27 Jul 2017

feedAndroid Community

Nokia 6 Silver variant now up for pre-order on Amazon

The black version of the Android-powered Nokia 6 has been available for a couple of weeks now in the US, but if silver smartphones are more your speed, then you should be happy now that this variant is finally available for pre-orders on Amazon. It will be shipped for you in 1-3 weeks but if […]

27 Jul 2017 12:40am GMT

The Joy-Con Enabler app does exactly what you think it does

The Nintendo Switch is one of those novel console ideas from the Japanese gaming giant, although truth be told, the jury is still out if it's a certified hit or not. What it has, though, is some nifty wireless controllers called Joy-Cons, which you can use either connected or separate from your Switch console. Wait, […]

27 Jul 2017 12:00am GMT

26 Jul 2017

feedAndroid Community

Sharp Aquos S2 with on-screen fingerprint scanner, 4K bezel-less screen leaked

Sharp may not be the top name in the mobile game but it still is popular in Japan. The last smartphone from the brand we featured was the AQUOS R released back in April, loaded with 4GB RAM and a powerful Snapdragon 835 processor. There was also the mid-range Sharp Z3 which was launched in Taiwan […]

26 Jul 2017 11:20pm GMT

Latest Nova Launcher Beta version brings Sesame Shortcuts

The Nova Launcher has been around for over five years now and it's one of the many reliable app launchers that are regularly updated. The last update we noted was Google Now being added to older Lollipop devices. A stable version with first Android O look was already released as the 5.2 beta and over […]

26 Jul 2017 10:40pm GMT

Save 40% on Final Draft 10 and create screenplays like a pro [DEALS]

Professional screenplay writer? Achieve your best work with the number one selling Final Draft 10, available now at 40% off the regular retail price. Final Draft 10 is the first and last word in professional screenplay writing software. It offers a host of handy features, such as script templates and collaboration tools, that lets writers […]

26 Jul 2017 10:00pm GMT

Facebook may be joining the smart speaker market as well

It seems like everyone and their brother want to get into the growing smart speaker market, a market that is expected to grow to $5.5 billion by 2022. We've seen Amazon dominate with their Echo devices and Google trying to challenge that with Google Home. We've heard rumors about others as well like Microsoft, Samsung, […]

26 Jul 2017 9:20pm GMT

PHOOZY Thermal Capsule introduced, ready for more summer adventures

Summer isn't over yet. You still have a few more weeks to go to the beach or lounge by the pool before Fall begins and Winter looms. We're pretty sure you still won't leave behind your gadgets because you can't part especially with your smartphone. We know that not all mobile devices are water-resistant but […]

26 Jul 2017 8:40pm GMT

ThingThing takes over development of virtual keyboard Fleksy

If a once thriving app suddenly starts releasing updates, you can safely assume that something is up. And when half your team but not the product itself is acquired by another company, then expect a major shakeup soon. Well it's been more than a year and now we know the future of once popular virtual […]

26 Jul 2017 8:00pm GMT

feedAndroid Developers Blog

From Chrysaor to Lipizzan: Blocking a new targeted spyware family

Posted by Megan Ruthven Android Security, Ken Bodzak Threat Analysis Group, Neel Mehta Threat Analysis Group

Android Security is always developing new ways of using data to find and block potentially harmful apps (PHAs) from getting onto your devices. Earlier this year, we announced we had blocked Chrysaor targeted spyware, believed to be written by NSO Group, a cyber arms company. In the course of our Chrysaor investigation, we used similar techniques to discover a new and unrelated family of spyware called Lipizzan. Lipizzan's code contains references to a cyber arms company, Equus Technologies.

Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user's email, SMS messages, location, voice calls, and media. We have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total and have blocked the developers and apps from the Android ecosystem. Google Play Protect has notified all affected devices and removed the Lipizzan apps.

We've enhanced Google Play Protect's capabilities to detect the targeted spyware used here and will continue to use this framework to block more targeted spyware. To learn more about the methods Google uses to find targeted mobile spyware like Chrysaor and Lipizzan, attend our BlackHat talk, Fighting Targeted Malware in the Mobile Ecosystem.

How does Lipizzan work?

Getting on a target device

Lipizzan was a sophisticated two stage spyware tool. The first stage found by Google Play Protect was distributed through several channels, including Google Play, and typically impersonated an innocuous-sounding app such as a "Backup" or "Cleaner" app. Upon installation, Lipizzan would download and load a second "license verification" stage, which would survey the infected device and validate certain abort criteria. If given the all-clear, the second stage would then root the device with known exploits and begin to exfiltrate device data to a Command & Control server.

Once implanted on a target device

The Lipizzan second stage was capable of performing and exfiltrating the results of the following tasks:

The PHA had specific routines to retrieve data from each of the following apps:

  • Gmail
  • Hangouts
  • KakaoTalk
  • LinkedIn
  • Messenger
  • Skype
  • Snapchat
  • StockEmail
  • Telegram
  • Threema
  • Viber
  • Whatsapp

We saw all of this behavior on a standalone stage 2 app, com.android.mediaserver (not related to Android MediaServer). This app shared a signing certificate with one of the stage 1 applications, com.app.instantbackup, indicating the same author wrote the two. We could use the following code snippet from the 2nd stage (com.android.mediaserver) to draw ties to the stage 1 applications.

public void uninstallParent() { 
    android.util.Log.d("ApplicationsManager", "Removing parent application!");
    com.android.mediaserver.shell.Shell$SU.run(new StringBuilder().append("").append("echo u:r:system_server:s0 > /proc/$$/attr/current; pm uninstall").append("com.app.instantbackup").toString());
    com.android.mediaserver.shell.Shell$SU.run(new StringBuilder().append("").append("rm -rf /data/data/").append("com.app.instantbackup").toString());
    com.android.mediaserver.shell.Shell$SU.run(new StringBuilder().append("").append("rm -Rf /data/data/").append("com.app.instantbackup").toString());
    return;
}

Morphing first stage

After we blocked the first set of apps on Google Play, new apps were uploaded with a similar format but had a couple of differences.

