We've delivered the app to the customer. Part of the app's functionality involves talking over HTTP to a set of production URLs. The customer would like the ability for the app to enter a debug or test mode, in which the app connects to parallel test servers rather than the production servers.
We can implement this easily enough. What I'm struggling with is the best way to enter this special mode. I'm wondering if there is any experience in implementing some gesture which is not easily discoverable by the user nor likely to be h开发者_StackOverflow中文版it upon by accident.
Has anyone felt the need to implement anything like this, and, if so, what did you use for your "secret gesture"?
To really keep people out you can use an RSA key pair with a message and an Unlock app. From the Unlock app send an Intent with a string extra encoded by an RSA private key to your app, which will decode it with the public key and compare it to whatever you decide. (Could be a simple secret string or converted to a one-way hash that is verified by a server, it just depends on the security level you want). Then your app can unlock the debug functionality.
Another possibility is to use this API: Debug.isDebuggerConnected() but it is not very effective in the field because debugging is required.
精彩评论