The black version of the Android-powered Nokia 6 has been available for a couple of weeks now in the US, but if silver smartphones are more your speed, then you should be happy now that this variant is finally available for pre-orders on Amazon. It will be shipped for you in 1-3 weeks but if […]

27 Jul 2017 12:40am GMT

The Nintendo Switch is one of those novel console ideas from the Japanese gaming giant, although truth be told, the jury is still out if it's a certified hit or not. What it has, though, is some nifty wireless controllers called Joy-Cons, which you can use either connected or separate from your Switch console. Wait, […]

27 Jul 2017 12:00am GMT

Sharp may not be the top name in the mobile game but it still is popular in Japan. The last smartphone from the brand we featured was the AQUOS R released back in April, loaded with 4GB RAM and a powerful Snapdragon 835 processor. There was also the mid-range Sharp Z3 which was launched in Taiwan […]

26 Jul 2017 11:20pm GMT

The Nova Launcher has been around for over five years now and it's one of the many reliable app launchers that are regularly updated. The last update we noted was Google Now being added to older Lollipop devices. A stable version with first Android O look was already released as the 5.2 beta and over […]

26 Jul 2017 10:40pm GMT

Professional screenplay writer? Achieve your best work with the number one selling Final Draft 10, available now at 40% off the regular retail price. Final Draft 10 is the first and last word in professional screenplay writing software. It offers a host of handy features, such as script templates and collaboration tools, that lets writers […]

26 Jul 2017 10:00pm GMT

It seems like everyone and their brother want to get into the growing smart speaker market, a market that is expected to grow to $5.5 billion by 2022. We've seen Amazon dominate with their Echo devices and Google trying to challenge that with Google Home. We've heard rumors about others as well like Microsoft, Samsung, […]

26 Jul 2017 9:20pm GMT

Summer isn't over yet. You still have a few more weeks to go to the beach or lounge by the pool before Fall begins and Winter looms. We're pretty sure you still won't leave behind your gadgets because you can't part especially with your smartphone. We know that not all mobile devices are water-resistant but […]

26 Jul 2017 8:40pm GMT

If a once thriving app suddenly starts releasing updates, you can safely assume that something is up. And when half your team but not the product itself is acquired by another company, then expect a major shakeup soon. Well it's been more than a year and now we know the future of once popular virtual […]

26 Jul 2017 8:00pm GMT

Posted by Megan Ruthven Android Security, Ken Bodzak Threat Analysis Group, Neel Mehta Threat Analysis Group

Android Security is always developing new ways of using data to find and block potentially harmful apps (PHAs) from getting onto your devices. Earlier this year, we announced we had blocked Chrysaor targeted spyware, believed to be written by NSO Group, a cyber arms company. In the course of our Chrysaor investigation, we used similar techniques to discover a new and unrelated family of spyware called Lipizzan. Lipizzan's code contains references to a cyber arms company, Equus Technologies.

Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user's email, SMS messages, location, voice calls, and media. We have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total and have blocked the developers and apps from the Android ecosystem. Google Play Protect has notified all affected devices and removed the Lipizzan apps.

We've enhanced Google Play Protect's capabilities to detect the targeted spyware used here and will continue to use this framework to block more targeted spyware. To learn more about the methods Google uses to find targeted mobile spyware like Chrysaor and Lipizzan, attend our BlackHat talk, Fighting Targeted Malware in the Mobile Ecosystem.

How does Lipizzan work?

Getting on a target device

Lipizzan was a sophisticated two stage spyware tool. The first stage found by Google Play Protect was distributed through several channels, including Google Play, and typically impersonated an innocuous-sounding app such as a "Backup" or "Cleaner" app. Upon installation, Lipizzan would download and load a second "license verification" stage, which would survey the infected device and validate certain abort criteria. If given the all-clear, the second stage would then root the device with known exploits and begin to exfiltrate device data to a Command & Control server.

Once implanted on a target device

The Lipizzan second stage was capable of performing and exfiltrating the results of the following tasks:

• Call recording
• VOIP recording
• Recording from the device microphone
• Location monitoring
• Taking screenshots
• Taking photos with the device camera(s)
• Fetching device information and files
• Fetching user information (contacts, call logs, SMS, application-specific data)

The PHA had specific routines to retrieve data from each of the following apps:

We saw all of this behavior on a standalone stage 2 app, com.android.mediaserver (not related to Android MediaServer). This app shared a signing certificate with one of the stage 1 applications, com.app.instantbackup, indicating the same author wrote the two. We could use the following code snippet from the 2nd stage (com.android.mediaserver) to draw ties to the stage 1 applications.

public void uninstallParent() { 
    android.util.Log.d("ApplicationsManager", "Removing parent application!");
    com.android.mediaserver.shell.Shell$SU.run(new StringBuilder().append("").append("echo u:r:system_server:s0 > /proc/$$/attr/current; pm uninstall").append("com.app.instantbackup").toString());
    com.android.mediaserver.shell.Shell$SU.run(new StringBuilder().append("").append("rm -rf /data/data/").append("com.app.instantbackup").toString());
    com.android.mediaserver.shell.Shell$SU.run(new StringBuilder().append("").append("rm -Rf /data/data/").append("com.app.instantbackup").toString());
    return;
}

Morphing first stage

After we blocked the first set of apps on Google Play, new apps were uploaded with a similar format but had a couple of differences.

• The apps changed from 'backup' apps to looking like a "cleaner", "notepad", "sound recorder", and "alarm manager" app. The new apps were uploaded within a week of the takedown, showing that the authors have a method of easily changing the branding of the implant apps.
• The app changed from downloading an unencrypted stage 2 to including stage 2 as an encrypted blob. The new stage 1 would only decrypt and load the 2nd stage if it received an intent with an AES key and IV.

Despite changing the type of app and the method to download stage 2, we were able to catch the new implant apps soon after upload.

How many devices were affected?

There were fewer than 100 devices that checked into Google Play Protect with the apps listed below. That means the family affected only 0.000007% of Android devices. Since we identified Lipizzan, Google Play Protect removed Lipizzan from affected devices and actively blocks installs on new devices.

What can you do to protect yourself?

• Ensure you are opted into Google Play Protect.
• Exclusively use the Google Play store. The chance you will install a PHA is much lower on Google Play than using other install mechanisms.
• Keep "unknown sources" disabled while not using it.
• Keep your phone patched to the latest Android security update.

