Database Users

I am Making A Website

I'm making a site, called market4android which you developers can feature your apps/roms on, etc. I'd love for you guys to contact me so we can get the ball rolling. It's a great domain that gets a lot of search engine hits, so if you're looking to get your name out there and get your apps out there, then please PM me and let me know what you have and all that cool stuff!

The site should be online for most of the world. If it is not, give it a while because it may still need to update on world servers.
Check it out, leave feedback, etc, and developers! hit me up and let me know if I can post your ROMs on the site. Don't want nobody getting mad at me!

Reminds me of a site that I frequent called XDA.
Maybe I am missing the point? Are you simply offering to host files?

jerry43812 said:
Check it out, leave feedback, etc, and developers! hit me up and let me know if I can post your ROMs on the site. Don't want nobody getting mad at me!
Click to expand...
Click to collapse
You'll never get anywhere waiting for others to send you content. If you want to post a rom, post info, screenshots, etc. and link out to the post where they can get it and more info.

This may be a dumb question, but here goes anyway....
It's not hard at all to get an app included on the Android Market. What advantage are you offering over going that route?
So far I've only written a few Android apps, and they were both custom jobs for clients that would not be at all interesting to the general public. (And they have a LOT of tweaking left to do before I'd call them anything I'm proud of. I'm new to Android, it'll take awhile for me to catch up with the stuff I've done for WinMo and PalmOS.)
But I've considered diving into some more generally appealing projects, and the Android Market currently offers me both the ability to distribute for free, and the ability to monetize my efforts if I decide to go that route. Either route gives me pretty widespread exposure.
As a developer, my main question would be: "What extras are you offering that the existing marketplace leaves out?" (i.e. How can you make me more money? And/or give me wider exposure?)

I don't think he is making a place to distribute apps (at least that's not what I got), I thought he was making a place to be like "hey look what's going on in the dev community, check out this app and this rom, etc."

gthing said:
I don't think he is making a place to distribute apps (at least that's not what I got), I thought he was making a place to be like "hey look what's going on in the dev community, check out this app and this rom, etc."
Click to expand...
Click to collapse
So a review site?
That could be very, very cool. Only trick is building a large readership.....
With that in place, it could very easily be something that developers want to pay close attention to.

gthing said:
I don't think he is making a place to distribute apps (at least that's not what I got), I thought he was making a place to be like "hey look what's going on in the dev community, check out this app and this rom, etc."
Click to expand...
Click to collapse
You got the idea down pat!

subliminalurge said:
So a review site?
That could be very, very cool. Only trick is building a large readership.....
With that in place, it could very easily be something that developers want to pay close attention to.
Click to expand...
Click to collapse
I'd definitely be letting developers have publisher accounts so they can work on getting exposure from my site, etc. It's not totally about me distributing apps...
Try to picture this: I can get traffic. Traffic coming to my site and seeing your apps there, your ROMs there, etc, want to download them, etc, well, not only gets you not only exposure, but income from the apps as well seeing as how they're downloading you stuff because they found info and reviews on it on my site.
Yes, the market would definitely be the #1 way to go, but what harm can it do to get some more exposure to your stuff? as well as get user reviews and the income that youre concerned about?

danknee said:
Reminds me of a site that I frequent called XDA.
Maybe I am missing the point? Are you simply offering to host files?
Click to expand...
Click to collapse
I will create mirrors for your files etc, and yes, you are missing the point. I wasn't 100% absolute sure in the direction I was heading with this, but I am offering you the exposure of traffic that comes to my site to see your apps etc, when they may not have ever noticed your app in the marketplace. User reviews, developer releases and all kinds of cool **** can happen here if you're willing to crack the shell away a little bit and accept my offer of free exposure to your stuff.
Why the hell would anyone pass up free? Beats me.

jerry43812 said:
I wasn't 100% absolute sure in the direction I was heading with this,
Click to expand...
Click to collapse
For the record, my comments were not meant to be disparaging, but to help you figure that out.
I'm not going to go into how old I am, but I'm not exactly wet behind the ears. I was making a living in the "computer field" since long before anything called a "web browser" ever existed. The first time I heard about Mosaic, my reaction was "eh, sounds like gopher with pictures. big deal." (It wasn't a great article....)
There are two main reasons why projects fail. The first, and by far the greatest, is because the people starting that project never ask themselves, and come up with a clear answer to, "what problem am I trying to solve?"....
The second reason is that they fail to ask themselves "Is my solution something people will actually use?".
If you have good answers to those two questions, then the rest is just the legwork of getting it done. If you don't have good answers to those questions, then no amount of work will produce a successful outcome.
Sorry if I sound harsh, just trying to be helpful.

subliminalurge said:
For the record, my comments were not meant to be disparaging, but to help you figure that out.
I'm not going to go into how old I am, but I'm not exactly wet behind the ears. I was making a living in the "computer field" since long before anything called a "web browser" ever existed. The first time I heard about Mosaic, my reaction was "eh, sounds like gopher with pictures. big deal." (It wasn't a great article....)
There are two main reasons why projects fail. The first, and by far the greatest, is because the people starting that project never ask themselves, and come up with a clear answer to, "what problem am I trying to solve?"....
The second reason is that they fail to ask themselves "Is my solution something people will actually use?".
If you have good answers to those two questions, then the rest is just the legwork of getting it done. If you don't have good answers to those questions, then no amount of work will produce a successful outcome.
Sorry if I sound harsh, just trying to be helpful.
Click to expand...
Click to collapse
Not harsh at all and I comprehend your points. Maybe my tone sounded harsh when it was simply factual and jsut telling my purpose.
I feel that the purpose of this site I opened is good, and it can be very useful. But just like any other good thing, it usually cannot be done by one person. Support for the project is always a plus, and it can be made to be an excellent resource for people who are green on both sides, that want to get into modding android devices.
I dont think that it is a waste of my time, but in order for it to make it to where I'd like it to be, it can definitely use all the support and input that it can get. Thats why I brought the whole subject up, here. There are lots of developers here and even I am new to a lot of the stuff here, and I feel that it would be a great asset to a lot fo folks here if you jsut give it a chance.

