Whether or not you actually need 8GB of RAM in a smartphone is a conversation and a half on its own, but when Samsung said that the Galaxy S10 and Galaxy S10+ would all have at least 8GB of RAM, that's what buyers are expecting. Unfortunately, there seemed to be a ton of misinformation, software weirdness, and […]

Come comment on this article: Despite some confusion, Samsung confirms at least 8GB of RAM in all Galaxy S10 and S10+ models

22 Feb 2019 4:11pm GMT

Microsoft Office is a crucial piece of software whether you're working in a business, in education, or just handling things at a personal level. It's the most common office software on the planet, it's extremely powerful, and it looks great on a resume if you have legitimate certifications with it. The eLearnOffice Microsoft Office Certification […]

Come comment on this article: [TA Deals] Master Microsoft Office with this discounted eLearnOffice certification course (90% off)

22 Feb 2019 3:50pm GMT

Samsung's latest Galaxy S10 series of phones still have the frustrating Bixby hardware button that no one really asked for, but the newer devices will now allow users to change the function of the button to do other things, too. So while yes, it's still a Bixby button, it can also be a Google Assistant […]

Come comment on this article: Older Samsung Galaxy devices will get Bixby remapping in an update

22 Feb 2019 3:37pm GMT

Have you seen enough to know you already want a Galaxy S10? The phone is up for preorder in several places, but wherever you're purchasing from, you need to make sure you're getting a good deal. There are several options from different carriers and retailers, and we'll break down which ones are offering the best […]

Come comment on this article: Here are the pre-order deals for the Samsung Galaxy S10e, Galaxy S10, and Galaxy S10+

22 Feb 2019 2:30pm GMT

A teardown of the beta-channel GBoard 8.0 APK reveals preliminary support for the previously announced digital clipboard functionality addition to Google's keyboard, as well as user dictionary export and shared language prompts. Initially released for iOS in May 2016, with the release for Google's own OS curiously coming seven months later in December 2016, GBoard […]

Come comment on this article: Incoming GBoard 8.0 update adds clipboard management and personal dictionary export

22 Feb 2019 3:14am GMT

Samsung likes to make good cameras, and early impressions are mostly positive for their latest Galaxy S10+. DxOMark, for example, has rated the phone as the best smartphone camera on the market, tying the Huawei Mate 20 Pro and P20 Pro with an overall score of 109. The photography score hit an excellent 114 while […]

Come comment on this article: Samsung Galaxy S10 ties for highest DxOMark score at 109

22 Feb 2019 2:20am GMT

Samsung really wants Bixby to be a thing, but many users disagree. With previous phones there have been some nifty workarounds to turn Samsung's dedicated hardware Bixby button into something more useful, like a Google Assistant button, flashlight toggle, or app launcher, but Samsung occasionally updates and breaks those methods to try and keep users […]

Come comment on this article: Samsung will allow remapping the Bixby button on the Galaxy S10

22 Feb 2019 2:02am GMT

Posted by Edward Cunningham, Android Security & Privacy Team

In a previous blog we described how API behavior changes advance the security and privacy protections of Android, and include user experience improvements that prevent apps from accidentally overusing resources like battery and memory.

Since November 2018, all app updates on Google Play have been required to target API level 26 (Android 8.0) or higher. Thanks to the efforts of thousands of app developers, Android users now enjoy more apps using modern APIs than ever before, bringing significant security and privacy benefits. For example, during 2018 over 150,000 apps added support for runtime permissions, giving users granular control over the data they share.

Today we're providing more information about the Google Play requirements for 2019, and announcing some changes that affect apps distributed via other stores.

Google Play requirements for 2019

In order to provide users with the best Android experience possible, the Google Play Console will continue to require that apps target a recent API level:

• August 2019: New apps are required to target API level 28 (Android 9) or higher.
• November 2019: Updates to existing apps are required to target API level 28 or higher.

Existing apps that are not receiving updates are unaffected and can continue to be downloaded from the Play Store. Apps can still use any minSdkVersion, so there is no change to your ability to build apps for older Android versions.

For a list of changes introduced in Android 9 Pie, check out our page on behavior changes for apps targeting API level 28+.

Apps distributed via other stores

Targeting a recent API level is valuable regardless of how an app is distributed. In China, major app stores from Huawei, OPPO, Vivo, Xiaomi, Baidu, Alibaba, and Tencent will be requiring that apps target API level 26 (Android 8.0) or higher in 2019. We expect many others to introduce similar requirements - an important step to improve the security of the app ecosystem.

Over 95% of spyware we detect outside of the Play Store intentionally targets API level 22 or lower, avoiding runtime permissions even when installed on recent Android versions. To protect users from malware, and support this ecosystem initiative, Google Play Protect will warn users when they attempt to install APKs from any source that do not target a recent API level:

• August 2019: New apps will receive warnings during installation if they do not target API level 26 or higher.
• November 2019: New versions of existing apps will receive warnings during installation if they do not target API level 26 or higher.
• 2020 onwards: The target API level requirement will advance annually.

These Play Protect warnings will show only if the app's targetSdkVersion is lower than the device API level. For example, a user with a device running Android 6.0 (Marshmallow) will be warned when installing any new APK that targets API level 22 or lower. Users with devices running Android 8.0 (Oreo) or higher will be warned when installing any new APK that targets API level 25 or lower.

Prior to August, Play Protect will start showing these warnings on devices with Developer options enabled to give advance notice to developers of apps outside of the Play Store. To ensure compatibility across all Android versions, developers should make sure that new versions of any apps target API level 26+.

Existing apps that have been released (via any distribution channel) and are not receiving updates will be unaffected - users will not be warned when installing them.

Getting started

For advice on how to change your app's target API level, take a look at the migration guide and this talk from I/O 2018: Migrate your existing app to target Android Oreo and above.

We're extremely grateful to the Android developers worldwide who have already updated their apps to deliver security improvements for their users. We look forward to making great progress together in 2019.

21 Feb 2019 7:21pm GMT

CuriosityStream is a video streaming service that offers a ton of on-demand series and documentaries for anyone looking to learn something new. There are over 2000 shows on the service covering science, nature, technology, and more, and it's relatively cheap in the world of streaming services. We're about to make it even cheaper, though. Stream […]

Come comment on this article: [TA Deals] Save 25% on a two-year subscription to CuriosityStream

21 Feb 2019 3:45pm GMT

It wouldn't be a phone announcement without some extra stuff on the side, and you know Samsung doesn't disappoint. Meet their new lineup of wearables, including the Galaxy Watch Active, Galaxy Fit, and Galaxy Buds. These devices have previously leaked, so we already know a little bit about each of them, but Samsung has pulled […]

Come comment on this article: Samsung announced a ton of new wearables alongside the Galaxy S10

21 Feb 2019 4:26am GMT

After months and months of rumours, leaks, and teasers, Samsung has finally gone live with its expensive beast-mode Galaxy S10, S10 Plus, and S10e lineup, while also teasing the even bigger and better S10 5G and foldable Galaxy F at its 'Unpacked' event a few days before MWC 2019. Earlier today, at their own pre-MWC […]

Come comment on this article: Samsung Galaxy S10, S10 Plus, and S10e finally launched, S10 5G teased

21 Feb 2019 2:43am GMT

You would have to be living under a rock in a cave to not know that Samsung launched the tenth edition of its flagship Galaxy S series of smartphones earlier today. If you missed the Unpacked live stream, Samsung has kindly uploaded the full video (embedded after the break) of the launch event for you […]

Come comment on this article: Miss the Samsung Galaxy S10 launch? Catch the full Unpacked Replay here