List of samples

1st stage

Older version

Newer version

Standalone 2nd stage

26 Jul 2017 8:00pm GMT

Bandai Namco has their long-running "Tales" series, and they've just released a new game under that banner to the Play Store. It's called "Tales of the Rays" and as per usual, this is another RPG that you can sink your Android gaming teeth into. The question we ask: is this game worth the effort? Or […]

26 Jul 2017 7:20pm GMT

If you are a big user of SMS messaging and also spend lots of time working on a computer, then you likely appreciate the ability to send and receive messages on the desktop and having threads stay synced across devices. This is one of the big reasons so many people gripe about an app like […]

Come comment on this article: Google may be adding SMS notifications to Chrome OS desktop

26 Jul 2017 7:02pm GMT

In a bid to make app updates for these apps more regular, OnePlus has followed the example of Google and Samsung by putting up their proprietary apps on the Google Play Store. These include the Weather, Gallery, Community, and Launcher apps that are normally included in your stock OxygenOS interface when you get your OnePlus […]

26 Jul 2017 6:40pm GMT

AutoTools was released by "joaomgcd" last year as another plug-in to his already powerful Tasker automation app. AutoTools gave you more toggles and tweaks that you can do to certain system settings. Now the developer is releasing AutoTools 2.0, and you'll probably like what he has in store for all of you Tasker fans out […]

26 Jul 2017 6:00pm GMT

During the recent Google I/O, one thing that Google revealed is that they have a lot of plans for their Daydream Virtual Reality headset and to have a lot of Android smartphones that are Daydream VR-ready. Samsung and Verizon are now rolling out an update for the Galaxy S8 and Galaxy S8+ that includes support […]

26 Jul 2017 5:20pm GMT

Ditch the wires! Get wireless earbuds. And, on Talk Android Deals, we know exactly the pair to pick up. Built-in mic allows you to accept calls w/ a touch May be used as a single earpiece or as a pair Passive noise cancellation & HD sound deliver rock-solid bass & super-crisp treble Support multi-device connection […]

Come comment on this article: [TA Deals] These wireless earbuds are $33 for a limited time (83% off)

26 Jul 2017 4:50pm GMT

The USB 3.0 Promoter Group has announced an update to the USB 3.0 specification - enter USB 3.2. When the USB Type-C cables were designed, they were supposed to work in multi-lane operations. With the new USB 3.2 spec, this is finally going to be a reality and should show a marked performance increase from […]

26 Jul 2017 4:40pm GMT

The fact that Google Daydream - Android's virtual reality (VR) platform - is almost a year old now, you would expect Google to put its efforts into making the platform available on more devices. The fact is, the search giant is very much concerned about the quality of the VR experience users will have, which […]

26 Jul 2017 4:00pm GMT

The Moto Z2 Play is here, and it's slimmer than before. But that's not a problem. Lenovo has proved, despite reducing the size of the battery to achieve a thinner design, it's primary unlocked phone for 2017 can still go the distance for most. Lenovo started 2016 with the Moto Z family, marking the first […]

Come comment on this article: Moto Z2 Play review: Shrinking the battery hasn't hurt too bad

26 Jul 2017 3:42pm GMT

Joining the ranks of Google Home and the Amazon Echo, here's Xiaomi with the new Mi AI Speaker. Apart from the new MIUI 9 and the Mi 5X, the Taiwanese tech giant also launched a new smart speaker than can very well rival the other models available in the market. We know those from Google […]

26 Jul 2017 3:30pm GMT

As promised, the Xiaomi MI 5X was officially announced together with new MIUI 9 and a slew of other products. For now, we'll focus our attention on this new smartphone that joins the Mi 5, MI 5S, Mi 5S Plus, and of course, the Mi 6. We're curious to know how it this different not […]

26 Jul 2017 3:00pm GMT

It was always pretty odd that Waze wasn't available for Android Auto considering Google owns both of those of those products, but that wait is finally over. Waze has announced full Android Auto integration with the latest version of their mobile app. Using it is pretty simple, as long as you have a car with […]

Come comment on this article: Waze officially comes to Android Auto

26 Jul 2017 2:40pm GMT

There are signs that OnePlus may be getting the hang of this smartphone manufacturing lark, and moving on from the image of being a brash upstart of a company. With the discovery some OnePlus 5 units were rebooting when users dialed 911, the company responded as you would have hoped by rolling out a hotfix […]

Come comment on this article: OnePlus explains why some OnePlus 5's rebooted when dialing 911

26 Jul 2017 2:00pm GMT

If you have ever traded messages with someone using your smartphone - which is basically everyone - you have probably run into a problem where someone sends you an emoji that just displays as a blank box or a box with an X through it. This happens due to incompatibilities with fonts supported by an […]

Come comment on this article: Google releasing new Emoji compatibility library

26 Jul 2017 1:17pm GMT

With about three months to go until the expected launch of the next generation Pixel phones, some new renders have surfaced for both devices based on CAD files floating around for aftermarket vendors. The renders were supplied by Twitter user Steve H, aka @OnLeaks, who has provided similar renders of upcoming devices in the past, […]

Come comment on this article: Google Pixel 2 and Pixel XL 2 CAD-based renders surface

26 Jul 2017 12:52pm GMT

Looking for a new phone at a discount? Check out HTC's 10 and U Ultra, which are participating in the Summer Sunset Sale. These are all of the deals: HTC 10 for $399 ($300 off) HTC U Ultra for $499 ($250 off) UA HealthBox for $219 ($181 off) If you have an older HTC device, […]

Come comment on this article: [Deal] Take $250+ off the HTC 10 and U Ultra for a limited time

25 Jul 2017 7:25pm GMT

Posted by Michael Amygdalidis, Stephan Linzner and Nick Korostelev from the Mobile-Ninjas team at Google

We're pleased to announce the version 1.0 release of the Android Testing Support Library (ATSL).

ATSL version 1.0 is a major update to our existing testing APIs and comes with lots of new features, improved performance, stability, and bug fixes. It provides full API parity with the now deprecated Android platform testing APIs. This release also adds a number of features that we discussed in our Google I/O 2017 talk, such as native support for Multiprocess Espresso and the Android Test Orchestrator.

We are also happy to announce that, starting with version 1.0, we're distributing releases on Google's Maven repository, which makes it a lot easier to use ATSL in your builds. To learn more about using this repository, see the getting started with the Google Maven repository guide. Note that we're no longer tying future updates to the testing infrastructure with platform updates. If you have not yet upgraded your tests to ATSL, this is an excellent time.

Finally, we want to announce a big update to our Android testing documentation. We've migrated our old testing documentation from our GitHub website to developers.android.com/testing. All the testing documentation now appears in a single place, making it even easier to learn how to write and execute tests on Android.

