Android App-Hook and Plug-In Technology  book cover
SAVE
$14.99
1st Edition

Android App-Hook and Plug-In Technology



ISBN 9780367207007
Published September 6, 2019 by CRC Press
426 Pages

 
SAVE ~ $14.99
was $74.95
USD $59.96

Prices & shipping based on shipping country


Preview

Book Description

This book presents the Android plug-in technology used in Android development. This technology is widely used by a majority of Chinese internet companies, and is becoming more widely used worldwide. The book fully describes the history of Android plug-in technology, the installation and startup process, and new features of the Android plug-in technology. It also explores plug-in solutions for peripheral technologies. The book is designed to help Android app developers better understand the underlying technology of the Android system.

Features

  • Introduces Android system knowledge, including the communication between AMS and four components
  • Describes the Hook technique by Proxy.newProxyInstance and reflection, to modify Android system behavior, for example, to launch an activity not declared in the AndroidManifest.
  • Shows how to use the Hook apk packaging process in Gradle
  • Covers how to merge the resources in the plugin app and the host app, and how to merge dex of the host app and all the plugin apps
  • Presents the SO technique and how to launch SO files dynamically

Table of Contents

Contents

Acknowledgments, xvii

About the Author, xix

About the Translators, xxi

Introduction, xxiii

Chapter 1 ▪ Plug-Ins from the Past to the Future 1

1.1 ANDROID PLUG-INS IN CHINA 1

1.2 HISTORY OF ANDROID PLUG-IN TECHNIQUES 2

1.3 USAGE OF PLUG-INS 8

1.4 ANOTHER CHOICE: REACT NATIVE 9

1.5 DO ALL COMPONENTS REQUIRE PLUG-INS? 10

1.6 DOUBLE-OPENING AND VIRTUAL MACHINE 10

1.7 FROM NATIVE TO HTML5 11

1.8 SUMMARY 12

Chapter 2 ▪ The Underlying Knowledge of Android 13

2.1 OVERVIEW OF UNDERLYING ANDROID KNOWLEDGE 13

2.2 BINDER 15

2.3 AIDL 17

2.4 ACTIVITYMANAGERSERVICE 22

2.5 ACTIVITY WORKING PRINCIPLES 23

2.5.1 How to Launch an App 23

2.5.2 Starting the App Is Not So Simple 24

2.5.2.1 Click the App Icon in Launcher and

Send a Message to the AMS 25

2.5.2.2 The AMS Handles the Information

from the Launcher 30

2.5.2.3 The Launcher Goes to Sleep and Informs

the AMS Again 31

2.5.2.4 The AMS Creates a New Process 33

2.5.2.5 Start a New Process and Inform the AMS 34

2.5.2.6 The AMS Tells the New App Which

Activity to Launch 35

2.5.2.7 The Amazon App Starts an Activity 35

2.6 NAVIGATION IN APP 37

2.7 FAMILY OF CONTEXT 38

2.8 SERVICE 41

2.8.1 Start Service in a New Process 41

2.8.1.1 The App Sends a Message to the AMS to

Launch Service 42

2.8.1.2 The AMS Creates a New Process 42

2.8.1.3 Start a New Process and Inform the AMS 43

2.8.1.4 The AMS Sends Information to the

New Process 43

2.8.1.5 New Process to Launch Service 43

2.8.2 Start a Service in the Same Process 44

2.8.3 Bind a Service in the Same Process 44

2.8.3.1 The App Sends a Message to the AMS to

Bind a Service 45

2.8.3.2 The AMS Sends Two Messages to the

App Process 45

2.8.3.3 The App Receives the First Message 45

2.8.3.4 The App Receives the Second Message and

Sends a Binder Object to the AMS 46

2.8.3.5 AMS Informs the App 46

2.9 BROADCASTRECEIVER 47

2.9.1 Registration 48

2.9.2 Send a Broadcast 49

2.10 CONTENTPROVIDER 51

2.10.1 The Essence of the ContentProvider 54