21 Feb 2019 1:06am GMT

Samsung launched a veritable barrage of devices during its Unpacked event, with the Galaxy Fold drawing audible gasps from the crowd for its $2000 price tag. Luckily the Galaxy S10 range of handsets is already available to preorder for somewhat more affordable prices, albeit in relativity seeing as you'll have to splash out $750 for […]

Come comment on this article: Samsung Galaxy S10 Specifications: S10e v S10 v S10+

21 Feb 2019 12:41am GMT

During their Samsung Unpacked event today, the company officially announced a device that has been in the works for a long time. Samsung's take on a foldable mobile device is dubbed the Galaxy Fold. In a statement, Samsung president DJ Koh says the new Galaxy Fold "is writing the next chapter in mobile innovation history […]

Come comment on this article: Samsung Galaxy Fold Opens A New Device Category

20 Feb 2019 8:15pm GMT

After weeks of rumors and leaks, the big day has finally arrived. That's right, today is the day that Samsung finally launches its brand new Galaxy S10e, Galaxy S10, and Galaxy S10+ at its Unpacked event in San Francisco. We already know that we can look forward to reverse wireless charging, dual or triple rear […]

Come comment on this article: Samsung Galaxy S10 launch: When and where to catch the Unpacked live stream

20 Feb 2019 5:14pm GMT

Unity is one of the most popular engines on the planet for developing games, especially at smaller scales. If you're interested in getting started with any game development, it's not a bad place to start, and Unity can grow with your skills and ambitions. To make that initial process a little bit easier, we're offering […]

Come comment on this article: [TA Deals] Pick your price and learn to develop games with the Unity Development Bundle!

20 Feb 2019 4:45pm GMT

Posted by Andrew Ahn, Product Manager, Google Play

Google Play is committed to providing a secure and safe platform for billions of Android users on their journey discovering and experiencing the apps they love and enjoy. To deliver against this commitment, we worked last year to improve our abuse detection technologies and systems, and significantly increased our team of product managers, engineers, policy experts, and operations leaders to fight against bad actors.

In 2018, we introduced a series of new policies to protect users from new abuse trends, detected and removed malicious developers faster, and stopped more malicious apps from entering the Google Play Store than ever before. The number of rejected app submissions increased by more than 55 percent, and we increased app suspensions by more than 66 percent. These increases can be attributed to our continued efforts to tighten policies to reduce the number of harmful apps on the Play Store, as well as our investments in automated protections and human review processes that play critical roles in identifying and enforcing on bad apps.

In addition to identifying and stopping bad apps from entering the Play Store, our Google Play Protect system now scans over 50 billion apps on users' devices each day to make sure apps installed on the device aren't behaving in harmful ways. With such protection, apps from Google Play are eight times less likely to harm a user's device than Android apps from other sources.

Here are some areas we've been focusing on in the last year and that will continue to be a priority for us in 2019:

Protecting User Privacy

Protecting users' data and privacy is a critical factor in building user trust. We've long required developers to limit their device permission requests to what's necessary to provide the features of an app. Also, to help users understand how their data is being used, we've required developers to provide prominent disclosures about the collection and use of sensitive user data. Last year, we rejected or removed tens of thousands of apps that weren't in compliance with Play's policies related to user data and privacy.

In October 2018, we announced a new policy restricting the use of the SMS and Call Log permissions to a limited number of cases, such as where an app has been selected as the user's default app for making calls or sending text messages. We've recently started to remove apps from Google Play that violate this policy. We plan to introduce additional policies for device permissions and user data throughout 2019.

Developer integrity

We find that over 80% of severe policy violations are conducted by repeat offenders and abusive developer networks. When malicious developers are banned, they often create new accounts or buy developer accounts on the black market in order to come back to Google Play. We've further enhanced our clustering and account matching technologies, and by combining these technologies with the expertise of our human reviewers, we've made it more difficult for spammy developer networks to gain installs by blocking their apps from being published in the first place.

Harmful app contents and behaviors

As mentioned in last year's blog post, we fought against hundreds of thousands of impersonators, apps with inappropriate content, and Potentially Harmful Applications (PHAs). In a continued fight against these types of apps, not only do we apply advanced machine learning models to spot suspicious apps, we also conduct static and dynamic analyses, intelligently use user engagement and feedback data, and leverage skilled human reviews, which have helped in finding more bad apps with higher accuracy and efficiency.

Despite our enhanced and added layers of defense against bad apps, we know bad actors will continue to try to evade our systems by changing their tactics and cloaking bad behaviors. We will continue to enhance our capabilities to counter such adversarial behavior, and work relentlessly to provide our users with a secure and safe app store.

How useful did you find this blog post?

★ ★ ★ ★ ★

13 Feb 2019 6:01pm GMT

Posted by Dave Smith, Developer Advocate for IoT

Over the past year, Google has worked closely with partners to create consumer products powered by Android Things with the Google Assistant built-in. Given the successes we have seen with our partners in smart speakers and smart displays, we are refocusing Android Things as a platform for OEM partners to build devices in those categories moving forward. Therefore, support for production System on Modules (SoMs) based on NXP, Qualcomm, and MediaTek hardware will not be made available through the public developer platform at this time.

Android Things continues to be a platform for experimenting with and building smart, connected devices using the Android Things SDK on top of popular hardware like the NXP i.MX7D and Raspberry Pi 3B. System images for these boards will remain available through the Android Things console where developers can create new builds and push app updates for up to 100 devices for non-commercial use.

We remain dedicated to providing a managed platform for IoT devices, including turnkey hardware solutions. For developers looking to commercialize IoT products in 2019, check out Cloud IoT Core for secure device connectivity at scale and the upcoming Cloud IoT Edge runtime for a suite of managed edge computing services. For on-device machine learning applications, stay tuned for more details about our Edge TPU development boards.

12 Feb 2019 7:00pm GMT

Posted by Chris Banes, Chief Elf of Android Engineering

Today, we pushed the source code for Google's Santa Tracker 2018 Android app at google/santa-tracker-android, including its 17 mini-games, Santa tracking feature, Wear app and more!

Visually the app looks much the same this year, but underneath the hood the app has gone on a massive size reduction exercise to make the download from Google Play as small as possible. When a user downloads the app the initial download is now just 9.2MB, compared to last year's app which was 60MB. That's a 85% reduction! 🗜️

Android App Bundle

We achieved that reduction by migrating the app over to using an Android App Bundle. The main benefit is that Google Play can now serve dynamically optimized APKs to users' devices. Moreover, we were also able to separate out all of the games into their own dynamic feature modules, downloaded on demand. This is why you might have seen a progress bar when you first opened a game, we are actually downloading the game from Google Play before starting the game:

The progress bar shown while a game is fetched from Google Play

You can read more about our journey migrating over to App Bundle in a small blog series, starting with our 'Moving to Android App Bundle' post.

Gboard stickers

One of the new features we added this year was a Gboard sticker pack, allowing users to share stickers to their friends. You might even notice some of the characters from the games in the stickers!

'Santa Dunk' is one of the 20 available stickers

We use Firebase App Indexing to publish our stickers to the local index on the device, where the Gboard keyboard app picks them up, allowing the user to share them in apps. You can see the source code here.

The sticker pack being used in a very important conversation

Lots of code improvements

Aside from the things mentioned above, we've also completed a number of code health improvements. We have increased the minimum SDK version to Lollipop (21), migrated from the Support Library to AndroidX, reduced the file size of our game assets by switching to modern formats, and lots of other small improvements! Phew 😅.

Go explore the code

If you're interested go checkout the code and let us know what you think. If you have any questions or issues, please let us know via the issue tracker.