Let's move on to the fun part of this post, an overview of new APIs and tools that we're providing in this release.

Espresso Improvements

Espresso 3.0.0 comes with amazing new features and improved overall performance. Some of the highlights include: Multiprocess Espresso, Idling Registry and new Idling Resources. Let's dive in and have a more detailed look at these new features:

Multiprocess Espresso

Starting with Android O, the platform includes support for instrumenting tests outside of your app's default process. (Prior to Android O, you could only test against app components in your app's default process.) Multiprocess Espresso makes this support possible. It allows you to seamlessly test your app's UI interactions that cross process boundaries while still maintaining Espresso's synchronization guarantees.

The good news is that Espresso does all the work; you don't have to change anything for setups with UI in multiple processes. You can keep writing your Espresso tests like you would for single process apps, and Espresso automatically handles the process IPC and synchronization between processes.

The following diagram shows how multiple instances of Espresso communicate with each other:

If you want to learn more about Multiprocess Espresso and how to use it, please take a look at our documentation and our Multiprocess sample.

Idling Registry

Some apps use build flavors in Gradle or a dependency injection framework, like Dagger, to generate test build configurations that register idling resources. Others simply expose the idling resource through their activities. The problem with all these approaches is that they add complexity to your development workflow, and some of them even break encapsulation. With the latest release of Espresso, we've made it easier to register idling resources from within your app code by introducing the new IdlingRegistry API. IdlingRegistry is a lightweight registry that doesn't bring in the entire Espresso library, so you can more easily register resources from your application code. When combining this API with Multiprocess Espresso, you can register idling resources from any process within your application code.

Registration from the Espresso class is now deprecated.

Idling Resources

Writing custom idling resources can be time consuming, so Espresso 3.0.0 now comes with more idling resources out of the box to synchronize your threads. The new resources include: IdlingThreadPoolExecutor and IdlingScheduledThreadPoolExecutor. There will be more to come!

To take advantage of the new idling resource, add these new dependencies to your build.gradle file:

  androidTestCompile "com.android.support.test.espresso.idling:idling-concurrent:3.0.0"

Additionally, CountingIdlingResource, which was previously deprecated in Espresso contrib, has been removed with this release. Therefore, you need to update your tests to use the new CountingIdlingResource package that's located in Espresso idling resource. For the full migration details, refer to our release notes.

ProviderTestRule

When you test ContentProvider objects, you can now use ProviderTestRule instead of ProviderTestCase2. ProviderTestRule offers an easier way to work with other test rules currently available for AndroidJUnit4.

ProviderTestRule includes APIs for initialization, as well as commands to run against a ContentProvider under test. If your ContentProvider is based off of a SQLite database, you can use the ProviderTestRule commands for setting the database file and initialization commands.

To learn more, see the ProviderTestRule documentation.

Grant Permission Rule

Android M (API level 23) allows apps to request permissions at runtime. However, the dialogs that request runtime permissions place tests in a state where they cannot continue, causing them to fail. By using GrantPermissionRule, you can skip the dialog popups altogether and simulate a user granting a runtime permission for your app.

Android Test Orchestrator

Typically, AndroidJUnitRunner runs all tests in the same instrumentation process, which can cause a number of problems. For example, tests share their state in memory, and if one test crashes, it prevents the remainder of the test suite from running.

Although it's possible to isolate tests by issuing sequential adb commands, this process adds host-side processing load. By using the new Android Test Orchestrator instead, you can achieve test isolation entirely on the device, as shown in this diagram:

Be aware that if your tests require shared state to pass, the orchestrator causes them to fail. This behavior is by design. As of this post, Android Test Orchestrator is in beta and is available for use via the command line. We have integrations planned for Firebase Test Lab and Android Studio, coming soon.

For more information, see the Android Testing Orchestrator developer guide.

AndroidJUnitRunner

AndroidJUnitRunner now includes a number of additional features:

• You can use JUnitParams.
• You can configure class loaders and custom JUnit test filters using the runner arguments

Sometimes you want to test an activity that you create and configure on the fly as part of your test workflow. Now, you can configure MonitoringInstrumentation (and by extension, AndroidJUnitRunner) using an InterceptingActivityFactory. You can create your activity under test with a test-specific configuration without having to rely on compile-time injection.

This overview highlights only some of the most significant changes that we've made to ATSL. They are many more changes that are worth exploring. For the full release details, refer to our release notes.

Last but not least, we want to thank all the developers who contributed features to this release. We also want to thank the Android testing experts on the mobile engineering teams at American Express, Slack and GDE Chiu-Ki Chan for collaborating with us and providing valuable feedback on the pre-release version of Android Testing Support Library.

Happy testing from the ATSL team!

25 Jul 2017 7:21pm GMT

Check out the specs for the Moto Z2 Force, Motorola's 2017 flagship. Visit our Moto Z2 Force hub for more coverage. Come comment on this article: Moto Z2 Force specifications Visit TalkAndroid

Come comment on this article: Moto Z2 Force specifications

25 Jul 2017 6:22pm GMT

New Moto Mods are appearing rapidly this year. The latest, another from Motorola itself, is the Moto 360 Camera. It gives your phone the ability to create 360-degree videos without the need for an external device. Immersive content has never been so popular, and that's why you're seeing compatible hardware brought to mobile devices. Motorola […]

Come comment on this article: If you're willing to pay $300, the Moto 360 Camera will record everything around you

25 Jul 2017 5:27pm GMT

Motorola's 2017 flagship arrived today, and it's succeeding not one but two devices from last year. We saw the Moto Z, Moto Z Force, and Moto Z Play in 2016. Those phones were all solid; however, consumers didn't quite know how to differentiate them. Now Motorola is tweaking the Moto Z family to give each […]

Come comment on this article: Motorola's Moto Z2 Force has an unbreakable display and two rear cameras

25 Jul 2017 5:00pm GMT

Entertainment industry veterans aren't using Microsoft Word to type their scripts. They're using Final Draft 10, and you can also use it even at an amateur level. It's our featured item on Talk Android Deals for today only. As it's featured, there's a special price you won't find elsewhere. Automatically paginates your scripts to Hollywood […]

Come comment on this article: [TA Deals] Take an additional 15% off Final Draft 10

25 Jul 2017 3:35pm GMT

While the number 13 is considered unlucky by some, it's proving to be a lucky number for Sundar Pichai at least, because Alphabet has announced that Google's CEO is set to become its thirteenth board member. Pichai will become the second Google executive on Alphabet's board with Diane Green, the head of Google's cloud division, […]