jerry43812 said:
Not harsh at all and I comprehend your points. Maybe my tone sounded harsh when it was simply factual and jsut telling my purpose.
I feel that the purpose of this site I opened is good, and it can be very useful. But just like any other good thing, it usually cannot be done by one person. Support for the project is always a plus, and it can be made to be an excellent resource for people who are green on both sides, that want to get into modding android devices.
I dont think that it is a waste of my time, but in order for it to make it to where I'd like it to be, it can definitely use all the support and input that it can get. Thats why I brought the whole subject up, here. There are lots of developers here and even I am new to a lot of the stuff here, and I feel that it would be a great asset to a lot fo folks here if you jsut give it a chance.
Click to expand...
Click to collapse
Oh, I never meant to imply it was a waste of time. Nothing of the sort. I think the Android platform has a huge amount of potential. For the people developing the platform, for the people developing apps to run on top of it, and for people creating the entire ecosystem that will surround it.
I guess what I was trying to do was get you thinking about a statement that you ended up making yourself. That you weren't 100% sure about the direction you wanted to take this. Whatever direction you decide on, I think your chances of success are much greater if you have a clear idea of what that direction is.
That said, I like your idea. I'd love to hear more about what you have in mind.

subliminalurge said:
Oh, I never meant to imply it was a waste of time. Nothing of the sort. I think the Android platform has a huge amount of potential. For the people developing the platform, for the people developing apps to run on top of it, and for people creating the entire ecosystem that will surround it.
I guess what I was trying to do was get you thinking about a statement that you ended up making yourself. That you weren't 100% sure about the direction you wanted to take this. Whatever direction you decide on, I think your chances of success are much greater if you have a clear idea of what that direction is.
That said, I like your idea. I'd love to hear more about what you have in mind.
Click to expand...
Click to collapse
Why dont you PM me with some messenger info so we can talk? I run ICQ and AIM because ICQ is what is industry standard in the industry I work in.

jerry43812 said:
Why dont you PM me with some messenger info so we can talk? I run ICQ and AIM because ICQ is what is industry standard in the industry I work in.
Click to expand...
Click to collapse
Will do. I mainly use Skype these days for IM, but I can throw ICQ on my computer real quick.

subliminalurge said:
Will do. I mainly use Skype these days for IM, but I can throw ICQ on my computer real quick.
Click to expand...
Click to collapse
Awesome, look forward to talking with you!

Got an article coming soon on the best battery app I found, along with some info from the developer. This should be live within a day or two.
I am looking for more stuff to write articles about, and it will involve some email communication between us so I can get the most accurate info onto the site.
Anyone want to be the one of the first few people to get featured on the site? PM me your email address so I can contact you

jerry43812 said:
Got an article coming soon on the best battery app I found, along with some info from the developer. This should be live within a day or two.
I am looking for more stuff to write articles about, and it will involve some email communication between us so I can get the most accurate info onto the site.
Anyone want to be the one of the first few people to get featured on the site? PM me your email address so I can contact you
Click to expand...
Click to collapse
Got that article written and set live, and I also have a few other things on there, including a comprehensive guide to rooting the Sprint HTC Hero.

well an app review site would be great as i tend to follow users input when i download apps, and the input in the Market is just crap .. what some user find to be a bad app could actualy be a very good app for others. i sometime do it myself when i download an app , i look for user rating and comments. and decide wether to download the app or not, based on the user ratings..
The other thing would be a app request, meaning i been loking for an app that will play FLAC or AAC music files, i found 2 , 1 is from XDA ( a good app but the GUI is must to be desired ) the other is a cheap app that sometimes plays sometimes dont.. LOL
if someone would make good app for this i would be willing to pay for it 20.00 if i had to ...
The point is i would love a place that i could go to and request an app or suggest ideas for an app..
my 2 cents

rgildoss said:
well an app review site would be great as i tend to follow users input when i download apps, and the input in the Market is just crap .. what some user find to be a bad app could actualy be a very good app for others. i sometime do it myself when i download an app , i look for user rating and comments. and decide wether to download the app or not, based on the user ratings..
The other thing would be a app request, meaning i been loking for an app that will play FLAC or AAC music files, i found 2 , 1 is from XDA ( a good app but the GUI is must to be desired ) the other is a cheap app that sometimes plays sometimes dont.. LOL
if someone would make good app for this i would be willing to pay for it 20.00 if i had to ...
The point is i would love a place that i could go to and request an app or suggest ideas for an app..
my 2 cents
Click to expand...
Click to collapse
You're able t request apps and stuff there, I honestly havent set that section up because I am working on other content first. You can possibly post a new thread requesting someone code something for you, but I am not sure on the pricing of their work, etc. Let me work on getting some good app coders on my side and then I'll open up the requests section.

