24 Nov 2017

feedTalkAndroid

Save big on Anker accessories on Black Friday in the UK

While the UK doesn't celebrate Thanksgiving, one U.S. tradition we have adopted in recent years is spending loads of money on Black Friday deals. Whether it's spending online or in store, UK citizens are set to spend more than £2.5 billion on today's sales. To help you in your mission of buying new gadgets at […]


Come comment on this article: Save big on Anker accessories on Black Friday in the UK

Visit TalkAndroid

24 Nov 2017 12:12pm GMT

23 Nov 2017

feedTalkAndroid

[TA Deals] The Treblab X11 headphones are discounted more than 80%

Looking to score a new pair of cheap wireless headphones? You're in luck. Right now, you can pick up the completely wireless Treblab X11 earphones at a heavy discount, ditching the wires from your audio setup without breaking the bank. Built-in mic allows you to accept calls w/ a touch May be used as a single […]


Come comment on this article: [TA Deals] The Treblab X11 headphones are discounted more than 80%

Visit TalkAndroid

23 Nov 2017 7:00pm GMT

[Deal] Pick up some cheap SD cards from Amazon’s Black Friday sales

We know you guys love expandable storage, so we know you'll love some of Amazon's Black Friday deals. Right now you can pick up some heavily discounted Sandisk microSD cards in several sizes, bulking up how many photos and songs you can stuff on your phone. The cheapest is the 32GB for $10, while the […]


Come comment on this article: [Deal] Pick up some cheap SD cards from Amazon's Black Friday sales

Visit TalkAndroid

23 Nov 2017 4:48pm GMT

22 Nov 2017

feedTalkAndroid

[TA Deals] These magnetic Bluetooth FRESHeBUDS headphones are over 80% off

It's never a bad time to buy a nice pair of headphones, whether you're buying them as a gift for someone, you need a backup pair, or you're just looking to replace what you currently have. But it's an excellent time to buy a new pair when you can get a great deal on them, […]


Come comment on this article: [TA Deals] These magnetic Bluetooth FRESHeBUDS headphones are over 80% off

Visit TalkAndroid

22 Nov 2017 8:00pm GMT

Google Play offering up specials all weekend long

For the long holiday weekend in the U.S., Google is offering up a lot of special deals in the Google Play Store. Most of the discounts are available starting today and will run through Cyber Monday on November 27th although a couple offers are scheduled for specific days. One of the leading genres of apps […]


Come comment on this article: Google Play offering up specials all weekend long

Visit TalkAndroid

22 Nov 2017 8:00pm GMT

OnePlus confirms it won’t support Project Treble on any of its current phones – including OnePlus 5T

After its launch on November 16, the OnePlus 5T became available to order yesterday with a discounted Early Bird Bundle. It's surprising that the OnePlus 5T isn't running Android 8.0 Oreo out of the box, especially considering that the handset maker just began rolling out the official Oreo OTA to the OnePlus 3 and 3T […]


Come comment on this article: OnePlus confirms it won't support Project Treble on any of its current phones - including OnePlus 5T

Visit TalkAndroid

22 Nov 2017 7:30pm GMT

We might see a Star Wars themed Galaxy Note 8

Samsung is no stranger to themed hardware. We've seen partnerships with superheroes and the Olympics for some really cool smartphone designs, but this year has more hype for Star Wars than anything. So, of course, that means Samsung wants to deliver a variant of one of their smartphones to cash in on that craze. A […]


Come comment on this article: We might see a Star Wars themed Galaxy Note 8

Visit TalkAndroid

22 Nov 2017 6:30pm GMT

Amazon Alexa Moto Mod review: A decent product in a bulky package

Amazon's Alexa might not be the best digital assistant, but it sure seems to be the most widespread. It doesn't care if you're using Android or iOS, and it works on a wide variety of devices. Android phones, iPhones, Fire TV, Fire Tablets, Echo devices, Sonos One and more. Now we have a Moto Mod […]


Come comment on this article: Amazon Alexa Moto Mod review: A decent product in a bulky package

Visit TalkAndroid

22 Nov 2017 6:13pm GMT

Android Wear v2.6 brings recent apps, download progress indicators, and more

Android Wear 2.0 was supposed to revitalize and kick off the wearable platform thanks to a plethora of new features and partnerships. Alright, well, we all know that didn't happen, but Google's still bringing in new features to hopefully spark something. The latest is version 2.6, and it's got a few useful tricks up its […]


Come comment on this article: Android Wear v2.6 brings recent apps, download progress indicators, and more

Visit TalkAndroid

22 Nov 2017 4:45pm GMT

Mint SIM’s Black Friday promos include free months of service

Mint SIM is running a few Black Friday promos and partnering with Best Buy to get you through the holiday season. There are actually two deals that involve free service, so we'll detail both of those. First up, if you buy your service directly through Mint SIM's website, you'll get an extra three months when […]


Come comment on this article: Mint SIM's Black Friday promos include free months of service

Visit TalkAndroid

22 Nov 2017 4:30pm GMT

Leaked renders show a Galaxy S9 with a replaced fingerprint scanner

When Samsung ditched the physical home button, they had to figure out where to put the fingerprint scanner. We're not at the point where we can embed the sensor in the screen itself, so Samsung opted for a rear-mounted scanner. Lots of other companies have gone that route, but they put the scanner in a […]


Come comment on this article: Leaked renders show a Galaxy S9 with a replaced fingerprint scanner

Visit TalkAndroid

22 Nov 2017 4:16pm GMT

[Deal] Verizon knocks 50% off all Moto Mods

By now, you are probably dreaming about Black Friday deals in your sleep, but a bargain is a bargain and this time it's Verizon getting in on the act. If you own one of the Moto Z or Z2 variants, this is the perfect time to bulk out your collection of Moto Mods and add even […]


Come comment on this article: [Deal] Verizon knocks 50% off all Moto Mods

Visit TalkAndroid

22 Nov 2017 3:24pm GMT

Google has been tracking your phone’s location, even with location turned off

Going into settings and turning off your phone's location will stop all apps and services from tracking your whereabouts. That's a simple, easy to remember privacy concept. Unfortunately, there's one small problem. Google has been tracking you anyway. You can take more drastic steps like turning off cellular data or even removing the SIM card […]


Come comment on this article: Google has been tracking your phone's location, even with location turned off

Visit TalkAndroid

22 Nov 2017 1:23am GMT

21 Nov 2017

feedTalkAndroid

Tronsmart has a big sale on Amazon through November 27th

Tronsmart sells a wide variety of high quality accessories. I recently reviewed their Edge 20,000mAh portable charger and it's among the best I've ever used. If you're looking for Bluetooth headphones or speakers, portable charges, lightning cables or even screen protectors, Tronsmart has you covered. They currently have a sale on Amazon that ends at […]


Come comment on this article: Tronsmart has a big sale on Amazon through November 27th

Visit TalkAndroid

21 Nov 2017 9:14pm GMT

feedAndroid Developers Blog

Moving Past GoogleApiClient

Posted by Sam Stern, Developer Programs Engineer

The release of version 11.6.0 of the Google Play services SDK moves a number of popular APIs to a new paradigm for accessing Google APIs on Android. We have reworked the APIs to reduce boilerplate, improve UX, and simplify authentication and authorization.

The primary change in this release is the introduction of new Task and GoogleApi based APIs to replace the GoogleApiClient access pattern.

The following APIs are newly updated to eliminate the use of GoogleApiClient:

These APIs join others that made the switch in previous releases, such as the Awareness, Cast, Places, Location, and Wallet APIs.

The Past: Using GoogleApiClient

Here is a simple Activity that demonstrates how one would access the Google Drive API using GoogleApiClient using a previous version of the Play services SDK:

public class MyActivity extends AppCompatActivity implements
        GoogleApiClient.OnConnectionFailedListener,
        GoogleApiClient.ConnectionCallbacks {

    private static final int RC_SIGN_IN = 9001;

    private GoogleApiClient mGoogleApiClient;

    @Override
    protected void onCreate(@Nullable Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

        GoogleSignInOptions options =
               new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                        .requestScopes(Drive.SCOPE_FILE)
                        .build();

        mGoogleApiClient = new GoogleApiClient.Builder(this)
                .enableAutoManage(this, this)
                .addConnectionCallbacks(this)
                .addApi(Auth.GOOGLE_SIGN_IN_API, options)
                .addApi(Drive.API)
                .build();
    }

    // ...
    // Not shown: code to handle sign in flow
    // ...