Come comment on this article: Google's Sundar Pichai becomes the thirteenth member of Alphabet's board

25 Jul 2017 2:30pm GMT

It seems like it was only yesterday that the Galaxy S8 Active leaked in a few photos, confirming the design, software, and some specs about the device. Oh, right, that actually was yesterday. Time for another one! This time, the device is on camera, so you'll get a slightly better look at how it works […]

Come comment on this article: Galaxy S8 Active makes another appearance in leaked video

25 Jul 2017 2:29pm GMT

Maybe you've been avoiding the HTC U11 because of its internal storage. Well, as of today there's no excuse anymore. HTC just added a 128GB model of its 2017 flagship. You're still getting the same U11 as the 64GB model. The difference here is, of course, the larger amount of internal storage. It's merely doubled, […]

Come comment on this article: You can now buy the HTC U11 with 128GB of internal storage

25 Jul 2017 11:30am GMT

Posted by Dave Burke, VP of Engineering

As we put the finishing touches on the Android O platform, today we're rolling out Developer Preview 4 to help you make sure your apps are ready.

This is the final preview before we launch the official Android O platform to consumers later this summer. Take this opportunity to wrap up your testing and publish your updates soon, to give users a smooth transition to Android O.

If you have a device that's enrolled in the Android Beta Program, you'll receive an update to Developer Preview 4 in the next few days. If you haven't enrolled your device yet, just visit the Android Beta site to enroll and get the update.

Watch for more information on the official Android O release soon!

What's in this update?

Developer Preview 4 is a release candidate build of Android O that you can use to complete your development and testing in time for the upcoming official release. It includes the final system behaviors, the latest bug fixes and optimizations, and the final APIs (API level 26) already available since Developer Preview 3.

We're releasing the Developer Preview 4 device system images today, together with the stable version of the Android 26.0.0 Support Library. Incremental updates to the SDK, tools, and Android Emulator system images are on the way over the next few days.

We're also introducing a new version of Android Testing Support Library that includes new features like Android Test Orchestrator, Multiprocess Espresso, and more. Watch for details coming soon.

Test your apps on Android O

Today's Developer Preview 4 system images give you an excellent way to test your current apps on the near-final version of Android O. By testing now, you can make sure your app offers the experience you want as users start to upgrade to the official Android O platform.

Just enroll a supported device in the Android Beta Program to get today's update over-the-air, install your current app from Google Play, and test the user flows. The app should run and look great, and should handle the Android O behavior changes properly -- in particular, pay attention to background location limits, notification channels, and changes in networking, security, and identifiers.

Once you've resolved any issues, publish your app updates with the current targeting level, so that they're available as users start to receive Android O.

Enhance your apps with Android O features and APIs

Users running the latest versions of Android are typically among the most active in terms of downloading apps, consuming content, and making purchases. They're also more vocal about support for the latest Android features in their favorite apps. With Android O, users are anticipating features like notification channels and dots, shortcut pinning, picture-in-picture, autofill, and others. These features could also help increase engagement with your app as more users upgrade to Android O over time.

Enhancing your apps with Android O features can help you drive engagement with users, offer new interactions, give them more control and security, and improve performance. Features like adaptive icons, downloadable fonts, and autosizing TextView can simplify your development and minimize your APK size. Battery is also a top concern for users, so they'll appreciate your app being optimized for background execution limits and other important changes in vital system behavior for O apps.

Visit the O Developer Preview site to learn about all of the new features and APIs and how to build them into your apps.

Speed your development with Android Studio

When you're ready to build for Android O, we recommend updating to the latest version of Android Studio 3.0, available for download from the canary channel. Aside from improved app performance profiling tools, support for the Kotlin programming language, and Gradle build optimizations, Android Studio 3.0 makes it easier to develop with Instant Apps, XML Fonts, Downloadable Fonts, and Adaptive Icons.

We also recommend updating to the stable version of the Android Support Library 26.0.0, available now from Google's Maven repository, and to the latest SDK, tools, and emulator system images, available over the next few days.

You can update your project's compileSdkVersion to API 26 to compile against the official Android O APIs. We also recommend updating your app's targetSdkVersion to API 26 to opt-in and test your app with Android O specific behavior changes. See the migration guide for details on how to setup your environment to build with Android O.

Publish your updates to Google Play

Google Play is open for apps compiled against or targeting API 26. When you're ready, you can publish your APK updates in your alpha, beta, or production channels.

Make sure that your updated app runs well on Android O as well as older versions. We recommend using Google Play's beta testing feature to get early feedback from a small group of users. Then do a staged rollout. We're looking forward to seeing your app updates!

How to get Developer Preview 4

It's simple to get Developer Preview 4 if you haven't already! Just visit android.com/beta and opt-in your eligible phone or tablet. As always, you can also download and flash this update manually. The O Developer Preview is available for Pixel, Pixel XL, Pixel C, Nexus 5X, Nexus 6P, Nexus Player, and the Android Emulator. Enrolled devices will automatically update when we release the official version of Android O.

Thanks for all of your input throughout the preview. Continue to share your feedback and requests, we love it!

24 Jul 2017 5:27pm GMT

03-09 16:39:32.122 15107 15107 I crash_dump32: performing dump of process 14942 (target tid = 14971)
03-09 16:39:32.127 15107 15107 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-09 16:39:32.127 15107 15107 F DEBUG   : Build fingerprint: 'google/sailfish/sailfish:O/OPP1.170223.013/3795621:userdebug/dev-keys'
03-09 16:39:32.127 15107 15107 F DEBUG   : Revision: '0'
03-09 16:39:32.127 15107 15107 F DEBUG   : ABI: 'arm'
03-09 16:39:32.127 15107 15107 F DEBUG   : pid: 14942, tid: 14971, name: WorkHandler  >>> com.redacted <<<
03-09 16:39:32.127 15107 15107 F DEBUG   : signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
03-09 16:39:32.127 15107 15107 F DEBUG   : Cause: seccomp prevented call to disallowed system call 55
03-09 16:39:32.127 15107 15107 F DEBUG   :     r0 00000091  r1 00000007  r2 ccd8c008  r3 00000001
03-09 16:39:32.127 15107 15107 F DEBUG   :     r4 00000000  r5 00000000  r6 00000000  r7 00000037

adb shell setenforce 0 && adb stop && adb start

20 Jul 2017 9:10pm GMT

Posted by Jeff Vander Stoep, Senior Software Engineer, Android Security

Updates are essential for security, but they can be difficult and expensive for device manufacturers. Project Treble is making updates easier by separating the underlying vendor implementation from the core Android framework. This modularization allows platform and vendor-provided components to be updated independently of each other. While easier and faster updates are awesome, Treble's increased modularity is also designed to improve security.

