Hi,
Anyone can recommend a good application to store passwords / secret notes ?
I am using e-Wallet on WinMo, it is very nice and has desktop sync app.
Thanks.
For passwords KeePass or Lastpass are probably your best bets.
Thanks for the suggestion, I found this:
http://code.google.com/p/secrets-for-android/
Secrets for Android is an application to securely store and manage passwords and secrets on your Android phone. It uses techniques like strong encryption and auto-logout to help ensure that your secrets remain safe (assuming you use a good master password!). Context-sensitive tips guide you along through its operation, making it easy to use.
Secrets for Android is open source using the Apache 2.0 licence, so you can examine the code yourself, or modify it to your needs.
Click to expand...
Click to collapse
It could be nice, but I dont find any screenshots.
I like the open-source approach for this kind of app, and it seems it can import from many other password keeper/manager apps database!
Anyone is using it?
UPDATE: It does not support folder / categories ... so, not good ...
Is there a way of creating and deploying an wp7 app that would be only available to our company agents.
As far As I understand this you can only deploy any app via the Market Place - this is useless for any internal business application.
Do I need to wait for better mobile device management or is there away around this ?
Any pointers appreciated guys.
Two ways to do it, the way I see it...
1. Add the program to marketplace, but require an registration number to be inputted in the program for it to work.
2. Side-load it
tiwas said:
Two ways to do it, the way I see it...
1. Add the program to marketplace, but require an registration number to be inputted in the program for it to work.
2. Side-load it
Click to expand...
Click to collapse
2 won't work, as it could be redistributed.
1 might, but we all know how well registration models work (cracks)
this might be a job for phone-home drm.
tiwas said:
Two ways to do it, the way I see it...
1. Add the program to marketplace, but require an registration number to be inputted in the program for it to work.
Click to expand...
Click to collapse
This would probably be the best, especially considering that your agents probably need to login anyway.
But I think that you won't pass certification if they can't test the app.
I don't know what your company does, but maybe you could release an app that is many targeted at your customers and everyone could use. This app could then have a hidden setting to enable special functions after a agent has logged in.
Microsoft are planning on supporting this in the future, their current suggestion, IIRC, is to use some sort of login though.
Hello!
I'm software developer from Russia, and made one very popular app in local market. Very soon I realized that I need an ability to give licensed version of app for my friends or reviewers or someone else.
Unfortunately AppHub doesn't provide such functionality(private distribution is pain in ass), so I created a webservice for myself.
After two days I realized that it may be useful for other developers, so here it is:
promo.g33k.ru (here I wanted to post url, but I can't due to low post count. You may find it in my profile->interests)
Now it has:
- JSON/SDK with RSA1024/SHA1 sign for additional security checks
- Binary SDK available
- Russian localization(if anyone cares ) (btw, if you can help translating to other language(s) or correct english misspellings - i will appreciate this).
Now this service works in beta mode.
So for developers I have two questions:
1) Is such service useful for you?
2) How to develop it further, in which way?
Not yet clear
I am sorry, but after reading your post and also checking your website I am still not sure what you offer. For me there is just not enough information to understand and then judge the usefulness of your service.
Maybe you could give a step-by-step scenario: Dev does this, then interested user does that, dev then this ...
Ok, I'll try to describe a little more details:
1) Developer wants to add capability of promo codes in his app(to give some specific users full licensed app).
The first problem is that developer need his own server for checking of promo code validity(hardcoding is not an option, of course).
2) So, Developer registers in my service, add his app's guid to his app list and create a promo code for specific app via web.
3) Developer adds support for promo codes in his app by:
a) adding an text box for user to enter promode
b) adding a web request to specific URL for promocode activation
c) adding to his license check web request for checking is current user activated a promo code.
Benefits for developer:
- Add support for promo codes without owning a server.
- Simple way to give full version of program to friends
Benefits for users:
- User may found promo code for specific app somewhere and use it to get full version of app in simple manner.
Benefits for reviewers/portals:
- Developers can easily give promo code for reviewing purpose or as giveaway for news post.