Despite changing the type of app and the method to download stage 2, we were able to catch the new implant apps soon after upload.

How many devices were affected?

There were fewer than 100 devices that checked into Google Play Protect with the apps listed below. That means the family affected only 0.000007% of Android devices. Since we identified Lipizzan, Google Play Protect removed Lipizzan from affected devices and actively blocks installs on new devices.

What can you do to protect yourself?

List of samples

1st stage

Older version

Package Name Latest App SHA 256
com.safe.datasaver 5d6a8c9c335edaf0b5d010f30e9fc9cea1e7a19d8c4e888079d6a6a4bae5aaef
com.and.goldbackup 3a9f25b2ba38974b0eb8de76ad37abc77f7eb068e6880305cc1faaba4467d5cf
com.star.backupstar ed4f693ea491ab0c455499fbaeddec70652b506f778130b43101b2496669fe59
com.veramon.backupit 27971324142ae23aad3f7e95e7eb1b85a7f08b39b4a4d27aab177669e875791b
com.copanga.backupplus 726b91193469513405b95f0c20cb0ec94396ce317ac0f763e98af949186630f8
com.app.thunderbackup 99282aa2d17a341d88a6e1944149639bcc8f711cdcd134a455b0c25951111712
com.kopos.nowbackup 48305da03403990395afb159c56370d204b0e32343f3b0790b640653ee79e5c9
com.appnow.backupdroid 35896010e204b064e313204d525185586924b31a0804d0512ba5467fc95cb35e
com.apptimus.androidbackuppro b615936270d9dab3c29d7b0a3c1fc846f1f5d82570fb917849769f578cfaeb01
com.app.backupfast 9efa83579e769f73793e138d79d15aa5b96e42c58b568eab00edece6219e2322
com.app.instantbackup a5f266864b341f8558aacdee1a38fe4b95a9035bf9c0c1d7761e23de2181dcf2

Newer version

Package Name Latest App SHA 256
com.sd.sdbackup 8ebe42ce2c03e56cb97bb2dc1be47a4226899d6f648c30eecb19e32a7867657a
com.app.procleaner affc95a6db70b62b4252fe5da4016ae873b33e645147f06f12a33c9dc5305ae4
com.app.alarmmanager fe121da2a53632ba2b617eae26c72b685ed4853a6b3f9fd223af11a1042c3541
com.app.soundrecorder aa4445023df7b203e8078858b502d1082647c815b24c3335a58347bc98b79c74
com.mem.notesplus 24aa8a2f2fbbbe82b89076bf1981bdedb7ecb4baa9e036993504e8309269b373
com.app.processcleaner b2eca848730d41c2e8001ec7316352343b84327d59e193aacdcd0d01aceb79f2
com.kobm.devicecleaner 6ddad8d049fd25e06b84de013dfec7e1bb09abca78604305b9ae1df6c4145e5c
com.yonni.deviceoptimizer 2f8fab18374080ac42422e5e79a693438b81f95f76de5f2f34cd2a0c882f06ef
com.haima.ultracleaner af7f90809d4e3bf160ccf4a219012f9dac283657f57b812733022f4a966428ea

Standalone 2nd stage

Package Name Latest App SHA 256
com.android.mediaserver 1ba8d5f45e8cd545cc3b919bea80e7bd5c6c85fc822f52edc0669191536d43da

26 Jul 2017 8:00pm GMT

feedAndroid Community

Bandai Namco releases Tales of the Rays, new console quality RPG

Bandai Namco has their long-running "Tales" series, and they've just released a new game under that banner to the Play Store. It's called "Tales of the Rays" and as per usual, this is another RPG that you can sink your Android gaming teeth into. The question we ask: is this game worth the effort? Or […]

26 Jul 2017 7:20pm GMT

feedTalkAndroid

Google may be adding SMS notifications to Chrome OS desktop

If you are a big user of SMS messaging and also spend lots of time working on a computer, then you likely appreciate the ability to send and receive messages on the desktop and having threads stay synced across devices. This is one of the big reasons so many people gripe about an app like […]


Come comment on this article: Google may be adding SMS notifications to Chrome OS desktop

Visit TalkAndroid

26 Jul 2017 7:02pm GMT

feedAndroid Community

OnePlus Weather, Gallery, Community, Launcher apps now available via Play Store

In a bid to make app updates for these apps more regular, OnePlus has followed the example of Google and Samsung by putting up their proprietary apps on the Google Play Store. These include the Weather, Gallery, Community, and Launcher apps that are normally included in your stock OxygenOS interface when you get your OnePlus […]

26 Jul 2017 6:40pm GMT

AutoTools updated to version 2.0, new features galore

AutoTools was released by "joaomgcd" last year as another plug-in to his already powerful Tasker automation app. AutoTools gave you more toggles and tweaks that you can do to certain system settings. Now the developer is releasing AutoTools 2.0, and you'll probably like what he has in store for all of you Tasker fans out […]

26 Jul 2017 6:00pm GMT

Verizon’s Galaxy S8 duo update brings Daydream VR support

During the recent Google I/O, one thing that Google revealed is that they have a lot of plans for their Daydream Virtual Reality headset and to have a lot of Android smartphones that are Daydream VR-ready. Samsung and Verizon are now rolling out an update for the Galaxy S8 and Galaxy S8+ that includes support […]

26 Jul 2017 5:20pm GMT

feedTalkAndroid

[TA Deals] These wireless earbuds are $33 for a limited time (83% off)

Ditch the wires! Get wireless earbuds. And, on Talk Android Deals, we know exactly the pair to pick up. Built-in mic allows you to accept calls w/ a touch May be used as a single earpiece or as a pair Passive noise cancellation & HD sound deliver rock-solid bass & super-crisp treble Support multi-device connection […]


