradlew assembleRelease
4. Done. Now you have a signed apk that is ready to publish to the android play store.
$cd MyApp/app/build/outputs/apk/app-release.apk


Check who sign the apk with keystone info:
$jarsigner -verify -verbose -certs myApp.apk

Resources:

Friday, March 25, 2016

Android Gradle: How to rename apk depending on build type

1. Add the code below to your project app/build.gradle:
android {
    signingConfigs {
        release {
           .....
        }
    }
    def jenkinsBuild = System.getenv("BUILD_NUMBER") ?: "10"   
    defaultConfig {
        .....
        versionCode jenkinsBuild.toInteger()
        versionName "2.0.0."+ versionCode    }
    buildTypes {
        release {
           ...
        }
        qa {
            ..
        }
        debug {
           ...
        }
    }
    applicationVariants.all { variant ->
        if (variant.buildType.name == 'release') {
            variant.mergedFlavor.versionName = android.defaultConfig.versionName;
        }
        if (variant.buildType.name == 'qa') {
            variant.mergedFlavor.versionName = android.defaultConfig.versionName;
        }
        if (variant.buildType.name == 'debug') {
            variant.mergedFlavor.versionName = android.defaultConfig.versionName;
        }
    }
    applicationVariants.all { variant ->
        variant.outputs.each { output ->
            output.outputFile = new File( output.outputFile.parent,output.outputFile.name.replace(".apk", "-${variant.versionName}.apk"))
        }
    }
   ..
}


2. $gradlew build
It will generate all  the apk's for build types (shown below).


Now when you push apps from Jenkins to HockeyApp the 'apk name' will help you identify the build of the apk :)

Friday, March 18, 2016

Cool Android Libraries

MVP

Design Patter: Model View Controller
Good tutorial
uncle bob clean architecture
tutorial

Renderers

Useful to reduce boilerplate code in ListView and RecyclerView
Renderers
code

ORM

ActiveAndroid

ActiveAndroid is an active record style ORM ( object relational mapper). What does that mean exactly? Well, ActiveAndroid allows you to save and retrieve SQLite database records without ever writing a single SQL statement. Each database record is wrapped neatly into a class with methods like save() anddelete().
ActiveAndroid does so much more than this though. Accessing the database is a hassle, to say the least, in Android. ActiveAndroid takes care of all the setup and messy stuff, and all with just a few simple steps of configuration.

Cool Android Studio trick, wifi adb

AndroidWiFiADB 

adb wifi  

connect 

$adb tcpip 555

$adb connect #.#.#.# (device I.P.)

Monday, March 14, 2016

Android Versioning your App

Every time you submit your app to the Google Play Market you have to increment android:versionCode by 1, this field is located in your Android Studio project app/build.gradle. If you don't increment the versionCode you can't update your app in the Market. This is the value the app checks to perform an app update. Also in app/build.gradle we have android:versionName this is the string user sees for app version, it can be any String that specifies your app version.



1. Edit app/build.gradle:
android {
    compileSdkVersion 23    
    buildToolsVersion "23.0.1"
    def jenkinsBuild = System.getenv("BUILD_NUMBER") ?: "10"
    defaultConfig {
        applicationId "andres_sjsu.notegit"        
        minSdkVersion 16        
        targetSdkVersion 23        
        versionCode jenkinsBuild.toInteger()
        versionName "1."+ versionCode    
}

2. Commit your code to Github.
3. Kick a build from Jenkins.
4. Now the apk will have the versionCode injected by Jenkins build #. Example is your Jenkins project build is number 118 the versionCode will be 118 (Jenkins build number increments by one, which is perfect since every time you publish to Google Play Market the developer needs to increment the versionCode by one, otherwise the Play Market will not let you update your apk).
5. To verify the versionCode was incremented correctly, you can use the buid-tool aapt
$./aapt dump badging /Users/andres/Downloads/app-debug2.apk
It will output info about Android package, example below:


You can see the results are as expected:
versionCode: 118 (Jenkins project build #)
versionName: 1.118



TODO: add versionName to apk name, this will help to easier see the app user(QA, Dev,..) installs.
Example of app Name: qa-go90_1.0.12.apk, release-go90_1.0.12.apk, etc...