    @Override
    public void onConnectionFailed(@NonNull ConnectionResult connectionResult) {
        // GoogleApiClient connection failed, most API calls will not work...
    }

    @Override
    public void onConnected(@Nullable Bundle bundle) {
        // GoogleApiClient is connected, API calls should succeed...
    }

    @Override
    public void onConnectionSuspended(int i) {
        // ...
    }

    private void createDriveFile() {
        // If this method is called before "onConnected" then the app will crash,
        // so the developer has to manage multiple callbacks to make this simple
        // Drive API call.
        Drive.DriveApi.newDriveContents(mGoogleApiClient)
            .setResultCallback(new ResultCallback<DriveApi.DriveContentsResult>() {
                // ...
            });
    }
}

The code is dominated by the concept of a connection, despite using the simplified "automanage" feature. A GoogleApiClient is only connected when all APIs are available and the user has signed in (when APIs require it).

This model has a number of pitfalls:

The Future: Using GoogleApi

Over the years the need to replace GoogleApiClient became apparent, so we set out to completely abstract the "connection" process and make it easier to access individual Google APIs without boilerplate.

Rather than tacking multiple APIs onto a single API client, each API now has a purpose-built client object class that extends GoogleApi. Unlike with GoogleApiClient there is no performance cost to creating many client objects. Each of these client objects abstracts the connection logic, connections are automatically managed by the SDK in a way that maximizes both speed and efficiency.

Authenticating with GoogleSignInClient

When using GoogleApiClient, authentication was part of the "connection" flow. Now that you no longer need to manage connections, you should use the new GoogleSignInClient class to initiate authentication:

public class MyNewActivity extends AppCompatActivity {

    private static final int RC_SIGN_IN = 9001;

    private GoogleSignInClient mSignInClient;

    @Override
    protected void onCreate(@Nullable Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

        GoogleSignInOptions options =
               new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
                        .requestScopes(Drive.SCOPE_FILE)
                        .build();

        mSignInClient = GoogleSignIn.getClient(this, options);
    }

    private void signIn() {
        // Launches the sign in flow, the result is returned in onActivityResult
        Intent intent = mSignInClient.getSignInIntent();
        startActivityForResult(intent, RC_SIGN_IN);
    }

    @Override
    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
        super.onActivityResult(requestCode, resultCode, data);

        if (requestCode == RC_SIGN_IN) {
            Task<GoogleSignInAccount> task = 
                    GoogleSignIn.getSignedInAccountFromIntent(data);
            if (task.isSuccessful()) {
                // Sign in succeeded, proceed with account
                GoogleSignInAccount acct = task.getResult();
            } else {
                // Sign in failed, handle failure and update UI
                // ...
            }
        }
    }
}

Making Authenticated API Calls

Making API calls to authenticated APIs is now much simpler and does not require waiting for multiple callbacks.

    private void createDriveFile() {
        // Get currently signed in account (or null)
        GoogleSignInAccount account = GoogleSignIn.getLastSignedInAccount(this);

        // Synchronously check for necessary permissions
        if (!GoogleSignIn.hasPermissions(account, Drive.SCOPE_FILE)) {
            // Note: this launches a sign-in flow, however the code to detect
            // the result of the sign-in flow and retry the API call is not
            // shown here.
            GoogleSignIn.requestPermissions(this, RC_DRIVE_PERMS, 
                    account, Drive.SCOPE_FILE);
            return;
        }

        DriveResourceClient client = Drive.getDriveResourceClient(this, account);
        client.createContents()
                .addOnCompleteListener(new OnCompleteListener<DriveContents>() {
                    @Override
                    public void onComplete(@NonNull Task<DriveContents> task) {
                        // ...
                    }
                });
    }

Before making the API call we add an inline check to make sure that we have signed in and that the sign in process granted the scopes we require.

The call to createContents() is simple, but it's actually taking care of a lot of complex behavior. If the connection to Play services has not yet been established, the call is queued until there is a connection. This is in contrast to the old behavior where calls would fail or crash if made before connecting.

In general, the new GoogleApi-based APIs have the following benefits:

These new APIs will improve your development process and enable you to make better apps.

Next Steps

Ready to get started with the new Google Play services SDK?

Happy building!

21 Nov 2017 7:36pm GMT

feedTalkAndroid

[TA Deals] Name your price for the Black Friday Windows software bundle

It's Black Friday week, which means it's time to stock up one deals and save some money. Right now you can secure a ton of top-notch Windows software at a price you want to pay. No, really. You can name your price for it. You have to beat the average to get everything, but there […]


Come comment on this article: [TA Deals] Name your price for the Black Friday Windows software bundle

Visit TalkAndroid

21 Nov 2017 7:00pm GMT

20 Nov 2017

feedAndroid Developers Blog

Google Play Referrer API: Track and measure your app installs easily and securely

Posted by Neto Marin, Developer Advocate

Understanding how people find your app and what they do once they've installed it is crucial to helping you make the right product and marketing decisions. This is especially important when you're deciding your advertising strategy and budget. Today many app measurement companies and ad networks offer ad attribution solutions based on referral data. As such accurate install referral data is vital for correctly attributing app installs, as well as discounting fraudulent attempts for install credit.

To help you obtain more accurate and reliable data about your installs, we're introducing the Google Play Install Referrer API, a reliable way to securely retrieve install referral content. Using this API, your app will get precise information straight from the Play Store, including:

We've tested the API with our App Attribution Program partners including Adjust, AppsFlyer, Singular and TUNE.

"The new Play API provides us with the data we need to effectively detect and prevent click injection; it's a monumental step in securing a crucial information exchange on Android."

- Paul Müller, CTO & Co-Founder, Adjust

"The new Google Play API introduces fresh insights into both mobile ad fraud and the mobile user journey, two key domains with impact across the ecosystem."

- Elad Mashiach, VP, AppsFlyer

"This additional data directly from the Play Store provides increased precision for the Kochava fraud suite to further minimize fraud for our customers."

- Charles Manning, CEO, Kochava

"Google's new API is a game changer that will help marketing analytics platforms like Singular identify and prevent a significant portion of Ad Fraud, and provide security and accuracy to mobile advertisers"

- Gadi Eliashiv, CEO & Co-Founder, Singular

"This new data from Google Play is essential for marketers who demand accountability out of their mobile app install advertising spend. At TUNE, this data is allowing us to outright eliminate entire forms of mobile app install fraud while providing new insight into how mobile app installs are driven."

- Dan Koch, Chief Technical Officer, TUNE


Starting today, the API works with the Play Store app from version 8.3.73 and later for all developers.

Play Install Referrer Library 1.0 now available

To make it easy to integrate the Install Referrer API, we've released the Install Referrer Library 1.0 for Android. The library is available in our Maven repository. To start using it, add the following dependency to your app module build.gradle file:

dependencies {
          ...
          compile 'com.android.installreferrer:installreferrer:1.0'
      }

All communication with the Play Store app happens through a Service, so the first step is to establish the connection between your app and the Play Store. Also, to receive the connection result and updates it's necessary to implement a listener, InstallReferrerStateListener. This listener could be your current Activity or any other class you want to use:

public class MainActivity extends AppCompatActivity 
    implements InstallReferrerStateListener {
    …
}

Now that you have an InstallReferrerStateListener, you can start binding your app to the Play Store app service. To establish the connection, you must build an InstallReferrerClient instance and call the startConnection() method:

InstallReferrerClient mReferrerClient
...
mReferrerClient = newBuilder(this).build();
mReferrerClient.startConnection(this);

Then, handle the connection result in the onInstallReferrerSetupFinished() method. If the connection is OK, the app can retrieve install referrer information, by calling the getInstallReferrer() method:

@Override
public void onInstallReferrerSetupFinished(int responseCode) {
   switch (responseCode) {
       case InstallReferrerResponse.OK:
           try {
               Log.v(TAG, "InstallReferrer conneceted");
               ReferrerDetails response = mReferrerClient.getInstallReferrer();
               handleReferrer(response);
               mReferrerClient.endConnection();
           } catch (RemoteException e) {
               e.printStackTrace();
           }
           break;
       case InstallReferrerResponse.FEATURE_NOT_SUPPORTED:
           Log.w(TAG, "InstallReferrer not supported");
           break;
       case InstallReferrerResponse.SERVICE_UNAVAILABLE:
           Log.w(TAG, "Unable to connect to the service");
           break;
       default:
           Log.w(TAG, "responseCode not found.");
   }
}

For more details about the new API and the client library, visit the Install Referrer Client Library page and the reference documentation.

