How to prevent an Android app from embedding my website - javascript

I'm trying to figure out a way to prevent developers from embedding my website in their Android apps. I've tried user agent sniffing, but I ran into a problem where I'd accidentally prevent Android users on their mobile browsers from viewing my sites. Any way to detect if the site has been embedded, either through JavaScript or another tool?

Related

is there an iOS counterpart of intent-filter in android?

I am developing an app that sends a verification link via email. When the link in email is clicked, user should be prompted to open the iOS app if it is installed. Otherwise, it will direct to Safari browser for its website app counterpart. In android app, I was able to do this since there is the intent-filter feature in android development. Also, as much as possible, I am avoiding in iOS to redirect to the browser, and open the website, wait for it to load, then open the iOS app installed since it will be costly for the user to wait for the website to load. So the javascript workaround solution is my least option to do.
So I was wondering if there is an iOS counterpart of intent-filter. Or any workaround/implementation would be appreciated.
P.S. I am a newbie here in stackoverflow so go easy on me. thanks :))

Prevent Captive Portal auto-close after authentication (Android)

So the simple idea is that we have a RADIUS server setup to allow users to authenticate with our Ruckus controller via user credentials. On authentication the user should be redirected to a page that allows them to manage MAC authenticated devices.
On everything we have tested so far, including "older" Android devices this seems to be no issue and things run as they should. However with Lollipop (5.0+) versions of Android the captive portal has changed quite a bit, and part of that change is to automatically close the captive portal that launches when you join the network. Because we want them to be redirected to a MAC device management page after authentication so they can add the device they currently logged in with and avoid having to log in again, this is bad.
What I have tried:
Detecting if the browser is being launched in a mobile device and popping an alert in onbeforeunload that attempts to keep the browser open.
Opening a new browser window, pointing to the redirection URL, when successful authentication is detected (essentially managing the redirect ourselves).
Performing Option 2, and then Option 1 on the redirected URL
What won't work:
Asking users to disable the captive portal option on their device. Not trying to point general users to advanced controls.
Creating an open network to access the MAC manager, it must be behind some authentication.
Solution For Now:
We are unhappy with this solution, but for now we are simply asking users to authenticate with the network and then open their browser and go to the basic login portal page (non-network authentication) that users use to manually add devices they can't connect with (like printers, gaming devices, etc.). Though this works, it is a pain for users to have to login, open a browser, manually enter a url, and login again.
This isn't a problem that people haven't run into, see here, I just haven't been able to find a solution from anyone that has run into the problem. Certainly there is some way of utilizing javascript or something to keep the browser open in this situation. If not, anyone have any better ideas for managing things?
We have managed to keep the UAM Browser / captive portal browser open on lollipop by adding firewall rules blocking :
clients3.google.com
clients1.google.com ,
android.clients.google.com
connectivitycheck.android.com
connectivitycheck.gstatic.com
Thus after the user is authenticated the UAM / Captive Browser stays open.
You can keep UAM open as long as you need, you can close it by invoking a reverse proxied 204 redirect to google's connectivity page.
This appears to be new Captive Portal behavior in Android devices since the release of Lollipop (5.0).
We have not yet discovered a workaround. If there is an explicit way to disable the auto-dismissal it is probably only documented in the Android codebase available here (I've been looking, but haven't found anything definitive yet):
https://android.googlesource.com/platform/frameworks/base
FYI, we've also noticed Android uses CloudFront CDN for its captive network detection. Our captive portal solution originally used CloudFront for assets, so we had to whitelist CloudFront subnets in pre-auth ACLs. Whitelisting CloudFront subsequently caused captive network detection to fail on recent Android devices. We had to abandon CloudFront CDN to restore captive portal functionality for Android devices.
Why don't you just hold captive portal opened after authentication? You can always allow access to every site except captive checking sites.
Tested and working both Android and iOS in all versions.
If you need to access cookies/shared storage from default browser (not captive ios/android sandboxed browser), you gotta hop out it before authentication.

Android Chrome Website

Guys I build a website and when i am accessing it from the android browser(Default) A script that is very important on the functionality of my website is not being displayed. But when I am accessing it from the android google chrome browser the script is being displayed as I was expected to see.
My site is responsive, it adapted to the screen of the user.
I am using galaxy note 2 and the android version is 4.3.
I was thinking to build an android application such as a browser that is going to be always fullscreen and locked on my site but i do not what google chrome browser has and making my website as I want it to be.
Any help?
I'm not sure what you mean by Android Browser (default). Is there a Samsung Browser already preinstalled on the phone that isn't Chrome?
My guess, off the top of my head, is that JavaScript is disabled on this other browser. If you were to create your own browser with an Android WebView, JavaScript is disabled by default and must be manually set to true.
A quick Google search for 'Samsung Note JavaScript' doesn't return anything readily apparent, but here are a few different Samsung Models with directions on how to enable JavaScript on their browsers. I would imagine the process is similar for the Note 2.
http://support.t-mobile.com/docs/DOC-6782
http://www.droidista.com/2014/06/enabledisable-javascript-on-samsung.html
http://www.att.com/esupport/article.jsp?sid=KB117209&cv=820#fbid=omMGs_GnNUf

Come back to iPad Webapp after going to Mobile Safari

I'm creating an RSS Reader Web app for iPad. In my application, there is a button that opens the URL of each article in Mobile Safari (with target="_blank" method)
But the problem is, after user goes to Mobile Safari from my web app, and then closes Mobile Safari, iPad goes to the home page. but it should come back to my web app.
I tried to implement an in-app browser in my web app with iframes, but there is too much problems with it. many sites does not allow users to open their website inside an iframe, also there are some problems with implementing back button for the iframe, you can read the problem here.
What is the best way for my purpose? Is there any way to come back to web app after closing Mobile Safari? If not, what should I do? Is it possible to solve in-app browser problems? How?
If you're using phonegap (which it sounds like you are), I would suggest the InAppBrowser or ChildBrowser plugin

Launch mobile Safari from UIWebView *without* modifying app source?

I'm developing a small site that will only be viewed in-app inside a UIWebView, and one page has several links to an external website. I'd like these to open in mobile Safari, but all links inside the app load within the webview. Modifying the source of the app isn't an option since the site needs to be live before any changes could be submitted.
Is there a way to force a link inside a UIWebView to launch mobile Safari using HTML/5 or Javascript? Mimic shouldStartLoadWithRequest? Sneaky, hacky workarounds or brilliant alternate solutions?
(And, out of sheer curiosity... why not?)
It would be bad design to let sites access the frameworks on the iPhone via simple HTML. This would open up all sorts of security holes. Its not web behavior you want to alter, so I think you may need to change the app source. I still don't understand why that isn't an option. Could you go into more depth?
One option would be to add a custom URL handler. Your website could then determine if the "broswer" is the app and serve custom URLs for those links you'd like to maintain (aka open) in your app. Then, any standard HTTP/s URLs would open in Mobile Safari.
In other words, have your web server provide urls like myappurl:// for the links you'd like your app to handle, and http:// which would open Mobile Safari.

Categories