Market F***ing Spam

I have come to a point where I can no longer sit back and watch our system be bombarded with spam apps. It hurts android as a system and will be its downfall, open or not.
I sent tips to Gizmodo, Engadget, BGR, and all others that have can reach a large audience.
I for one am sick and tired of all the bull**** I see in the market. Open system or not, its getting out of hand. I can't be the only one fed up with the situation. To all android users please voice your hatred of people abusing the rules. Just because its not illegal does not make it ethical or allowable
These are a few links to help people realize how bad this problem is and how bad it will become.
Who cares if we have 50,000 apps and upwards of 15,000 are complete crap. There are 20 real offenders with about 1,000 apps each. 1,000!! each. Thats ridiculous.
Almost 50% of our applications do nothing. Absolutely nothing. I love my N! and have been an Android user since the G1. I have watched our open system is being abused and ransacked by idiots.
Anyone else fed up with this do something to fix it rather than sit back.
I know this is not so much about the N1 than it is Android in general, but I wanted people to see it and spread the word.

These are some websites to look at
http://www.reddit.com/r/Android/comments/bwemj/pocket_empires_spamming_android_market/
http://www.google.com/support/forum/p/Android+Market/thread?tid=511e1703b32ce3a5&hl=en
http://www.eurodroid.com/2010/02/an...he-day-zeitmann-and-its-deluxe-clock-widgets/
http://www.google.com/support/forum/p/Android+Market/thread?tid=608e9ca3fc7a80fb&hl=en
http://forum.xda-developers.com/archive/index.php/t-635400.html

I'd noticed a lot of reviews mentioning Pocket Empire, all across the Market, earlier today, it's a pain in the arse, and highlights the fact that you really can't read just a few comments left, and assume they'll be accurate.

Yes it is totally our of hand. The Pocket Empire developers have been encouraging their users to go to the market and download any and all Free apps they dont have to pay for. Then to leave feedback score of 5 for the unrelated app with a comment promoting their Pocket Empires and a referral code. So as well as the comments being BS so are the star ratings they are leaving, which do not reflect the underlying application.
Here are some threads discussing it.
Nexusone Stop spamming the Android Market Pocket Empire players
People advertise everywhere for "pocket empires"- can this spam be curtailed somehow?
How about all the people who were getting their knickers in a knot about the sentence "this message was not sent by tapatalk" sink their teeth into this one.
It is of far greater significance and has the potential to undermine the android market. The lack of action by google to date on this issue (ie not banning PE) suggests to me that they want the market to self regulate.
So lets get together and do something about this Pocket Empire mob.

Yeah the stupid spam comments about "join pocket empires and receive 100 credits" is really getting annoying, not to mention the complete random and totally useless apps that have been coming onto the market lately.

You can at least use appbrain as an alternative, because it filters out the vast majority of Spam apps. But it cannot filter all the PE Spam comments.

Well yesterday, the dev of Pocket Empires sent an ingame message out saying the following:
Hey everyone. We are laying down a new "dont spam other games" policy due to the amount of spame that's been being spread around. Starting May 1st any comments past that date will have their referral code banned for a week. Thanks for your assumed cooperation and enjoy!
Click to expand...
Click to collapse
Seems like the dev is trying to put a stop to it at least for now.

Sistum Id said:
Well yesterday, the dev of Pocket Empires sent an ingame message.....
Seems like the dev is trying to put a stop to it at least for now.
Click to expand...
Click to collapse
Yes but they are just going through the motions of saying the right thing. Crying Crocodile Tears. How do you honestly think they are going to police their threat of one week bans?
If they were serious about it, they would
1) be telling their users to go back and undo the damage they have done. Which would involve removing spam comments left for other apps AND setting ratings stars to average.
2) removing the referral code system altogether, so that once they no longer can Spam the market they do not just move to every other forum know to man. Such as some smart arse adding a PE referral in this very thread which will no doubt happen soon enough.
I would really like to see Google pull PE from the market altogether for some time as a penalty. But probably wont happen as they want the market to self regulate.
POCKET EMPIRES = POX it must be eradicated

Quick add me on pocket empire!
My code is [email protected]

I'll pay that one ;-)

KnightMAREcrow said:
These are some websites to look at
http://forum.xda-developers.com/archive/index.php/t-635400.html
Click to expand...
Click to collapse
Yeah, I opened that thread over there. What bothers me the most is how easy it would it be for google to give us the tools to crush spam.
From where I see it, there are two distinct problems right now:
1) the spam apps (those by Michael Quach, Zeittman, etc).
The easy solution: allow the users to filter out specific words and developers. Then, if a given number of users filter out a developer, consider him "uninteresting" and relegate his apps to the bottom.
2) the PE spam in other apps and games.
The easy solution: if a given number of users report a given number of posts as spam (e.g. 50 individual users report 50 individual messages) consider them spam and filter out every message that is 90% similar to them (e.g. they have mostly the same words but the referral code changes).
These would be completely automatic and would require absolutely no human interaction on part of Google. It's so easy it makes me want to go to their offices and slap the person in charge in the neck.

I reckon a simpler solution to the PE SPAM with referral codes is as follows:
Restrict feedback entries to known words. So if a user enters anything that is not a word, such as a referral code, serial number or email, then it would get rejected. There is absolutely no reason for legitimate feedback to contain any word or string of characters that is not in a dictionary.

logger said:
There is absolutely no reason for legitimate feedback to contain any word or string of characters that is not in a dictionary.
Click to expand...
Click to collapse
What about diminutives, etc? Also, What if I want to point to a related app that is better in my opinion? I have done that in the past.