FYI:
aapt location is in your android/build-tools

ex: 
$cd /Applications/adt-bundle-mac-x86_64-20131030/sdk/build-tools/android-4.4
$./aapt d badging myapk.apk | grep package

Output
TUSCA09TMLVT029:23.0.2 v644084$ ./aapt d badging /Users/Desktop/base.apk | grep package
 
package: name='com.myPackageName.release' 
versionCode='97040' 
versionName='1.7.0' 
platformBuildVersionName='6.0-2166767' 

Resources:
http://developer.android.com/intl/es/tools/publishing/versioning.html
Configure gradle: https://developer.android.com/intl/es/tools/building/configuring-gradle.html
good read:* http://www.androidshortcuts.com/tags/gradle/
http://eric-liang.com/category/android-app-development/

Wednesday, March 9, 2016

Fix Jenkins error for Android build, missing sdk #.#.#

Error: failed to find Build Tools revision 23.0.2


FAILURE: Build failed with an exception.

* What went wrong:
A problem occurred configuring project ':app'.
> failed to find Build Tools revision 23.0.2

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.

BUILD FAILED

Solution:


$android list sdk -a
Which showed me the following list:
1- Android SDK Tools, revision 24.0.2
2- Android SDK Platform-tools, revision 23.0.2
... and a great many more
Followed by the command:
$android update sdk -a -u -t 2
It will install the 23.0.2 SDK Platform-tools components. DONE. Run Build again in Jenkins.


Example below:

Andress-MacBook-Pro:tools andres$ pwd
/Users/Shared/Jenkins/Home/tools/android-sdk/tools

Andress-MacBook-Pro:tools andres$ ls
android ....  .....
....  ...   ...
.... ... ...

Andress-MacBook-Pro:tools andres$ ./android list sdk -a
Refresh Sources:
  Fetching https://dl.google.com/android/repository/addons_list-2.xml
  Fetched Add-ons List successfully
  Refresh Sources
  ...
  Parse XML:    https://s3.amazonaws.com/android-sdk-manager/redist/addon.xml
Packages available for installation or update: 170
   1- Android SDK Tools, revision 24.4.1
   2- Android SDK Tools, revision 25.0.9 rc10
   3- Android SDK Platform-tools, revision 24 rc1
   4- Android SDK Build-tools, revision 24 rc1
   5- Android SDK Build-tools, revision 23.0.2
   6- Android SDK Build-tools, revision 23.0.1

Andress-MacBook-Pro:tools andres$ sudo ./android update sdk -a -u -t 5

Reference:
http://stackoverflow.com/questions/27272605/failed-to-find-build-tools-revision-21-1-1-sdk-up-to-date

Tuesday, February 23, 2016

info Android Continous Integration

Continuous Integration 
Goal is that every time you commit your code, your code automatically goes thru some Junit testing (iOS/Android) and also builds the apps (ipa/apk). CI helps improves the quality of the app. Ideally is nice to have one system when you can kick a build and also run your unit and integration tests. CI is key to have a great app :)

Good read: Tools used by other companies:
Android Jenkins aws 
Read to learn about CI Jenkins vs. Circle CI vs Travis

 


------------------------------------------------------------------------------------------------------------
My Opinion:
Most enterprise companies use Jenkins. For small companies I would suggest CircleCI($) or Travis($$$).

------------------------------------------------------------------------------------------------------------
Jenkins:

What is Jenkins? 

Jenkins Plugin info (BUILD_NUMBER..)
Jenkins is an open source continuous integration tool which aims to automate certain tasks that developers find themselves repeating. It runs as a local server on a host machine
Tutorial by codepath
Setup:
1. Create Jenkins account.
2. Configure Jenkins:
Install Plugins: Manage Jenkins -> Manage Plugins -> Available
  • Gradle Plugin (build system)
  • Git Plugin (use git to link to your projects repos)
  • Android Emulator
  • AWS device farm (test apps with real devices using AWS Device farm)
  • HockeyApp (distribute apps)
  • Android lint plugin - Lint is a great tool created by Google to analyze the code for Android. It comes with the SDK of Android and it is useful to have good quality code.
3. Configure Git repo, ssh key.
4. Create new job to generate APK.