Other Implementations

If you are not able to use our client library, you can use the AIDL interface and establish the connection with Google Play Store on your own. Check out the IGetInstallReferrerService AIDL reference for details of the methods and the service specification.

What's next?

Check out the Play Install Referrer API documentation for details about the new API, the library's reference docs, and our Quick Start guide.


20 Nov 2017 9:49pm GMT

17 Nov 2017

feedAndroid Developers Blog

Android Things Contest Winners

Posted by Dave Smith, Developer Advocate for IoT

Back in September, we worked with Hackster.io to encourage the developer community to build smart connected devices using Android Things and post their projects to the Developer Challenge for Android Things. The goal was to showcase the combination of turnkey hardware and a powerful SDK for building and maintaining devices at scale.

Thank you to everyone who participated in the contest and submitted a project or idea. We had over 1100 participants register for the contest, resulting in over 350 submissions. Out of that group, we've chosen three winners. Each winner will receive support and tools from Dragon Innovation to develop their concepts into commercial products. Join us in congratulating the following makers!

Best Enterprise Project: Distributed Air Quality Monitoring

Maker: James Puderer

Monitor air quality on a street-by-street level using Android Things, Google Cloud IoT Core, and taxis!

This project showcases how Android Things makes it easy to build devices that integrate with the various services provided by the Google Cloud Platform for robust data collection and analysis. It's a clever end-to-end solution that shows understanding of both the problem domain as well as the technology.


Best Start Up Project: BrewCentral

Maker: Trent Shumay and Steven Pridie

Brewing amazing beer is a balance of art, science, and ritual. The BrewCentral system makes it possible for anyone to do an all-grain brew!

BrewCentral pairs a real-time PID controller with the touch-enabled UI and decision-making compute power of Android Things. The result is a system that accurately controls the time, temperature, and flow rates necessary to achieve repeatable results during a brew cycle. The planned enhancements for cloud-based brewing recipes will make this a connected experience for the entire brewing community.


Best IoT Project: BrailleBox - Braille News Reader

Maker: Joe Birch

BrailleBox is a small piece of hardware that empowers users who are hard-of-sight to read the latest news articles in Braille.

This project is a great use case of using IoT to have a social impact. The current proof of concept streams articles from a news feed to the Braille pad, but this project has the potential to leverage machine learning on the device to translate additional input from the physical world into a Braille result.


Honorable Mentions

The community submitted some amazing projects for the contest, which made the choice of picking only three winners extremely difficult. Here are a few of our favorite projects that weren't selected for a prize:

We encourage everyone to check out all the new projects in the Google Hackster community, and submit your own as well! You can also join Google's IoT Developers Community on Google+, a great resource to get updates, ask questions, and discuss ideas. We look forward to seeing what exciting projects you build!

17 Nov 2017 6:00pm GMT

16 Nov 2017

feedAndroid Developers Blog

Getting your Android app ready for Autofill

Posted by Wojtek Kalicinski, Android Developer Advocate, Akshay Kannan, Product Manager for Android Authentication, and Felipe Leme, Software Engineer on Android Frameworks

Starting in Oreo, Autofill makes it easy for users to provide credit cards, logins, addresses, and other information to apps. Forms in your apps can now be filled automatically, and your users no longer have to remember complicated passwords or type the same bits of information more than once.

Users can choose from multiple Autofill services (similar to keyboards today). By default, we include Autofill with Google, but users can also select any third party Autofill app of their choice. Users can manage this from Settings->System->Languages>Advanced->Autofill service.


What's available today

Today, Autofill with Google supports filing credit cards, addresses, logins, names, and phone numbers. When logging in or creating an account for the first time, Autofill also allows users to save the new credentials to their account. If you use WebViews in your app, which many apps do for logins and other screens, your users can now also benefit from Autofill support, as long as they have Chrome 61 or later installed.

The Autofill API is open for anyone to implement a service. We are actively working with 1Password, Dashlane, Keeper, and LastPass to help them with their implementations towards becoming certified on Android. We will be certifying password managers and adding them to a curated section in the Play Store, which the "Add service" button in settings will link to. If you are a password manager and would like to be certified, please get in touch.

What you need to do as a developer

As an app developer, there are a few simple things you can do to take advantage of this new functionality and make sure that it works in your apps:

Test your app and annotate your views if needed

In many cases, Autofill may work in your app without any effort. But to ensure consistent behavior, we recommend providing explicit hints to tell the framework about the contents of your field. You can do this using either the android:autofillHints attribute or the setAutofillHints() method.

Similarly, with WebViews in your apps, you can use HTML Autocomplete Attributes to provide hints about fields. Autofill will work in WebViews as long as you have Chrome 61 or later installed on your device. Even if your app is using custom views, you can also define the metadata that allows autofill to work.

For views where Autofill does not make sense, such as a Captcha or a message compose box, you can explicitly mark the view as IMPORTANT_FOR_AUTOFILL_NO (or IMPORTANT_FOR_AUTOFILL_NO_EXCLUDE_DESCENDANTS in the root of a view hierarchy). Use this field responsibly, and remember that users can always bypass this by long pressing an EditText and selecting "Autofill" in the overflow menu.

Affiliate your website and mobile app

Autofill with Google can seamlessly share logins across websites and mobile apps ‒ passwords saved through Chrome can also be provided to native apps. But in order for this to work, as an app developer, you must explicitly declare the association between your website with your mobile app. This involves 2 steps:

Step 1: Host a JSON file at yourdomain.com/.well-known/assetlinks.json

If you've used technologies like App Links or Google Smart Lock before, you might have heard about the Digital Asset Links (DAL) file. It's a JSON file placed under a well known location in your website that lets you make public, verifiable statements about other apps or websites.

You should follow the Smart Lock for Passwords guide for information about how to create and host the DAL file correctly on your server. Even though Smart Lock is a more advanced way of signing users into your app, our Autofill service uses the same infrastructure to verify app-website associations. What's more, because DAL files are public, third-party Autofill service developers can also use the association information to secure their implementations.

Step 2: Update your App's Manifest with the same information

Once again, follow the Smart Lock for Passwords guide to do this, under "Declare the association in the Android app."

You'll need to update your app's manifest file with an asset_statements resource, which links to the URL where your assetlinks.json file is hosted. Once that's done, you'll need to submit your updated app to the Play Store, and fill out the Affiliation Submission Form for the association to go live.

When using Android Studio 3.0, the App Links Assistant can generate all of this for you. When you open the DAL generator tool (Tools -> App Links Assistant -> Open Digital Asset Links File Generator), simply make sure you enable the new checkbox labeled "Support sharing credentials between the app and website".

Then, click on "Generate Digital Asset Links file", and copy the preview content to the DAL file hosted on your server and in your app. Please remember to verify that the selected domain names and certificates are correct.

Future work

It's still very early days for Autofill in Android. We are continuing to make some major investments going forward to improve the experience, whether you use Autofill with Google or a third party password manager.

Some of our key areas of investment include:

  1. Autofill with Google: We want to provide a great experience out of the box, so we include Autofill with Google with all Oreo devices. We're constantly improving our field detection and data quality, as well as expanding our support for saving more types of data.
  2. WebView support: We introduced initial support for filling WebViews in Chrome 61, and we'll be continuing to test, harden, and make improvements to this integration over time, so if your app uses WebViews you'll still be able to benefit from this functionality.
  3. Third party app support: We are working with the ecosystem to make sure that apps work as intended with the Autofill framework. We urge you as developers to give your app a spin on Android Oreo and make sure that things work as expected with Autofill enabled. For more info, see our full documentation on the Autofill Framework.

If you encounter any issues or have any suggestions for how we can make this better for you, please send us feedback.

16 Nov 2017 6:00pm GMT

14 Nov 2017

feedAndroid Developers Blog

How the Pixel 2’s security module delivers enterprise-grade security

Posted by Xiaowen Xin, Android Security Team

The new Google Pixel 2 ships with a dedicated hardware security module designed to be robust against physical attacks. This hardware module performs lockscreen passcode verification and protects your lock screen better than software alone.