29 Jan 2019 6:00pm GMT

Posted by Kacey Fahey, Developer Marketing, Google Play

We're excited to be part of the Game Developers Conference (GDC) 2019 in San Francisco. Join us on Monday, March 18th at the Google Mobile Developer Day, either in person or over live stream, for a full day of sessions covering tools and best practices to help build a successful mobile games business on Google Play. We'll focus on game quality, effective monetization and growth strategies, and how to create, connect, and scale with Google.

This year's sessions are focused on tips and tools to help your mobile game business succeed. Come hear our latest announcements and industry trends, as well as learnings from industry peers. We will hold a more technical session in the second half of the day, where we'll share ways to optimize your mobile game's performance for the best possible player experience.

Also, make sure to visit the Google booth from Wednesday March 20th until Friday March 22nd. Here, you will be able to interact with hands-on demos, attend talks in the theater, and get your questions answered by Google experts. We're bringing a big team and hope to see you there.

Learn more about Google's activities throughout the week of GDC and sign up to stay informed. For those who can't make it in person, join the live stream starting at 10am PST on Monday, March 18th. These events are part of the official Game Developers Conference and require a pass to attend.

How useful did you find this blog post?

★ ★ ★ ★ ★

23 Jan 2019 5:46pm GMT

Posted by Chris Yang, Program Manager, Translation Service

It is not uncommon for developers to have the following concerns and thoughts when considering whether to localize their apps: "I just don't have the time!" "Translation is too expensive." "High-quality translation is just hard to find.'' Does this sound familiar?

At Google, we consider translation a key component of making the world's information universally accessible and useful. This commitment extends not only to localizing our own products, but also to providing tools to help developers and translators more easily localize their apps.

Introducing the Google Play App Translation Service

Available in the Google Play Console, the Google Play App Translation Service simplifies localization of your app user interface strings, store listing, in-app product names, and universal apps campaign ads. Thousands of developers have already used this service to reach hundreds of millions of users worldwide.

Here is an overview of some of the ways it can help:

1. Quick and easy - Order in minutes and receive your translation in as little as two days.

• Small translation orders can be completed in only two days. All orders are completed in eight days or less.
• Apply translations directly in the Play Console or download to build with your app.

2. Professional and human - Get high-quality translations by real human translators.

• All translations are carefully crafted by professional translators just for you.
• Translation providers are selected by Google based on quality and speed.

3. Value for money - Translate your app for as little as $0.07 per word.

• Pricing is upfront and simple. You only pay per word for each language you translate.
• For example, translating 200 words into one language at $0.07 per word would cost only $14.

Ordering a Translation

Find the Translation Service in the Google Play Console:

When you're ready to translate, just select the languages to use for translation, choose a vendor, and place your order.

Select languages to translate into.

Choose what type of content you want to translate.

Easily complete purchase of the service.

Language recommendations

You can also expand your global footprint with translation recommendations that can help increase installs. The recommendations can be found in the Google Play Console.

The language recommendation feature is developed using machine learning and is based on your app's install history and market data.

Did you know that you can reach almost 80% of internet users worldwide with only 10 languages. In particular, the Google Play opportunity in Russia and the Middle East continues to grow. Let us know once you have localized for these markets so we can consider featuring your app or game in the Now in Russian and Now in Arabic collections on the Play Store.

Launching the translation

Once you download the translation, you'll be ready to publish your newly translated app update on Google Play.

Get started with the App Translation Service today and let us know what you think!

How useful did you find this blog post?

★ ★ ★ ★ ★

16 Jan 2019 9:24pm GMT

Posted by Vlad Radu, Product Manager, Play and Diana Wong, Product Manager, Android
64-bit CPUs deliver faster, richer experiences for your users. Adding a 64-bit version of your app provides performance improvements, makes way for future innovation, and sets you up for devices with 64-bit only hardware.
We want to help you get ready and know you need time to plan. We've supported 64-bit CPUs since Android 5.0 Lollipop and in 2017 we first announced that apps using native code must provide a 64-bit version (in addition to the 32-bit version). Today we're providing more detailed information and timelines to make it as easy as possible to transition in 2019.

The 64-bit requirement: what it means for developers

Starting August 1, 2019:

• All new apps and app updates that include native code are required to provide 64-bit versions in addition to 32-bit versions when publishing to Google Play.
• Extension: Google Play will continue to accept 32-bit only updates to existing games that use Unity 5.6 or older until August 2021.

Starting August 1, 2021:

• Google Play will stop serving apps without 64-bit versions on 64-bit capable devices, meaning they will no longer be available in the Play Store on those devices.
• This will include games built with Unity 5.6 or older.

The requirement does not apply to:

• APKs or app bundles explicitly targeting Wear OS or Android TV, which are form factors that do not currently support 64-bit code.
• APKs or app bundles that are not distributed to devices running Android 9 Pie or later.

We are not making changes to our policy on 32-bit support. Play will continue to deliver apps to 32-bit devices. This requirement means that apps with 32-bit native code will need to have an additional 64-bit version as well.

Preparing for the 64-bit requirement

We anticipate that for most developers, the move to 64-bit should be straightforward. Many apps are written entirely in non-native code (e.g. the Java programming language or Kotlin) and do not need code changes.
All developers: Here is an overview of the steps you will need to take in order to become 64-bit compliant. For a more detailed outline of this process refer to our in-depth documentation.

• Inspect your APK or app bundle for native code. You can check for .so files using APK Analyzer. Identify whether they are built from your own code or are imported by an SDK or library that you are using. If you do not have any .so files in your APK, you are already 64-bit compliant.
• Enable 64-bit architectures and rebuild native code (.so files) imported by your own code. See the documentation for more details.
• Upgrade any SDKs and libraries to 64-bit compliant versions, if needed. Reach out to the SDK or library owner if one is not available. We're working with top library owners on their 64-bit compatibility.
• Test for issues locally once you've rebuilt your app.
• Rollout to your testers using testing tracks for thorough testing.

Game developers: The three most used engines all currently support 64-bit (Unreal & Cocos2d since 2015, Unity since 2018). We understand that migrating a 3rd party game engine is an intensive process with long lead times.
Since Unity only recently began providing 64-bit support in versions 2017.4 and 2018.2, we are granting an automatic extension to existing games using versions 5.6 or older until August 2021. Unity provides guides that can help you through the process of upgrading to a 64-bit compliant version.
SDK and library owners: Update for 64-bit compliance as soon as possible to give app developers time to adapt, and let your developers know. Sign up and register your SDK to receive updates about the latest tools and information that can help you serve your customers.

Going forward

For those that already support 64-bit - thank you and great work! If you haven't yet, we encourage you to begin any work for the 64-bit requirement as soon as possible. As we move closer to the deadline, we'll be updating our developer documentation with more information on how to check if your app is compliant.
We're excited about the future that 64-bit CPUs bring in areas such as artificial intelligence, machine learning, and immersive mobile. Supporting 64-bit prepares the ecosystem for the innovation enabled by the advanced compute capabilities of 64-bit devices, and for future Android devices that only support 64-bit code.
How useful did you find this blog post?
★ ★ ★ ★ ★

15 Jan 2019 10:04pm GMT

Posted by Paul Bankhead, Director, Product Management, Google Play

TLDR; As previously announced and directly communicated to developers via email, we'll be removing apps from the Google Play Store that ask for SMS or Call Log permission and have not submitted a Permissions Declaration Form. If you have not submitted a permissions declaration form and your app is removed, see below for next steps.

We take access to sensitive data and permissions very seriously. This is especially true with SMS and Call Log permissions, which were designed to allow users to pick their favorite dialer or messaging app, but have also been used to enable many other experiences that might not require that same level of access. In an effort to improve users' control over their data, last October we announced we would be restricting developer access to SMS and Call Log permissions.

