REST API supported with Android version of Activity Watch?

Is it possible to use the REST API to access an instance of ActivityWatch running on Android? I’m developing an VR application for the Quest (which runs android) that I want to be able to download information from ActivityWatch about what other applications people have been using. (This is for a research experiment where we loan people Oculus Quests and we want to log what else they’re doing)

I’ve got this working great when testing on the desktop, but I get nothing when I load it onto the Quest. I wanted to double check that the API is available when ActivityWatch is run on android before digging deeper (any information or other ways to access this info would be great as well!)

Worst case we’ll just download this information after people return the Quests to us, but we’d like to do it automatically while they still have them.

Thank you!

Good question.

I’ve heard that the web watcher has supposedly worked with the android app and that essentially works by reporting the current tab/url from the browser app (only supports firefox right now I think) to the activitywatch app. So I think it’s supposed to work somehow, but I’m not exactly sure how.

@ErikBjare Do you know more about how this works?

The REST API will only be available when the app is open, when the app is closed by the system the API is not accessible which presumably happens straight away on the Quest, but usually happens with a delay on “normal” Android devices.

This is for performance/battery reasons, and while it would be possible to create a background service that persists the REST API (although unsure if the Quest would allow it, given how stringent they are with background processes), it won’t happen anytime soon (unless someone submits a PR).

Thanks for that answer. I was afraid that would be the case on an Android device. We’ll just have our participants export the data and email it to us. Thanks again!

@ErikBjare it seems like this would allow any application to sidestep requesting permissions from the user and tracking the user by querying the API when the app is open, which would be a potential security flaw.

Is there any sort of checks on the server side which would stop this from happening?

1 Like

@nicolae-stroncea That is correct. Our security assumptions on Android are currently the same as on desktop: we do not attempt to protect from local threats. This is since local processes likely have filesystem access anyway, but this is obviously different on Android which has more stringent permissions. There’s some written about the limits of our security in the docs:

This could be remedied by requiring an API key (passed by cookie or URL) for all requests, but it has yet to be implemented. Feel free to open an issue about this.