Fair point.
However, for simplicity, blocking non words would go a long way to fixing the referral code issue, while allowing most feedback. It may be better to point out the shortcomings of an application, than to refer readers to an alternative. I know if I was a developer, I would be annoyed if feedback pointed to a competitors product. I trust I got my point across here, using only common words and no diminutives. Common diminutives could be added to the dictionary in any case.

logger said:
However, for simplicity, blocking non words would go a long way to fixing the referral code issue, while allowing most feedback.
Click to expand...
Click to collapse
The operative word here being "most". I get your point, but I think self-regulation would be better on the long run. I don't think the best way to fix an annoying situation is to introduce another annoying situation, even if it's less annoying than the first one; and I sure would be pissed if I was writing a comment and the Market rejected it because one of the words I used was not in the dictionary.
logger said:
It may be better to point out the shortcomings of an application, than to refer readers to an alternative. I know if I was a developer, I would be annoyed if feedback pointed to a competitors product
Click to expand...
Click to collapse
I would be too, but honestly: I don't write comments to please developers, I do it to give other users good advice. Isn't that precisely the point of the comments system?

http://www.appbrain.com/
If you refuse to use it after I've showed you this, or knew about it already and didn't use it, then don't start another thread like this. You have your out.
And please don't use the "we shouldn't have to use a 3rd party app." This is mother####### XDA, we use what we have to in order to get things done quickly and smoothly.

ATnTdude said:
And please don't use the "we shouldn't have to use a 3rd party app." This is mother####### XDA, we use what we have to in order to get things done quickly and smoothly.
Click to expand...
Click to collapse
Yeah, let's leave the rest of Android users on their own. We're mother####### XDA, we don't care about things working right or not if we can make them work for US!
Who cares about the health of the Market? Who cares if it deters people from using Android? We're mother####### XDA!

ATnTdude said:
http://www.appbrain.com/
If you refuse to use it after I've showed you this, or knew about it already and didn't use it, then don't start another thread like this. You have your out.
Click to expand...
Click to collapse
Of course we know about appbrain. Before you go sprouting off, Just read some the feedback comments in http://www.appbrain.com/browse/apps/?apps=free for example Shazam and you will immediately see they are not filtered and that the SPAM comments we have been discussing reside there as well.
Any yes I have asked appbrain if they would consider filtering the SPAM comments from their site. Hopefully they will.

In this instance, I believe the market should regulate itself. There has been enormous growth and with it comes the BS. I'm of the mind to believe this will be addressed.
Legalize it. Don't criticize it.

1) the spam apps (those by Michael Quach, Zeittman, etc).
The easy solution: allow the users to filter out specific words and developers. Then, if a given number of users filter out a developer, consider him "uninteresting" and relegate his apps to the bottom.
Click to expand...
Click to collapse
i agree.. i think the user should be able add any developer to their personal 'blacklist' that will just simply hide them from view in the market.
also, a more in depth search is needed. filter by keywords you want, keywords you dont want, categories, rating, total downloads, active installs, developers country, downloads to time in market ratio, etc, etc... i mean come on how hard is this to implement when your the top search provider in the entire world.
edit: also, this spam crap is hurting the legit devs. without proper filters or search, it is an uphill battle to not fail. i mean, how will the casual user even know your app exists when 50 apps above it and 50 apps below it are all spam.

General warning about using Random APK's

Just a general warning to those who seek out APK's on the internet.
I've noticed an increasing number of people posting APK links on XDA-developers using 3rd party hosting such as multi-upload instead of the official developers websites. This is a potential security risk to your own phone, because Android code CAN be decompiled, and dodgy code can be added before re-uploading. You at a greater risk of downloading compromised APK's if you download them from an untrusted party.
Many of these APK's seem to be hosted officially by the developers already, so please link directly to the developers OWN servers when possible, and those who use their phone for business or store sensitive data on it, should avoid using APK's from sources which weren't set up by the original developers.

andrewluecke said:
Just a general warning to those who seek out APK's on the internet.
I've noticed an increasing number of people posting APK links on XDA-developers using 3rd party hosting such as multi-upload instead of the official developers websites. This is a potential security risk to your own phone, because Android code CAN be decompiled, and dodgy code can be added before re-uploading. You at a greater risk of downloading compromised APK's if you download them from an untrusted party.
Many of these APK's seem to be hosted officially by the developers already, so please link directly to the developers OWN servers when possible, and those who use their phone for business or store sensitive data on it, should avoid using APK's from sources which weren't set up by the original developers.
Click to expand...
Click to collapse
First off: Who's to say the original developer can't put this so-called "dodgy code" in their own apks?
Secondly: The Android marketplace doesn't have any strict rules as to what someone can post, and the code isn't even checked. You have just as high a chance of getting this "dodgy code" from any app you download straight from the market.

Nobody. But it is a hell of a lot safer from a trusted first party, than being passed down a chain of untrusted people before it makes it's way to you. Especially since apk's don't seem to be digitally signed (I may be wrong).
I'm just concerned that you can post any APK you want here which have an official website, insert a trojan, and nobody would be none the wiser. I'd simply like to see a change in attitude.. If someone posts an unofficial link to an APK which is already available by developers, I'd like to see people stand up and point to the OFFICIAL website.
At the moment, people are actually ENCOURAGING bad security practices, and doing so makes XDA a target ripe for future attack. And I don't want to wake up to a forum of people *****ing about Samsung, for a problem caused because of a trojaned copy of Angry birds beta on XDA.
We should build awareness now for people to get files from the last link in the chain, rather than wait for someone to try it (which they probably will, and may have already done)

andrewluecke said:
Nobody. But it is a hell of a lot safer from a trusted first party, than being passed down a chain of untrusted people before it makes it's way to you. Especially since apk's don't seem to be digitally signed (I may be wrong).
I'm just concerned that you can post any APK you want here which have an official website, insert a trojan, and nobody would be none the wiser. I'd simply like to see a change in attitude.. If someone posts an unofficial link to an APK which is already available by developers, I'd like to see people stand up and point to the OFFICIAL website.
At the moment, people are actually ENCOURAGING bad security practices, and doing so makes XDA a target ripe for future attack. And I don't want to wake up to a forum of people *****ing about Samsung, for a problem caused because of a trojaned copy of Angry birds beta on XDA.
We should build awareness now for people to get files from the last link in the chain, rather than wait for someone to try it (which they probably will, and may have already done)
Click to expand...
Click to collapse
Are you familiar with modifying an APK? It is not nearly as easy as you make it seem. If the developer doesn't release the source code, it can't easily be functionally modified minus a few graphics and the like. Not to mention, this is how the iPhone jailbreak system works in regards to getting content. And has been going on with PC for years.
I really do not think it's something we have to worry about. Just install an anti-virus on your phone if you're worried.