Our new policy is designed to ensure that apps asking for these permissions need full and ongoing access to the sensitive data in order to accomplish the app's primary use case, and that users will understand why this data would be required for the app to function.

Developers whose apps used these permissions prior to our announcement were notified by email and given 90 days to either remove the permissions, or submit a permissions declaration form to enable further review.

More about app reviews

We take this review process seriously and understand it's a change for many developers. We apply the same criteria to all developers, including dozens of Google apps. We added to the list of approved use cases over the last few months as we evaluated feedback from developers.

Our global teams carefully review each submission. During the review process, we consider the following:

• Likelihood that an average user would understand why this type of app needs full access to the data.
• User benefit of the feature.
• Importance of the permission relative to the core functionality of the app.
• Risks presented by all apps with this use case having access to this sensitive data.
• Availability of more narrow alternatives for enabling the feature.

With this change, some uses cases will no longer be allowed. However, many of the apps we reviewed with one of these permissions can rely on narrower APIs, reducing the scope of access while accomplishing similar functionality. For example, developers using SMS for account verification can alternatively use the SMS Retriever API, and apps that want to share content using SMS can prepopulate a message and trigger the default SMS app to show via intents.

Tens of thousands of developers have already resubmitted their apps to support the new policy or have submitted a form. Thank you! Developers who submitted a form received a compliance extension until March 9th.

Next steps

Over the next few weeks, we will be removing apps from the Play Store that ask for SMS or Call Log permission and have not submitted a permission declaration form. If your app is removed and you would like to have it republished, you can do one of the following in the Play Console:

• submit a new version without these permissions, or
• submit a new version of your app that retains the permissions. Doing so will require you to complete a permissions declaration form inside the Play Console (coming soon) and will give you an extension until March 9th to remove the permissions or receive approval for your use case.

Keeping our overall Android ecosystem healthy is very important, and protection of user data is vital to the long term health of all developers. We know these changes have required significant work from you and we appreciate your efforts to create innovative experiences while protecting user's privacy.

15 Jan 2019 12:00am GMT

Posted by Jamal Eason, Product Manager

We are excited to kick off the new year with a stable release of Android Studio 3.3 focused on refinement and quality. You can download it today from developer.android.com/studio. Based on the feedback from many of you, we have taken a step back from large features to focus on our quality fundamentals. The goal is to ensure Android Studio continues to help you stay productive in making great apps for Android. Since the last stable release, Android Studio 3.3 addresses over 200 user- reported bugs. This release also includes official support for Navigation Editor, improved incremental Java compilation when using annotation processors, C++ code lint inspections, an updated new project wizard, and usability fixes for each of the performance profilers. In addition, saving snapshots on exit for the Android emulator is 8x faster.

Android Studio 3.3 kicks off the broader quality focus area for the year, which we call Project Marble. Announced at the Android Developer Summit in November 2018, Project Marble is the Android Studio team's focus on making the fundamental features and flows of the Integrated Development Environment (IDE) rock-solid, along with refining and polishing the user-facing features that matter to you in your day-to-day app development workflows. In Project Marble, we are specifically looking at reducing the number of crashes, hangs, memory leaks, and user-impacting bugs. We are also investing in our measurement infrastructure to prevent these issues from occurring. Stay tuned for more updates and details as we progress on this initiative.

This release of Android Studio is a solid milestone for the product. If you want the latest in feature refinement and quality, then download Android Studio 3.3 today on the stable release channel. Watch and read below for some of the notable changes and enhancements that you will find in Android Studio 3.3.

Develop

• Navigation Editor - The navigation editor is a visual editor which allows you to construct XML resources that support using the new Jetpack Navigation Component. With the Navigation Editor and the Navigation Component, you can build predictable interactions between the screens and content areas of your app. This editor was previewed in an earlier Android Studio release, but based on your feedback we held this feature to improve the quality of the feature. Thank you to the developers who gave us feedback. Learn more.

Navigation Editor

• IntelliJ Platform Update - Android Studio 3.3 includes Intellij 2018.2.2. This is a significant platform release from Jetbrains, with new previews for the code editor, updated icons, MacBook Touch Bar support, plus enhanced version control integrations. Learn more.

• Kotlin Update - This release of Android Studio bundles Kotlin 1.3.11, with support for Kotlin coroutines and contracts plus IDE support for the recommend Kotlin coding style. Learn more.
• Clang-Tidy Support for C++ - Android Studio now has support for Clang-Tidy for C++ static code analysis. Similar to the current lint support for Java and Kotlin in Android Studio, Clang-Tidy helps those who have C++ in their Android app identify common coding errors and bugs. Enable the inspection by going to Settings → Editor → Inspections (Preference → Editor → Inspections for MacOS) . Learn more.

Clang-Tidy Code Inspection Settings

• New Project Wizard update - To support the range of device types, programming languages, and new frameworks, we have updated the New Project Wizard for Android Studio. You can access the same project templates in a more streamlined user experience.

New Project Wizard

• Delete Unused IDE Directories - To help you upgrade to the newest version of Android Studio, we have added a new feature to help clean up unused settings & cache directories. Past versions of Android Studio left these old directories that were hard to find and remove on your hard drive. When you first run Android Studio 3.3 and higher, the new dialog suggests directories that you can safely remove from past installations of Android Studio.

Delete Unused Directories Dialogue

• IDE User Feedback - To help us to create a better product, we have started to include in-product sentiment buttons for quick feedback. For those who opt-in to sharing usage data, feel free to click on the icon that suits your sentiment while using Android Studio. To opt-in to give in-product feedback go to Settings → Appearance & Behavior → System Settings → Data Sharing ( Preferences → Appearance & Behavior → System Settings → Data Sharing for MacOS).

IDE User Feedback

Build

• Improved incremental Java compilation when using annotation processor - This update decreases build time by improving support for incremental Java compilation when using annotation processors. The optimization requires Android Gradle plugin 3.3.0 or higher. Learn more.

• Lazy task configuration - The plugin uses Gradle's new task creation API to avoid initializing and configuring tasks that are not required to complete the current build (or tasks not on the execution task graph). For example, if you have multiple build variants, such as "release" and "debug" build variants, and you're building the "debug" version of your app, the plugin avoids initializing and configuring tasks for the "release" version of your app. Learn more.

• Single-variant project sync - Along with build speed, project sync speed can be a development bottleneck to for those who have large app projects with multiple build variants. In this version of the IDE, you can you can limit syncing to only the active build variant. In order for this optimization to work, your project needs to use Android Gradle plugin 3.3.0 or higher. You can enable this option under the Experimental preferences in Android Studio 3.3.

Single-Variant Project Sync

• Android App Bundles now support Instant Apps - You can now build and deploy Google Play Instant experiences from a single Android Studio project, and include them in a single Android App Bundle. Launched last year, the Android App Bundle is the new standard Android app publishing format that you can build with Android Studio. This update streamlines and unifies the build artifacts that you upload to Google Play. Learn more.

Test

• Multiple Emulator AVD instances - Android Emulator 28.0 now supports the ability to launch multiple instances of the same Android Virtual Device (AVD). Each instance of the AVD uses a minimal set of system resources. For those developers with continuous integration (CI) testing environments, this can be a convenient way to run tests in parallel off one AVD configuration. On the command line run the following commands:

  $./emulator -avd <avdname> -read-only &
  $./emulator -avd <avdname> -read-only &
  

  Android Emulator: Multiple AVD Launch

• Android 9 Pie Emulator System Images & Wi-Fi P2P - Alongside Android Studio 3.3, you can also download Android 9 system images for your emulator for your app testing. The Google Play emulator system images not only passe the official Android Compatibility Test Suite (CTS), they also include support for Peer-to-Peer Wi-Fi direct connections between two emulators. To start using this feature, launch the emulator (v28.0.22 or higher) via the command line and ensure the two emulators share the same Wi-Fi server and client port command line arguments.