To learn more about the new protections, let's first review the role of the lock screen. Enabling a lock screen protects your data, not just against casual thieves, but also against sophisticated attacks. Many Android devices, including all Pixel phones, use your lockscreen passcode to derive the key that is then used to encrypt your data. Before you unlock your phone for the first time after a reboot, an attacker cannot recover the key (and hence your data) without knowing your passcode first. To protect against brute-force guessing your passcode, devices running Android 7.0+ verify your attempts in a secure environment that limits how often you can repeatedly guess. Only when the secure environment has successfully verified your passcode does it reveal a device and user-specific secret used to derive the disk encryption key.

Benefits of tamper-resistant hardware

The goal of these protections is to prevent attackers from decrypting your data without knowing your passcode, but the protections are only as strong as the secure environment that verifies the passcode. Performing these types of security-critical operations in tamper-resistant hardware significantly increases the difficulty of attacking it.

Tamper-resistant hardware comes in the form of a discrete chip separate from the System on a Chip (SoC). It includes its own flash, RAM, and other resources inside a single package, so it can fully control its own execution. It can also detect and defend against outside attempts to physically tamper with it. In particular:

Security module in Pixel 2

The new Google Pixel 2 ships with a security module built using tamper-resistant hardware that protects your lock screen and your data against many sophisticated hardware attacks.

In addition to all the benefits already mentioned, the security module in Pixel 2 also helps protect you against software-only attacks:

  1. Because it performs very few functions, it has a super small attack surface.
  2. With passcode verification happening in the security module, even in the event of a full compromise elsewhere, the attacker cannot derive your disk encryption key without compromising the security module first.
  3. The security module is designed so that nobody, including Google, can update the passcode verification logic to a weakened version without knowing your passcode first.

Summary

Just like many other Google products, such as Chromebooks and Cloud, Android and Pixel are investing in additional hardware protections to make your device more secure. With the new Google Pixel 2, your data is safer against an entire class of sophisticated hardware attacks.

14 Nov 2017 1:44am GMT

13 Nov 2017

feedAndroid Developers Blog

10 things you might be doing wrong when using the SafetyNet Attestation API

Posted by Oscar Rodriguez, Developer Advocate

The SafetyNet Attestation API helps you assess the security and compatibility of the Android environments in which your apps run. Since it was introduced in March 2015, many developers have successfully integrated it into their Android apps to make more informed decisions based on the integrity and compatibility of the devices running their apps.

Throughout the years, the SafetyNet Attestation API has evolved, and its adoption has steadily increased. However, as with any security/anti-abuse related API, there are many common pitfalls that may lead developers into developing unstable systems, or worse, into a false sense of security.

In this post, we provide a list of the most common mistakes we have seen developers make when integrating the SafetyNet Attestation API.

1. Not getting an API key

Just like many other Google APIs, the SafetyNet Attestation API requires an API key in order to run. Furthermore, the SafetyNet Attestation API has a per-key usage quota. Although you can get this quota increased, you need to provide your API key to do so.

Getting an API key is easy and free of charge. There is no reason not to get an API key, so if you haven't already, get an API key now.

2. Not using the latest version of the API

The SafetyNet Attestation API has evolved throughout its history, and with it, there have been some interface changes. Most recently, with the release of Google Play services 11.0.0, we revamped the entire SafetyNet API to offer an interface that is easier and more streamlined to use: the new API uses SafetyNetClient instead of SafetyNetApi, which is now deprecated, so make sure you update your implementation to use the latest version of the API.

Most devices should have the latest version of Google Play services installed, but if a device doesn't have Google Play services installed, or doesn't have it up to date, using the SafetyNet Attestation API may lead to the app becoming unresponsive or crashing. You can prevent this by checking the installed version of Google Play services before using the API.

3. Using nonces incorrectly

The SafetyNet Attestation API lets you set a nonce to uniquely and globally identify each call to the API. Use this feature to prevent a malicious user from reusing a successful attestation result in place of an unsuccessful result (also known as a Replay Attack).

One good way to create a nonce is to create a large (16 bytes or longer) random number on your server using a cryptographically-secure random function. The SafetyNet attestation response includes the nonce you set, so make sure you verify that the returned nonce matches the one you included in the request you made.

4. Not checking the results on your server

SafetyNet can provide useful signals about the state of the device in which your app is running. However, if the logic that acts on these signals is only implemented and enforced directly on the device, an attacker could be able to modify your app and bypass any checks you perform.

To prevent this situation, you should run any logic that verifies the attestation result and enforces any actions based on them on a server that you control and trust.

5. Using the test attestation verification service for production

In order to simplify development and testing of the SafetyNet Attestation API, Google offers an online verification service that checks the digital signature of a SafetyNet Attestation result using a simple HTTPS request.

As useful as this service may seem, it is designed for test purposes only, and it has very strict usage quotas that will not be increased upon request. Instead, you should implement the digital signature verification logic on your server in a way that it doesn't depend on Google's servers. Most JWT libraries offer signature verification functionality, and we have code samples that show how to perform this verification in Java and C#. We plan to provide samples for more languages in the future.

6. Not checking the nonce, timestamp, APK name, and hashes

The SafetyNet Attestation API is most widely known for its integrity and compatibility checks, whose results are returned in ctsProfileMatch and basicIntegrity. Although these two values are indeed very useful, you should check the other values in the response, as they contain important information as well.

Use nonce to match a response to its request, as explained above, and use timestampMs to check how much time has passed since you made the request and you got the response. A delayed response that arrives several hours or days after the request may suggest suspicious activity.

Use apkPackageName to check the name of the APK that made the attestation request, and match apkDigestSha256 and apkCertificateDigestSha256 to those from your app's signed APK in Google Play, to get a signal about the integrity of the installed app.

Remember that the trustworthiness of the response as a whole is tied to the results of ctsProfileMatch and basicIntegrity. It is not unthinkable for a compromised device that fails basicIntegrity to have forged the rest of the values in the response.

7. Not understanding the differences between ctsProfileMatch and basicIntegrity

The SafetyNet Attestation API initially provided a single value called basicIntegrity to help developers determine the integrity of a device. As the API evolved, we introduced a new, stricter check whose results appear in a value called ctsProfileMatch, which allows developers to more finely evaluate the devices on which their app is running.

In broad terms, basicIntegrity gives you a signal about the general integrity of the device and its API. Rooted devices fail basicIntegrity, as do emulators, virtual devices, and devices with signs of tampering, such as API hooks.

On the other hand, ctsProfileMatch gives you a much stricter signal about the compatibility of the device. Only unmodified devices that have been certified by Google can pass ctsProfileMatch. Devices that will fail ctsProfileMatch include the following:

8. Not having a strategy for timing attestation checks

The SafetyNet Attestation API gives you a snapshot of the state of a device at the moment when the attestation request was made. A successful attestation doesn't necessarily mean that the device would have passed attestation in the past, or that it will in the future.

Because an attestation is just a spot check, you should plan a sensible strategy for choosing when to make attestation requests. You may choose to require successful attestations before users make in-app purchases, after a certain number of days have passed since the last successful attestation, each time your app is launched, after every reboot, or any other strategy that makes sense for your app.

Keep in mind that an attestation request is computationally expensive, consumes battery and bandwidth, and uses your quota. We recommend you plan a strategy to use the least amount of attestations required to satisfy your use case.

9. Using the SafetyNet Attestation API results as the only signal to attack abuse

It may be tempting to think that the SafetyNet Attestation API provides all the necessary signals for protecting an app against abusers, and use it as the only signal for building an anti-abuse system.

The SafetyNet Attestation API can only give signals about the state of a device, not the intent of a user, which is what an anti-abuse system should be designed to detect. Therefore, you might want to consider including other signals, such as access logs and behavioral patterns, to more accurately detect abusive users, and consider not blocking users solely on a failed attestation. Furthermore, there are many other conditions that cause an attestation to fail, such as network connection problems, quota issues, and other transient problems.

In other words, not all users who fail attestation are necessarily abusers, and not all abusers will necessarily fail attestation. By blocking users solely on their attestation results, you might be missing abusive users that don't fail attestations. Furthermore, you might also be blocking legitimate, loyal customers who fail attestations for reasons other than abuse.