Isolating HALs

A Hardware Abstraction Layer (HAL) provides an interface between device-agnostic code and device-specific hardware implementations. HALs are commonly packaged as shared libraries loaded directly into the process that requires hardware interaction. Security boundaries are enforced at the process level. Therefore, loading the HAL into a process means that the HAL is running in the same security context as the process it's loaded into.

The traditional method of running HALs in-process means that the process needs all the permissions required by each in-process HAL, including direct access to kernel drivers. Likewise, all HALs in a process have access to the same set of permissions as the rest of the process, including permissions required by other in-process HALs. This results in over-privileged processes and HALs that have access to permissions and hardware that they shouldn't.

Moving HALs into their own processes better adheres to the principle of least privilege. This provides two distinct advantages:

1. Each HAL runs in its own sandbox and is permitted access to only the hardware driver it controls and the permissions granted to the process are limited to the permissions required to do its job.
2. Similarly, the process loses access to hardware drivers and other permissions and capabilities needed by the HALs.

Moving HALs into their own processes is great for security, but it comes at the cost of increased IPC overhead between the client process and the HAL. Improvements to the binder driver made IPC between HALs and clients practical. Introducing scatter-gather into binder improves the performance of each transaction by removing the need for the serialization/deserialization steps and reducing the number of copy operations performed on data from three down to one. Android O also introduces binder domains to provide separate communication streams for vendor and platform components. Apps and the Android frameworks continue to use /dev/binder, but vendor-provided components now use /dev/vndbinder. Communication between the platform and vendor components must use /dev/hwbinder. Other means of IPC between platform and vendor are disallowed.

Case study: System Server

Many of the services offered to apps by the core Android OS are provided by the system server. As Android has grown, so has system server's responsibilities and permissions, making it an attractive target for an attacker. As part of project Treble, approximately 20 HALs were moved out of system server, including the HALs for sensors, GPS, fingerprint, Wi-Fi, and more. Previously, a compromise in any of those HALs would gain privileged system permissions, but in Android O, permissions are restricted to the subset needed by the specific HAL.

Case study: media frameworks

Efforts to harden the media stack in Android Nougat continued in Android O. In Nougat, mediaserver was split into multiple components to better adhere to the principle of least privilege, with audio hardware access restricted to audioserver, camera hardware access restricted to cameraserver, and so on. In Android O, most direct hardware access has been entirely removed from the media frameworks. For example HALs for audio, camera, and DRM have been moved out of audioserver, cameraserver, and drmserver respectively.

Reducing and isolating the attack surface of the kernel

The Linux kernel is the primary enforcer of the security model on Android. Attempts to escape sandboxing mechanisms often involve attacking the kernel. An analysis of kernel vulnerabilities on Android showed that they overwhelmingly occurred in and were reached through hardware drivers.

De-privileging system server and the media frameworks is important because they interact directly with installed apps. Removing direct access to hardware drivers makes bugs difficult to reach and adds another layer of defense to Android's security model.

18 Jul 2017 5:00pm GMT

Posted by Martin Pelikan, Giles Hogben, and Ulfar Erlingsson of Google's Security and Privacy team

Mobile apps entertain and assist us, make it easy to communicate with friends and family, and provide tools ranging from maps to electronic wallets. But these apps could also seek more device information than they need to do their job, such as personal data and sensor data from components, like cameras and GPS trackers.

To protect our users and help developers navigate this complex environment, Google analyzes privacy and security signals for each app in Google Play. We then compare that app to other apps with similar features, known as functional peers. Creating peer groups allows us to calibrate our estimates of users' expectations and set adequate boundaries of behaviors that may be considered unsafe or intrusive. This process helps detect apps that collect or send sensitive data without a clear need, and makes it easier for users to find apps that provide the right functionality and respect their privacy. For example, most coloring book apps don't need to know a user's precise location to function and this can be established by analyzing other coloring book apps. By contrast, mapping and navigation apps need to know a user's location, and often require GPS sensor access.

One way to create app peer groups is to create a fixed set of categories and then assign each app into one or more categories, such as tools, productivity, and games. However, fixed categories are too coarse and inflexible to capture and track the many distinctions in the rapidly changing set of mobile apps. Manual curation and maintenance of such categories is also a tedious and error-prone task.

To address this, Google developed a machine-learning algorithm for clustering mobile apps with similar capabilities. Our approach uses deep learning of vector embeddings to identify peer groups of apps with similar functionality, using app metadata, such as text descriptions, and user metrics, such as installs. Then peer groups are used to identify anomalous, potentially harmful signals related to privacy and security, from each app's requested permissions and its observed behaviors. The correlation between different peer groups and their security signals helps different teams at Google decide which apps to promote and determine which apps deserve a more careful look by our security and privacy experts. We also use the result to help app developers improve the privacy and security of their apps.

These techniques build upon earlier ideas, such as using peer groups to analyze privacy-related signals, deep learning for language models to make those peer groups better, and automated data analysis to draw conclusions.

Many teams across Google collaborated to create this algorithm and the surrounding process. Thanks to several, essential team members including Andrew Ahn, Vikas Arora, Hongji Bao, Jun Hong, Nwokedi Idika, Iulia Ion, Suman Jana, Daehwan Kim, Kenny Lim, Jiahui Liu, Sai Teja Peddinti, Sebastian Porst, Gowdy Rajappan, Aaron Rothman, Monir Sharif, Sooel Son, Michael Vrable, and Qiang Yan.

For more information on Google's efforts to detect and fight potentially harmful apps (PHAs) on Android, see Google Android Security Team's Classifications for Potentially Harmful Applications.

References

12 Jul 2017 5:02pm GMT

Posted by Jamil Moledina, Games Strategic Lead, Google Play

Calling all indie developers with fun and creative mobile games: we want to see your latest work! We'll be back with the second Google Play Indie Games Festival taking place in San Francisco on September 23rd.

If you're an indie developer based in the US or Canada and want to submit your game, visit the submission form and enter now through August 6th at 11:59PM PST.

If chosen as one of the 20 Finalists, you could have a chance to demo your game at the event and compete for prizes and bragging rights, to go home as one of the three festival winners!

