There is definitely no way to do this in a standard way. So, we must use an
SQLi injection in order to be able to hack the contacts database and get the
Facebook avatars. The following code works on most Motorolas, which use
Motoblur, on Android 2.2 or higher:
public static Bitmap loadFacebookAvatar(Context context, long personId)
{
String[] rawProjection = {ContactsContract.RawContacts._ID};
String contactIdAssertion = ContactsContract.RawContacts.CONTACT_ID
+ " = " + personId;
String rawWhere = new StringBuilder()
.append(contactIdAssertion).append(") UNION ALL SELECT ")
.append(ContactsContract.RawContacts._ID).append(" FROM
view_raw_contacts WHERE (")
.append(contactIdAssertion).toString();
Cursor query =
context.getContentResolver().query(ContactsContract.RawContacts.CONTENT_URI,
rawProjection,
rawWhere, null, null);
if (query != null && query.moveToFirst()) {
do {
long id =
query.getLong(query.getColumnIndex(ContactsContract.RawContacts._ID));
String[] projection =
{ContactsContract.CommonDataKinds.Photo.PHOTO};
Uri uri = ContactsContract.Data.CONTENT_URI;
String mimeTypeAssertion = ContactsContract.Data.MIMETYPE +
"='" + ContactsContract.CommonDataKinds.Photo.CONTENT_ITEM_TYPE + "'";
String photoAssertion =
ContactsContract.CommonDataKinds.Photo.PHOTO + " IS NOT NULL";
String rawContactIdAssertion =
ContactsContract.CommonDataKinds.Photo.RAW_CONTACT_ID + " = " + id;
String where = new
StringBuilder().append(mimeTypeAssertion).append(" AND ")
.append(photoAssertion).append(" AND
").append(rawContactIdAssertion)
.append(") UNION ALL SELECT
").append(ContactsContract.CommonDataKinds.Photo.PHOTO)
.append(" FROM view_data WHERE
(").append(photoAssertion).append(" AND ")
.append(rawContactIdAssertion).toString();
Cursor photoQuery = context.getContentResolver().query(uri,
projection, where, null, null);
if (photoQuery != null && photoQuery.moveToFirst()) {
do {
byte[] photoData =
photoQuery.getBlob(photoQuery.getColumnIndex(ContactsContract.CommonDataKinds.Photo.PHOTO));
if (photoData != null) {
return BitmapFactory.decodeByteArray(photoData,
0, photoData.length, null);
}
} while (photoQuery.moveToNext());
}
} while (query.moveToNext());
}
return null;
}
For other handsets you must get the contacts database and analyze it in
order to determine how to apply the SQL Injection, which requires a rooted
phone.
2011/8/24 Casidiablo elhacker.net <casidia...@elhacker.net>
> I am writing an application that has to get the list of contacts and
> show their picture. Sometimes contact does not have picture so I must
> show the picture taken from Facebook account. The requirement is to do
> this without using Facebook SDK.
>
> At first, I thought it was impossible, since I have read a lot of
> times that only stock apps (like Contacts or Mms) can access that
> information. However, Handcent SMS application can do that.
>
> There is an option on most Motorola's phones to add a Facebook
> account... when you do so, it will mark Facebook as "Picture source"
> http://imgur.com/KFxOR and contacts list will show Facebook pictures
> for some contacts.
>
> Motorola documentation (http://developer.motorola.com/docstools/
> library/MOTOBLUR_Contacts_1.x_Release_Notes/) says that is not
> possible for third-party apps to access Facebook information.
>
> So... anyone have any idea of how HandcentSMS guys were able to get
> facebook pictures from the contact list?
>
> Just to be clear: they don't use Facebook SDK and they use the
> Facebook pictures that motorola software downloads (I know it because
> when I remove the facebook account from android settings, Handcent
> does not show pictures)
>
> Thanks a lot.
>
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