10. Not monitoring and managing your usage quota

As mentioned before, the SafetyNet Attestation API is rate limited, and there is a default quota of 10,000 requests per day for each API key. Although this quota might be enough for most development, testing, and initial app launches, your app might reach the default limit as it increases in popularity.

To prevent inadvertently reaching your quota and getting attestation errors, you should build a system that monitors your usage of the API and warns you well before you reach your quota so you can get it increased. You should also be prepared to handle attestation failures because of an exceeded quota and avoid blocking all your users in this situation.

If you are close to reaching your quota, or expect a short-term spike that may lead you to exceed your quota, you can submit this form to request short or long-term increases to the quota for your API key. This process, as well as the additional quota, is free of charge.

13 Nov 2017 11:00pm GMT

10 Nov 2017

feedAndroid Developers Blog

Making Pixel better for Drivers

Posted by Marc Stogaitis and Tajinder Gadh, Software Engineers
Driving is an essential part of our daily activities. So at Google we spend a lot of time thinking how we can make Android devices better and safer for our users. How we can prevent distracted driving and together build an open ecosystem to enable safety first smartphone experiences.
Recently we launched Driving Do-Not-Disturb on the newly announced Pixel 2 generation of devices. Once enabled, Driving Do-Not-Disturb automatically puts your device into a do not disturb mode while driving. During this mode any incoming messages and notifications are silenced while you can still receive incoming calls, navigation directions and voice interactions using a connected Car bluetooth. The product is designed to limit distractions during driving while at the same time not getting in the way so users can continue to use navigation or other similar apps with minimal friction.
Behind the scenes, it uses AI powered on-device Activity Recognition that detects when a person is driving using low power signals from multiple sensors, bluetooth and WiFi. Activity Recognition uses the Android Sensor Hub to ensure low latency, low power and accurate driving detection.
This is a next step in our journey, but we are far from done. Early next year we are introducing the Activity Recognition Transition API, which is the same API used by Driving Do Not Disturb to build distraction-free driving experiences.
We appreciate the feedback, and will continue to listen to your feedback as the product evolves.
If you have questions about setting up the Driving Do-Not-Disturb, check out our Help Center.

10 Nov 2017 12:04am GMT

07 Nov 2017

feedAndroid Developers Blog

Google and Ideas United announce Infinite Deviation: Games winners

Posted by Kate Brennan and Mathilde Cohen Solal, Google Play and Daraiha Greene, CS in Media

Google Play is committed to empowering new and existing voices in gaming. Earlier this year, we hosted the Indie Games Festival and sponsored the Girls Make Games summer camp. We also announced a collaboration between Infinite Deviation and Google Play.

Infinite Deviation is an initiative created by Google Computer Science (CS) in Media and Ideas United in order to tackle issues of representation in computer science. The collaboration between Google Play and Ideas United brought the Infinite Deviation program to gaming, called Infinite Deviation: Games. The program invited game designers from all backgrounds to pitch an original mobile game concept that resonates with underrepresented audiences.

Today we are excited to announce the three teams selected for the Infinite Deviation: Games development program.

A select panel of industry experts reviewed applications and chose the top three ideas. The judging panel included Colleen Macklin (Founder and Co-Director, PETLab), Jeremy Vanhoozer (Senior Creative Director, Plants vs Zombies), Molly Proffitt (CEO, Ker-Chunk Games), Shirin Laor-Raz Salemnia (Founder and CEO, PlayWerks), and Sarah Thomson (Global BD Lead, Indies, Google). These judges scored and delivered personal feedback for each submission, with the three highest scoring games moving into further development.

Here's a closer look at the three games we'll be funding and supporting development over the next six months:

Historic Gay Bar Tycoon

Mo Cohen & Maria Del Castillo Infantas - Queermo Games

Historic Gay Bar Tycoon (name pending) starts you off with a brand new queer bar in the 1920s. This game explores the role bars played in LGBT history. Will your bar survive revolutions, epidemics, and the rise of dating apps?


Queermo Games is pretty much what it sounds like: a scrappy and small indie game developing team just trying to make more LGBT games. Conveniently, they are also next door neighbors. Maria is a queer Latina who handles the art and the music, and Mo is a non-binary Jewish queer who tackles the programming and writing. Together, they also work on another longer-term project called Queer Quest with their buddy Hagen.

Burn Ban

Harrison Barton & Morgan Rowe - Pride Interactive

Burn Ban is an interactive visual novel in which you assume the role of Twig, a mentally ill queer girl. After showing destructive tendencies to cope with the death of a close friend, she is sent to Camp Sisquoc, a summer retreat for misguided students. After attending the camp for a few days, her dead friend's online social media page mysteriously starts posting again, and Twig and friends are set with determining the mystery behind the posts.


Pride Interactive is currently made up of two developers, Harrison Barton and Morgan Rowe. Pride Interactive was started as a student game team, and is now continuing on to develop independent projects. Pride Interactive endeavors to further their mission of creating a more diverse environment in the industry through games that deal with serious themes, and diverse character driven narratives.

Ghost in the Graveyard

Adnan Agha, Vivian Allum, and Armand Silvani - Ghost Stories

Ghost in the Graveyard is a story-driven mobile mystery game where you snoop through your missing brother's old phone to try and find him. "Can you find a missing person when all you have is their phone?"


Ghost Stories is a three member team from NYC with a mission to create genuine and unique experiences that connect with players. The team consists of Vivian, the lead designer and programmer, Armand, the artist and writer, and Adnan, the programmer and resident ghost. They've previously published a school project to the Xbox One and are thrilled to be able to work with Infinite Deviation to publish to Google Play.

You can find more information about the program at InfiniteDeviation.com/Games. Congratulations to the three winners and thanks to all the people who have entered the competition for their continuous work to push the boundaries of gaming design and providing a unique voice to the industry.

07 Nov 2017 7:29pm GMT

06 Nov 2017

feedAndroid Developers Blog

Announcing Architecture Components 1.0 Stable

Posted by Lukas Bergstrom, Product Manager, Android Developer Frameworks Team

Android runs on billions of devices, from high-end phones to airplane seatbacks. The Android OS manages resources aggressively to perform well on this huge range of devices, and sometimes that can make building robust apps complicated. To make it easier, we launched a preview of Architecture Components at Google I/O to provide guidance on app architecture, with libraries for common tasks like lifecycle management and data persistence. Together, these foundational components make it possible to write modular apps with less boilerplate code, so developers can focus on innovating instead of reinventing the wheel - and we hope to keep building on this foundation in the future.

Today we're happy to announce that the Room and Lifecycle Architecture Components libraries have reached 1.0 stable. These APIs are ready for production apps and libraries, and are our recommendation for developers looking for help with app architecture and local storage (although they're only recommended, not required.) Lifecycles are now also integrated with the Support Library, so you can use them with standard classes like AppCompatActivity.

Although we're declaring them stable today, the beta components are already used in apps that together, have billions of installs. Top developers, like Zappos, have been able to spend more time on what's important thanks to Architecture Components:

Prior to the release of Android Architecture Components we had our own ViewModel implementation. We used Loaders and Dependency Injection to persist our ViewModel through config changes. We recently switched to the Architecture Components ViewModel implementation and all that boilerplate went away. We found that we were able to spend more time on design, business logic and testing, and less on writing boilerplate or worrying about Android lifecycle issues.

We've also started to use LiveData which hooks directly into the Activity lifecycle. We use it to retrieve and display network data and no longer have to concern ourselves with ​network call subscription management.

- David Henry, Android Software Engineer, Zappos

Architecture Components provide a simple, flexible and practical approach that frees developers from some common problems so they can focus on building great experiences. This is based on core building blocks tied together by guidance on app architecture.

Lifecycles

Every Android developer has to deal with the operating system starting, stopping and destroying their Activities. That means managing the state of components - such as observables used to update UI - as you move through the lifecycle. Lifecycles enables the creation of lifecycle-aware components that manage their own lifecycles, reducing the possibility of leaks or crashes. The Lifecycle library is the foundation for other Architecture Components like LiveData.

LiveData

LiveData is a lifecycle-aware observable that holds data and provides updates. Your UI code subscribes to changes and provides LiveData a reference to its Lifecycle. Because LiveData is lifecycle-aware, it provides updates when its Lifecycle is started or resumed, but stops providing updates when the LifecycleOwner is destroyed. LiveData is a simple way to build reactive UIs that are safer and more performant.

