EAP version 1.35.0-dev

[Martin]

This forum is used to give interested users access to the next version of Automagic currently in development.
The early access version is only lightly tested and might still contain serious bugs. The quality of EAP versions can at times be even way below usual beta standards.

Use at your own risk!
Ensure to create a backup before you install an EAP version.

Important:

• The EAP version will replace the Google Play version of Automagic on your device. Flows opened, saved and created with the EAP version will usually not be compatible with old versions of Automagic so it is highly recommended to create a backup of your flows, widgets and variables before you start using the EAP version (create a backup of the folder /<sdcard>/Automagic)
• Unknown sources needs to be enabled in the settings of Android to install the EAP version.
• Please report bugs and problems found in the EAP version in the EAP forum or by mail to info@automagic4android.com
• Don't share flows created using the EAP version in the regular flow sharing area since users of the released Automagic version will not be able to use the new triggers, conditions and actions. Feel free to share flows in the EAP forum.
• The EAP version only works for about 2 weeks. Please install a new EAP version when the old one expires or install the released version available in Google Play.

Changes
1.35.0-dev (2018-05-09)

• new action Set Camera Usage State (Android 4+)
• new action Send USSD Request (Android 8+)
• new option for trigger Audio Volume to trigger on every change
• trigger Audio Volume now provides variables old_volume and volume to flow
• extended action Input Dialog with new type PIN
• condition Service Running is not available anymore on Android 8+ due to new restrictions from Android 8
• added new option in settings to disable that Automagic can retrieve Web-URL intents to avoid that Automagic is listed in the selection list when opening a link
• make action Dismiss Slide to Unlock Keyguard work on Android 8
• make action Shutdown work on more versions of Android
• added undo/redo to current flow and widget editor session
• adapted action Set WiFi Tethering State for Android 8.1*/**
• added option to immediately finish a HTTP response in trigger HTTP Request and action Write HTTP Response Text
• updated Google Play services
• new adaptive app icon for Automagic
• added new script function log10 and ln to calculate logarithms
• added option for capitalized sentences in action Input Dialog
• Action Set CyanogenMod Profile now supports LineageOS 15.1 and was renamed to Set Cyanogen/LineageOS Profile*
• minor changes & bug fixes

* This function is not officially supported by Android and might not work on all devices.
** This function requires root access, is not officially supported by Android and might not work on all devices.

Ensure to create a backup before you install an EAP version.

Download: Automagic.apk (2018-05-09)

Regards,
Martin

[Desmanto]

Thanks Martin for the new EAP version. I am so tempted to test it out. But I don't have access to my PC and secondary phone till Sunday. Can't risk my main phone, as I have to use it and still working on several flows. Will test it ASAP after I returned.

[canadaDry]

just wondering whether the 'prefer offline speech recognition' option is making it into this upcoming version.

Per this thread: viewtopic.php?f=4&t=7212&p=20287#p20287

Sorry if I missed the note somewhere!

[MohitBariya]

Adoptive icon looks cool. Is it possible to add trigger for fingerprint scanner?

[Martin]

@MohitBariva: Thanks! Glad you like it. There seems to exist an API to detect swipes on the fingerprint scanner on Android 8+. Is this what you have in mind or do you want to execute a flow in other situations?

@canadaDry: Option Prefer offline speech recognition is available in action Input Speech. I did not mention it in the release notes since it's just a minor change and I'm not yet sure if it's respected by the speech recognition engine.

[MohitBariya]

@Martin, True. I want to utilize fingerprint sensor swipe function for different apps.
Like in camera app, use fingerprint swipe as Shutter.
Use fingerprint swipe to take screenshots.
Use fingerprint swipe for call receiving/call end

Etc. Just implement fingerprint api and provide trigger.

[Desmanto]

@Martin

I have tested the new version for a while. I have some comment (hopefully not too long...)