1) Grab 7zip to decompress your apk package.
2) And yep, there are tools to decompile dex files too. Technically it seems to be more like disassembly, but can probably easily be modified to cause the app to ring russian phone sex numbers every 10 minutes without your consent, or do other nasty things. There are some security mechanisms in place, but that doesn't make them invincible.
You tell me, what is the advantage of encouraging reposting of APK's with already existing websites? Because it doesn't seem to have any advantages, but can have BAD security implications.

Good thing to raise awareness among users, but alas - most of them don't even bother to read the permissions requested by apps downloaded from the market.
There are actually quite few people that have an idea of what could happen if they had a rouge app on their phones. I recently tried to give a similar general warning in another forum that people should take care when flashing "beta" firmwares downloaded from some hosting site and not from the developer... You think most of them cared? Sadly they didn't...

There's nothing wrong with being a bit cautious and smart about the way we do things. I'll trust the app if I see the dev is in "the" community.
Sent from my GT-I9000M using XDA App

andrewluecke said:
1) Grab 7zip to decompress your apk package.
2) And yep, there are tools to decompile dex files too. Technically it seems to be more like disassembly, but can probably easily be modified to cause the app to ring russian phone sex numbers every 10 minutes without your consent, or do other nasty things. There are some security mechanisms in place, but that doesn't make them invincible.
You tell me, what is the advantage of encouraging reposting of APK's with already existing websites? Because it doesn't seem to have any advantages, but can have BAD security implications.
Click to expand...
Click to collapse
So, obviously you've never tried to actually edit one of those XML files within it. try that and get back to me.
APK's are not open source and cannot be decompiled and edited. The only way for what you are suggesting can happen, to happen, is if the APK in question had its sources released so someone else could release an edited version of the program, made from scratch, in java.
"can probably" is not very sure. The chances of someone posting a completely separate app with the name of a well known app is much more likely than someone editing an existing app (assuming the sources were available).
If you have no clue about android apk development why even bother arguing?
opensourcefan said:
There's nothing wrong with being a bit cautious and smart about the way we do things. I'll trust the app if I see the dev is in "the" community.
Sent from my GT-I9000M using XDA App
Click to expand...
Click to collapse
Agree 100%. Much better said! You don't know who's releasing what, so watch what you're installing and just make sure it looks like the program you were looking for in the first place..

Electroz said:
So, obviously you've never tried to actually edit one of those XML files within it. try that and get back to me.
Click to expand...
Click to collapse
Refer to apktool Link
Or Apk Manager (My Signature)
Xml's can be 100% decompiled/recompiled from binary to human readable and back thanks to apktool.
2 options to make sure ur safe :
1. Dont install root applications (they require 0 upfront standard android api permissions hence u won't know what its doing behind the scenes)
2. Install apps by transferring them to ur phone and using the package manager, that way you can see standard permissions (if any) and judge accordingly.
You know what would be cool, if superuser could log the "su" commands a root requiring app executes

Daneshm90 said:
Refer to apktool Link
Or Apk Manager (My Signature)
Xml's can be 100% decompiled/recompiled from binary to human readable and back thanks to apktool.
Click to expand...
Click to collapse
Wow, my bad.... But no wonder major game companies aren't developing for the platform yet.

But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?

leoon said:
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
Click to expand...
Click to collapse
If its a non-root requiring app then yes, it must disclose its permissions prior to installing it through package manager not if u use adb to install.
You just have to judge, if a wifi toggle app is asking for email/sms permissions, you might want to be careful
As for root-requiring apps, theres not much you can do other than read reviews for that app or decompile and try to understand what its doing behind the scenes.

Electroz said:
Wow, my bad.... But no wonder major game companies aren't developing for the platform yet.
Click to expand...
Click to collapse
It's quite easy to modify disassembled app code as well - trust me ;-) Also I think we will have possibility to decompile to Java code in the future.
Just don't think of your phone as a smaller PC (especially Windows), because this isn't true. There will never be antiviruses for Android and your only protection are permissions. Anyone could create market account and upload malicious app.
About game companies: they usually write in native code and it's really hard to decompile (or maybe even impossible for now). Besides... did you heard about gameloft's recent games? They're really awesome. Note that first 3d-gaming capable Android phones were released just ~10 months ago, so it's still quite early.