ViewModel

ViewModel separates ownership of view data and logic from lifecycle-bound entities like Activities and Fragments. A ViewModel is retained until its associated Activity or Fragment is disposed of forever - that means view data survives events like a Fragment being recreated due to rotation. ViewModels not only eliminate common lifecycle issues, they help build UIs that are more modular and easier to test.

Room

Nearly all apps need to store data locally. While Android has bundled SQLite with the platform since version 1, using it directly can be painful. Room is a simple object-mapping layer that provides the full power of SQlite with less boilerplate. Features like compile-time query verification and built-in migration make it easier to build a robust persistence layer, while integration with LiveData lets Room provide database-backed, lifecycle-aware observables. Room blends of simplicity, power and robustness for managing local storage, and we hope you give it a try.

Guide to App Architecture and more

Last but not least, we created a Guide to App Architecture that provides core principles applicable to all developers, and specific guidance on using Architecture Components together. Because we've heard from you that clear and consistent guidance is important, today we're updating developer documentation to point to Architecture Components where appropriate. We also have a rich set of videos, codelabs and sample apps available at the Architecture Components site, with more to come.

Watch this space

Although the first set of Architecture Components is now stable, we know there's more work to do. Over the last few months, we've listened to your feedback and made improvements. We also recently launched a new Architecture Component, PagedList, to alpha, in response to your feedback that handling large datasets with RecyclerView is too difficult. This is just the beginning - we have more major components under development that we're looking to announce in the upcoming months.

Our hope with Architecture Components is to free developers to focus on providing unique new experiences for mobile devices. We're glad we can finally announce them as stable for production use. We'd like to thank the community, which has given such great feedback along the way, and we look forward to continuing the discussion in the comments of this post. Finally, for those of you who've been waiting for this stable launch, get started today.

06 Nov 2017 9:01pm GMT

02 Nov 2017

feedAndroid Developers Blog

Update on Kotlin for Android

Posted by James Lau, Product Manager (twitter.com/jmslau)

Today is the beginning of KotlinConf. It's been almost 6 months since we announced Kotlin as a first-class language for Android at Google I/O. During this period, the number of apps on Google Play using Kotlin has more than doubled. More than 17% of the projects in Android Studio 3.0 are now using Kotlin. We are really excited about the strong momentum, and we are thrilled that Android developers all over the world are discovering the joy of Kotlin programming.

Kotlin for Android is production-ready. From startups to Fortune 500 companies, developers are already using Kotlin to build their apps. Developers from Pinterest, to Expedia, to Basecamp -- and many others -- are finding their use of Kotlin is increasing productivity and their overall developer happiness levels. Take a look at some of their experiences with Kotlin below.

With the recent release of Android Studio 3.0, there is now a stable version of our IDE that has Kotlin support built-in. With Support Library 27, we have started adding nullability annotations to make the APIs friendlier to use in Kotlin. We recently published the Android Kotlin Guides on GitHub to provide some guidance for Android Kotlin style and interop. We have also been porting some of our Android samples to Kotlin, and we are adding Kotlin to our official documentation.

Android Studio 3.0

Last week, we released Android Studio 3.0 on the stable channel. This is the first stable release of Android Studio that has Kotlin support built-in. Building on the strength of IntelliJ's Kotlin support, many critical IDE features like code completion and syntax highlighting work well for Kotlin. You can choose to convert Java code to Kotlin by using CodeConvert Java File to Kotlin File, or you can convert snippets of code just by pasting Java code into a Kotlin file.

Project and code templates have also been updated with Kotlin support. When you create a new project or add a new code file, you can choose Kotlin as one of the language options.

The tooling experience with Kotlin is by no means perfect yet. We are aware of several known issues, and we will continue to improve the IDE support for Kotlin in future releases.

Android Kotlin Guides

There are two separate Android Kotlin Guides:

  1. Style guide - details a set of rules and coding standards that Google recommends when writing Kotlin for Android. The guide addresses naming conventions, formatting, structure of the source contents, and much more.
  2. Interop guide - provides a set of rules for creating APIs in the Java and Kotlin programming languages, so that the consuming code in the other language will feel idiomatic.

We intend these guides to be living documents and will evolve them over time. They are hosted on GitHub and we welcome your contributions.

Nullability Annotations

Null-safety is an important feature of the Kotlin language. It helps developers avoid NullPointerExceptions and improves the quality of their apps. Null-safety is a bit more complicated when using Java code from Kotlin. Since any reference in Java may be null, Kotlin's requirement for strict null-safety becomes impractical for Java objects. Types declared in Java that do not contain nullability annotations are called platform types - this means the Kotlin compiler does not know whether it is nullable or not. When calling methods with variables of platform types, the Kotlin compiler relaxes null-safety checks. That means the overall null-safety of your app is weakened.

To let developers take more advantage of Kotlin's strict null-safety, we have started adding nullability annotations in Support Library 27. The Support Library contains a huge API surface area, and we will continue to expand the nullability annotation coverage in the next several releases. In addition, we will also be adding nullability annotations to other Android APIs over time.

While the Kotlin adoption growth is fantastic, our commitment to the Java and C++ programming languages remains unchanged. We've added Java 8 language features support in Android Studio 3.0, and we've added more Java 8 language APIs in Android Oreo. We are also continuing to improve our support for C++17 in the NDK. So even if you are not using Kotlin, your language support will continue to improve.

It's an exciting time to be an Android developer. If you haven't had a chance to try Kotlin, you can get started by learning the basic syntax and by playing with the excellent Kotlin Koans. When you are ready to use Kotlin in your Android app, you can jump to the Android Kotlin page for more resources. With Kotlin's Java interoperability and Android Studio's Java to Kotlin converter, it's easy to start using Kotlin in your project.

Happy Kotlin-ing!

02 Nov 2017 4:05pm GMT

31 Oct 2017

feedAndroid Developers Blog

Announcing Fast Pair - effortless Bluetooth pairing for Android

Posted by Ritesh Nayak M and Ronald Ho, Product Managers
Today we're announcing Fast Pair, a hassle-free process to pair your Bluetooth devices on all supported Android devices running Google Play services 11.7+ with compatibility back to Marshmallow (Android 6.0). Fast Pair makes discovery & pairing of Bluetooth devices easy and is currently rolling out to Android 6.0+ devices. You can try this out with Google Pixel Buds or Libratone's Q Adapt On-Ear, Bose® QuietComfort 35 II, and soon on Plantronics Voyager 8200 series wireless headsets.
Ease of use, speed and security are the design principles driving the Fast Pair specification. Fast Pair uses BLE (Bluetooth Low Energy) for advertising and discovery and uses classic Bluetooth for pairing. Here's what a Fast Pair flow looks like:
  1. Turn on a Fast Pair-enabled device and put it in pairing mode.
    • Android scans for BLE broadcasts in close proximity of the user's phone and discovers a Fast Pair packet (provided Bluetooth and Location is turned on).
    • This packet is sent to our servers to get back the device's product image, product name and companion app (if there is one).
  2. The user receives a high priority notification asking them to "Tap to pair" to the device. The notification contains the product name and image.
  3. When the user taps on the notification, we use classic Bluetooth to establish a connection.
  4. A success notification is shown which contains a link to download the companion app (if there is one).
Imagine doing all of this without ever fumbling with Bluetooth settings. Users get a seamless and secure pairing experience and confidence that they're connecting to the right product. Manufacturers get their brand, device name and companion app in front of the users.
Thanks to a couple of our partners who have been instrumental in prototyping and testing this spec, and whose feedback has been invaluable to the Fast Pair effort. If you are a Bluetooth accessory manufacturer and want to adopt Fast Pair for your device, please reach out to us.
Plantronics is an audio pioneer and a global leader in the communications industry. From Unified Communications and customer service ecosystems, to data analytics and Bluetooth headsets, Plantronics delivers high-quality communications solutions that customers count on today, while relentlessly innovating on behalf of their future. For more information visit plantronics.com
Libratone is on a mission to liberate sound and to expand peoples' experiences with music in the era of streaming. Founded in 2009 in Denmark, Libratone is one of the first audio companies to consider the aesthetics of speakers - to move them out of the corner of the room and into the center and onward, for the consumer on the move. For more information visit libratone.com

31 Oct 2017 4:00pm GMT

30 Oct 2017

feedAndroid Developers Blog

GNSS Analysis Tools from Google

Posted by Frank van Diggelen, Software Engineer

Last year in Android Nougat, we introduced APIs for retrieving Global Navigation Satellite System (GNSS) Raw measurements from Android devices. This past week, we publicly released GNSS Analysis Tools to process and analyze these measurements.