  $./emulator @<server-avd-name> -wifi-server-port 9999
  $./emulator @<client-avd-name> -wifi-client-port 9999
  

  Android Emulator: Wi-Fi P2P Setup

• Emulator Snapshot Save Speed - We have heard from you that you enjoy using snapshots and quickboot, but felt the time taken to close the emulator and Quickboot save a snapshot was slow. To solve this, we optimized the way snapshots are saved and managed, using a mapped file to save guest RAM. From aggregate metrics, we found that this optimization led to driving down the average quickboot save time from the last stable version to now from 27 seconds down to 3 seconds - a 8x improvement. Learn more about this enhancement and other recent improvements to the emulator here.

Optimize

• Profiler performance improvements - Based on your feedback, we have dramatically improved Android Studio performance while using the profilers in this release. We've seen improvements on average of 2x in frame rates in our local tests. Please continue to provide feedback, especially if you continue to see performance issues.
  
• Memory Profiler allocation tracking options - In previous releases, we have heard from you that, in some cases, your app performs significantly worse while profiling with the default settings. To address this, we have changed the default Memory Profiler capture mode on Android 8.0 Oreo (API level 26) and higher devices to sample for allocations periodically. You can adjust this setting in the Allocation Tracking dropdown menu. By default, we also now temporarily turn off allocation tracking during CPU recordings to minimize the impact on recording results. Learn more.

Memory Profiler: Allocation Tracking Options

• Network Profiler formatted text - The Network profiler in Android Studio 3.3 now formats common text types found in network payloads by default, including HTML, XML and JSON. You can toggle between formatted and raw text by navigating to either the Response or Request tab, and click on the View Parsed / View Source link. Learn more.

Network Profiler: Formatted Text

• CPU Profiler frame rendering data - The CPU Profiler now shows you the render time for each frame on the main UI thread and Render Thread when you record with Trace System Calls. If you are trying to investigate and understand the bottlenecks or the source of UI jank in your app, this data can come in handy to see where you can improve your app performance. Learn more.

CPU Profiler: Frame Rendering Data

To recap, Android Studio 3.3 includes these new enhancements & features:

Develop

• Navigation Editor
• IntelliJ 2018.2.2 Platform Update
• Kotlin 1.3.11 Update
• Clang-Tidy Support for C++
• New Project Wizard update
• Delete Unused IDE Directories
• IDE User Feedback

Build

• Improved incremental Java compilation when using annotation processors
• Lazy task configuration:
• Single-variant project sync
• Android App Bundles now supports Instant Apps

Test

• Multiple Emulator AVD instance Launch
• Android 9 Pie - Emulator System Images
• Emulator Snapshot Save Speed Improvement

Optimize

• Profiler Performance Improvements
• Memory Profiler: Allocation Tracking Options
• Network Profiler: Formatted Text
• CPU Profiler: Frame Rendering Data

Check out the Android Studio release notes, Android Gradle plugin release notes, and the Android Emulator release notes for more details.

Getting Started

Download

Download the latest version of Android Studio 3.3 from the download page. If you are using a previous release of Android Studio, you can simply update to the latest version of Android Studio as well. If you want to maintain a stable version of Android Studio, you can run the stable release version and canary release versions of Android Studio at the same time. Learn more.

To use the mentioned Android Emulator features make sure you are running at least Android Emulator v28.0.22 downloaded via the Android Studio SDK Manager.

We appreciate any feedback on things you like, and issues or features you would like to see. If you find a bug or issue, feel free to file an issue. Follow us -- the Android Studio development team ‐ on Twitter and on Medium.

14 Jan 2019 6:48pm GMT

Posted by Vikrant Nanda and René Mayrhofer, Android Security & Privacy Team

There is no better time to talk about Android dessert releases than the holidays because who doesn't love dessert? And what is one of our favorite desserts during the holiday season? Well, pie of course.

In all seriousness, pie is a great analogy because of how the various ingredients turn into multiple layers of goodness: right from the software crust on top to the hardware layer at the bottom. Read on for a summary of security and privacy features introduced in Android Pie this year.

Strengthening Android

Making Android more secure requires a combination of hardening the platform and advancing anti-exploitation techniques.

Platform hardening

With Android Pie, we updated File-Based Encryption to support external storage media (such as, expandable storage cards). We also introduced support for metadata encryption where hardware support is present. With filesystem metadata encryption, a single key present at boot time encrypts whatever content is not encrypted by file-based encryption (such as, directory layouts, file sizes, permissions, and creation/modification times).

Android Pie also introduced a BiometricPrompt API that apps can use to provide biometric authentication dialogs (such as, fingerprint prompt) on a device in a modality-agnostic fashion. This functionality creates a standardized look, feel, and placement for the dialog. This kind of standardization gives users more confidence that they're authenticating against a trusted biometric credential checker.

New protections and test cases for the Application Sandbox help ensure all non-privileged apps targeting Android Pie (and all future releases of Android) run in stronger SELinux sandboxes. By providing per-app cryptographic authentication to the sandbox, this protection improves app separation, prevents overriding safe defaults, and (most significantly) prevents apps from making their data widely accessible.

Anti-exploitation improvements

With Android Pie, we expanded our compiler-based security mitigations, which instrument runtime operations to fail safely when undefined behavior occurs.

Control Flow Integrity (CFI) is a security mechanism that disallows changes to the original control flow graph of compiled code. In Android Pie, it has been enabled by default within the media frameworks and other security-critical components, such as for Near Field Communication (NFC) and Bluetooth protocols. We also implemented support for CFI in the Android common kernel, continuing our efforts to harden the kernel in previous Android releases.

Integer Overflow Sanitization is a security technique used to mitigate memory corruption and information disclosure vulnerabilities caused by integer operations. We've expanded our use of Integer Overflow sanitizers by enabling their use in libraries where complex untrusted input is processed or where security vulnerabilities have been reported.

Continued investment in hardware-backed security

One of the highlights of Android Pie is Android Protected Confirmation, the first major mobile OS API that leverages a hardware-protected user interface (Trusted UI) to perform critical transactions completely outside the main mobile operating system. Developers can use this API to display a trusted UI prompt to the user, requesting approval via a physical protected input (such as, a button on the device). The resulting cryptographically signed statement allows the relying party to reaffirm that the user would like to complete a sensitive transaction through their app.

We also introduced support for a new Keystore type that provides stronger protection for private keys by leveraging tamper-resistant hardware with dedicated CPU, RAM, and flash memory. StrongBox Keymaster is an implementation of the Keymaster hardware abstraction layer (HAL) that resides in a hardware security module. This module is designed and required to have its own processor, secure storage, True Random Number Generator (TRNG), side-channel resistance, and tamper-resistant packaging.

Other Keystore features (as part of Keymaster 4) include Keyguard-bound keys, Secure Key Import, 3DES support, and version binding. Keyguard-bound keys enable use restriction so as to protect sensitive information. Secure Key Import facilitates secure key use while protecting key material from the application or operating system. You can read more about these features in our recent blog post as well as the accompanying release notes.

Enhancing user privacy

User privacy has been boosted with several behavior changes, such as limiting the access background apps have to the camera, microphone, and device sensors. New permission rules and permission groups have been created for phone calls, phone state, and Wi-Fi scans, as well as restrictions around information retrieved from Wi-Fi scans. We have also added associated MAC address randomization, so that a device can use a different network address when connecting to a Wi-Fi network.

On top of that, Android Pie added support for encrypting Android backups with the user's screen lock secret (that is, PIN, pattern, or password). By design, this means that an attacker would not be able to access a user's backed-up application data without specifically knowing their passcode. Auto backup for apps has been enhanced by providing developers a way to specify conditions under which their app's data is excluded from auto backup. For example, Android Pie introduces a new flag to determine whether a user's backup is client-side encrypted.

