Android SDK
Algorithms
Kotlin
Security
Architecture, patterns, principles
100

What is AndroidManifest.xml file and why do you need this?

The AndroidManifest.xml file contains information regarding the application that the Android system must know before the codes can be executed.
This file is essential in every Android application.
It is declared in the root directory.
This file performs several tasks such as:
Providing a unique name to the java package.
Describing various components of the application such as activity, services, and many more.
Defining the classes which will implement these components.

100

What is an Algorithm?

An algorithm is a set of rules to obtain the expected output from the given input. It defines a set of rules or steps specifying the calculations, data processing, and automated reasoning, which is reusable multiple times for either one or more than one problem statement. We can also say that an algorithm is a method for calculating a function that can be represented in a finite amount of space and time.

100

What is the difference between open and public in Kotlin? And for what it can be used?

In Kotlin, we can mark a class, a function, or a variable with the open keyword.

The open keyword with the class means the class is open for the extension meaning that we can create a subclass of that open class.

Similar to the classes, all the functions in Kotlin are by default final meaning that you can't override a function.

Similarly, the variables in Kotlin are final by default. So, to override it in the child class, we need to set the variables as open in our base class.

100

What is two-factor authentication, and how can it be implemented in Android apps?

Two-factor authentication is a security mechanism that requires users to provide two forms of identification to access a system or application. In Android app development, two-factor authentication can be implemented using techniques such as SMS verification, biometric authentication, and one-time passwords (OTPs).

100

What is MVI pattern?

The role of each MVI components is as follows:

Model represents a state. Models in MVI should be immutable to ensure a unidirectional data flow between them and the other layers in your architecture;
Like in MVP, Interfaces in MVI represent Views, which are then implemented in one or more Activities or Fragments;
Intent represents an intention or a desire to perform an action, either by the user or the app itself. For every action, a View receives an Intent. The Presenter observes the Intent, and Models translate it into a new state. 1

200

Difference between getContext(), getApplicationContext(), getBaseContext() and "this"

View.getContext(): Returns the context the view is currently running in. Usually the currently active Activity.

Activity.getApplicationContext(): Returns the context for the entire application (the process all the Activities are running inside of). Use this instead of the current Activity context if you need a context tied to the lifecycle of the entire application, not just the current Activity.

ContextWrapper.getBaseContext(): If you need access to a Context from within another context, you use a ContextWrapper. The Context referred to from inside that ContextWrapper is accessed via getBaseContext().

200

What is the Complexity of Algorithm?

The complexity of the algorithm is a way to classify how efficient an algorithm is compared to alternative ones. Its focus is on how execution time increases with the data set to be processed. The computational complexity of the algorithm is important in computing.

It is very suitable to classify algorithm based on the relative amount of time or relative amount of space they required and specify the growth of time/ space requirement as a function of input size.

200

What are inline functions in Kotlin?

Inline functions in Kotlin are functions that are expanded or “inlined” at the call site during compilation. Instead of creating a separate function call, the code of the inline function is directly inserted at each call site. This can improve performance by reducing function call overhead. However, it may also increase the size of the generated bytecode. Inline functions are declared using the inline keyword

200

What is the role of ADB (Android Debug Bridge) in Android security testing?

ADB (Android Debug Bridge) is a versatile command-line tool that allows communication with an Android device or emulator. In Android security testing, ADB can be used to install or uninstall applications, pull or push files, access the device's logcat for debugging purposes, and enable various debugging options. ADB provides testers with extensive control over the Android device or emulator, aiding in security testing activities.

200

Describe YAGNI principle

You Aren't Gonna Need It.

YAGNI principle ("You Aren't Gonna Need It") is a practice in software development which states that features should only be added when required. As a part of the extreme programming (XP) philosophy, YAGNI trims away excess and inefficiency in development to facilitate the desired increased frequency of releases.

The principle helps developers avoid wasted effort on features that are assumed to be needed at some point. The idea is that this assumption often ends up being incorrect. Even if a feature ends up being desired, it still may turn out that the implementation is not necessary. The argument is for developers to not waste time on creating extraneous elements that may not be necessary and can hinder or slow the development process.1

300

What is Doze and App Standby?

If a user leaves a device unplugged and stationary for a period of time, with the screen off, the device enters Doze mode. In Doze mode, the system attempts to conserve battery by restricting apps' access to network and CPU-intensive services. It also prevents apps from accessing the network and defers their jobs, syncs, and standard alarms.

App Standby lets the system determine that an app is idle when the user isn't actively using it. The system makes this determination when the user doesn't touch the app for a certain period of time and none of the following conditions applies:

- The user explicitly launches the app.
- The app has a process currently in the foreground, either as an activity or foreground service, or in use by another activity or foreground service.
- The app generates a notification that users see on the lock screen or in the notification tray.

300

What is Big O Notation?

Big O notation is an asymptotic notation to denote or define an upper bound for an algorithm by bounding the function from above. It represents the time and space complexity and is useful when we just have an upper constraint on an algorithm's time complexity.

300

Difference between == and === in Kotlin

Structural equality (==): It checks for equals().
Referential equality (===): It checks whether the two references point to the same object.

300

Explain the concept of runtime permissions in Android, and how would you test an application's handling of permissions?

Runtime permissions in Android allow users to grant or deny specific permissions to an application at runtime. Testing an application's handling of permissions involves verifying that the application correctly requests necessary permissions, handles permission denials gracefully, and does not misuse or overuse granted permissions. Additionally, I would ensure that the application performs appropriate permission checks before accessing sensitive resources or functionalities.