11 Jul 2017 4:17pm GMT

Posted by Fergus Hurley, Product Manager, Google Play

Poor app performance is something that many users have experienced. Think about that last time you experienced an app crashing, failing to respond, or rendering slowly. Consider your reaction when checking the battery usage on your own device, and seeing an app using excessive battery. When an app performs badly, users notice. In fact, in an internal analysis of app reviews on Google Play, we noticed that half of the 1-star reviews mentioned app stability.

Conversely, people consistently reward the best performing apps with better ratings and reviews. This leads to better rankings on Google Play, which helps increase installs. Not only that, but users stay more engaged, and are willing to spend more time and money.

At Google I/O 2017, we announced the new Android vitals dashboard in the Google Play Console. Android vitals is designed to help you understand and analyze bad app behaviors, so you can improve your app's performance and reap the benefits of better performance.

Android vitals in the Google Play Console

Android vitals helps identify opportunities to improve your app's performance. The dashboards are useful for engineers and business owners alike, offering quick reference performance metrics to monitor your app so you can analyze the data and dedicate the right resources to make improvements.

You'll see the following data collected from Android devices whose users have opted in to automatically share usage and diagnostics data:

• Stability: ANR rate & crash rate
• Render time: slow rendering (16ms) and frozen UI frames (700ms)
• Battery usage: stuck wake locks and excessive wakeups

See how Busuu increased their rating from 4.1☆ to 4.5☆ by focusing on app performance

Learn more about engineering for high performance with tools from Android and Google Play

Read our best practice article on Android vitals to understand the data shown in the dashboards, and how you can improve your app's performance and stability. Watch the I/O session to learn about more tools from Android and Google Play that you can use to identify and fix bad behaviors:

Learn more about other Play Console features, and stay up to date with news and tips to succeed on Google Play, with the Playbook app. Join the beta and install it today.

How useful did you find this blogpost?

10 Jul 2017 4:59pm GMT

Posted by Dave Smith, Developer Advocate for IoT

Android Things makes building connected embedded devices easy by providing the same Android development tools, best-in-class Android framework, and Google APIs that make developers successful on mobile. Since the initial preview launch back in December, the community has turned some amazing ideas into exciting prototypes using the platform.

To empower these makers and developers using Android Things to share and learn from each other, we have partnered with Hackster.io to create a community where aspiring IoT developers can go to showcase their projects and get inspired by the work of others. Hackster.io is a community of 200,000 engineers and developers dedicated to building internet-connected hardware projects. They also seek to educate and challenge members through live workshops and design contests.

We are eager to see the projects that you come up with. More importantly, we're excited to see how your work can inspire other developers to create something great with Android Things. Visit our Hackster.io community to see the amazing projects others have already built and join the community today!

Android Things Webinar

We will be hosting a webinar in cooperation with Hackster.io on July 7th, 2017 at 10AM PST titled Bootstrapping IoT Products with Android Things. During this time, you will learn how we have designed Android Things to address many of the pain points experienced by developers attempting to build IoT products. You will also have the opportunity to send in questions you have regarding the platform and ecosystem. Register today to join us for this exciting event!

30 Jun 2017 5:24pm GMT

Posted by Wayne Piekarski, Developer Advocate for IoT

Today we are launching a preview of the Android Things Console. This console allows developers to manage the software running on their fleet of Android Things IoT devices, including creating factory images, as well as updating the operating system and developer-provided APKs. Devices need to run a system image downloaded via the Android Things Console in order to receive future updates, such as the upcoming Developer Preview 5. Google provides all of the infrastructure for over-the-air (OTA) updates, so developers can focus on their specific application and not have to build their own implementation - getting their IoT devices to enter the market faster and more securely than before.

Let's take a tour of the console, and see the features it offers.

Product Creation and Product Settings

The developer first defines a product, which includes selecting a name and the type of System-on-Module (SoM) that the device is based on. Many developers want to use Google Play Services when building IoT devices, and this is configured here as an optional feature. The size of the OEM partition is also configured, and must be large enough to include the size of any future APK growth.

Factory Images

A device needs an initial base firmware to receive future updates for the correct product from your console. For starters, you can simply use "Create Build Configuration" to build a default factory image with an empty bundle that is configured for your product. This factory image can then be downloaded and flashed to your device, and you can start developing on it by sideloading an APK.

Later on, once you have prepared an application that you would like to deploy to all the devices in your product, you can upload a bundle to the console. This bundle is a ZIP file that contains a main APK file, user space drivers as a service in an APK, and any additional APKs launched by the main APK. A bootanimation.zip file is also supported, which will be displayed during boot up. The uploaded bundle ZIP file is then used to produce a complete system image that can be deployed to devices. More information about the bundle ZIP file contents is available in the documentation.

OTA Updates

This tab allows the developer to select which system image should be pushed to the fleet of product devices. The developer selects one, and then "Push to Devices" starts the process. The update will then be securely pushed to all of the devices, installed to one of the A/B partitions, and made active when the device is rebooted. If any failures are detected, the device automatically rolls back to the previous known working version, so future updates are still possible. Developers will be able to test new releases of Android Things in advance and decide whether devices should be updated automatically.

Feedback

The Android Things Console is currently a preview, and we are working on many more features and customizations. We encourage all Android Things developers to check out the Android Things Console and provide feedback. You can do this by filing bug reports and feature requests, and asking any questions on Stack Overflow. To learn more about the Android Things Console, read the detailed documentation. We also encourage everyone to join Google's IoT Developers Community on Google+, a great resource to get updates and discuss ideas.

28 Jun 2017 4:00pm GMT

Posted by Xiaowen Xin and Renu Chaudhary, Android Security Team

The processing of external and untrusted content is often one of the most important functions of an app. A newsreader shows the top news articles and a shopping app displays the catalog of items for sale. This comes with associated risks as the processing of untrusted content is also one of the main ways that an attacker can compromise your app, i.e. by passing you malformed content.

Many apps handle untrusted content using WebView, and we've made many improvements in Android over the years to protect it and your app against compromise. With Android Lollipop, we started delivering WebView as an independent APK, updated every six weeks from the Play store, so that we can get important fixes to users quickly. With the newest WebView, we've added a couple more important security enhancements.

Isolating the renderer process in Android O

Starting with Android O, WebView will have the renderer running in an isolated process separate from the host app, taking advantage of the isolation between processes provided by Android that has been available for other applications.