Come comment on this article: [TA Deals] These wireless earbuds are $33 for a limited time (83% off)

Visit TalkAndroid

26 Jul 2017 4:50pm GMT

feedAndroid Community

USB 3.2 spec announced, will give you 2Gbps transfers over certified USB-C cables

The USB 3.0 Promoter Group has announced an update to the USB 3.0 specification - enter USB 3.2. When the USB Type-C cables were designed, they were supposed to work in multi-lane operations. With the new USB 3.2 spec, this is finally going to be a reality and should show a marked performance increase from […]

26 Jul 2017 4:40pm GMT

Google envisions eleven Daydream capable devices by end of 2017

The fact that Google Daydream - Android's virtual reality (VR) platform - is almost a year old now, you would expect Google to put its efforts into making the platform available on more devices. The fact is, the search giant is very much concerned about the quality of the VR experience users will have, which […]

26 Jul 2017 4:00pm GMT

feedTalkAndroid

Moto Z2 Play review: Shrinking the battery hasn’t hurt too bad

The Moto Z2 Play is here, and it's slimmer than before. But that's not a problem. Lenovo has proved, despite reducing the size of the battery to achieve a thinner design, it's primary unlocked phone for 2017 can still go the distance for most. Lenovo started 2016 with the Moto Z family, marking the first […]


Come comment on this article: Moto Z2 Play review: Shrinking the battery hasn't hurt too bad

Visit TalkAndroid

26 Jul 2017 3:42pm GMT

feedAndroid Community

Xiaomi MI AI Speaker debuts as a very affordable smart device

Joining the ranks of Google Home and the Amazon Echo, here's Xiaomi with the new Mi AI Speaker. Apart from the new MIUI 9 and the Mi 5X, the Taiwanese tech giant also launched a new smart speaker than can very well rival the other models available in the market. We know those from Google […]

26 Jul 2017 3:30pm GMT

Xiaomi MI 5X officially launches with dual cameras, affordable price tag

As promised, the Xiaomi MI 5X was officially announced together with new MIUI 9 and a slew of other products. For now, we'll focus our attention on this new smartphone that joins the Mi 5, MI 5S, Mi 5S Plus, and of course, the Mi 6. We're curious to know how it this different not […]

26 Jul 2017 3:00pm GMT

feedTalkAndroid

Waze officially comes to Android Auto

It was always pretty odd that Waze wasn't available for Android Auto considering Google owns both of those of those products, but that wait is finally over. Waze has announced full Android Auto integration with the latest version of their mobile app. Using it is pretty simple, as long as you have a car with […]


Come comment on this article: Waze officially comes to Android Auto

Visit TalkAndroid

26 Jul 2017 2:40pm GMT

OnePlus explains why some OnePlus 5’s rebooted when dialing 911

There are signs that OnePlus may be getting the hang of this smartphone manufacturing lark, and moving on from the image of being a brash upstart of a company. With the discovery some OnePlus 5 units were rebooting when users dialed 911, the company responded as you would have hoped by rolling out a hotfix […]


Come comment on this article: OnePlus explains why some OnePlus 5's rebooted when dialing 911

Visit TalkAndroid

26 Jul 2017 2:00pm GMT

Google releasing new Emoji compatibility library

If you have ever traded messages with someone using your smartphone - which is basically everyone - you have probably run into a problem where someone sends you an emoji that just displays as a blank box or a box with an X through it. This happens due to incompatibilities with fonts supported by an […]


Come comment on this article: Google releasing new Emoji compatibility library

Visit TalkAndroid

26 Jul 2017 1:17pm GMT

Google Pixel 2 and Pixel XL 2 CAD-based renders surface

With about three months to go until the expected launch of the next generation Pixel phones, some new renders have surfaced for both devices based on CAD files floating around for aftermarket vendors. The renders were supplied by Twitter user Steve H, aka @OnLeaks, who has provided similar renders of upcoming devices in the past, […]


Come comment on this article: Google Pixel 2 and Pixel XL 2 CAD-based renders surface

Visit TalkAndroid

26 Jul 2017 12:52pm GMT

25 Jul 2017

feedTalkAndroid

[Deal] Take $250+ off the HTC 10 and U Ultra for a limited time

Looking for a new phone at a discount? Check out HTC's 10 and U Ultra, which are participating in the Summer Sunset Sale. These are all of the deals: HTC 10 for $399 ($300 off) HTC U Ultra for $499 ($250 off) UA HealthBox for $219 ($181 off) If you have an older HTC device, […]


Come comment on this article: [Deal] Take $250+ off the HTC 10 and U Ultra for a limited time

Visit TalkAndroid

25 Jul 2017 7:25pm GMT

feedAndroid Developers Blog

Android Testing Support Library 1.0 is here!

Posted by Michael Amygdalidis, Stephan Linzner and Nick Korostelev from the Mobile-Ninjas team at Google

We're pleased to announce the version 1.0 release of the Android Testing Support Library (ATSL).

ATSL version 1.0 is a major update to our existing testing APIs and comes with lots of new features, improved performance, stability, and bug fixes. It provides full API parity with the now deprecated Android platform testing APIs. This release also adds a number of features that we discussed in our Google I/O 2017 talk, such as native support for Multiprocess Espresso and the Android Test Orchestrator.

We are also happy to announce that, starting with version 1.0, we're distributing releases on Google's Maven repository, which makes it a lot easier to use ATSL in your builds. To learn more about using this repository, see the getting started with the Google Maven repository guide. Note that we're no longer tying future updates to the testing infrastructure with platform updates. If you have not yet upgraded your tests to ATSL, this is an excellent time.

Finally, we want to announce a big update to our Android testing documentation. We've migrated our old testing documentation from our GitHub website to developers.android.com/testing. All the testing documentation now appears in a single place, making it even easier to learn how to write and execute tests on Android.