300

What is Service locator pattern?

The service locator pattern is a design pattern used to encapsulate the processes involved in obtaining a service with a strong abstraction layer. This pattern uses a central registry known as the "service locator", which on request returns the information necessary to perform a certain task. Proponents of the pattern say the approach simplifies component-based applications where all dependencies are cleanly listed at the beginning of the whole application design, consequently making traditional dependency injection a more complex way of connecting objects.

400

Difference between Parcelable and Serializable?

Serializable is a standard Java interface. You simply mark a class Serializable by implementing the interface, and Java will automatically serialize it in certain situations.

Parcelable is an Android specific interface where you implement the serialization yourself. It was created to be far more efficient that Serializable, and to get around some problems with the default Java serialization scheme.

400

What is a Searching Algorithm? List 2 types of searching algorithms.

Sure, searching algorithms are used for searching for an element or an item from a data structure or a list of elements/items. There are 2 categories based on the type of search method, i.e., Sequential Search and Interval Search. Sequential search performs the search consecutively along the data. In contrast, Interval search performs the search by splitting the data set into two equal parts each time.

400

What is the difference between init and constructor in Kotlin?

init is an initialization block that is executed when an instance of a class is created. It is used to initialize properties or perform other setup operations. The primary constructor and any secondary constructors are responsible for creating the instance, while the init block handles the initialization logic. The main difference is that the init block is always executed regardless of which constructor is used.

400

Explain the concept of code injection and how it can be tested in Android applications

Code injection refers to the injection of malicious code into an application, potentially leading to security breaches. In Android applications, this can occur through activities like intent manipulation or WebView vulnerabilities. Testing for code injection involves validating inputs, sanitizing user-supplied data, and verifying that input validation mechanisms are in place.

400

What is difference between Abstraction and Encapsulation?

Abstraction is a basic OOP concept which focuses on just the relevant data of an object and hides all the irrelevant details which may or may not be for generic or specialized behavior. It hides the background details and emphasizes on the essential points to reduce complexity and increase efficiency. Basically, abstraction is a programming tool to manage complexity. Abstraction focuses on ideas rather than events. It hides the details on the design level by providing functionality to the users. The resulting object can also be called an abstraction. The programmer makes sure the named entity will have all the essential aspects included and none of the irrelevant ones.

Encapsulation is yet another OOP concept which binds data and functions into a single component while restricting access to some components. It’s one of the main fundamental concepts of OOP which wraps data and information under a single unit. In technical terms, encapsulation means hiding attributes to shield variables from outside access so that change in one part of an application won’t affect the other parts. On the contrary, by making the information more open you’ll risk misuse of data. It provides basic integrity to the data by protecting it from the outside world. In simple terms, it hides the extra details from the outside world.

500

Explain Dalvik, ART, JIT, and AOT in Android

Dalvik, our first Android Runtime is based on the JIT compilation.

JIT compilation means Just In Time compilation.

In Dalvik Android Runtime, as it is JIT based, it gets translated when we run the app. As we keep on using the app, only that part of the bytecode gets converted to the machine code. Also, the most frequently used code gets cached so that we don't have to translate them again.

ART, our next Android Runtime is based on the AOT compilation.

AOT compilation means Ahead of Time compilation.

In ART Android Runtime, as it is AOT based, it gets translated before we run the app. It gets translated at the time of app installation only. Basically, when we install the app, it translates the bytecode into the machine code and stores it on the disk.

500

What is the Bellman-Ford algorithm for finding single source shortest paths? What are its main advantages over Dijkstra?

The Bellman-Ford algorithm finds single source shortest paths by repeatedly relaxing distances until there are no more distances to relax. Relaxing distances is done by checking if an intermediate point provides a better path than the currently chosen path. After a number of iterations that is slightly less than the node count, we can check if the solution is optimal. If not, there is a cycle of negative edges that will provide better paths infinitely long.

This algorithm has the advantage over Dijkstra because it can handle graphs with negative edges, while Dijkstra is limited to non-negative ones. The only limitation it has are graphs with cycles that have an overall negative path, but this would just mean that there is no finite solution.

500

Explain the concept of crossinline in Kotlin

The crossinline modifier in Kotlin is used in the context of a higher-order function to indicate that the passed lambda expression cannot contain non-local returns. It is used to enforce that the lambda expression is executed in the calling context and cannot terminate the enclosing function or return from it.

500

What is certificate pinning, and why is it important for app security?

Certificate pinning is a security technique used to ensure that the server’s SSL/TLS certificate presented during an HTTPS connection is valid and matches a trusted certificate authority (CA). This technique involves hard-coding the server’s public key or the hash of the public key in the application code, and comparing it with the public key presented during the SSL/TLS handshake. If they match, the connection is considered secure.

Certificate pinning is important for app security because it prevents attacks such as man-in-the-middle (MITM) attacks, where an attacker intercepts the communication between the app and the server and presents a fake SSL/TLS certificate. Without certificate pinning, an attacker could potentially intercept sensitive user data or inject malicious code into the app.

500

What is Decorator pattern?

Decorator pattern is a design pattern that allows behavior to be added to an individual object, dynamically, without affecting the behavior of other objects from the same class. The decorator pattern is often useful for adhering to the Single Responsibility Principle, as it allows functionality to be divided between classes with unique areas of concern.