2.10.2 The ASM 54

2.10.3 Communication between ContentProvider

and the AMS 56

2.11 THE PMS AND APP INSTALLATION PROCESS 57

2.11.1 PMS Introduction 57

2.11.2 App Installation Process 58

2.11.3 PackageParser 59

2.11.4 ActivityThread and PackageManager 60

2.12 CLASSLOADER 61

2.13 PARENT-DELEGATION 63

2.14 MULTIDEX 63

2.15 A MUSIC PLAYER APP 65

2.15.1 A Music Player Based on Two Receivers 65

2.15.2 A Music Player Based on One Receiver 71

2.16 SUMMARY 77

Chapter 3 ▪ Reflection 79

3.1 BASIC REFLECTION 79

3.1.1 Get the Class Using a String 80

3.1.1.1 Get the Class Using a String 80

3.1.1.2 Class.forName 80

3.1.1.3 Property class 80

3.1.1.4 Property TYPE 80

3.1.2 Get the Property and Method of the Class 81

3.1.2.1 Get the Constructor of the Class 81

3.1.2.2 Invoke a Private Method of the Class 83

3.1.2.3 Invoke a Private and Static Method of the

Class 84

3.1.2.4 Get a Private Field of the Class and Modify

Its Value 84

3.1.2.5 Get the Private Static Field of the Class

and Modify Its Value 85

3.1.3 Generics and Singleton<T> 86

3.2 jOOR 88

3.2.1 Get a Class from a String 89

3.2.1.1 Get a Class from a String 89

3.2.1.2 Get a Class by Using on and get 89

3.2.2 Get the Property and Method of a Class 90

3.2.2.1 Get a Constructor of a Class 90

3.2.2.2 Get the Private Method of the Class 90

3.2.2.3 Get the Private and Static Method of

the Class 91

3.2.2.4 Get the Private Field of the Class 91

3.2.2.5 Get the Private and Static Field of the Class 91

3.2.3 Generics and Singleton<T> 91

3.3 ENCAPSULATED CLASSES OF THE BASIC REFLECTION 93

3.3.1 Get a Constructor 93

3.3.2 Invoke Instance Methods 94

3.3.3 Invoke Static Methods 95

3.3.4 Get the Field of the Class and Set Its Value 95

3.3.5 Handle Generics 96

3.4 FURTHER ENCAPSULATION OF THE REFLECTION 97

3.4.1 Reflect a Method with Only One Parameter or

without Parameters 97

3.4.2 Replace String with Class Type 100

3.4.3 Differences between the Static and

Instance Fields 101

3.4.4 Optimization of the Field Reflection 102

3.5 SUMMARY 103

Chapter 4 ▪ Proxy Pattern 105

4.1 WHAT IS A PROXY PATTERN? 105

4.1.1 Remote Proxy 106

4.1.2 Write Log 108

4.2 STATIC-PROXY AND DYNAMIC-PROXY 109

4.3 A HOOK ON THE AMN 111

4.4 A HOOK ON THE PMS 113

4.5 SUMMARY 114

Chapter 5 ▪ Hooking startActivity() 115

5.1 INVOKE STARTACTIVITY() IN TWO WAYS 115

5.2 HOOKING STARTACTIVITY() OF THE ACTIVITY 116

5.2.1 Solution 1: Hooking the Method

startActivityForResult of Activity 118

5.2.2 Solution 2: Hooking the Field mInstrumentation

of Activity 118

5.2.3 Solution 3: Hooking the Method getDefault()

of AMN 121

5.2.4 Solution 4: Hooking the Field mCallback of H 125

5.2.5 Solution 5: Hooking Instrumentation Again 128

5.3 HOOKING THE METHOD STARTACTIVITY OF

CONTEXT 131

5.3.1 Solution 6: Hooking the Field mInstrumentation of

ActivityThread 131

5.3.2 Which Solution Is the Best? 133

5.4 LAUNCH AN ACTIVITY NOT DECLARED IN

ANDROIDMANIFEST.XML 133

5.4.1 How to Hook AMN 133

5.4.2 First Half of the Hook 135

5.4.3 Second Half of the Hook: Hooking the Field

mCallback of H 139

5.4.4 Second Half of the Hook: Hooking the

mInstrumentation Field of ActivityThread 141

5.5 SUMMARY 143

Chapter 6 ▪ The Basic Concepts of Plug-In Techniques 145

6.1 LOADING EXTERNAL DEX 145

6.2 INTERFACE-ORIENTED PROGRAMMING 148

6.3 PLUG-IN THINNING 151

6.4 DEBUGGING IN PLUG-INS 154