leoon said:
But even if the apk that u downloaded from the net have a virus (eg. sends SMS to get money), you will still see the permission when installing so an antivirus isnt needed, or am i wrong?
Click to expand...
Click to collapse
It should, however, what if it is an alternate launcher, in which case, you'd expect it to be able to send SMS's and make phone calls. That's all fine, until you realise the copy of launcherPro you downloaded using a multi-upload in XDA is having phone sex with a russian operator costing you hundreds of dollars.
It's actually good Brut spoke here. Brut[Maps] is relevant, because it introduces new features which distinguishes it from Google's version. However, can we trust Brut as much as we can trust Google? He seems trustworthy yes, but as trustworthy as Google? Questionable. (Btw Brut, good work on your mod). Of course, his mod does have considerable benefits showing he is interested in helping the community and he hasn't caused any problems thus far. That only means his official multi-upload posts are safe though, if I repost them elsewhere, you shouldn't trust my copies.
It's common sense that programs should pass by as few hands as possible to remain secure. We need to build awareness about security practices (particularly for business users who may compromise their companies security or information). I'm not saying all rom's are safe.. Think about it though, if an APK is already readily accessible, why would someone go through the effort of re-uploading it?
Furthermore, we should encourage people using their phone's for important purposes to use the official Kies releases, not random firmware's available from Samfirmware's (which may not even be final versions).
Remember, trojans are common in the warez world, and it's better to change the attitude of the community before they become a problem here too (otherwise, people will be stuck in a poor mindset that compromises herd immunity). XDA is a website targeted at the technical crowd, and we should set a good example.
@Electroz. Haven't disassembled them myself, but checked a tutorial. But someone has responded already anyway.. Just because I don't have experience doing it myself anyway, doesn't mean it isn't widely known to be possible.

Several big guys already launched Antivirus For Android
Norton, Trend, and a few more
i think we are pretty safe with those
however... it's suck if they run in the background all the time eating the juice+cpu power away

Anti-virus only helps for known trojans anyway, and since so few people have it installed, it doesn't help much. When Android has it built in though, it may be more useful.
Anti-virus should be considered a last line of defense anyway. And either way, I'm not concerned, because I try to minimise the risks of my own sgs. However, it's a concern that people here don't believe such a risk exists, and are actually encouraging a global attitude which might make the Android population ripe for social engineering attacks in the future.

@andrewluecke
I understand you, I don't say there is no problem with security. I say it doesn't matter you will get malicious software from mirror or Market itself. We could assume apps downloaded from WWW are more dangerous, but this problem is general one: people should be cautious whenever they install something with critical permissions. If they won't they will have problems anyway - it's just a matter of time.
I agree with you: it's important to aware people of that problem. This is actually only one thing we can do: be aware and cautious.
Ahh and in many situations it's possible to protect yourself against problem with redistribution. First, you could check md5 - many developers give it to people, I do. Second: signatures. Each app is signed by its author, so you could check its authenticity. You could check signatures of downloaded apk using public key uploaded by dev to his WWW or using "safe" apk you downloaded earlier. Unfortunately there are no tools to do that easily :-/ Also Android does this check automatically when you install new software. So if you have installed e.g. GM modded by me, then you have downloaded new version from some mirror and succeed at installing it, you can be sure it was also from me and nobody modified it.
AllGamer said:
Several big guys already launched Antivirus For Android
Norton, Trend, and a few more
Click to expand...
Click to collapse
Hmm? I think it's impossible, cause apps can't get to data and resources of others apps. And creating an app for root users only wouldn't have much sense.
I have found Norton Smartphone Security for Android and it's anti-theft protection, not anti-virus.

I'm not a coder and came from IT field so I have lots of general questions about apk security and found this thread...great discussion. TY
Just a general question about apk security...how easy is it to alter apk for malicious intent? And is it possible for spyware writers to turn some freebie apk or rom into a bunch of botnet drone? ...just kinda scary to imagine
the news about android virus gets me nervous about installing any apk released from any individual
http://www.talkandroid.com/24949-new-android-trojan-virus-discovered-dubbed-gemini/

kobesabi said:
how easy is it to alter apk for malicious intent?
Click to expand...
Click to collapse
Quite easy for a good developer.
kobesabi said:
And is it possible for spyware writers to turn some freebie apk or rom into a bunch of botnet drone?
Click to expand...
Click to collapse
Yes, but I think that would be quickly noticed by people and then these apks, roms and developers would be banned from every forum in the internet.

Brut.all said:
Quite easy for a good developer.
Yes, but I think that would be quickly noticed by people and then these apks, roms and developers would be banned from every forum in the internet.
Click to expand...
Click to collapse
Wow, scary. Unless there is something else, that they can't get away, I don't think banning would deter much, they just laugh at the weak security as a fun challenge. If they already got tons of ip under their control...banning by account, ip, or email will not help much...they can always get new ones.
Is there a way user can authenticate/verify apk signing from authentic author/writer? Many just post apk but did not post md5 or sha sum so how can a user find out if it is original or not?
Anyway to test these apk without loading up to real phone?

Move along, derailed thread.

--

Not really, at least, not very practically. You *might* be able to set the flag that the RT jailbreak un-sets (assuming it isn't "protected" by PatchGuard the way it is in RT 8.1) but that could break a lot more things than you'd realize; desktop Windows isn't intended to be locked down that way. The best bet that I'm aware of is AppLocker (http://technet.microsoft.com/en-us/library/dd723678(v=WS.10).aspx). That link is for Win7 but I'm sure you can find resources for Win8 as well.
Practically speaking, the simple and obvious approach is to restrict those people to low-rights accounts. That won't stop them from running software that they download to their user profile, but it will prevent many installers and most malware from working, and it will make it easy to clean up any mess they happen to create.

http://google.com/search?q=windows+kiosk+mode

e.mote said:
http://google.com/search?q=windows+kiosk+mode
Click to expand...
Click to collapse
When you're trying to be a smartass, at least make sure you are referring to the right thing.