Clear now
Thanks for the additional info, now it's clear
Well yes, sounds useful. Properly implemented is probably really easier than Microsoft's "closed beta" mechanism, and of course can be used for other, non-beta apps as well.
The icing on the cake would be a "frame application" as sample code that basically does nothing more than asking for a promo code and then check against the list of valid codes on your server.
Sounds intresting but how do you ensure security?
chabun, I thought about security and situation is same as with default checking for trial - there is no security Man-in-the-Middle and direct cracking of xap will work, and there is no way out. I could use RSA signing for MitM, but still cracking of xap is very easy option today, so no one really interested will try to use MitM. When WP8 SDK will be out(I believe it will be in several weeks) - some developers may implement trial checks in native code - this will be much harder to crack.
As for server part there are following possible problems
- App's ID squatting(same as domain, someone else could reserve developer's app's guid). Don't know yet what to do with this, may be think about it later when this happens?
- Promocode's for App ID bruteforce - could be easily avoided via server throttling, if this ever happens - i'll add such checks
- Server DDoS - every webmaster's nightmare, I hope this never happens(or my Amazon AWS will pour my purse empty
rbrunner7, nice idea, I'll add a sample app as soon as possible on site.
This looks like an interesting concept
Sent from my SGH-i917 using XDA Windows Phone 7 App
Yop, you can never avoid direct cracking... However, RSA signing would be good I'd say as it will avoid MitM - with MitM you could create simple tools which can be used by every noob outhere. Cracking xaps requires some skill and it will need an unlocked WP7 as well.
I can see this working i have been thinking about something similar also. You can encrypt the data on device before sending it off to the cloud, you can than verify the encrypted data with a password and compare it to the codes registered on the server. Than link a code to a certain device id (once the code becomes 'registered') if a certain code is already coupled to a deice id and the device is not the same than the app will jump back into trial mode. Otherwise one can use the paid mode.
This can defenetly work and will prevent reselling th codes. Although it requires a server. And users can still hack/patch the app ofcourse but that will require an unlocked device so I should not worry to much about it.
Also to prevent spoofing you can frequently check with the server if this device is legitetmately registered.
Marvin_S said:
I can see this working i have been thinking about something similar also. You can encrypt the data on device before sending it off to the cloud, you can than verify the encrypted data with a password and compare it to the codes registered on the server. Than link a code to a certain device id (once the code becomes 'registered') if a certain code is already coupled to a deice id and the device is not the same than the app will jump back into trial mode. Otherwise one can use the paid mode.
This can defenetly work and will prevent reselling th codes. Although it requires a server. And users can still hack/patch the app ofcourse but that will require an unlocked device so I should not worry to much about it.
Also to prevent spoofing you can frequently check with the server if this device is legitetmately registered.
Click to expand...
Click to collapse
That's what I thought of... private/public key
chabun, so, for example, how about following scenario:
for each developer server creates public/private key pair.
when checking license on server: if success server encodes userid with developer private key
when checking license in app: server response decoding via public key(hardcoded in app) and comparing to userId. if ok -> licensed.
You might want to ask @ngreader guys on twitter. They do have this concept implemented in their app.
diverofdark said:
chabun, so, for example, how about following scenario:
for each developer server creates public/private key pair.
when checking license on server: if success server encodes userid with developer private key
when checking license in app: server response decoding via public key(hardcoded in app) and comparing to userId. if ok -> licensed.
Click to expand...
Click to collapse
I'm not sure if it would be good to encode the request to the server as well but otherwise it sounds really cool now... I'll use this service when I need this (and tell my friends about it)
Here is one way to do it http://stackoverflow.com/questions/599837/how-to-generate-and-validate-a-software-license-key
wpxbox said:
Here is one way to do it http://stackoverflow.com/questions/599837/how-to-generate-and-validate-a-software-license-key
Click to expand...
Click to collapse
Well, what they suggest is not as good as diverofdark's service which is a lot more secure and still easy to use for the customers...
Greetings everyone!