6.5 APPLICATION PLUG-IN SOLUTIONS 156

6.6 SUMMARY 158

Chapter 7 ▪ Resources in Plug-In 159

7.1 HOW TO LOAD RESOURCES IN ANDROID 159

7.1.1 Types of Resources 159

7.1.2 Resources and AssetManager 160

7.2 PLUG-IN SOLUTIONS OF RESOURCES 161

7.3 SOLUTIONS FOR CHANGING SKINS 166

7.4 ANOTHER PLUG-IN SOLUTION FOR

CHANGING SKINS 178

7.5 SUMMARY 179

Chapter 8 ▪ The Plug-In Solution of Four Components 181

8.1 THE SIMPLEST PLUG-IN SOLUTION 181

8.1.1 Pre-Declare Activity and Service of the Plug-In in

the HostApp’s AndroidManifest.xml 182

8.1.2 Combine the Dex 183

8.1.3 Start a Service of the Plug-In 184

8.1.4 Resources in Activity 185

8.2 A PLUG-IN SOLUTION FOR ACTIVITY 188

8.2.1 Launch an Activity of a Plug-In Not Declared in

the AndroidManifest.xml of the HostApp 188

8.2.2 Solution 1: Based on Dynamic-Proxy 193

8.2.2.1 The Process of Launching an Activity 193

8.2.2.2 Add a Plug-In Activity to the Cache 196

8.2.2.3 Solution 1 of Loading Class in a Plug-In:

Create DexClassLoader for Each

Plug-In apk 201

8.2.2.4 Hooking More Classes 202

8.2.3 Solution 2: Merge All the Plug-In Dexes into One

Array 205

8.2.4 Plug-In Solution of Resources 208

8.2.5 Support LaunchMode in Plug-In 208

8.2.6 Solution 3: Hook ClassLoader 212

8.3 THE PLUG-IN SOLUTION FOR SERVICE 216

8.3.1 The Relationship Between Service and Activity 216

8.3.2 StubService 218

8.3.3 Plug-In Solution to startService() 220

8.3.4 Plug-In Solution of bindService 226

8.4 A PLUG-IN SOLUTION FOR BROADCASTRECEIVER 229

8.4.1 Receiver Overview 229

8.4.2 A Plug-In Solution for Dynamic Receiver 231

8.4.3 A Plug-In Solution for Static Receiver 231

8.4.4 A Final Plug-In Solution for Static Receiver 233

8.5 A PLUG-IN SOLUTION FOR CONTENTPROVIDER 239

8.5.1 The Basic Concept of ContentProvider 239

8.5.2 A Simple Example of ContentProvider 239

8.5.3 A Plug-In Solution for ContentProvider 242

8.5.4 The Right Time to Install a ContentProvider

Plug-In 245

8.5.5 The Forwarding Mechanism of ContentProvider 246

8.6 SUMMARY 247

Chapter 9 ▪ A Plug-In Solution Based on Static-Proxy 249

9.1 A PLUG-IN SOLUTION FOR ACTIVITY BASED ON

STATIC-PROXY 249

9.1.1 The Idea of Static-Proxy 249

9.1.2 The Simplest Example of Static-Proxy 250

9.1.2.1 Jump from the HostApp to the Plug-In 251

9.1.2.2 Communication between ProxyActivity

and Plug-In Activity 252

9.1.2.3 The Logic of Activity in the Plug-In 255

9.1.3 Jump in the Plug-In 255

9.1.4 Eliminate the Keyword “that” 256

9.1.5 Jump Out 259

9.1.5.1 Preparation for Jumping Out 259

9.1.5.2 Jump to Another Plug-In 260

9.1.5.3 Jump to the HostApp 260

9.1.6 Use Interface-Oriented Programming in Static-Proxy 261

9.1.7 Support for LaunchMode 267

9.1.7.1 Overview of LaunchMode 267

9.1.7.2 Plug-In Solutions for LaunchMode 269

9.2 THE PLUG-IN SOLUTION FOR SERVICE AND

BROADCASTRECEIVER BASED ON STATIC-PROXY 271

9.2.1 Static-Proxy in Service 271

9.2.1.1 Issue 1 276

9.2.1.2 Issue 2 277

9.2.1.3 Issue 3 278

9.2.2 Support bindService() 278

9.2.3 StubService 280

9.2.4 The Last Solution for Service Plug-Ins: Integration

with Dynamic-Proxy and Static-Proxy 283

9.2.4.1 Parse Service in the Plug-In 283

9.2.4.2 Create a Service Object Using Reflection 285

9.2.4.3 ProxyService and ServiceManager 287

9.2.4.4 bindService() and unbindService() 294

9.2.5 Static-Proxy in BroadcastReceiver 301

9.3 SUMMARY 305

Chapter 10 ▪ Related Plug-In Techniques 307