Thanks for reminding me why I rarely bothered with helping online peeps. Some have enough manners to actually acknowledge the help. Most will just get what free help they can and never reply. A few special cases turn out to be a-holes who think they deserve the red carpet VIP treatment, and start lipping off if they don't get it. Guess which category you fall into?
If you had actually expend the two seconds to click on the provided link before flapping your lips, then the kiosk mode fits what you're describing, which is to lock down Windows to a few assigned functions. MS did put out a freeware called Steady State, but that's limited to Vista or older.
Then again, reading comprehension is getting to be a rarity in these parts. Damn twits...(get off my lawn...hahah)

Except, apparently, it's you who misread the request... or perhaps misread what Kiosk Mode in Win8.x does. It would be much *too* restrictive for the OP's needs, because it would prohibit using the desktop (or any of its software, such as Explorer or Word), or downloading Store apps (much less running them; it's limited to a preselected app). So, while perhaps the "smartass" reply was unwarranted (I remind you again that your avatar - showing a creature typically believed to be of sub-human intelligence rolling its eyes - will cause many people to automatically *assume* you're being a smartass even when you don't intend such) - you weren't actually being very helpful either.
With that said, OP, you really should search before posting; this exact question has been asked, discussed, and rejected as impractical before.

I read the request just fine. OP wants a way to restrict peeps from doing "bad stuff" on a Win8 box. Then, kiosk mode is a good key word to search on. There are others, of course, but noobs are only interested in being spoonfed, so I threw him a freebie to start out.
You should expand your knowledge. Kiosk mode (to lock down the PC) is a generic term that pertains to a variety of solutions, and not just the particular built-in Win8 solution you referred to. Locking down (public) PCs is a common need, and solutions abound. While Win8 has had very little new desktop software for it, Win7 does have a wide range of 3rd-party software, some of which undoubtedly have been upgraded to work with Win8. Shocker, there are actually more than one page of search hits.
BTW, I'm sick and tired of people (all two of them) casting aspersions on my avatar. It's a damn pic. I happen to like orangutans and think they're cool cats. Works for me, and if you don't like it, tough. So, do spare me the Dr Phil routine, before I start writing a dissertation on the irrelevant ramblings of someone who calls himself "GoodDaytoDie". When I want your 2 cents, I'll ask for it.

e.mote said:
Thanks for reminding me why I rarely bothered with helping online peeps. Some have enough manners to actually acknowledge the help. Most will just get what free help they can and never reply. A few special cases turn out to be a-holes who think they deserve the red carpet VIP treatment, and start lipping off if they don't get it. Guess which category you fall into?
If you had actually expend the two seconds to click on the provided link before flapping your lips, then the kiosk mode fits what you're describing, which is to lock down Windows to a few assigned functions. MS did put out a freeware called Steady State, but that's limited to Vista or older.
Then again, reading comprehension is getting to be a rarity in these parts. Damn twits...(get off my lawn...hahah)
Click to expand...
Click to collapse
Oh you are soooo helpful, providing me a link to a Google search that's not even the right thing. I think I said that I need them to use more than one app.

GoodDayToDie said:
Except, apparently, it's you who misread the request... or perhaps misread what Kiosk Mode in Win8.x does. It would be much *too* restrictive for the OP's needs, because it would prohibit using the desktop (or any of its software, such as Explorer or Word), or downloading Store apps (much less running them; it's limited to a preselected app). So, while perhaps the "smartass" reply was unwarranted (I remind you again that your avatar - showing a creature typically believed to be of sub-human intelligence rolling its eyes - will cause many people to automatically *assume* you're being a smartass even when you don't intend such) - you weren't actually being very helpful either.
With that said, OP, you really should search before posting; this exact question has been asked, discussed, and rejected as impractical before.
Click to expand...
Click to collapse
Well then our resident Google expert should tell me the search string to Google, as whenever I search anything related to RT and exe, I just get RT jailbreak stuff.

e.mote said:
I read the request just fine. OP wants a way to restrict peeps from doing "bad stuff" on a Win8 box. Then, kiosk mode is a good key word to search on. There are others, of course, but noobs are only interested in being spoonfed, so I threw him a freebie to start out.
You should expand your knowledge. Kiosk mode (to lock down the PC) is a generic term that pertains to a variety of solutions, and not just the particular built-in Win8 solution you referred to. Locking down (public) PCs is a common need, and solutions abound. While Win8 has had very little new desktop software for it, Win7 does have a wide range of 3rd-party software, some of which undoubtedly have been upgraded to work with Win8. Shocker, there are actually more than one page of search hits.
BTW, I'm sick and tired of people (all two of them) casting aspersions on my avatar. It's a damn pic. I happen to like orangutans and think they're cool cats. Works for me, and if you don't like it, tough. So, do spare me the Dr Phil routine, before I start writing a dissertation on the irrelevant ramblings of someone who calls himself "GoodDaytoDie". When I want your 2 cents, I'll ask for it.
Click to expand...
Click to collapse
Oh yes, go ahead, call me a noob.
I know about various kiosk software, and I also know that there's always a way to get around it - some people literally turn off their antivirus software because the malware tells them to. Which is why I wondered about having an RT-style lock, without any visible toggles and switches to disable it.
And by the way I didn't look at your avatar at all, I just really don't think that pointing somebody to Google, or even worse, LMGTFY, is just rude.
Considering that this is a website where I got banned twice and flamed out of a thread because I mentioned ways to improve things in it, I expect other people to be nicer.

>Oh yes, go ahead, call me a noob.
OK, noob. Here's the thing. It's rude to expect people to be mindreaders, and start lipping off if they don't give you the exact answers you wanted. Did you say you already tried kiosk software? Hmm, no. Do you know that "kiosk mode" has a general meaning of locking down PCs, and kiosk software allows a variety of possible configurations? Hmm, not likely, considering your penchant of lip first and read later.
>I just really don't think that pointing somebody to Google, or even worse, LMGTFY, is just rude.
Wow, you DO expect manners, even though you have none to offer. Well, noob, reality check. Lots of questions are answered by simple search queries. If you think that's rude, then you should stop asking questions, because with your flipping people off when you don't like their answers, this thread will inevitably be the result.
>this is a website where I got banned twice and flamed out of a thread
Why am I not surprised. Going for a third?
>I expect other people to be nicer.
Right, it's always other people who need to be nicer, but you can be an a-hole because God has given you a lifetime license. Good luck with that.

http://lmgtfy.com/?q=how+to+link+to+google+and+expect+to+be+called+a+saint
I think "RT-style" is specific enough to not require any mind reading. What YOU linked me to was not specific at all. But hey, it's the XDA tradition to call people noobs if they refuse to suck your ****, right?