Android powers over 2 billion devices, and Android phones are made by many different manufacturers. The primary intent of these tools is to enable device manufacturers to see in detail how well the GNSS receivers are working in each particular device design, and thus improve the design and GNSS performance in their devices. However, with the tools publicly available, there is also significant value to the research and app developer community.

How to use the tool

The GNSS Analysis Tool is a desktop application that takes in raw the GNSS Measurements logged from your Android device as input.

This desktop application provides interactive plots, organized into three columns showing the behavior of the RF, Clock, and Measurements. This data allows you to see the behavior of the GNSS receiver in great detail, including receiver clock offset and drift to the order of 1 nanosecond and 1 ppb and measurement errors on a satellite-by-satellite basis. This allows you to do sophisticated analysis at a level that, until now, was almost inaccessible to anyone but the chip manufacturers themselves.

The tools support multi-constellation (GPS, GLONASS, Galileo, BeiDou and QZSS) and multi-frequency. The image below shows the satellite locations for L1, L5, E1 and E5 signals tracked by a dual frequency chip.

The tools provide an interactive control screen from which you can manipulate the plots, shown below. From this control screen, you can change the background color, enable the Menu Bars for printing or saving, and select specific satellites for the plots.

Receiver test report

The tools also provide automatic test reports of receivers. Click "Make Report" to automatically create the test report. The report evaluates the API implementation, Received Signal, Clock behavior, and Measurement accuracy. In each case it will report PASS or FAIL based on the performance against known good benchmarks. This test report is primarily meant for the device manufacturers to use as they iterate on the design and implementation of a new device. A sample report is shown below.

Our goal with providing these Analysis Tools is to empower device manufacturers, researchers, and developers with data and knowledge to make Android even better for our customers. You can visit the GNSS Measurement site to learn more and download this application.

30 Oct 2017 4:09pm GMT

25 Oct 2017

feedAndroid Developers Blog

Android 8.1 Developer Preview

Posted by Dave Burke, VP of Engineering

Today we're giving you an early look at Android 8.1. This update to Android Oreo includes a set of targeted enhancements including optimizations for Android Go (for devices with 1GB or less of memory) and a new Neural Networks API to accelerate on-device machine intelligence. We've also included a few smaller enhancements to Oreo in response to user and developer feedback.

We're bringing you this Developer Preview so you can get your apps ready; we've already been helping device makers prepare for this new version. We recommend starting soon -- we're expecting the final public version in December.

It's easy to get Android 8.1 Developer Preview on your Pixel or Nexus device. Just enroll in the Android Beta Program -- you'll soon receive an over-the-air update to Android 8.1 beta. If you enrolled previously, you're all set, there's no need to re-enroll. The Developer Preview will be available for Pixel 2 and Pixel 2 XL devices, as well as for Pixel, Pixel XL, Pixel C, Nexus 5X, Nexus 6P, and the Android emulator.

What's in Android 8.1?

Android 8.1 includes select new features and developer APIs (API level 27), along with the latest optimizations, bug fixes, and security patches. Some of the new APIs include:

Take a look at Android 8.1 site for more information, including the diff report and updated API reference docs.

Test your apps on Android 8.1

With the consumer launch coming in December, it's important to test your current app now. This gives users a seamless transition to Android 8.1 when it arrives on their devices.

Just enroll your eligible device in Android Beta to get the latest update, then install your app from Google Play and test. If you don't have a Pixel or Nexus device, you can set up an Android 8.1 emulator for testing instead. If you notice any issues, fix them and update your app in Google Play right away -- without changing the app's platform targeting.

Build with new features and APIs

When you're ready, take advantage of the new features and APIs in Android 8.1, which we've already finalized as API Level 27. For an overview of what's new, take a look at Android 8.1 for Developers. You can also extend your apps with established Android Oreo features as well, see the Android Oreo site for details.

If your app uses forms, make sure to test them with autofill so that users can take advantage of this convenient feature. Enable "Autofill with Google" or a similar service in Settings and test the form fills to make sure they work as expected. We strongly recommend providing explicit hints about your fields, and also associating your website and mobile app, so that logins can be shared between them.

Speed your development with Android Studio

To build with Android 8.1, we recommend updating to Android Studio 3.0, which is now available from the stable channel. On top of the new app performance profiling tools, support for the Kotlin programming language, and Gradle build optimizations, Android Studio 3.0 makes it easier to develop with Android Oreo features like Instant Apps, XML Fonts, downloadable fonts, and adaptive icons.

We also recommend updating to the Android Support Library 27.0.0, which is available from Google's Maven repository. New in this version are: a ContentPager library for efficiently loading "paged" data on a background thread; ViewCompat wrappers for Autofill methods; an AmbientMode headless fragment that improves Wear ambient mode support, fullscreen Trusted Web Activities, and more. See the version notes for more information.

You can update your project's compileSdkVersion to API 27 to compile against the official Android 8.1 APIs. We also recommend updating your app's targetSdkVersion to API 27 to test with compatibility behaviors disabled. See the this guide for details on how to set up your environment to build with Android 8.1.

Publish your updates to Google Play

The Android 8.1 APIs are already final, so we've opened Google Play for apps compiled against or targeting API level 27. When you're ready, you can publish your APK updates in your alpha, beta, or production channels. Make sure that your updated app runs well on Android 8.1 as well as older versions. We recommend using Google Play's beta testing feature to run an alpha test on small group of users, then run a much larger open beta test. When you're ready to launch your update, you can use a staged rollout. We're looking forward to seeing your app updates!

Give us your feedback!

As always, your feedback is crucial, so please let us know what you think. We've set up different hotlists where you report Android platform and tools issues, app compatibility issues, and third-party SDKs and tools issues. We also have a new hotlist for Neural Networks API issues.

You can also give us feedback through the Android Developer community or Android Beta community as we work towards the consumer release in December.

25 Oct 2017 6:18pm GMT

Android Studio 3.0

Posted by Jamal Eason, Product Manager, Android

Android Studio 3.0 is ready to download today. Announced at Google I/O 2017, Android Studio 3.0 is a large update focused on accelerating your app development on Android.

This release of Android Studio is packed with many new updates, but there are three major feature areas you do not want to miss, including: a new suite of app profiling tools to quickly diagnose performance issues, support for the Kotlin programming language, and a new set of tools and wizards to accelerate your development on the latest Android Oreo APIs.

We also invested time in improving stability and performance across many areas of Android Studio. Thanks to your feedback during the preview versions of Android Studio 3.0! If you are looking for high stability, want to build high quality apps for Android Oreo, develop with the Kotlin language, or use the latest in Android app performance tools, then you should download Android Studio 3.0 today.

Check out the the list of new features in Android Studio 3.0 below, organized by key developer flows.

What's new in Android Studio 3.0

Develop

Kotlin Language Conversion in Android Studio

Build

Test & Debug

APK Debugging

Optimize

Android Profiler - Combined timeline view.
CPU Profiler
Memory Profiler
Network Profiler

To recap, Android Studio 3.0 includes these new major features:

Develop

Build

Optimize

Check out the release notes for more details.

Getting Started

Download

Test & Debug

If you are using a previous version of Android Studio, you can upgrade to Android Studio 3.0 today or you can download the update from the official Android Studio Preview download page. As mentioned in this blog, there are some breaking Gradle Plugin API changes to support new features in the IDE. Therefore, you should also update your Android Gradle plugin version to 3.0.0 in your current project to test and validate your app project setup.

We appreciate any feedback on things you like, issues or features you would like to see. If you find a bug or issue, feel free to file an issue. Connect with us -- the Android Studio development team ‐ on our Google+ page or on Twitter

25 Oct 2017 5:50pm GMT

19 Oct 2017

feedAndroid Developers Blog

Playtime 2017: Find success on Google Play and grow your business with new Play Console features


Posted by Vineet Buch, Director of Product Management, Google Play Apps & Games

Read this in العَرَبِيَّة‎‎, Deutsch, español (Latinoamérica), le français, Bahasa Indonesia, Italiano, 日本語, 한국어, português do Brasil, русский язы́к, ไทย, Türkçe, tiếng Việt, 中文 (简体) or 中文 (繁體).