Today I updated promo.g33k.ru, now it has:
- more detailed about page,
- SDK now includes RSA1024/SHA1 sign for additional security checks
- Binary SDK available
- Russian localization(if anyone cares ) (btw, if you can help translating to other language(s) or correct english misspellings - i will appreciate this).
- Many minor bugfixes.
So, from now this service works in beta mode
diverofdark said:
Greetings everyone!
Today I updated promo.g33k.ru, now it has:
- more detailed about page,
- SDK now includes RSA1024/SHA1 sign for additional security checks
- Binary SDK available
- Russian localization(if anyone cares ) (btw, if you can help translating to other language(s) or correct english misspellings - i will appreciate this).
- Many minor bugfixes.
So, from now this service works in beta mode
Click to expand...
Click to collapse
Thanks! I will check this out
Hey diverofdark
It would be nice if you update the first post in the thread with all information. That's the way it's usually done in the forum.
A possible user (here dev ) can read it and without having to browse the whole thread, he can use your promocode service...
Thanks for mentioning it, I updated the first post.
Want to help me with my thesis project by installing my research app on your android phone? My research involves finding malicious code on smartphones, and all the app will do is collect some data about normal power usage on your phone. All the data is totally anonymous and you won’t have to do anything once it’s installed and you’ve agreed to run it in the app. I would really appreciate your help! Anyone who’s interested can find it on the play store here: Malicious Code Detector http://goo.gl/9pNFi Tell your friends!
The Galaxy Nexus as a google reference phone running ICS/JB offers a consistent data platform so please consider running my app. Thanks.
Your app is not available in my country. I'm in Canada by the way.
Skorp_X said:
Your app is not available in my country. I'm in Canada by the way.
Click to expand...
Click to collapse
Sorry forgot to make available beyond the US when I moved it out of "alpha" testing. It should be available now if you are still interested in helping. Should be mentioned the app doesn't do anything without location resources.
Many are aware of my recent concern about this app relying on Google proprietary GCM network and spying Google Services Framework.
Here is TextSecure 2.0.6 compiled by myself from source, but without GCM/Push/GSF/Googleplay/Google Account.. No Google services required to use it at all. All other features are preserved including the latest encryption protocols. This is pure SMS with no internet needed. I am sharing this app under GPL3 license.
INSTRUCTIONS: Unzip and install as a regular app. Keep in mind that you have to uninstall previous versions as they are signed with different signature. Just back up your app with Titanium backup and restore data only.
Source: https://github.com/WhisperSystems/TextSecure
Creidt to original developer Moxie Marlinspike.
You pretend like it's not possible to use the current version without GCM/GSF installed, which is plain wrong.
It works very well, there is simply a message that tells the user he/she won't be able to use push messages without GCM.
You are basically telling people to trust that you didn't mess with it, instead of trusting Moxie (an accomplished security expert) and Open Whisper Systems.
If you want people to use this, you should release the source code, which you are already required to do by the GPL (https://www.gnu.org/licenses/gpl-faq.html#GPLRequireSourcePostedPublic), add documentation how an identical build can be built and the hash of it.
It's also funny that your "pure SMS with no internet needed" version still requires full internet access in the permissions...
lindworm said:
You pretend like it's not possible to use the current version without GCM/GSF installed, which is plain wrong.
It works very well, there is simply a message that tells the user he/she won't be able to use push messages without GCM.
You are basically telling people to trust that you didn't mess with it, instead of trusting Moxie (an accomplished security expert) and Open Whisper Systems.
If you want people to use this, you should release the source code, which you are already required to do by the GPL (https://www.gnu.org/licenses/gpl-faq.html#GPLRequireSourcePostedPublic), add documentation how an identical build can be built and the hash of it.
It's also funny that your "pure SMS with no internet needed" version still requires full internet access in the permissions...
Click to expand...
Click to collapse
What a pure bull...
I am not telling people to trust me. All I did was remove Push and GCM ability. And all I need to say is what I said in the original post. That's it. Now, here, unlike Google blobs, the app could be decompiled and easily examined.
Now, with each your response, I am more and more convinced that the development is compromised...