As part of a larger effort to move all web traffic away from cleartext (unencrypted HTTP) and towards being secured with TLS (HTTPS), we changed the defaults for Network Security Configuration to block all cleartext traffic. We're protecting users with TLS by default, unless you explicitly opt-in to cleartext for specific domains. Android Pie also adds built-in support for DNS over TLS, automatically upgrading DNS queries to TLS if a network's DNS server supports it. This protects information about IP addresses visited from being sniffed or intercepted on the network level.

We believe that the features described in this post advance the security and privacy posture of Android, but you don't have to take our word for it. Year after year our continued efforts are demonstrably resulting in better protection as evidenced by increasing exploit difficulty and independent mobile security ratings. Now go and enjoy some actual pie while we get back to preparing the next Android dessert release!

Acknowledgements: This post leveraged contributions from Chad Brubaker, Janis Danisevskis, Giles Hogben, Troy Kensinger, Ivan Lozano, Vishwath Mohan, Frank Salim, Sami Tolvanen, Lilian Young, and Shawn Willden.

20 Dec 2018 6:36pm GMT

Posted by Patricia Correa, Platforms & Ecosystems

Earlier this year we highlighted some of Google Play's milestones and commitments in supporting the 1M+ developers on the Play Store, as well as those of you working on Android apps and games and looking to launch and grow your business on our platforms. We have been inspired and humbled by the achievements of app and game developers, building experiences that delight and help people everywhere, as some stories highlighted in #IMakeApps.

We continue to focus on helping you grow thriving businesses and building tools and resources to help you reach and engage more users in more places, whilst ensuring a safe and secure ecosystem. Looking to 2019, we are excited about all the things to come and seeing more developers adopt new features and update to Android P.

In the meantime let's share some of the 2018 highlights on Google Play and Android:

Building for the future

Along with Android P we have continued to help the Android developer ecosystem, launching Android Jetpack, the latest Android Studio, and Kotlin support. Developers are also now able to add rich and dynamic UI templates with Slices in places such as Google Search and Assistant, APIs for new screens support, and much more. Discover the latest from Android 9, API Level 28.

Smaller apps have higher conversion rates and our research shows that a large app size is a key driver of uninstalls. At I/O we launched a new publishing format, the Android App Bundle, helping developers to deliver smaller and more efficient apps with a simplified release process, and with features on demand - saving on average 35% in download size! On devices using Android M and above, app bundles can reduce app size even further, by automatically supporting uncompressed native libraries, thereby eliminating duplication on devices.

You can build app bundles in the Android Studio 3.2 stable release and in Unity 2018.3 beta, and upload larger bundles with installed APK sizes of up to 500MB without using expansion files, through an early access feature soon to be available to all developers.

Richer experiences and discovery

Discovery of your apps and games is important, so we launched Google Play Instant and increased the size limit to 10MB to enable TRY NOW on the Play Store, and removed the URL requirement for Instant apps. Android Studio 3.3 beta release, lets you publish a single app bundle and classify it or a particular module to be instant enabled (without maintaining separate code).

For game developers, Unity introduced the Google Play Instant plug-in and instant app support is built into the new Cocos Creator. Our app pre-registration program, has seen nearly 250 million app pre-registrations, helping drive app downloads through richer discovery.

Optimizing for quality and performance

Android vitals are now more actionable, with a dashboard highlighting core vitals, peer benchmarks, start-up time and permission denials vitals, anomaly detection and alerts, and linking pre-launch reports - all so that you can better optimize and prioritize issues for improved quality and performance.

There are more opportunities to get feedback and fix issues before launch. The Google Play Console expanded the functionality of automated device testing with a pre-launch report for games, and the launch of the internal and closed test tracks lets you push your app to up to 100 internal testers, before releasing them to production.

Insights for your business, now and in the long term

Metrics are critical to optimize your business and we've added new customizable tools in the Play Console, with downloadable reports to help you evaluate core metrics. Including cumulative data, 30-day rolling averages, and roll-ups for different time periods to better match the cadence of your business.

You can now configure the statistics report to show how your instant apps are performing, analyze different dimensions and identify how many install the final app on their device. The acquisition report shows users discovery journey through to conversion - with average revenue per user and retention benchmarks against similar apps. You can also find the best performing search terms for your store listing with organic breakdown - helping to optimize efforts to grow and retain a valuable audience.

Increasingly developers are adopting subscriptions as their core monetization model. The dedicated new subscriptions center means you can easily change subscription prices, offer partial refunds for in-app products and subscriptions, and also make plan changes in Play Billing Library version 1.2. Learn how to keep subscribers engaged; users can pause plans, giving you more control with order management and the cancellation survey.

Discover how to use all the new features and best practices on the Academy for App Success, our interactive free e-learning platform, offering bite-sized courses that help you make the most of Play Console and improve your app quality.

Make sure you follow @googleplaydev and sign up to our newsletter to stay ahead of all our updates in 2019! We hope these features and tools will enable us to continue a successful partnership with you in the New Year - follow our countdown for a daily highlight. From all of us at Google Play - happy holidays.

How useful did you find this blog post?

18 Dec 2018 6:38pm GMT

Posted by Fei Ye, Software Engineer and Kazushi Nagayama, Ninja Spamologist

Google Play ratings and reviews are extremely important in helping users decide which apps to install. Unfortunately, fake and misleading reviews can undermine users' trust in those ratings. User trust is a top priority for us at Google Play, and we are continuously working to make sure that the ratings and reviews shown in our store are not being manipulated.

There are various ways in which ratings and reviews may violate our developer guidelines:

• Bad content: Reviews that are profane, hateful, or off-topic.
• Fake ratings: Ratings and reviews meant to manipulate an app's average rating or top reviews. We've seen different approaches to manipulate the average rating; from 5-star attacks to positively boost an app's average rating, to 1-star attacks to influence it negatively.
• Incentivized ratings: Ratings and reviews given by real humans in exchange for money or valuable items.

When we see these, we take action on the app itself, as well as the review or rating in question.

In 2018, the Google Play Trust & Safety teams deployed a system that combines human intelligence with machine learning to detect and enforce policy violations in ratings and reviews. A team of engineers and analysts closely monitor and study suspicious activities in Play's ratings and reviews, and improve the model's precision and recall on a regular basis. We also regularly ask skilled reviewers to check the decisions made by our models for quality assurance.

It's a big job. To give you a sense of the volume we manage, here are some numbers from a recent week:

• Millions of reviews and ratings detected and removed from the Play Store.
• Thousands of bad apps identified due to suspicious reviews and rating activities on them.

Our team can do a lot, but we need your help to keep Google Play a safe and trusted place for apps and games.

If you're a developer, you can help us by doing the following:

• Don't buy fake or incentivized ratings.
• Don't run campaigns, in-app or otherwise, like "Give us 5 stars and we'll give you this in-app item!" That counts as incentivized ratings, and it's prohibited by policy.
• Do read the Google Play Developer Policy to make sure you are not inadvertently making violations.

Example of a violation: incentivized ratings is not allowed

If you're a user, you can follow these simple guidelines as well:

• Don't accept or receive money or goods (even virtual ones) in exchange for reviews and ratings.
• Don't use profanity to criticize an app or game; keep your feedback constructive.
• Don't post gibberish, hateful, sexual, profane or off-topic reviews; they simply aren't allowed.
• Do read the comment posting policy. It's pretty concise and talks about all the things you should consider when posting a review to the public.

