Archive for the ‘General’ Category

I’m On Google+ • November 9th, 2011

I created a Google+ page, as well as my personal page. Not quite sure what I’m going to do with it just yet. But, it’s there.

I have posts for each of my apps, for all your fan vs. flame comments.


Back On-line • April 28th, 2011

I’m going to be working on bringing flash-the-brain back from the dead. For those of you just learning, my last web hosting vanished. I have backups, but it’s not in the friendliest of forms, so I have to copy/paste each article from some RSS archives. But, at least I can start making some new posts!

More to come.

Market Exploit • September 8th, 2010

My recent post about the permission bug has reveled an interesting market exploit. I made it a bug ticket on Google’s site, but they chose to ignore it. So, I made this video showing the exploit in action.

Hopefully, Google will take notice. This is something they could easily fix without having to release an update to the Market application. I think they could just patch the website you submit your applications to.

Permissions Bug • September 7th, 2010

There’s been a lot of reports of trojan Android applications in the market over the last few weeks. Because of which, I’m falling victim to the resulting fallout of user paranoia.

In a recent comment on my application in the Android Market, Tony states:

“This download page only indicates that the app uses System Tools, but the Applications menu says it requires access to make phone calls. Uninstalled.”

Now, Tony got some things wrong in his comment, but he got some things right too; which I found very alarming.

What Tony Got Wrong.

Tony stated that my application requires access to make phone calls. This is not true. The only permission my application in the market requests, is the ability to prevent the phone from going into its sleeping state.

I do this so my flash light will stay lit until you expressly turn it off. This way, you can launch my app and set the phone down to light a room while you perform a task. Or, to stop the need to continuously futz with the screen to keep it on for those with shorter sleep times.

What Tony Got Right.

Tony found additional permissions which he didn’t grant being displayed in the Settings > Applications > FlashLight > Permissions section. As you can see in the image below.

Different permissions shown after installing application.

This had me perplexed. Why would my application suddenly have these extra permissions which were not requested?

What I Believe Is Happening (Updated).

Because, I allow the user to move my application to the SD card, it automatically grants these extra permissions.

“Modify/delete SD card contents,” would be needed in order for the application to write and remove itself from the SD card as it’s moved back and forth.

“Read phone state and identity,” would be needed in order to make sure that the SD card is in the same phone that put the application there.

Looks like access to the SD card and phone identity was always allowed in versions of android 1.5 and earlier. So, if you create an application that is compatible with these legacy devices, you automatically gain access to these permissions. If you want to make sure you DON’T have these permissions, you have to expressly state that your application targets a later version of Android.

<uses-sdk android:minSdkVersion=”3″ android:targetSdkVersion=”4″/>

This is a wee bit scary. It’s feasible that a user thinks they’re only granting an Internet permission, but in reality the app could have complete access to their phone identity and SD card data which could be transmitted.

File It As A Bug.

There’s no question in my mind that this is a bug. Even if this is happening by function, it’s inadvertently eroding the user’s trust. Only permissions expressly granted by the user for the application should be shown under the system information. You can view my bug filing here (star it if you’d like Google to address it.):

http://code.google.com/p/android/issues/detail?id=11080

Food For Thought (Updated).

If I’m gaining storage permission in this way, could I write an application that secretly or maliciously augments SD card data without the users knowledge?

Update: So, I just tested this and frightening enough it works flawlessly! I created an application called “Permissions Test.” All the application does is look for a file on the user’s SD card called “deleteme.txt,” and remove it if it finds it. I then submitted it to the market only requesting the Wakelock permission. Sure enough, the Android market only notifies me of that single permission, but allows me access to the SD card anyway and deletes the file. I have removed the app from the market since I don’t want anyone to download it.

FlashLight 1.3 beta • August 20th, 2010

I finished a version of the Flashlight app that makes use of the Camera LED. It’s currently in beta, and I’m looking for you to test it on your phone. Please post your comments here as to whether it works or not, and if you get any force close errors. Be sure to include what phone and Android version you’re using.

To initiate your phone’s LED flash, double tap on the screen. To return to the screen flashlight, double tab again. If your phone doesn’t support the method, it simply shouldn’t work (but it shouldn’t crash the application either.). I have a hunch my LED implementation will only work on phones running Froyo or better. That’s what I want to find out.

Note: The app now requests the camera permission. This is so I can access the camera LED flash. I’m not storing any images from the camera, nor sending the stream or storing the stream anywhere. I couldn’t even if I wanted because I’m not requesting the Internet permission. Don’t Panic.

FlashLight_1.3.apk

Comments • July 2nd, 2010

A screenshot of the FlashLight developer comments page.

Google finally added comment support in the developer area. This has been a welcome addition because developers can finally see what comments are being left by people in other countries. On the phone, you can only see comments in the market that match your language.

It’s been fun trying to figure out what language I’m reading, and using Google translate to decode it. Here are a few of my favorites:

  • Отлично! Как раз сегодня выключили свет. Очень помогает
    (Russian)
    Excellent! Just today, turned off the light. It helps
  • 就是有的颜色稀里古怪的
    (Chinese)
    Is rare in some weird colors
  • A mí esta aplicación tan simple me viene de perlas
    (Spanish)
    To me this application is as simple pearl me
  • すぐ起動できるし、けっこう使える!
    (Japanese)
    You can start right away , pretty useful !
  • Bellina come torcia,piccola e senza pubblicità…secondo me la migliore
    (Italian)
    Bellina as a flashlight , small and without advertising … I think the best
  • 완전좋아요
    (Korean)
    What’s going on completely

The translations aren’t the best in some cases, but it looks like my app has been well received around the world.

FlashLight 2.0: Concept • June 20th, 2010

FlashLight 2 Concept Mock-ups

I’ve worked out the next version of FlashLight that I plan to build. Above are the mock-ups for the different screens that I need to create. I’m going to have the ability for a person to create their own colors, and well as devise some way of making use of the LED camera flash if possible.

This new version I’m going to charge a dollar for. People are going to hate it, but oh well.

Nexus Can’t Twist • April 1st, 2010



I noticed that there is a difference in functionality between the Droid and Nexus One (N1) when running the Google Earth application. The Droid has a twist feature that the N1 does not. I believe this to be related to the screen issues with finger tracking on the Nexus One. This would lead me to believe that Google is aware of the issue, and disabled this feature in the application.



Google Sends Another! • March 30th, 2010

Droid

I feel like the luckiest chap in the world. I was supposed to go to the Washington DC Google Developer Lab, but they canceled it due to the 36 inches of snow we got. As a, “sorry,” they told us they’d send us a free development phone. It arrived today!

This time, they sent me a Droid! Which is great, because they just sent me a Nexus One, and I really wanted to test some things on a different phone.

Update #1

The phone came with one free month of Verizon, and a 16GB microSD card.

My Phone Arrived! • March 23rd, 2010

Hey everyone, thanks so much for loving and downloading my FlashLight application from the market! You’ve made it the #2 most downloaded flashlight application on the market, and have earned me a free Nexus One development phone!

Sincerely,

Brenton Klik