- Set Camera Usage State, nice addition. Just know we can lock the camera directly using dev admin. There are several one-trick pony app out there which can do it. Adding up another reason to use Automagic. Small correction, at the help menu using English; the "Kamera usage" is not properly translated. I think it should be "Camera usage".
- Audio Volume on every change can be used to trigger something based upon volume button. I know that smartkeyboard has the capability to consume the volume button event to make it become cursor right/left. Maybe this is the thing that has been requested before, but minus the volume up/down. I mean pressing the vol up/down trigger something, but doesn't send the event media_volume_up/down to the system (thus didn't change any volume). There should be a lock and release mechanism during certain input time. (smartkeyboard only consume the vol up/down button when the keyboard appear). Don't if it is possible to implement the same without using the input keyboard.
- Input Dialog - PIN, another nice addition
- Web-URL intents. This will remove the web url intent receiver, automagic will be restarted. Useful for someone who don't use this feature at all.
- Undo/redo button, marvelous addition. It is just a little hidden in the 3 dot menu. I wish i can just long press at blank space and simply undo. Because most of the accidental delete happen just like that and we want it back immediately. I have tested it out for a longer time, it seems only to log undo/redo since the last flow opening. So I can only undo till the last time I started to open the flow. I tested up to 11 elements, all still can be undo. Is there a limit of the undo? I mean if it stacks all the undo, will it affect the perfomance when editing the flow after adding so many elements in a single session flow opening?
- Finish HTTP response also works properly, the logic is much better now.
- I still like previous icon, although I also don't hate the new one. But It will add up 10 more icon to use in my shortcut. I wish I can have more.
- Variable bug passing has been fixed here.
- Input speech prefer offline works properly, Lollipop 5.1, Latest google app and play services and have downloaded the offline voice. Oh, can't wait to test this on my main phone.

I want to add something about the Trigger HTTP request. I actually have ever discuss about it previously when requesting HTTP post action (started from curl, become built-in action to post file).

The problem is the HTTP server are started on every interface. When I test the Trigger HTTP request above, I realize the interface on mobile data also listening for incoming connection. I have the same carrier at my phone and wifi modem. So even though both are private IP of the carrier, I can ping from my modem to the phone. And I can trigger the command using the phone carrier's IP from my modem, even though my phone is using mobile data, not wifi. I have actually blocked the incorrect IP source by using expression. But the port is still left open on the mobile data site, even though I am using wifi only (the possible attacker can trigger the flow, but can't execute pass thru the main branch of the flow.

So I think we should have a way to limit the interface only for the wifi, wifi hotspot, wifi direct, LAN or mobile data. If not possible to limit per interface, probably at least separate the mobile data part. In most phone, there are a lot of interface available. Here is the output when I use netcfg. (I have censored out the mac and IP)

Code: Select all

p2p0 UP 0.0.0.0/0 0x00001003 be:20:10:00:00:00
sit0 DOWN 0.0.0.0/0 0x00000080 00:00:00:00:00:00
lo UP 127.0.0.1/8 0x00000049 00:00:00:00:00:00
wlan0 UP 192.168.1.xx/24 0x00001043 bc:20:10:00:00:00
dummy0 DOWN 0.0.0.0/0 0x00000082 aa:3c:52:00:00:00
rev_rmnet1 DOWN 0.0.0.0/0 0x00001002 4a:61:9f:00:00:00
rev_rmnet0 DOWN 0.0.0.0/0 0x00001002 06:e0:ed:00:00:00
rev_rmnet8 DOWN 0.0.0.0/0 0x00001002 a2:92:e0:00:00:00
rev_rmnet7 DOWN 0.0.0.0/0 0x00001002 ea:d9:32:00:00:00
rev_rmnet5 DOWN 0.0.0.0/0 0x00001002 56:b4:de:00:00:00
rev_rmnet6 DOWN 0.0.0.0/0 0x00001002 e2:ca:32:00:00:00
rev_rmnet4 DOWN 0.0.0.0/0 0x00001002 fa:08:f2:00:00:00
rev_rmnet2 DOWN 0.0.0.0/0 0x00001002 4a:c1:51:00:00:00
rev_rmnet3 DOWN 0.0.0.0/0 0x00001002 ea:c3:fb:00:00:00
r_rmnet_data4 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
r_rmnet_data3 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
r_rmnet_data1 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
r_rmnet_data2 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
r_rmnet_data0 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
r_rmnet_data8 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
r_rmnet_data7 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
r_rmnet_data5 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
r_rmnet_data6 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
rmnet0 UP 0.0.0.0/0 0x00000041 00:00:00:00:00:00
rmnet_data7 UP 10.100.xx.xx/27 0x00000041 00:00:00:00:00:00
rmnet_data5 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
rmnet_data6 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
rmnet_data4 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
rmnet_data2 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
rmnet_data3 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
rmnet_data1 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00
rmnet_data0 DOWN 0.0.0.0/0 0x00000000 00:00:00:00:00:00

