Watch out for “START NOW” dialogs in Lollipop

Malicious Android app can take screenshots of other apps without your permission if you tap “START NOW” on a seemingly innocent dialog.

This is a result of an everlasting Android “tapjacking” vulnerability which allows for malicious apps to obscure other apps or system dialogs. The video below presents the vulnerability demo app.
Continue reading Watch out for “START NOW” dialogs in Lollipop

What’s wrong with Lollipop

When Android 5.0 shipped with a number of bugs and memory leaks many people complained about apparent Google QA deficiencies. Surely, the initial Lollipop ROMs shouldn’t get a green flag from QA but it looks like the problem lies much deeper in Google’s delivery process.

I don’t have enough insider knowledge to point out where exactly the organizational problem lies but based on the code analysis I can demonstrate that issues span from APIs design through implementation to testing. I am going to use Lollipop Screen Capture API as an example.
Continue reading What’s wrong with Lollipop

Accessing Android internal APIs from apps

Android SDK provides access to many great APIs and features but there are still many missing or incomplete. This is especially true about access to some slightly non-standard features. For example hardware video encoding API got added in Android 4.0 but it took four major releases before the usable API got exposed in Android 4.4 SDK.

Luckily for those of you who are not patient enough to wait two year for the private API to get publisher it’s possible to access such private APIs using couple tricks I’m going to describe in this post.

Continue reading Accessing Android internal APIs from apps