[LIBRARY] Anti-piracy with online pirate app list

Although there is no (yet) statistics showing the real number to how bad the piracy on Android is, there are reports saying more than 90% of installs on Android were not paid for (Google). There have been lots and lotsa blows exchange between developers and hackers (and for gods sake this is never gonna end). Anti-piracy solutions are being discussed here and there, all the discussions are (eventually) pointing towards server authentication as the only way to counter piracy effectively.
As a developer, I am not excused from all this hack-and-anti-hack things. And (obviously) I have no better solution than anyone else. Here, I am gonna share a small library that I have coded to help scan for pirate apps on the device. This library is really simple, what it does is to grab a list (I called it pirate-app-list) from the internet and scan it through the device to determine whether an offended app is installed on the device.
This project is actually a product from the 1st suggestion in this XDA thread. In the thread, it recommends to search for the pirate apps and force the user to uninstall it. I implemented the former part of the suggestion, while leaving the latter to the developers to decide. The only difference that I have made is to put this static list on the internet instead of hard-coding it to save us the trouble of updating the app for the purpose of updating the list.
This project is by no means a solution to anti-hacking. Rather, its a hope that developers can work together to make sure users stay away from those apps (by forcing/reminding them to uninstall it). I believe those apps will not survive if it does not gain enough active users? Or maybe it does..
This project is open-sourced on GitHub together with the pirate-app-list. Feel free to check it out.
Currently, only "Lucky Patcher" and "Freedom" are listed on the pirate-app-list (with filters). Anybody interested in the project are free to join so we can work on the list and more importantly, the definition of what a pirate app is.
Your feedback is very much appreciated.
Thank you.

reserved

reserved

Lucky patcher is also used for functions that do not concern piracy, such as running two versions of the same app... I think that you can't force or continuosly remind a user to uninstall an app that he needs.
Edit: Also, I think that most of the piracy is based on pirated apk, not apps like LP or Freedom, which only act for IAP. The solution to prevent IAP piracy is server validation, but for pirated APK it's not.

Coraz said:
Lucky patcher is also used for functions that do not concern piracy, such as running two versions of the same app... I think that you can't force or continuosly remind a user to uninstall an app that he needs.
Edit: Also, I think that most of the piracy is based on pirated apk, not apps like LP or Freedom, which only act for IAP. The solution to prevent IAP piracy is server validation, but for pirated APK it's not.
Click to expand...
Click to collapse
Thank you for your reply.
Actually, as I have pointed out in the thread, this project implements only the scanner part, it doesn't act for the developers. Developers have to decide what they want to do with the detected piracy. Its really nice to be able to run 2 versions of the same app on 1 device, I believe ChelpuS should make another app with this feature, or without other features in Lucky Patcher.

I'm sorry, but if an app tells me to uninstall something - I'm uninstalling that app first

DANIEL TAN said:
Although there is no (yet) statistics showing the real number to how bad the piracy on Android is, there are reports saying more than 90% of installs on Android were not paid for (Google). There have been lots and lotsa blows exchange between developers and hackers (and for gods sake this is never gonna end). Anti-piracy solutions are being discussed here and there, all the discussions are (eventually) pointing towards server authentication as the only way to counter piracy effectively.
As a developer, I am not excused from all this hack-and-anti-hack things. And (obviously) I have no better solution than anyone else. Here, I am gonna share a small library that I have coded to help scan for pirate apps on the device. This library is really simple, what it does is to grab a list (I called it pirate-app-list) from the internet and scan it through the device to determine whether an offended app is installed on the device.
This project is actually a product from the 1st suggestion in this XDA thread. In the thread, it recommends to search for the pirate apps and force the user to uninstall it. I implemented the former part of the suggestion, while leaving the latter to the developers to decide. The only difference that I have made is to put this static list on the internet instead of hard-coding it to save us the trouble of updating the app for the purpose of updating the list.
This project is by no means a solution to anti-hacking. Rather, its a hope that developers can work together to make sure users stay away from those apps (by forcing/reminding them to uninstall it). I believe those apps will not survive if it does not gain enough active users? Or maybe it does..
This project is open-sourced on GitHub together with the pirate-app-list. Feel free to check it out.
Currently, only "Lucky Patcher" and "Freedom" are listed on the pirate-app-list (with filters). Anybody interested in the project are free to join so we can work on the list and more importantly, the definition of what a pirate app is.
Your feedback is very much appreciated.
Thank you.
Click to expand...
Click to collapse
Sorry to tell you. But XDA rule number 6 States that you are not allowed to talk about apps like Lucky Patcher and Freedom. I hope the moderators will ignore you for a noob.
Regards,
PoseidonKing

PoseidonKing said:
Sorry to tell you. But XDA rule number 6 States that you are not allowed to talk about apps like Lucky Patcher and Freedom. I hope the moderators will ignore you for a noob.
Regards,
PoseidonKing
Click to expand...
Click to collapse
You are misinformed. We allow threads such as these because they are educational and are about preventative purposes against those applications. I would suggest you actually read what the purpose of this thread is about before telling other users about what the XDA rules say, which incidentally is not your 'job' to do.