Similar to Chrome, WebView now provides two levels of isolation:

1. The rendering engine has been split into a separate process. This insulates the host app from bugs or crashes in the renderer process and makes it harder for a malicious website that can exploit the renderer to then exploit the host app.
2. To further contain it, the renderer process is run within an isolated process sandbox that restricts it to a limited set of resources. For example, the rendering engine cannot write to disk or talk to the network on its own.
   
   It is also bound to the same seccomp filter (blogpost on seccomp is coming soon) as used by Chrome on Android. The seccomp filter reduces the number of system calls the renderer process can access and also restricts the allowed arguments to the system calls.

Incorporating Safe Browsing

The newest version of WebView incorporates Google's Safe Browsing protections to detect and warn users about potentially dangerous sites.. When correctly configured, WebView checks URLs against Safe Browsing's malware and phishing database and displays a warning message before users visit a dangerous site. On Chrome, this helpful information is displayed more than 250 million times a month, and now it's available in WebView on Android.

Enabling Safe Browsing

To enable Safe Browsing for all WebViews in your app, add in a manifest tag:

<manifest>
     <meta-data android:name="android.webkit.WebView.EnableSafeBrowsing"
                android:value="true" />
      . . .
     <application> . . . </application>
</manifest>

Because WebView is distributed as a separate APK, Safe Browsing for WebView is available today for devices running Android 5.0 and above. With just one added line in your manifest, you can update your app and improve security for most of your users immediately.

22 Jun 2017 9:29pm GMT

Posted by Maximilian Ruppaner, Software Engineer on Google Play

On June 30, 2017, Google will be ending support for the Android Market app on Android 2.1 Eclair and older devices. When this change happens, users on these devices will no longer be able to access, or install other apps from, the Android Market. The change will happen without a notification on the device, due to technical restrictions in the original Android Market app.

It has been 7 years since Android 2.1 Eclair launched. Most app developers are no longer supporting these Android versions in their apps given these devices now account for only a small number of installs.

We will still be supporting later versions of Android Market for as long as feasible. Google Play, the replacement for Android Market, is available on Android 2.2 and above.

20 Jun 2017 6:00pm GMT

Posted by Ritesh Nayak M, Product Manager

Last year at I/O we launched the Awareness API, a simple yet powerful API that let developers use signals such as Location, Weather, Time and User Activity to build contextually relevant app experiences.

Available via Google Play services, the Awareness API offers two ways to take advantage of context signals within your app. The Snapshot API lets your app request information about the user's current context, while the Fence API lets your app react to changes in user's context, and when it matches a certain set of conditions. For example, "tell me whenever the user is walking and their headphone is plugged in".

Until now, you could specify a time fence on the Awareness APIs but were restricted to using absolute/canonical representation of time. Based on developer feedback, we realized that the flexibility of the API in regards to building time fences did not support higher level abstractions people use when they think and talk about time. "This weekend", "on the next holiday", "after sunset", are all very common and colloquial ways of expressing time. That's why we're adding Semantic time support to these APIs starting today

For e.g., if you were building a fitness app and wanted a way to prompt users everyday morning to start their routine, or if you're a reading app that wants to turn on night mode after dusk; you would have to query a 3p API for sunrise/sunset information at the user location and then write up an Awareness fence with those canonical time values. With our latest update, you can use our TIME_INSTANT_SUNRISE and TIME_INSTANT_SUNSET constants and let the platform manage all the complexity for you.

Let's look at an example. Suppose you're building a fitness app which prompts users on Tuesday, and Thursday around sunrise to begin their morning work out. You can set up this triggering using the following lines of code.

// A sun-state-based fence that is TRUE only on Tuesday and Thursday during Sunrise 
AwarenessFence.and(
    TimeFence.aroundTimeInstant(TimeFence.TIME_INSTANT_SUNRISE,
            -10 * ONE_MINUTE_MILLIS, 5 * ONE_MINUTE_MILLIS),
    AwarenessFence.or(
        TimeFence.inIntervalOfDay(TimeFence.DAY_OF_WEEK_TUESDAY,
                0, ONE_DAY_MILLIS),
        TimeFence.inIntervalOfDay(TimeFence.DAY_OF_WEEK_THURSDAY,
                0, ONE_DAY_MILLIS)));

One of our favorite semantic time features is public holidays. Every country and regions within it have different holidays. Assume you were a local hiking & adventure app that wants to show users activities they can indulge in on a holiday that falls on a Friday or a Monday. You can use a combination of Days and Holiday flags to identify this state for all your users around the world. You can do this with just 3 lines of code and have this work in any part of the world.

// A local-time fence that is TRUE only on public holidays in the
// device locale that fall on Fridays or Mondays.
AwarenessFence.and(
    TimeFence.inTimeInterval(TimeFence.TIME_INTERVAL_HOLIDAY),
    AwarenessFence.or(
        TimeFence.inIntervalOfDay(TimeFence.DAY_OF_WEEK_FRIDAY,
                9 * ONE_HOUR_MILLIS, 11 * ONE_HOUR_MILLIS),
        TimeFence.inIntervalOfDay(TimeFence.DAY_OF_WEEK_MONDAY,
                9 * ONE_HOUR_MILLIS, 11 * ONE_HOUR_MILLIS)));

In both example cases, Awareness does the heavy lifting of localizing time and holidays based on the device locale settings.

We're excited to see what problems you'll solve using this powerful API. Please join our mailing list to get updates about this and other Context APIs at Google.

16 Jun 2017 5:00pm GMT

Posted by Wayne Piekarski, Developer Advocate for IoT

Today, we're releasing a new Developer Preview 4.1 (DP4.1) of Android Things, with updates for new supported hardware and bug fixes to the platform. Android Things is Google's platform to enable Android Developers to create Internet of Things (IoT) devices, and seamlessly scale from prototype to production.

New hardware

A new Pico i.MX6UL revision B board has been released, which supports many common external peripherals from partners such as Adafruit and Pimoroni. There were some prototype Pico i.MX6UL boards made available to some early beta testers, and these are not compatible with DP4.1.

Improvements

DP4.1 also includes some performance improvements since DP4, such as boot time optimizations that improve the startup time of i.MX7D based hardware. This Developer Preview also includes a version of Google Play Services, specifically optimized for IoT devices. This new IoT variant is a lot smaller and optimized for use with Android Things, and requires the use of play-services 11.0.0 or later in your build.gradle. For more information about the supported features in the IoT variant of Google Play Services, see the information page.