10.1 RESOLVE THE CONFLICTS BETWEEN RESOURCES OF

THE PLUG-INS 307

10.1.1 The Process of App Packaging 307

10.1.2 Hook aapt 308

10.1.2.1 Modify and Generate a New aapt Command 308

10.1.2.2 Using This New aapt Command in

the Project 314

10.1.3 public.xml 316

10.1.4 Plug-In Uses Resources in the HostApp 318

10.2 A PLUG-IN FRAMEWORK BASED ON FRAGMENT 320

10.2.1 AndroidDynamicLoader Overview 320

10.2.2 A Simple Plug-In Sample Based on Fragment 321

10.2.3 Jumping Between Fragments 322

10.2.4 Jump from the Plug-In 324

10.3 DOWNGRADE 326

10.3.1 From Activity to HTML5 328

10.3.2 From HTML5 to Activity 334

10.3.3 Support for the Backpress Button 340

10.4 PROGUARD FOR PLUG-INS 341

10.4.1 Basic Obfuse Rules for Plug-Ins 341

10.4.2 Obfuse Without a Common Library 342

10.4.3 Obfusing with a Common Library 345

10.4.3.1 Use MultiDex 346

10.4.3.2 Modify the ProGuard File 349

10.4.3.3 Remove Redundant Dexes from

plugin1.apk 350

10.5 INCREMENTAL UPDATE 352

10.5.1 The Basic Concept of an Incremental Update 352

10.5.2 Create an Incremental Package 353

10.5.3 Apply Permissions 353

10.5.4 Merge Incremental Package 354

10.6 A PLUG-IN SOLUTION FOR SO FILES 356

10.6.1 Write a Hello-World SO 356

10.6.1.1 Download NDK 356

10.6.1.2 Create a Project to Generate SO 357

10.6.2 Using SO 362

10.6.3 The Principle of Loading SO 363

10.6.3.1 Compiling SO 364

10.6.3.2 The Process of Loading SO 365

10.6.3.3 Two Ways to Load SO 365

10.6.3.4 The Relationship between ClassLoader

and SO 368

10.6.4 A Plug-In Solution Based on System.load() 368

10.6.5 An SO Plug-In Solution Based on System.

loadLibrary() 372

10.7 HOOKING THE PACKAGING PROCESS 373

10.7.1 Gradle Plug-In Project 373

10.7.1.1 Create Gradle Plug-In Project 373

10.7.1.2 Extension 376

10.7.1.3 The Hook App Packaging Process 377

10.7.2 Modify resources.arsc 379

10.7.2.1 How to Find Resources in Android 379

10.7.2.2 Function of aapt 380

10.7.2.3 The Principle of Gradle-Small 380

10.7.2.4 How to Use Gradle-Small 381

10.7.2.5 The Family of Plug-Ins Defined in

Gradle-Small 381

10.7.2.6 The Family of Editors Defined in

Gradle-Small 385

10.8 COMPATIBILITY WITH ANDROID O AND P 387

10.8.1 Compatibility with Android O 388

10.8.1.1 Refactor of AMN 388

10.8.1.2 The Story of Element and DexFile 390

10.8.2 Compatibility with Android P 393

10.8.2.1 The Modification of the Class H 393

10.8.2.2 The Refactoring of the Class Instrumentation 401

10.9 SUMMARY 404

Chapter 11 ▪ Summary of Plug-In Technology 405

11.1 PLUG-IN ENGINEERING 405

11.2 CLASS LOADING IN THE PLUG-IN 405

11.3 WHICH CLASS OR INTERFACE CAN BE HOOKED? 406

11.4 A PLUG-IN SOLUTION FOR ACTIVITY 407

11.5 A PLUG-IN SOLUTION FOR RESOURCES 407

11.6 USE FRAGMENT IN THE PLUG-IN 408

11.7 PLUG-IN SOLUTIONS FOR SERVICE,

CONTENTPROVIDER, AND BROADCASTRECEIVER 409

11.7.1 A Plug-In Solution for Service 409

11.7.2 A Plug-In Solution for BroadcastReceiver 409

11.7.3 A Plug-In Solution for ContentProvider 410

11.8 SUMMARY 410

APPENDIX A: SAMPLE CODE LIST, 411

INDEX, 415

...
View More

Author(s)

Biography

Jianqiang Bao is a senior Android app developer. For more than 15 years he has developed enterprise solutions using Silverlight, ASP.NET, WP7, Android and iOS. He has worked in HP, Microsoft, Qunar, Tuniu company. He has a technique blog http://www.cnblogs.com/jax, his GitHub is https://github.com/BaoBaoJianqiang.