Android AppConfig
https://github.com/PRosenb/AppConfig
The intention of this project is to reconfigure an app under test or development. This is useful, if the app under test needs to point to a staging server or has other properties specifically activated for testing purpose.
It consists of two parts:
Features
- Easy to use
- Set and delete
SharedPreference
values - Option to limit keys that can be modified
- Access authorisation with whitelist
- Controller app available on Google Play
- Everything open source
- Example app
Overview
The app App Config
connects to the app under test using a ContentProvider
. It allows to set SharedPrefences
in the app under test that can then be evaluated accordingly and e.g. point it to Staging or Production.
Initial setup
Add ConfigApp library to your app
- Add the library to your apps dependencies
implementation 'ch.pete.appconfig:appconfig:0.1.0'
- Add the supplied
ContentProvider
to yourAndroidManifest.xml
file. Inside of<application></application>
add:
<provider
android:name="ch.pete.appconfig.AppConfigContentProvider"
android:authorities="YOUR_AUTHORITY"
android:exported="true"
android:readPermission="NONE" />
- Replace
YOUR_AUTHORITY
with the apps authority, followed by.config
, e.g.com.example.config
Setup Controller app from Google Play
- Install App Config from Google Play
- Open it and create a new config entry
- Enter a name like
MyApp Staging
- Enter the authority you choose above
- Click the play button to test if the connection works
- Add whatever key/values you need for this specific configuration
- On the main screen, left swipe on your configuration and choose
clone
- Rename it to e.g.
MyApp Prod
- Modify the key/values accordingly. Usually, you want to tick
null
so that theSharedPreference
is removed.
Configuration Options
The library can be configured by setting properties on AppConfig
. All configuration options should be set early after the app starts, so e.g. in Application.onCreate()
.
The following options are available.
AppConfig.authorizedApps
Whitelist of apps allowed to access the app.
AppConfig.authorizedApps.add(
AuthorizedApp(
applicationId = "AUTHORIZED_APPLICATION_ID",
signature =
"SHA_256_HASH_SIGNATURE"
)
)
Replace AUTHORIZED_APPLICATION_ID
and SHA_256_HASH_SIGNATURE
with the values of the authorized app.
You can also run both apps and try to access it. Then the AppConfig
library logs the required details so that you can copy/paste them.
2020-05-24 10:25:37.703 14607-14654/ch.pete.appconfig.exampleapp E/AppConfig: Access denied
To allow add (Kotlin):
AppConfig.authorizedApps.add(
AuthorizedApp(
applicationId = "ch.pete.appconfigapp",
signature = "C7:0D:90:86:6D:3F:D2:3D:4C:7C:45:64:75:B0:93:97:00:5A:1F:FD:37:FE:8B:B1:61:8C:CF:EB:80:27:19:EC"
)
)
AppConfig.appConfigListener
Register a callback whenever a call is made by the controller app.
AppConfig.appConfigListener = {
// called whenever a call is made
}
AppConfig.storeValuesToSharedPreferences
Controls if the library automatically writes the received values to SharedPreferences
. Default: true
AppConfig.storeValuesToSharedPreferences = false
AppConfig.authorizedKeys
Controls which keys are stored to shared preferences. See alsostoreValuesToSharedPreferences
. An empty list allows all keys.
AppConfig.authorizedKeys.addAll(
listOf("key0", "key1")
)
Technical details
There are multiple options how apps can communicate with each other but only by using a ContentProvider
, the called app can verify the applicationId
and the signing certificate of the calling app. As we don't want any malicious app to manipulate our app in the background without the users knowledge, it's very important, that the called app can verify the caller and allow access to authorized apps only. The library implements the authorisation logic and there is a whitelist of the applicationId
with the related signing certificate. All other apps trying to call the ContentProvider
will receive a SecurityException
.
The signing key of the App Config
app available on Google Play is safe because it was created and is managed and controlled solely by App Signing by Google Play
. Even the owner of the app cannot get access to it at any stage. For this reason, the signing certificate of the App Config
app is preconfigured in the library. It can be removed from the whitelist easily though.
The App Config
app currently only supports String
values to be sent to apps under test. The library does support other data types already, so it should be possible to extend App Config
accordingly without causing a breaking change.
Contributions
Enhancements and improvements are welcome.
License
Android AppConfig
Copyright (c) 2020 Peter Rosenberg (https://github.com/PRosenb).
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.