Let's move on to the fun part of this post, an overview of new APIs and tools that we're providing in this release.

Espresso Improvements

Espresso 3.0.0 comes with amazing new features and improved overall performance. Some of the highlights include: Multiprocess Espresso, Idling Registry and new Idling Resources. Let's dive in and have a more detailed look at these new features:

Multiprocess Espresso

Starting with Android O, the platform includes support for instrumenting tests outside of your app's default process. (Prior to Android O, you could only test against app components in your app's default process.) Multiprocess Espresso makes this support possible. It allows you to seamlessly test your app's UI interactions that cross process boundaries while still maintaining Espresso's synchronization guarantees.

The good news is that Espresso does all the work; you don't have to change anything for setups with UI in multiple processes. You can keep writing your Espresso tests like you would for single process apps, and Espresso automatically handles the process IPC and synchronization between processes.

The following diagram shows how multiple instances of Espresso communicate with each other:

If you want to learn more about Multiprocess Espresso and how to use it, please take a look at our documentation and our Multiprocess sample.

Idling Registry

Some apps use build flavors in Gradle or a dependency injection framework, like Dagger, to generate test build configurations that register idling resources. Others simply expose the idling resource through their activities. The problem with all these approaches is that they add complexity to your development workflow, and some of them even break encapsulation. With the latest release of Espresso, we've made it easier to register idling resources from within your app code by introducing the new IdlingRegistry API. IdlingRegistry is a lightweight registry that doesn't bring in the entire Espresso library, so you can more easily register resources from your application code. When combining this API with Multiprocess Espresso, you can register idling resources from any process within your application code.

Registration from the Espresso class is now deprecated.

Idling Resources

Writing custom idling resources can be time consuming, so Espresso 3.0.0 now comes with more idling resources out of the box to synchronize your threads. The new resources include: IdlingThreadPoolExecutor and IdlingScheduledThreadPoolExecutor. There will be more to come!

To take advantage of the new idling resource, add these new dependencies to your build.gradle file:

  androidTestCompile "com.android.support.test.espresso.idling:idling-concurrent:3.0.0"

Additionally, CountingIdlingResource, which was previously deprecated in Espresso contrib, has been removed with this release. Therefore, you need to update your tests to use the new CountingIdlingResource package that's located in Espresso idling resource. For the full migration details, refer to our release notes.

ProviderTestRule

When you test ContentProvider objects, you can now use ProviderTestRule instead of ProviderTestCase2. ProviderTestRule offers an easier way to work with other test rules currently available for AndroidJUnit4.

ProviderTestRule includes APIs for initialization, as well as commands to run against a ContentProvider under test. If your ContentProvider is based off of a SQLite database, you can use the ProviderTestRule commands for setting the database file and initialization commands.

To learn more, see the ProviderTestRule documentation.

Grant Permission Rule

Android M (API level 23) allows apps to request permissions at runtime. However, the dialogs that request runtime permissions place tests in a state where they cannot continue, causing them to fail. By using GrantPermissionRule, you can skip the dialog popups altogether and simulate a user granting a runtime permission for your app.

Android Test Orchestrator

Typically, AndroidJUnitRunner runs all tests in the same instrumentation process, which can cause a number of problems. For example, tests share their state in memory, and if one test crashes, it prevents the remainder of the test suite from running.

Although it's possible to isolate tests by issuing sequential adb commands, this process adds host-side processing load. By using the new Android Test Orchestrator instead, you can achieve test isolation entirely on the device, as shown in this diagram:

Be aware that if your tests require shared state to pass, the orchestrator causes them to fail. This behavior is by design. As of this post, Android Test Orchestrator is in beta and is available for use via the command line. We have integrations planned for Firebase Test Lab and Android Studio, coming soon.

For more information, see the Android Testing Orchestrator developer guide.

AndroidJUnitRunner

AndroidJUnitRunner now includes a number of additional features:

Sometimes you want to test an activity that you create and configure on the fly as part of your test workflow. Now, you can configure MonitoringInstrumentation (and by extension, AndroidJUnitRunner) using an InterceptingActivityFactory. You can create your activity under test with a test-specific configuration without having to rely on compile-time injection.

This overview highlights only some of the most significant changes that we've made to ATSL. They are many more changes that are worth exploring. For the full release details, refer to our release notes.

Last but not least, we want to thank all the developers who contributed features to this release. We also want to thank the Android testing experts on the mobile engineering teams at American Express, Slack and GDE Chiu-Ki Chan for collaborating with us and providing valuable feedback on the pre-release version of Android Testing Support Library.

Happy testing from the ATSL team!

25 Jul 2017 7:21pm GMT

feedTalkAndroid

Moto Z2 Force specifications

Check out the specs for the Moto Z2 Force, Motorola's 2017 flagship. Visit our Moto Z2 Force hub for more coverage. Come comment on this article: Moto Z2 Force specifications Visit TalkAndroid


Come comment on this article: Moto Z2 Force specifications

Visit TalkAndroid

25 Jul 2017 6:22pm GMT

If you’re willing to pay $300, the Moto 360 Camera will record everything around you

New Moto Mods are appearing rapidly this year. The latest, another from Motorola itself, is the Moto 360 Camera. It gives your phone the ability to create 360-degree videos without the need for an external device. Immersive content has never been so popular, and that's why you're seeing compatible hardware brought to mobile devices. Motorola […]


Come comment on this article: If you're willing to pay $300, the Moto 360 Camera will record everything around you

Visit TalkAndroid

25 Jul 2017 5:27pm GMT

Motorola’s Moto Z2 Force has an unbreakable display and two rear cameras

Motorola's 2017 flagship arrived today, and it's succeeding not one but two devices from last year. We saw the Moto Z, Moto Z Force, and Moto Z Play in 2016. Those phones were all solid; however, consumers didn't quite know how to differentiate them. Now Motorola is tweaking the Moto Z family to give each […]