Google I/O

Android Things had a large presence at Google I/O this year, with 7 talks covering different aspects of Android Things for developers, and these are available as videos in a playlist for those who could not attend:

What's New In Google's IoT Platform? Ubiquitous Computing at Google

Bringing Device Production to Everyone With Android Things

From Prototype to Production Devices with Android Things

Developing for Android Things Using Android Studio

Security for IoT on Android Things

Using Google Cloud and TensorFlow on Android Things

Building for Enterprise IoT Using Android Things and Google Cloud Platform

Google I/O also had a codelab area, where attendees could sit down and test out Android Things development with some simple guided training guides. These codelabs are available for anyone to try at https://codelabs.developers.google.com/?cat=IoT

Feedback

Thank you to all the developers who submitted feedback for the previous developer previews. Please continue sending us your feedback by filing bug reports and feature requests, and asking any questions on stackoverflow. To download images for DP4.1, visit the Android Things download page and find the changes in the release notes. You can also join Google's IoT Developers Community on Google+, a great resource to get updates and discuss ideas, with over 5,600 members.

15 Jun 2017 4:59pm GMT

Posted by Aaron Stacy, Software Engineer, Google Play services

The 11.0.0 release of the Google Play services SDK includes a new way to access LocationServices. The new APIs do not require your app to manually manage a connection to Google Play services through a GoogleApiClient. This reduces boilerplate and common pitfalls in your app.

Read more below, or head straight to the updated location samples on GitHub.

Why not use GoogleApiClient?

The LocationServices APIs allow you to access device location, set up geofences, prompt the user to enable location on the device and more. In order to access these services, the app must connect to Google Play services, which can involve error-prone connection logic. For example, can you spot the crash in the app below?

Note: we'll assume our app has the ACCESS_FINE_LOCATION permission, which is required to get the user's exact location using the LocationServices APIs.

public class MainActivity extends AppCompatActivity implements
        GoogleApiClient.OnConnectionFailedListener {

  @Override
  public void onCreate(@Nullable Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    GoogleApiClient client = new GoogleApiClient.Builder(this)
        .enableAutoManage(this, this)
        .addApi(LocationServices.API)
        .build();
    client.connect();

    PendingResult result = 
         LocationServices.FusedLocationApi.requestLocationUpdates(
                 client, LocationRequest.create(), pendingIntent);

    result.setResultCallback(new ResultCallback() {
      @Override
      public void onResult(@NonNull Status status) {
        Log.d(TAG, "Result: " + status.getStatusMessage());
      }
    });
  }

  // ...
}

If you pointed to the requestLocationUpdates() call, you're right! That call throws an IllegalStateException, since the GoogleApiClient is has not yet connected. The call to connect() is asynchronous.

While the code above looks like it should work, it's missing a ConnectionCallbacks argument to the GoogleApiClient builder. The call to request location updates should only be made after the onConnected callback has fired:

public class MainActivity extends AppCompatActivity implements 
        GoogleApiClient.OnConnectionFailedListener,
        GoogleApiClient.ConnectionCallbacks {

  private GoogleApiClient client;

  @Override
  protected void onCreate(@Nullable Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    client = new GoogleApiClient.Builder(this)
        .enableAutoManage(this, this)
        .addApi(LocationServices.API)
        .addConnectionCallbacks(this)
        .build();

    client.connect();
  }

  @Override
  public void onConnected(@Nullable Bundle bundle) {
    PendingResult result = 
            LocationServices.FusedLocationApi.requestLocationUpdates(
                    client, LocationRequest.create(), pendingIntent);
    
    result.setResultCallback(new ResultCallback() {
      @Override
      public void onResult(@NonNull Status status) {
        Log.d(TAG, "Result: " + status.getStatusMessage());
      }
    });
  }

  // ...
}

Now the code works, but it's not ideal for a few reasons:

• It would be hard to refactor into shared classes if, for instance, you wanted to access Location Services in multiple activities.
• The app connects optimistically in onCreate even if Location Services are not needed until later (for example, after user input).
• It does not handle the case where the app fails to connect to Google Play services.
• There is a lot of boilerplate connection logic before getting started with location updates.

A better developer experience

The new LocationServices APIs are much simpler and will make your code less error prone. The connection logic is handled automatically, and you only need to attach a single completion listener:

public class MainActivity extends AppCompatActivity {

  @Override
  protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    FusedLocationProviderClient client =
            LocationServices.getFusedLocationProviderClient(this);

    client.requestLocationUpdates(LocationRequest.create(), pendingIntent)
        .addOnCompleteListener(new OnCompleteListener() {
          @Override
          public void onComplete(@NonNull Task task) {
            Log.d("MainActivity", "Result: " + task.getResult());
          }
        });
  }
}

The new API immediately improves the code in a few ways:

• The API calls automatically wait for the service connection to be established, which removes the need to wait for onConnected before making requests.
• It uses the Task API which makes it easier to compose asynchronous operations.
• The code is self-contained and could easily be moved into a shared utility class or similar.
• You don't need to understand the underlying connection process to start coding.

What happened to all of the callbacks?

The new API will automatically resolve certain connection failures for you, so you don't need to write code that for things like prompting the user to update Google Play services. Rather than exposing connection failures globally in the onConnectionFailed method, connection problems will fail the Task with an ApiException:

    client.requestLocationUpdates(LocationRequest.create(), pendingIntent)
        .addOnFailureListener(new OnFailureListener() {
          @Override
          public void onFailure(@NonNull Exception e) {
            if (e instanceof ApiException) {
              Log.w(TAG, ((ApiException) e).getStatusMessage());
            } else {
              Log.w(TAG, e.getMessage());
            }
          }
        });

Try it for yourself

Try the new LocationServices APIs out for yourself in your own app or head over to the android-play-location samples on GitHub and see more examples of how the new clients reduce boilerplate and simplify logic.

14 Jun 2017 5:00pm GMT

Posted by Kacey Fahey, Developer Marketing, Google Play

Every day developers around the world are hard at work creating high quality apps and games on Android. Striving to deliver amazing experiences for an ever growing diverse user base, we've seen a significant increase in the level of polish and quality of apps and games on Google Play.

As part of our efforts to recognize this content on the Play Store, today we're launching Android Excellence. The new collections will showcase apps and games that deliver incredible user experiences on Android, use many of our best practices, and have great design, technical performance, localization, and device optimization.

Android Excellence collections will refresh quarterly and can be found within the revamped Editors' Choice section of the Play Store - which includes app and game reviews curated by our editorial team.

Congrats to our first group of Android Excellence apps and games!

Stay up-to-date on best practices to succeed on Play and get the latest news and videos with the new beta version of our Playbook app for developers.

13 Jun 2017 4:00pm GMT