rmnet series are the mobile data part, don't know why there are a lot of them. The one I can ping/reach is the rmnet_data7, which has the IP 10.100.x.x/27. This is VoLTE interface, so even though mobile data is off, this interface is still on. (thus the risk of leaving the HTTP request enabled). When mobile data is enabled, rmnet_data7 is still UP, another interface is up, which is r_rmnet_data0, which has the IP 100.x.x.x/30. From my modem, which has the IP of 100.x.x.x/30 too, can trigger the HTTP request on the same interface. But 10.100.x.x/27 (VoLTE interface) can only be trigger by my other phone which use VoLTE too (since both has the same private IP range). I never realized this before, because one of the phone is not updated to VoLTE yet till the last test I made.

To minimize the exposure, we should have option to disable the listening port on any other interface outside of the wifi/LAN kind. So the option only enable the HTTP server on p2p0 (wifi direct and bridge), lo (loopback is ok), wlan0 (wifi client and wifi hotspot) and eth0 (LAN, usually on tv box only). Put it default checked, and when unchecked give warning that the HTTP request will be enabled on all interface including mobile data/VoLTE.

I consider this as one of the security exploit, even though the risk is still minimal if the flow is set up properly. But until it is enhanced to limit listening on all interface, I think there should be a warning to tell that the HTTP server will be started on all interface. The help menu should give a strict warning about setting up a proper expression to filter out the IP or using some keyword to authenticate the user.

Regards,
Desmanto

[Martin]

Hi Desmanto,

Thanks for your feedback. I highly appreciate it!

- Set Camera Usage State: typo will be fixed in the next build.
- Undo/redo button: I currently limit the undo/redo to 100 items. I assume that this should usually be enough. I prefer to offer the undo/redo in the menu for now since I would love to make some other adjustments to the undo/redo feature first.
- Trigger HTTP request: Limiting to listen only on some interfaces is on my todo list. I'll see what I can do but Google is keeping me busy with requirements lately (e.g. Accessibility and Automagic has to support notification channels quite soon which poses a big issue for the notification features in general).

Regards,
Martin

[Desmanto]

Hi Martin,

It is OK with the undo/redo button. I will go with what will come later.
For meantime, I will keep using expression to block unauthorized IP for the Trigger HTTP request.

It seems I missed that. I thought accessibility is not a problem anymore. Better focus on that first, because that is one of the feature I can't live without anymore.

Just additional info. sleep() inside script doesn't delay the script anymore. This include a short sleep(100) but looped for 100 times. But long execution of nested loop (more than 1 million), still will halt it (rarely happen though). So It seems the sleep() now executed in separate process lock. But probably under the hood, there are so many things happen (script pass the sleep() to another process, sleep, after finish, pass back to script)

Regards,
Desmanto

[gollyzila]

Martin,

Google Play Protect automatically uninstalled Automagic from my phone saying it was a fake app. Installing the stable version from the Play Store worked fine but I was prevented from installing the EAP version unless I disabled Google Play Protect.

Maybe related, after reinstalling EAP version the setting "Icon in expanded status bar" doesn't work, the icon always shows in the collapsed status bar.