Come comment on this article: Motorola's Moto Z2 Force has an unbreakable display and two rear cameras

Visit TalkAndroid

25 Jul 2017 5:00pm GMT

[TA Deals] Take an additional 15% off Final Draft 10

Entertainment industry veterans aren't using Microsoft Word to type their scripts. They're using Final Draft 10, and you can also use it even at an amateur level. It's our featured item on Talk Android Deals for today only. As it's featured, there's a special price you won't find elsewhere. Automatically paginates your scripts to Hollywood […]


Come comment on this article: [TA Deals] Take an additional 15% off Final Draft 10

Visit TalkAndroid

25 Jul 2017 3:35pm GMT

Google’s Sundar Pichai becomes the thirteenth member of Alphabet’s board

While the number 13 is considered unlucky by some, it's proving to be a lucky number for Sundar Pichai at least, because Alphabet has announced that Google's CEO is set to become its thirteenth board member. Pichai will become the second Google executive on Alphabet's board with Diane Green, the head of Google's cloud division, […]


Come comment on this article: Google's Sundar Pichai becomes the thirteenth member of Alphabet's board

Visit TalkAndroid

25 Jul 2017 2:30pm GMT

Galaxy S8 Active makes another appearance in leaked video

It seems like it was only yesterday that the Galaxy S8 Active leaked in a few photos, confirming the design, software, and some specs about the device. Oh, right, that actually was yesterday. Time for another one! This time, the device is on camera, so you'll get a slightly better look at how it works […]


Come comment on this article: Galaxy S8 Active makes another appearance in leaked video

Visit TalkAndroid

25 Jul 2017 2:29pm GMT

You can now buy the HTC U11 with 128GB of internal storage

Maybe you've been avoiding the HTC U11 because of its internal storage. Well, as of today there's no excuse anymore. HTC just added a 128GB model of its 2017 flagship. You're still getting the same U11 as the 64GB model. The difference here is, of course, the larger amount of internal storage. It's merely doubled, […]


Come comment on this article: You can now buy the HTC U11 with 128GB of internal storage

Visit TalkAndroid

25 Jul 2017 11:30am GMT

24 Jul 2017

feedAndroid Developers Blog

Developer Preview 4 now available, official Android O coming soon!

Posted by Dave Burke, VP of Engineering

As we put the finishing touches on the Android O platform, today we're rolling out Developer Preview 4 to help you make sure your apps are ready.

This is the final preview before we launch the official Android O platform to consumers later this summer. Take this opportunity to wrap up your testing and publish your updates soon, to give users a smooth transition to Android O.

If you have a device that's enrolled in the Android Beta Program, you'll receive an update to Developer Preview 4 in the next few days. If you haven't enrolled your device yet, just visit the Android Beta site to enroll and get the update.

Watch for more information on the official Android O release soon!

What's in this update?

Developer Preview 4 is a release candidate build of Android O that you can use to complete your development and testing in time for the upcoming official release. It includes the final system behaviors, the latest bug fixes and optimizations, and the final APIs (API level 26) already available since Developer Preview 3.

We're releasing the Developer Preview 4 device system images today, together with the stable version of the Android 26.0.0 Support Library. Incremental updates to the SDK, tools, and Android Emulator system images are on the way over the next few days.

We're also introducing a new version of Android Testing Support Library that includes new features like Android Test Orchestrator, Multiprocess Espresso, and more. Watch for details coming soon.

Test your apps on Android O

Today's Developer Preview 4 system images give you an excellent way to test your current apps on the near-final version of Android O. By testing now, you can make sure your app offers the experience you want as users start to upgrade to the official Android O platform.

Just enroll a supported device in the Android Beta Program to get today's update over-the-air, install your current app from Google Play, and test the user flows. The app should run and look great, and should handle the Android O behavior changes properly -- in particular, pay attention to background location limits, notification channels, and changes in networking, security, and identifiers.

Once you've resolved any issues, publish your app updates with the current targeting level, so that they're available as users start to receive Android O.

Enhance your apps with Android O features and APIs

Users running the latest versions of Android are typically among the most active in terms of downloading apps, consuming content, and making purchases. They're also more vocal about support for the latest Android features in their favorite apps. With Android O, users are anticipating features like notification channels and dots, shortcut pinning, picture-in-picture, autofill, and others. These features could also help increase engagement with your app as more users upgrade to Android O over time.

With Android O your app can directly pin a specific app shortcut in the launcher to drive engagement.
Notification dots keep users active in your app and let them jump directly the app's core functions.

Enhancing your apps with Android O features can help you drive engagement with users, offer new interactions, give them more control and security, and improve performance. Features like adaptive icons, downloadable fonts, and autosizing TextView can simplify your development and minimize your APK size. Battery is also a top concern for users, so they'll appreciate your app being optimized for background execution limits and other important changes in vital system behavior for O apps.

Visit the O Developer Preview site to learn about all of the new features and APIs and how to build them into your apps.

Speed your development with Android Studio

When you're ready to build for Android O, we recommend updating to the latest version of Android Studio 3.0, available for download from the canary channel. Aside from improved app performance profiling tools, support for the Kotlin programming language, and Gradle build optimizations, Android Studio 3.0 makes it easier to develop with Instant Apps, XML Fonts, Downloadable Fonts, and Adaptive Icons.

We also recommend updating to the stable version of the Android Support Library 26.0.0, available now from Google's Maven repository, and to the latest SDK, tools, and emulator system images, available over the next few days.

You can update your project's compileSdkVersion to API 26 to compile against the official Android O APIs. We also recommend updating your app's targetSdkVersion to API 26 to opt-in and test your app with Android O specific behavior changes. See the migration guide for details on how to setup your environment to build with Android O.

Publish your updates to Google Play

Google Play is open for apps compiled against or targeting API 26. When you're ready, you can publish your APK updates in your alpha, beta, or production channels.