Today we kicked off our annual global Playtime series with back-to-back events in Berlin and San Francisco. Over the next month, we'll be hearing from many app and game developers in cities around the world. It has been an amazing 2017 for developers on Google Play, there are now more than 8 billion new installs per month globally.
To help you continue to take advantage of this opportunity, we're announcing innovations on Google Play and new features in the Play Console. Follow us on Medium where presenters will be posting their strategies, best practices, and examples to help you achieve your business objectives. As Google Play continues to grow rapidly, we want to help people understand our business. That's why we're also publishing the State of Play 2017 report that will be updated annually to help you stay informed about our progress and how we're helping developers succeed.
Apps and games on Google Play bring your devices to life, whether they're phones and tablets, Wear devices, TVs, Daydream, or Chromebooks like the new Google Pixelbook. We're making it even easier for people to discover and re-engage with great content on the Play Store.


Recognizing the best

We're investing in curation and editorial to showcase the highest quality apps and games we love. The revamped Editors' Choice is now live in 17 countries and Android Excellence recently welcomed new apps and games. We also continue to celebrate and support indie games, recently announcing winners of the Indie Games Festival in San Francisco and opening the second Indie Games Contest in Europe for nominations.


Discovering great games

We've launched an improved home for games with trailers and screenshots of gameplay and two new browse destinations are coming soon, 'New' (for upcoming and trending games) and 'Premium' (for paid games).


Going beyond installs

We're showing reminders to try games you've recently installed and we're expanding our successful 'live operations' banners on the Play Store, telling you about major in-game events in popular games you've got on your device. We're also excited to integrate Android Instant Apps with a 'Try Now' button on store listings. With a single tap, people can jump right into the app experience without installing.

The new games experience on Google Play
The Google Play Console offers tools which help you and your team members at every step of an app's lifecycle. Use the Play Console to improve app quality, manage releases with confidence, and increase business performance.


Focus on quality

Android vitals were introduced at I/O 2017 and already 65% of top developers are using the dashboard to understand their app's performance. We're adding five new Android vitals and increasing device coverage to help you address issues relating to battery consumption, crashes, and render time. Better performing apps are favored by Google Play's search and discovery algorithms.
We're improving pre-launch reports and enabling them for all developers with no need to opt-in. When you upload an alpha or beta APK, we'll automatically install and test your app on physical, popular devices powered by Firebase Test Lab. The report will tell you about crashes, display issues, security vulnerabilities, and now, performance issues encountered.
When you install a new app, you expect it to open and perform normally. To ensure people installing apps and games from Google Play have a positive experience and developers benefit from being part of a trusted ecosystem, we are introducing a policy to disallow apps which consistently exhibit broken experiences on the majority of devices such as​ crashing,​ closing,​ ​freezing,​ ​or​ ​otherwise​ ​functioning​ ​abnormally. Learn more in the policy center.


Release with confidence

Beta testing lets trusted users try your app or game before it goes to production so you can iterate on your ideas and gather feedback. You can now target alpha and beta tests to specific countries. This allows you to, for example, beta test in a country you're about to launch in, while people in other countries receive your production app. We'll be bringing country-targeting to staged rollouts soon.
We've also made improvements to the device catalog. Over 66% of top developers are using the catalog to ensure they provide a great user experience on the widest range of devices. You can now save device searches and see why a specific device doesn't support your app. Navigate to the device catalog and review the terms of service to get started.


Grow your subscriptions business

At I/O 2017 we announced that both the number of subscribers on Play and the subscriptions business revenue doubled in the preceding year. We're making it easier to setup and manage your subscription service with the Play Billing Library and, soon, new test instruments to simplify testing your flows for successful and unsuccessful payments.
We're helping you acquire and retain more subscribers. You can offer shorter free trials, at a minimum of three days, and we will now enforce one free trial at the app level to reduce the potential for abuse. You can opt-in to receive notifications when someone cancels their subscription and we're making it easier for people to restore a canceled subscription. Account hold is now generally available, where you can block access to your service while we get a user to fix a renewal payment issue. Finally, from January 2018 we're also updating our transaction fee for subscribers who are retained for more than 12 months.


Announcing the Google Play Security Reward Program

At Google, we have long enjoyed a close relationship with the security research community. Today we're introducing the Google Play Security Reward Program to incentivize security research into popular Android apps, including Google's own apps. The program will help us find vulnerabilities and notify developers via security recommendations on how to fix them. We hope to bring the success we have with our other reward programs, and we invite developers and the research community to work together with us on proactively improving Google Play ecosystem's security.


Stay up to date with Google Play news and tips


















How useful did you find this blogpost?




19 Oct 2017 5:00pm GMT

Google Play's Indie Games Contest is back in Europe. Enter now

Posted by Adriana Puchianu, Developer Marketing Google Play

Following last year's success, today we're announcing the second annual Google Play Indie Games Contest in Europe, expanding to more countries and bigger prizes. The contest rewards your passion, creativity and innovation, and provides support to help bring your game to more people.

Prizes for the finalists and winners

How to enter the contest

If you're based in one of the 28 eligible countries, have 30 or less full time employees, and published a new game on Google Play after 1 January 2017, you may now be eligible to enter the contest. If you're planning on publishing a new game soon, you can also enter by submitting a private beta. Check out all the details in the terms and conditions. Submissions close on 31 December 2017.

Up to 20 finalists will showcase their games at an open event at the Saatchi Gallery in London on the 13th February 2018. At the event, the top 10 will be selected by the event attendees and the Google Play team. The top 10 will then pitch to the jury of industry experts, from which the final winner and runners up will be selected.

Come along to the final event

Anyone can register to attend the final showcase event at the Saatchi Gallery in London on 13 February 2018. Play some great indie games and have fun with indie developers,industry experts, and the Google Play team.

Enter now

Visit the contest site to find out more and enter the Indie Games Contest now.

How useful did you find this blogpost?

19 Oct 2017 8:30am GMT

10 Nov 2011

feedAndroid Forums

Latest action game INC from OrangePixel now available!

From the developer of Meganoid and Stardash comes a new action arcade game: INC! http://www.youtube.com/watch?v=9j5OEG-3RyM Get it from the...

10 Nov 2011 9:31am GMT

Free online video chat

More than 1000 broadcast cameras for you online - the most incendiary models in Russia. 1000 girls, 1000, the temptations, 1000, full of desire - all...

10 Nov 2011 7:48am GMT

Layout problem

Hi Friends I decided to work with a tab layout application. Program consist of 3 tabs and a button. I like to place the button below the tab. ...

10 Nov 2011 5:20am GMT

[ANDROID]5 New Live Wallpapers for ANDROID !

*1-) Spectrum ICS * Image: http://i.imgur.com/IjE5B.jpg *2-) Alien Shapes* Image: http://i.imgur.com/7hQHA.jpg

10 Nov 2011 12:50am GMT

09 Nov 2011

feedAndroid Forums

New to Android, thinking of getting Asus Transformer

Hey all, New to this site and Android. I'm a 50 year old fireman who has resisted the newest tech gadgets but am wanting a tablet for use at home....

09 Nov 2011 10:33pm GMT

Island Fortress - "reverse Angry Birds" (FREE GAME)

Island Fortress is a free physics based puzzle/construction game where player has to defend the treasure from the pirate's cannonballs....

09 Nov 2011 8:42pm GMT

Unlock Code Question (MyTouch 3G)

I have a question about using an unlock code with an HTC T-Mobile MyTouch 3G. So I got the phone from a guy on Craigslist, and I have AT&T. In order...

09 Nov 2011 8:28pm GMT

[Game] Mini-Bubbles

Free Mini-Bubbles Android Market Link: https://market.android.com/details?id=br.com.dotfive.minibubbles Pop the most bubbles you can within...

09 Nov 2011 6:39pm GMT

Top 6 Android Tablet For 2011

Well now a days we are seeing new tablets coming every day and we see new upcoming tablets leaks too! It's difficult to choose best one which works...

09 Nov 2011 4:15pm GMT

unlock code

Hello, I need unlock code for telephone my touch 3g tmobile. thanks

09 Nov 2011 2:56pm GMT