Friday, June 21, 2019

Missing Guide for App Bundles

App Bundles is an amazing feature for Android Developers. It helps reduce the app size for quicker downloads without having to worry about building for every architecture separately. Bundletool provides command line too to help with testing App Bundles before publishing the app.

Bundletool docs seem to miss critical information to complete testing for developers today. This guide hopes to fill the missing gaps in bundletool docs and help developers migrate to App Bundles.

This blog post mainly covers 2 crucial missing options in bundletool:


  1. How to Run bundletool ?
  2. How to test real production APKs?

Running bundletool: You can download latest version of bundletool from Github. Note that this includes a jar file with name bundletool-all-X.Y.Z.jar (Where X.Y.Z indicates the version number of the bundletool). You can just bundletool as a jar file. 

Example: java -jar bundletool-all-0.10.0.jar build-apks --bundle=app.aab --output=myapks.apks


This will build single file with all required APKs for all architectures and screen sizes.

Now how to you install the required APK on your device to test the APK? Its a simple bundletool command.

Example: java -jar bundletool-all-0.10.0.jar install-apks --apks= myapks.apks


This will ensure right APK is installed for your test device. In case adb is not your system path make sure to specify where the path is for your adb.

Example: java -jar bundletool-all-0.10.0.jar install-apks --adb=/ADBABSPATH/adb --apks= myapks.apks

The problem with this is bundletool creates APKs that are signed with the debug keystore found in your user path. So how to create APKs with release signatures? bundletool has the option to generate APKs with release signature. 

Example: java -jar bundletool-all-0.10.0.jar build-apks --bundle=app.aab --output= myapks.apks --ks=/PATHTOKEYSTORE/YOURKEYSTORE.keystore --ks-pass=pass:PASSWORD1 --ks-key-alias=yourkeyalias --key-pass=pass:PASSWORD2

Hope this helps while migrating from APKs to App Bundles for you.

Monday, October 25, 2010

Secure Facebook Browsing

It is common that most websites use HTTPS for user authentication and use HTTP for everything else. This leaves users vulnerable to Cookie Hijacking. Tools like Firesheep brought this to forefront. It lets someone in your network perform Cookie Hijacking of Facebook as simple as installing Firefox Extension.

The best way to avoid this hack is to completely use HTTPS when using Facebook but the way Facebook work, even if you go to https://www.facebook.com (Secure HTTPS page), all the links still point to http://www.facebook.com (unsecure HTTP page). This leaves Facebook users vulnerable to tools like FireSheep.

Here is a Firefox Extension I wrote to solve the same problem for Firefox. Every time user visits Facebook.com, all the requests are forced to go through HTTPS even if user starts with http://www.facebook.com

Friday, October 22, 2010

Firefox Extension: Block Facebook from your life

Its impossible to be on web and not be a Facebook user these days. Even if you are not a Social Network user, Facebook is notified whenever you visit one of the more than one million sites on the web that use Facebook Connect and has a history of leaking personally identifiable information to third parties. Either way Facebook knows your web life.

Here is a Firefox Extension that completely blocks Facebook from your online life. It won't let you visit Facebook.com, It won't let Facebook track your moves using Facebook Connect.

Monday, April 12, 2010

WGET - Authentication

How to access a page using wget that requires authentication? wget is well equipped to handle multiple authentication scenario's.

HTTP Basic Athentication: To download a page that requires HTTP basic authentication use the following mechanism:
wget https://myUserName:myPassword@www.myserver.com/mypage.html
wget http://myUserName:myPassword@www.myserver.com/mypage.html

Form Post: To download a page protected by login built on form post use the following:

wget --post-data 'user=myUserName&password=myPassword' http://www.myserver/mypage.html

Form Post with multiple pages:If you need to navigate through multiple pages after authentication to get to your page, you can save cookies on form post for authentication and reuse the cookies file to access the page you want:

wget --post-data 'user=myUserName&password=myPassword' --cookies=on --keep-session-cookies --save-cookies=myCookies.txt http://www.myserver/auth

wget --cookies=on --load-cookies=myCookies.txt --keep-session-cookies --savecookies=myCookies.txt http://www.myserver/mypage.html

Wednesday, March 31, 2010

Hey Microsoft how about banning iTunes on windows?

Wouldn't it be interesting if Microsoft follows "CPU Hog" strategy from Jobs and ban iTunes on windows for installing malware that is "Memory Hog"?

Monday, March 08, 2010

Making No as Default in EXTJS Confirm Dialog

Currently there is no configuration that supports making "No" button as default for a Confirm dialog in ExtJS. So how to make no button as default?
One way to do this is to get Dialog and mark second button as default.

Here is the code snippet that makes no as default button:


var dialog = Ext.MessageBox.confirm('Confirm', 'Do you really mean it?' ,feedbackFunction).getDialog();
dialog.defaultButton = 2;
dialog.focus();

Sunday, March 07, 2010

GZIP and Save the earth

It is amazing how we think about least significant things and put in Maximum effort rather than take care of low hanging fruits first. GZIP RFC came out around 1996 and all modern browsers (HTTP/1.1 supported Browsers) support GZIP and still it is amazing how many website doesn't support such a basic trick to save 50% of their bandwidth costs. Just adding GZIP support reduces bandwidth by 50% (70% if the website is Mostly Text) resulting in huge amount of savings.

How to Enable GZIP for Apache:

1) Make sure LoadModule deflate_module modules/mod_deflate.so in your httpd.conf
2) Add the following lines to httpd.conf



SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|rar|zip|pdf)$ no-gzip dont-vary

Header append Vary User-Agent




and you are done. The configuration is telling Apache to GZIP every content except for Images, Zipped content and PDF files which are already in compresses format.

Next time when a browser sends request with HTTP Header:
Accept-Encoding: gzip, deflate

You webserver serves content in GZIP format and notifies the same with a proper reponse Header:
Content-Encoding: gzip

Enable GZIP on your servers today and save the Earth.