Finally, if you find bad ratings and reviews on Google Play, help us improve by sending your feedback! Users can mark the review as "Spam" and developers can submit feedback through the Play Console.

Tooltip to flag the review as Spam.

Thanks for helping us keep Google Play a safe and trusted place to discover some of the world's best apps and games.

How useful did you find this blog post?

★ ★ ★ ★ ★

17 Dec 2018 8:39pm GMT

Posted by Jeff Bailey, AOSP Team

AOSP has been around for more than 10 years and visibility into the project has often been restricted to the Android Team and Partners. A lot of that has been rooted in business needs: we want to have fun things to show off at launches and the code wasn't factored in a way that let us do more in the open.

At the Android Developer Summit last month, we demoed GSI running on a number of partner devices, enabled through Project Treble. The work done to make that happen has provided the separation needed, and has also made it easier to work with our partners to upstream fixes for Android into AOSP. As a result of this, more than 40% of the commits to our git repository came in through our open source tree in Q3 of this year.

Publishing Android's Continuous Integration Dashboard

In order to support the developers working directly in AOSP and our partners upstreaming changes, we have enabled more than 8000 tests in presubmit -- tests that are run before the code is checked in -- and are working to add other continuous testing like the Compatibility Test Suite which ensures that our AOSP trees are in a continuously releasable state. Today we are excited to open this up for you through https://ci.android.com/.

On this dashboard, across the top are the targets that we are building, down the left are the revisions. As we add more targets (such as GSI), they will appear here. Each square in the table provides access to the build artifacts. An anchor on the left provides a permanent URL for that revision. Find out more at https://source.android.com/setup/build/dashboard.

Our DroidCop team (similar to Chromium's Tree Sherrifs) watches this dashboard and works with developers to ensure the health of the tree. This is just the start for us and we are building on this tool to add more in the coming months.

I'd like to thank the Android Engineering Productivity Team for embracing this and I'm excited for us to take this step! I'd love to hear how you use this. Contact me at @jeffbaileyaosp on Twitter, jeffbailey+aosp@google.com, or tag /u/jeffbailey in a post to reddit.com/r/androiddev.

14 Dec 2018 6:00pm GMT

This blogpost is a collaboration between Google and Twitter. Authored by Jingwei Hao with support from César Puerta, Fred Lohner from Twitter, and developed with Jingyu Shi from Google.

Push notifications are an important way to keep Twitter users informed about what's happening. However, they can be a significant and often overlooked source of battery drain. For example: high priority notifications can wake a phone from Doze, and fetching data upon push notification delivery via the network can drain the battery quickly.

As app developers at Twitter, we know that battery life is an important aspect of the mobile experience for our users. Over time we've taken several steps to optimize our app to work with the power saving features, particularly around push notifications. In this article, we'll share what we did to save battery life on our users' devices in the hope this will help other developers optimize their apps as well.

Firebase Cloud Messaging migration

Earlier this year, we upgraded our notifications messaging library to the next evolution of GCM: Firebase Cloud Messaging (FCM). This gave us the ability to use the latest APIs and get access to the additional features Firebase has to offer.

This was a very unique migration for us for multiple reasons:

• Push notifications are an important part of Twitter's mobile engagement strategy. Notifications help our users stay informed and connected with the world, and helped a man get his nuggs. Therefore, we couldn't afford having unreliable delivery of notifications during and after the migration, which would negatively impact the platform.
• Since it's not possible to support both GCM and FCM in the application, we were not able to use typical A/B testing techniques during the migration.

We mitigated the risks by thoroughly testing across dogfood, alpha, and beta users for both migration and rollback paths, with real time metrics monitoring, and a staged app roll out. During the migration, we were pleased to find that replacing GCM with FCM worked smoothly in all our use cases.

Migrating to FCM proved valuable to us when testing against the power saving features on Android. With APIs like: getPriority() and getOriginalPriority(), FCM gave us insight into if the priority of FCM messages are downgraded.

Set the right FCM message priority

On the backend at Twitter, we always try to make sure that notifications are assigned with the appropriate priority, making sure that high priority FCM messages are only used to generate a user visible notification. In fact, a very small fraction of notifications we send are classified as high priority.

App Standby Buckets was introduced in Android 9 Pie, this feature impose restrictions on the number of high priority messages the app will receive based on which bucket the app belongs to. As a result, high priority messages should be reserved for the notifications users are more likely to interact with. Using high priority FCM messages for actions which do not involve user interactions can lead to negative consequences, for example: once an app exhausts its app standby bucket quota, the following genuinely urgent FCM messages will be downgraded to normal priority and delayed when device is in Doze.

To understand how our app performs with App Standby Buckets, we gathered statistics on the notification priorities at both send and delivery time for the Twitter App:

• During our test, we observed that none of the high priority FCM messages were downgraded, especially for the 2% of devices which are bucketed in the frequent or lower bucket when the notifications are delivered. This is particularly worth noting since the system could potentially impose restrictions on high priority FCM messages for devices in low active buckets.
• 86% of the devices were bucketed in the active bucket when high priority FCM messages are delivered. This is another positive signal that our priority assignment of the messages is consistent with the use pattern from the users.

This was very encouraging to see, as it means all users would receive the important notifications without any delay, and this is true no matter the app is considered active or not by the Android system. This also confirms that we are correctly categorizing high priority FCM messages based on our users usage engagement patterns.

Avoid follow-up data prefetch for notifications

Prefetching data is a popular practice to enrich the user experience around notifications. This entails including a piece of metadata within the payload of a notification. When the notification is delivered, the app leverages the payload data to start one or multiple network calls to download more data before the rendering of the notification. FCM payload has a 4KB max limit, and when more data is needed to create rich notifications, this prefetch practice is used. But doing this has a trade-off, and will increase both device power consumption and notification latency. At Twitter, among all the types of notifications we push to our users, there's only one type which does prefetching which makes up to less than 1% of the volume. In addition, in the cases where data prefetching for notification is unavoidable, it should be scheduled with JobScheduler or WorkManager tasks in order to avoid issues with the background execution limits in Oreo+.

Create notification channels

In addition, Notification Channels were introduced in the Android 8 Oreo release. We designed the importance level of the channels with multiple factors in mind, user experience being the most important and power-saving being another. Currently, Twitter for Android has nine notification channels, among which only direct messaging, emergency, and security are designed as high importance, leaving most of the channels with a lower importance level, making it less intrusive.

Summary

We set out to improve our user experience by migrating to FCM, prioritizing notifications cautiously, limiting prefetching, and carefully designing notification channels. We were glad to find that these changes had a positive impact on battery performance and enabled our app to take advantage of the power-saving features introduced in recent versions of Android.

Designing for power optimization in a large evolving application is a complex and ongoing process, particularly as the Android platform grows and provides more granular controls. At Twitter we strongly believe in continuous refinement to improve application performance and resource consumption. We hope this discussion is useful in your own quest to optimize your app's performance and use of resources 💙

14 Dec 2018 1:05am GMT

Posted by Lilian Young and Shawn Willden, Android Security; and Frank Salim, Google Pay

New Android Pie Keystore Features

The Android Keystore provides application developers with a set of cryptographic tools that are designed to secure their users' data. Keystore moves the cryptographic primitives available in software libraries out of the Android OS and into secure hardware. Keys are protected and used only within the secure hardware to protect application secrets from various forms of attacks. Keystore gives applications the ability to specify restrictions on how and when the keys can be used.

Android Pie introduces new capabilities to Keystore. We will be discussing two of these new capabilities in this post. The first enables restrictions on key use so as to protect sensitive information. The second facilitates secure key use while protecting key material from the application or operating system.

