Skip to main content

Metaphor: Kritische Sicherheitslücke in Android

Metaphor hängt wohl direkt der Medien-Bibliothek von Android zusammen und ermöglicht den Zugriff von außen auf ein Android-Gerät. In diesem Fall muss ebenso aber erst der Nutzer agieren, er müsste beispielsweise eine kompromittierte Webseite auf seinem Smartphone öffnen, welches mit Android 2.2, 4.0, 5.0 oder 5.1 ausgestattet ist. Daten könnten gestohlen werden, selbst der Zugriff auf Mikrofon und GPS eines attackierten Gerätes soll möglich sein.



Most Favorite Posts

Using Speech with iOS and Android: SiriKit, Voice Capabilities, Google Assistant

SiriKit enables your iOS apps and watchOS apps to work with Siri, so users can get things done using just their voice. Your content and services can be used in new scenarios including access from the lock screen and hands-free use.

Apps adopt SiriKit by building an extension that communicates with Siri, even when your app isn’t running. The extension registers with specific domains and intents that it can handle. For example, a messaging app would likely register to support the Messages domain, and the intent to send a message. Siri handles all of the user interaction, including the voice and natural language recognition, and works with your extension to get information and handle user requests.

Apple Developer

Adding Voice Capabilites

Voice actions are an important part of the wearable experience. They let users carry out actions hands-free and quickly. Wear provides two types of voice actions:

These voice actions are task-based and are built into the Wear platfo…

Implementing UI tests on iOS and Android using screenshot comparison tools

Have you ever thought when writing or maintaining UI tests, there must be a better way?

Take a look at screenshot tests provided by Google Firebase and Facebook:

A "snapshot test case" takes a configured UIView or CALayer and uses the renderInContext: method to get an image snapshot of its contents. It compares this snapshot to a "reference image" stored in your source code repository and fails the test if the two images don't match.

GitHub Facebook

Testing rendering for your Android app is hard. How do you prevent visual regressions in paddings and margins and colors from creeping in?
Iterating on UI code is hard. How do you quickly verify that your layout or view changes work correctly in all configurations?

screenshot-tests-for-android can solve these problems by providing a test framework that checks for visual differences across changes.

GitHub Facebook

Google Firebase Test Lab
Test Lab lets you run Espresso, …

Running Espresso Tests in parallel with Spoon and Android Test Sharding

Introduction to Android Espresso Testing and Spoon

Espresso UI test automation framework is Google’s de-facto testing platform for Android app developers.

No test engineer or developer will be quite unless it validates the functionality of his app on multiple devices and emulators. For that, there is another widely used tool called Spoon (there are also cloud-based solutions as mentioned above that support parallel execution on real devices). This tool, will collect all the target devices (that are visible via adb devices) test results and aggregate them into one HTML view that can be easily investigated.

Mobile Testing Blog

Android Test Sharding

The test runner supports splitting a single test suite into multiple shards, so you can easily run tests belonging to the same shard together as a group, under the same Instrumentation instance. Each shard is identified by an index number. When running tests, use the -e numShards option to specify the number of separate shards to create and the…

How to link to TestFlight App in iOS

There are two things you need to do. First, check to see if TestFlight is installed. Then create a new link to your app.

NSURL *customAppURL = [NSURL URLWithString:@"itms-beta://"];
if ([[UIApplication sharedApplication] canOpenURL:customAppURL]) {

    // TestFlight is installed

    // Special link that includes the app's Apple ID
    customAppURL = [NSURL URLWithString:@""]; 
    [[UIApplication sharedApplication] openURL:customAppURL];

This special URL will be opened directly in TestFlight.

Finally, if you are using iOS 9 (or later), you need to make an addition to your Info.plist to get the canOpenURL: method to work.

If your app is linked on or after iOS 9.0, you must declare the URL schemes you want to pass to this method. Do this by using the LSApplicationQueriesSchemes array in your Xcode project’s Info.plist file. For each URL scheme you want your app to use with this method, add it …

NSURLConnection with Accept-Encoding: gzip

For quite some time I ranted about not being able to use compressed network communcation out-of-the-box on the iPhone.

Despite being undocumented (or I just overlooked the hint), NSURLConnection does gzip decompression transparently!

That’s how to use it:

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url
// set explicitly:
[request setValue:@"gzip" forHTTPHeaderField:@"Accept-Encoding"];


iOS: LLVM based mutation testing to check your unit test reliability, Android and Kotlin: JVM based mutation testing


Several years ago I discovered very powerful technique - Mutation Testing. Since then I was (and still am) dreaming to have a tool which will do the job for languages like C, Objective-C and C++.

Now I have confidence in that it can be implemented using LLVM.

Outline for this article:

overview of mutation testingmutation testing system - proof of conceptthoughts on potential implementation of MT system using LLVM
Mutation testing system built on top of LLVM on GitHub.
mull-project / mull


PIT is a state of the art mutation testing system, providing gold standard test coverage for Java and the jvm. It's fast, scalable and integrates with modern test and build tooling.

PIT Mutation Testing