Dissecting Android Apps

Dissecting Android Apps

Openness of Android makes it very delicious target for the exploiters, reverse engineers. Android offers a very nice advantages for malicious actors which are not available in compare to its rival iOS. It is possible to peek into the source code when it comes to Android (Yes, I am talking about AOSP) and modify the OS and all the things come along according to your taste. Even in retail devices, It is possible to tamper with the system without much hassle and headache....

July 26, 2022 · 7 min · SlothieSmooth
Global Coroutine scope is scary

Global Coroutine scope is scary

Overview Using suspend methods with coroutines is a new norm while using Kotlin in Android, Kotlin Native or Kotlin Multiplatform. Recently, I have been searching good libraries for the multiplatform for a pet project I am working on, and I have seen many libraries and implementations that uses GlobalScope as coroutine scope. This is a huge antipattern because using GlobalScope can lead to memory leaks. Problem with GlobalScope Though in Android, using suspend methods is fairly easy because you can just use viewModelScope because most of the heavy lifting is being done inside viewmodels....

January 29, 2022 · 3 min · SlothieSmooth
Logging for dummies

Logging for Dummies

Overview Logs are very useful while debugging an issue and finding a root cause for it. I would write tons of garbage logs lines such as “inside save image method”, “user clicked on button send” or something like “image-Id=83488131". I would delete all these stuff as soon as I know what is the issue, and ready to commit changes. But, having too much verbosity in logs is equally bad and pollutes the log cat....

November 1, 2021 · 8 min · SlothieSmooth
Android Webview Vulnerability

Exploiting Android WebViews

Overview Webview in Android is a system component that runs on chromium engine that allows Android apps to display web view content. There are plenty of apps out there that simply wraps web pages or web content which is stored in app. Most of the cross-platform apps uses Webview to provide easy to use interface for their users. Now coming to more technical side of the things, being a developer you can debug your Webview with ADB....

October 30, 2021 · 3 min · SlothieSmooth
Intent extractor for lazies cover image

Intent extractor for lazies in Kotlin

While developing Nyx, I stumbled upon a custom delegate that would get me the extras using an inner class. Similar to safeArgs. I found it a very intriguing thing for a lazy ass like me. I implemented the same for my other app Ip-Scanner but immediately realized it contains a boilerplate code. For each fragment and activity. Being a lazy person, I hate writing boilerplate, I made few extensions that would get the extras for me with Kotlin lazy....

June 20, 2021 · 3 min · SlothieSmooth