Keyguard-bound keys

There are times when a mobile application receives data but doesn't need to immediately access it if the user is not currently using the device. Sensitive information sent to an application while the device screen is locked must remain secure until the user wants access to it. Android Pie addresses this by introducing keyguard-bound cryptographic keys. When the screen is locked, these keys can be used in encryption or verification operations, but are unavailable for decryption or signing. If the device is currently locked with a PIN, pattern, or password, any attempt to use these keys will result in an invalid operation. Keyguard-bound keys protect the user's data while the device is locked, and only available when the user needs it.

Keyguard binding and authentication binding both function in similar ways, except with one important difference. Keyguard binding ties the availability of keys directly to the screen lock state while authentication binding uses a constant timeout. With keyguard binding, the keys become unavailable as soon as the device is locked and are only made available again when the user unlocks the device.

It is worth noting that keyguard binding is enforced by the operating system, not the secure hardware. This is because the secure hardware has no way to know when the screen is locked. Hardware-enforced Android Keystore protection features like authentication binding, can be combined with keyguard binding for a higher level of security. Furthermore, since keyguard binding is an operating system feature, it's available to any device running Android Pie.

Keys for any algorithm supported by the device can be keyguard-bound. To generate or import a key as keyguard-bound, call setUnlockedDeviceRequired(true) on the KeyGenParameterSpec or KeyProtection builder object at key generation or import.

Secure Key Import

Secure Key Import is a new feature in Android Pie that allows applications to provision existing keys into Keystore in a more secure manner. The origin of the key, a remote server that could be sitting in an on-premise data center or in the cloud, encrypts the secure key using a public wrapping key from the user's device. The encrypted key in the SecureKeyWrapper format, which also contains a description of the ways the imported key is allowed to be used, can only be decrypted in the Keystore hardware belonging to the specific device that generated the wrapping key. Keys are encrypted in transit and remain opaque to the application and operating system, meaning they're only available inside the secure hardware into which they are imported.

Secure Key Import is useful in scenarios where an application intends to share a secret key with an Android device, but wants to prevent the key from being intercepted or from leaving the device. Google Pay uses Secure Key Import to provision some keys on Pixel 3 phones, to prevent the keys from being intercepted or extracted from memory. There are also a variety of enterprise use cases such as S/MIME encryption keys being recovered from a Certificate Authorities escrow so that the same key can be used to decrypt emails on multiple devices.

To take advantage of this feature, please review this training article. Please note that Secure Key Import is a secure hardware feature, and is therefore only available on select Android Pie devices. To find out if the device supports it, applications can generate a KeyPair with PURPOSE_WRAP_KEY.

12 Dec 2018 6:39pm GMT

Posted by Keith Smyth

This is the fourth in a series of blog posts in which outline strategies and guidance in Android with regard to power.

A process is not forever

Android is a mobile operating system designed to work with constrained memory and battery. For this reason, a typical Android application can have its process killed by the system to recover memory. The process being killed is chosen based on a ranking system of how important that process is to the user at the time. Here, in descending order, is the ranking of each class of process. The higher the rank, the less likely that process is to be killed.

The foreground service

There is nothing wrong with becoming a cached app: Sharing the user's device is part of the lifecycle that every app developer must accept to keep a happy ecosystem. On a device with a dead battery, 100% of the apps go unused. And an app blamed for killing the battery could even be uninstalled.

However, there are valid scenarios to promote your app to the foreground: The prerequisites for using a foreground service are that your app is executing a task that is immediate, important (must complete), is perceptible to the user (most often because it was started by the user), and must have a well defined start and finish. If a task in your app meets these criteria, then it can be promoted to the foreground until the task is complete.

There are some guidelines around creating and managing foreground services. For all API levels, a persistent notification with at least PRIORITY_LOW must be shown while the service is created. When targeting API 26+ you will also need to set the notification channel to at least IMPORTANCE_LOW. The notification must have a way for the user to cancel the work, this cancellation can be tied to the action itself: for example, stopping a music track can also stop the music-playback service. Last, the title and description of the foreground service notification must show an accurate description of what the foreground service is doing.

To read more about foreground services, including several important updates in recent releases, see Running a service in the foreground

Foreground service use cases

Some good example usages of foreground services are playing music, completing a purchase transaction, high-accuracy location tracking for exercise, and logging sensor data for sleep. The user will initiate all of these activities, they must happen immediately, have an explicit beginning and end, and all can be cancelled by the user at any time.

Another good use case for a foreground service is to ensure that critical, immediate tasks (e.g. saving a photo, sending a message, processing a purchase) are completed if the user switches away from the application and starts a new one. If the device is under high memory pressure it could kill the previous app while it is still processing causing data loss or unexpected behavior. An elegantly written app will detect being backgrounded and respond by promoting its short, critical task to the foreground to complete.

If you feel you need your foreground service to stay alive permanently, then this is an indicator that a foreground service is not the right answer. Many alternatives exist to both meet the requirements of your use case, and be the most efficient with power.

Alternatives

Passive location tracking is a bad use case for foreground services. If the user has consented to being tracked, use the FusedLocationProvider API to receive bundled location updates at longer intervals, or use the geofencing API to be efficiently notified when a user enters or leaves a specified area. Read more about how to optimize location for battery.

If you wish to pair with a Bluetooth companion device, use CompanionDeviceManager. For reconnecting to the device, BluetoothLeScanner has a startScan method that takes a PendingIntent that will fire when a narrow filter is met.

If your app has work that must be done, but does not have to happen immediately: WorkManager or JobScheduler will schedule the work for the best time for the entire system. If the work must be started immediately, but then can stop if the user stops using the app, we recommend ThreadPools or Kotlin Coroutines.

DownloadManager facilitates handling long running downloads in the background. It will even handle retries over poor connections and system reboots for you.

If you believe you have a use case that isn't handled let us know!

Conclusion

Used correctly, the foreground service is a great way to tell Android that your app is doing something important to the user. Making the right decision on which tool to use remains the best way to provide a premium experience on Android for all users. Use the community and Google to help with these important decisions, and always respect the user first.

11 Dec 2018 10:35pm GMT

From the developer of Meganoid and Stardash comes a new action arcade game: INC! http://www.youtube.com/watch?v=9j5OEG-3RyM Get it from the...

10 Nov 2011 9:31am GMT

More than 1000 broadcast cameras for you online - the most incendiary models in Russia. 1000 girls, 1000, the temptations, 1000, full of desire - all...

10 Nov 2011 7:48am GMT

Hi Friends I decided to work with a tab layout application. Program consist of 3 tabs and a button. I like to place the button below the tab. ...

10 Nov 2011 5:20am GMT

*1-) Spectrum ICS * Image: http://i.imgur.com/IjE5B.jpg *2-) Alien Shapes* Image: http://i.imgur.com/7hQHA.jpg

10 Nov 2011 12:50am GMT

Hey all, New to this site and Android. I'm a 50 year old fireman who has resisted the newest tech gadgets but am wanting a tablet for use at home....

09 Nov 2011 10:33pm GMT

Island Fortress is a free physics based puzzle/construction game where player has to defend the treasure from the pirate's cannonballs....

09 Nov 2011 8:42pm GMT

I have a question about using an unlock code with an HTC T-Mobile MyTouch 3G. So I got the phone from a guy on Craigslist, and I have AT&T. In order...

09 Nov 2011 8:28pm GMT

Free Mini-Bubbles Android Market Link: https://market.android.com/details?id=br.com.dotfive.minibubbles Pop the most bubbles you can within...

09 Nov 2011 6:39pm GMT

Well now a days we are seeing new tablets coming every day and we see new upcoming tablets leaks too! It's difficult to choose best one which works...

09 Nov 2011 4:15pm GMT

Hello, I need unlock code for telephone my touch 3g tmobile. thanks

09 Nov 2011 2:56pm GMT