Make sure that your updated app runs well on Android O as well as older versions. We recommend using Google Play's beta testing feature to get early feedback from a small group of users. Then do a staged rollout. We're looking forward to seeing your app updates!

How to get Developer Preview 4

It's simple to get Developer Preview 4 if you haven't already! Just visit android.com/beta and opt-in your eligible phone or tablet. As always, you can also download and flash this update manually. The O Developer Preview is available for Pixel, Pixel XL, Pixel C, Nexus 5X, Nexus 6P, Nexus Player, and the Android Emulator. Enrolled devices will automatically update when we release the official version of Android O.

Thanks for all of your input throughout the preview. Continue to share your feedback and requests, we love it!

24 Jul 2017 5:27pm GMT

20 Jul 2017

feedAndroid Developers Blog

Seccomp filter in Android O

Posted by Paul Lawrence, Android Security Engineer
In Android-powered devices, the kernel does the heavy lifting to enforce the Android security model. As the security team has worked to harden Android's userspace and isolate and deprivilege processes, the kernel has become the focus of more security attacks. System calls are a common way for attackers to target the kernel.
All Android software communicates with the Linux kernel using system calls, or syscalls for short. The kernel provides many device- and SOC-specific syscalls that allow userspace processes, including apps, to directly interact with the kernel. All apps rely on this mechanism to access collections of behavior indexed by unique system calls, such as opening a file or sending a Binder message. However, many of these syscalls are not used or officially supported by Android.
Android O takes advantage of a Linux feature called seccomp that makes unused system calls inaccessible to application software. Because these syscalls cannot be accessed by apps, they can't be exploited by potentially harmful apps.

seccomp filter

Android O includes a single seccomp filter installed into zygote, the process from which all the Android applications are derived. Because the filter is installed into zygote-and therefore all apps-the Android security team took extra caution to not break existing apps. The seccomp filter allows:
  • all the syscalls exposed via bionic (the C runtime for Android). These are defined in bionic/libc/SYSCALLS.TXT.
  • syscalls to allow Android to boot
  • syscalls used by popular Android applications, as determined by running Google's full app compatibility suite
Android O's seccomp filter blocks certain syscalls, such as swapon/swapoff, which have been implicated in some security attacks, and the key control syscalls, which are not useful to apps. In total, the filter blocks 17 of 271 syscalls in arm64 and 70 of 364 in arm.

Developers

Test your app for illegal syscalls on a device running Android O.

Detecting an illegal syscall

In Android O, the system crashes an app that uses an illegal syscall. The log printout shows the illegal syscall, for example:
03-09 16:39:32.122 15107 15107 I crash_dump32: performing dump of process 14942 (target tid = 14971)
03-09 16:39:32.127 15107 15107 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-09 16:39:32.127 15107 15107 F DEBUG   : Build fingerprint: 'google/sailfish/sailfish:O/OPP1.170223.013/3795621:userdebug/dev-keys'
03-09 16:39:32.127 15107 15107 F DEBUG   : Revision: '0'
03-09 16:39:32.127 15107 15107 F DEBUG   : ABI: 'arm'
03-09 16:39:32.127 15107 15107 F DEBUG   : pid: 14942, tid: 14971, name: WorkHandler  >>> com.redacted <<<
03-09 16:39:32.127 15107 15107 F DEBUG   : signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
03-09 16:39:32.127 15107 15107 F DEBUG   : Cause: seccomp prevented call to disallowed system call 55
03-09 16:39:32.127 15107 15107 F DEBUG   :     r0 00000091  r1 00000007  r2 ccd8c008  r3 00000001
03-09 16:39:32.127 15107 15107 F DEBUG   :     r4 00000000  r5 00000000  r6 00000000  r7 00000037
Affected developers should rework their apps to not call the illegal syscall.

Toggling seccomp filters during testing

In addition to logging errors, the seccomp installer respects setenforce on devices running userdebug and eng builds, which allows you to test whether seccomp is responsible for an issue. If you type:
adb shell setenforce 0 && adb stop && adb start
then no seccomp policy will be installed into zygote. Because you cannot remove a seccomp policy from a running process, you have to restart the shell for this option to take effect.

Device manufacturers

Because Android O includes the relevant seccomp filters at //bionic/libc/seccomp, device manufacturers don't need to do any additional implementation. However, there is a CTS test that checks for seccomp at //cts/tests/tests/security/jni/android_security_cts_SeccompTest.cpp. The test checks that add_key and keyctl syscalls are blocked and openat is allowed, along with some app-specific syscalls that must be present for compatibility.

20 Jul 2017 9:10pm GMT

18 Jul 2017

feedAndroid Developers Blog

Shut the HAL Up

Posted by Jeff Vander Stoep, Senior Software Engineer, Android Security

Updates are essential for security, but they can be difficult and expensive for device manufacturers. Project Treble is making updates easier by separating the underlying vendor implementation from the core Android framework. This modularization allows platform and vendor-provided components to be updated independently of each other. While easier and faster updates are awesome, Treble's increased modularity is also designed to improve security.

Isolating HALs

A Hardware Abstraction Layer (HAL) provides an interface between device-agnostic code and device-specific hardware implementations. HALs are commonly packaged as shared libraries loaded directly into the process that requires hardware interaction. Security boundaries are enforced at the process level. Therefore, loading the HAL into a process means that the HAL is running in the same security context as the process it's loaded into.

The traditional method of running HALs in-process means that the process needs all the permissions required by each in-process HAL, including direct access to kernel drivers. Likewise, all HALs in a process have access to the same set of permissions as the rest of the process, including permissions required by other in-process HALs. This results in over-privileged processes and HALs that have access to permissions and hardware that they shouldn't.

Figure 1. Traditional method of multiple HALs in one process.