Enterprise Notes:
1. Create Jenkins account.
2. Install Android SDK in jenkins machine(node) 
3. Install Plugins.
4. Configure Git Enterprise repo(master).
5. Test run to generate apk.

Tips 
Jacoco Reporting

------------------------------------------------------------------------------------------------------------
Circleci uses the build file: circle.yml, you need to create and add this file to your project root.
Circleci builds apk and runs Espresso UI test(click button change text).
GitHub Project
Circleci Dashboard
Reference
Circleci iOS



------------------------------------------------------------------------------------------------------------
Travis uses the build file: travis.yml , you need to create and add this file to your project root.  Can be setup to run both unit and integration tests. Working example follow below step: CodePath Tutorial
GitHub Project
Good read
Travis Enterprise
Travis iOS 
Travis upload apk to Testflight


 



------------------------------------------------------------------------------------------------------------
Online Examples:

Android example:
https://www.bignerdranch.com/blog/continuous-delivery-for-android/

iOS example:
Build and deploy to HockeyApp
Travis iOS very example




------------------------------------------------------------------------------------------------------------
Other Resources:

CI slides-
http://www.slideshare.net/sergiizhuk/slides-v6-41909668
http://www.slideshare.net/tomoakiimai2/tips-for-better-ci-on-android?related=1

CI paper - 
https://saucelabs.com/resources/white-papers/why_ci_should_be_part_of_your_mobile_dev_process-a_sauce_labs_report.pdf/@@download/file

Gradlew-
https://guides.codepath.com/android/Getting-Started-with-Gradle
http://tools.android.com/tech-docs/new-build-system/user-guide#TOC-Build-Tasks

Monday, February 1, 2016

info Android Material

Good read about Material Design

Components:
snackbar

Drawables tutorial

info Android Testing (and iOS)

Mobile Testing background

 ------------------------------------------------------------------------------------------------------------


Android
Robolectric for unit testing,
Espresso for UI testing,



iOS
Xcode XCTest

 ------------------------------------------------------------------------------------------------------------

Robolectric:
Very Good Tutorial
http://robolectric.blogspot.com/2010/12/testing-startactivityforresult-and.html
http://turhanoz.com/unit-test-android-starting-an-activity/
https://github.com/codepath/android_guides/wiki/Unit-Testing-with-Robolectric

-----------------
Appium:
Appium(python) and AWS Device Farm - Cloud testing
http://docs.aws.amazon.com/devicefarm/latest/developerguide/getting-started.html
iOS Video Example (*very good tutorial*)
 https://www.youtube.com/watch?v=CLeb1wjctuU
Getting started: http://docs.aws.amazon.com/devicefarm/latest/developerguide/getting-started.html 

----------------------
XCTest

 ----------------------
Espresso

Espresso vs Robotium



----------------------


Follow this tutorial: https://codelabs.developers.google.com/codelabs/android-testing/index.html?index=..%2F..%2Fandroid-dev-summit&viewga=UA-69243313-1#5

Testing Fundamentals:
http://developer.android.com/tools/testing/testing_android.html

Slides:
http://www.slideshare.net/dtmilano/introduction-to-android-testing?related=1

CodePath testing guide 


------------------------------------------------------------------------------------------------------------




------------------------------------------------------------------------------------------------------------
Resources:
 https://developer.android.com/tools/testing-support-library/index.html#AndroidJUnitRunner
https://google.github.io/android-testing-support-library/
https://codelabs.developers.google.com/codelabs/android-testing/#0


Thursday, January 7, 2016

SharedPreferences in Android [ put string and get string ]

PUT
private SharedPreferences sharedPreferences;
sharedPreferences.edit()
        .putString("KEY_NAME", name)
        .apply();


GET
String NameURL= getPref("KEY_NAME", getContext());

public static String getPref(String key, Context context) {
    SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(context); 
  return preferences.getString(key, null);
 
 
 
Resources: 
https://medium.com/google-developers/sharedpreferences-is-your-answer-to-simple-storage-a7c8499ea8ff#.7eoyjrjgi