Moving HALs into their own processes better adheres to the principle of least privilege. This provides two distinct advantages:

  1. Each HAL runs in its own sandbox and is permitted access to only the hardware driver it controls and the permissions granted to the process are limited to the permissions required to do its job.
  2. Similarly, the process loses access to hardware drivers and other permissions and capabilities needed by the HALs.
Figure 2. Each HAL runs in its own process.

Moving HALs into their own processes is great for security, but it comes at the cost of increased IPC overhead between the client process and the HAL. Improvements to the binder driver made IPC between HALs and clients practical. Introducing scatter-gather into binder improves the performance of each transaction by removing the need for the serialization/deserialization steps and reducing the number of copy operations performed on data from three down to one. Android O also introduces binder domains to provide separate communication streams for vendor and platform components. Apps and the Android frameworks continue to use /dev/binder, but vendor-provided components now use /dev/vndbinder. Communication between the platform and vendor components must use /dev/hwbinder. Other means of IPC between platform and vendor are disallowed.

Case study: System Server

Many of the services offered to apps by the core Android OS are provided by the system server. As Android has grown, so has system server's responsibilities and permissions, making it an attractive target for an attacker. As part of project Treble, approximately 20 HALs were moved out of system server, including the HALs for sensors, GPS, fingerprint, Wi-Fi, and more. Previously, a compromise in any of those HALs would gain privileged system permissions, but in Android O, permissions are restricted to the subset needed by the specific HAL.

Case study: media frameworks

Efforts to harden the media stack in Android Nougat continued in Android O. In Nougat, mediaserver was split into multiple components to better adhere to the principle of least privilege, with audio hardware access restricted to audioserver, camera hardware access restricted to cameraserver, and so on. In Android O, most direct hardware access has been entirely removed from the media frameworks. For example HALs for audio, camera, and DRM have been moved out of audioserver, cameraserver, and drmserver respectively.

Reducing and isolating the attack surface of the kernel

The Linux kernel is the primary enforcer of the security model on Android. Attempts to escape sandboxing mechanisms often involve attacking the kernel. An analysis of kernel vulnerabilities on Android showed that they overwhelmingly occurred in and were reached through hardware drivers.

De-privileging system server and the media frameworks is important because they interact directly with installed apps. Removing direct access to hardware drivers makes bugs difficult to reach and adds another layer of defense to Android's security model.

18 Jul 2017 5:00pm GMT

12 Jul 2017

feedAndroid Developers Blog

Identifying Intrusive Mobile Apps using Peer Group Analysis

Posted by Martin Pelikan, Giles Hogben, and Ulfar Erlingsson of Google's Security and Privacy team

Mobile apps entertain and assist us, make it easy to communicate with friends and family, and provide tools ranging from maps to electronic wallets. But these apps could also seek more device information than they need to do their job, such as personal data and sensor data from components, like cameras and GPS trackers.

To protect our users and help developers navigate this complex environment, Google analyzes privacy and security signals for each app in Google Play. We then compare that app to other apps with similar features, known as functional peers. Creating peer groups allows us to calibrate our estimates of users' expectations and set adequate boundaries of behaviors that may be considered unsafe or intrusive. This process helps detect apps that collect or send sensitive data without a clear need, and makes it easier for users to find apps that provide the right functionality and respect their privacy. For example, most coloring book apps don't need to know a user's precise location to function and this can be established by analyzing other coloring book apps. By contrast, mapping and navigation apps need to know a user's location, and often require GPS sensor access.

One way to create app peer groups is to create a fixed set of categories and then assign each app into one or more categories, such as tools, productivity, and games. However, fixed categories are too coarse and inflexible to capture and track the many distinctions in the rapidly changing set of mobile apps. Manual curation and maintenance of such categories is also a tedious and error-prone task.

To address this, Google developed a machine-learning algorithm for clustering mobile apps with similar capabilities. Our approach uses deep learning of vector embeddings to identify peer groups of apps with similar functionality, using app metadata, such as text descriptions, and user metrics, such as installs. Then peer groups are used to identify anomalous, potentially harmful signals related to privacy and security, from each app's requested permissions and its observed behaviors. The correlation between different peer groups and their security signals helps different teams at Google decide which apps to promote and determine which apps deserve a more careful look by our security and privacy experts. We also use the result to help app developers improve the privacy and security of their apps.

Apps are split into groups of similar functionality, and in each cluster of similar apps the established baseline is used to find anomalous privacy and security signals.

These techniques build upon earlier ideas, such as using peer groups to analyze privacy-related signals, deep learning for language models to make those peer groups better, and automated data analysis to draw conclusions.

Many teams across Google collaborated to create this algorithm and the surrounding process. Thanks to several, essential team members including Andrew Ahn, Vikas Arora, Hongji Bao, Jun Hong, Nwokedi Idika, Iulia Ion, Suman Jana, Daehwan Kim, Kenny Lim, Jiahui Liu, Sai Teja Peddinti, Sebastian Porst, Gowdy Rajappan, Aaron Rothman, Monir Sharif, Sooel Son, Michael Vrable, and Qiang Yan.

For more information on Google's efforts to detect and fight potentially harmful apps (PHAs) on Android, see Google Android Security Team's Classifications for Potentially Harmful Applications.

References

S. Jana, Ú. Erlingsson, I. Ion (2015). Apples and Oranges: Detecting Least-Privilege Violators with Peer Group Analysis. arXiv:1510.07308 [cs.CR].

T. Mikolov, I. Sutskever, K. Chen, G. S. Corrado, J. Dean (2013). Distributed Representations of Words and Phrases and their Compositionality. Advances in Neural Information Processing Systems 26 (NIPS 2013).

Ú. Erlingsson (2016). Data-driven software security: Models and methods. Proceedings of the 29th IEEE Computer Security Foundations Symposium (CSF'16), Lisboa, Portugal.

12 Jul 2017 5:02pm GMT

11 Jul 2017

feedAndroid Developers Blog

Calling all indie developers in the US & Canada: sign up for the Google Play Indie Games Festival in San Francisco

Posted by Jamil Moledina, Games Strategic Lead, Google Play

Calling all indie developers with fun and creative mobile games: we want to see your latest work! We'll be back with the second Google Play Indie Games Festival taking place in San Francisco on September 23rd.

If you're an indie developer based in the US or Canada and want to submit your game, visit the submission form and enter now through August 6th at 11:59PM PST.

If chosen as one of the 20 Finalists, you could have a chance to demo your game at the event and compete for prizes and bragging rights, to go home as one of the three festival winners!

How useful did you find this blogpost?

11 Jul 2017 4:17pm GMT

10 Jul 2017

feedAndroid Developers Blog

Android vitals: Increase engagement and installs through improved app performance

Posted by Fergus Hurley, Product Manager, Google Play

Poor app performance is something that many users have experienced. Think about that last time you experienced an app crashing, failing to respond, or rendering slowly. Consider your reaction when checking the battery usage on your own device, and seeing an app using excessive battery. When an app performs badly, users notice. In fact, in an internal analysis of app reviews on Google Play, we noticed that half of the 1-star reviews mentioned app stability.

Conversely, people consistently reward the best performing apps with better ratings and reviews. This leads to better rankings on Google Play, which helps increase installs. Not only that, but users stay more engaged, and are willing to spend more time and money.

At Google I/O 2017, we announced the new Android vitals dashboard in the Google Play Console. Android vitals is designed to help you understand and analyze bad app behaviors, so you can improve your app's performance and reap the benefits of better performance.

Android vitals in the Google Play Console

Android vitals helps identify opportunities to improve your app's performance. The dashboards are useful for engineers and business owners alike, offering quick reference performance metrics to monitor your app so you can analyze the data and dedicate the right resources to make improvements.

You'll see the following data collected from Android devices whose users have opted in to automatically share usage and diagnostics data:

See how Busuu increased their rating from 4.1☆ to 4.5☆ by focusing on app performance

Busuu is one of the world's largest language learning apps. Hear from Antoine Sakho, Head of Product about how Busuu increased user ratings.

Learn more about engineering for high performance with tools from Android and Google Play

Read our best practice article on Android vitals to understand the data shown in the dashboards, and how you can improve your app's performance and stability. Watch the I/O session to learn about more tools from Android and Google Play that you can use to identify and fix bad behaviors:

Learn more about other Play Console features, and stay up to date with news and tips to succeed on Google Play, with the Playbook app. Join the beta and install it today.

How useful did you find this blogpost?


10 Jul 2017 4:59pm GMT

30 Jun 2017

feedAndroid Developers Blog

Android Things Hackster Community

Posted by Dave Smith, Developer Advocate for IoT

Android Things makes building connected embedded devices easy by providing the same Android development tools, best-in-class Android framework, and Google APIs that make developers successful on mobile. Since the initial preview launch back in December, the community has turned some amazing ideas into exciting prototypes using the platform.

To empower these makers and developers using Android Things to share and learn from each other, we have partnered with Hackster.io to create a community where aspiring IoT developers can go to showcase their projects and get inspired by the work of others. Hackster.io is a community of 200,000 engineers and developers dedicated to building internet-connected hardware projects. They also seek to educate and challenge members through live workshops and design contests.

We are eager to see the projects that you come up with. More importantly, we're excited to see how your work can inspire other developers to create something great with Android Things. Visit our Hackster.io community to see the amazing projects others have already built and join the community today!

Android Things Webinar

We will be hosting a webinar in cooperation with Hackster.io on July 7th, 2017 at 10AM PST titled Bootstrapping IoT Products with Android Things. During this time, you will learn how we have designed Android Things to address many of the pain points experienced by developers attempting to build IoT products. You will also have the opportunity to send in questions you have regarding the platform and ecosystem. Register today to join us for this exciting event!

30 Jun 2017 5:24pm GMT

28 Jun 2017

feedAndroid Developers Blog

Android Things Console developer preview

Posted by Wayne Piekarski, Developer Advocate for IoT

Today we are launching a preview of the Android Things Console. This console allows developers to manage the software running on their fleet of Android Things IoT devices, including creating factory images, as well as updating the operating system and developer-provided APKs. Devices need to run a system image downloaded via the Android Things Console in order to receive future updates, such as the upcoming Developer Preview 5. Google provides all of the infrastructure for over-the-air (OTA) updates, so developers can focus on their specific application and not have to build their own implementation - getting their IoT devices to enter the market faster and more securely than before.

Let's take a tour of the console, and see the features it offers.

Product Creation and Product Settings

The developer first defines a product, which includes selecting a name and the type of System-on-Module (SoM) that the device is based on. Many developers want to use Google Play Services when building IoT devices, and this is configured here as an optional feature. The size of the OEM partition is also configured, and must be large enough to include the size of any future APK growth.

Factory Images

A device needs an initial base firmware to receive future updates for the correct product from your console. For starters, you can simply use "Create Build Configuration" to build a default factory image with an empty bundle that is configured for your product. This factory image can then be downloaded and flashed to your device, and you can start developing on it by sideloading an APK.

Later on, once you have prepared an application that you would like to deploy to all the devices in your product, you can upload a bundle to the console. This bundle is a ZIP file that contains a main APK file, user space drivers as a service in an APK, and any additional APKs launched by the main APK. A bootanimation.zip file is also supported, which will be displayed during boot up. The uploaded bundle ZIP file is then used to produce a complete system image that can be deployed to devices. More information about the bundle ZIP file contents is available in the documentation.

OTA Updates

This tab allows the developer to select which system image should be pushed to the fleet of product devices. The developer selects one, and then "Push to Devices" starts the process. The update will then be securely pushed to all of the devices, installed to one of the A/B partitions, and made active when the device is rebooted. If any failures are detected, the device automatically rolls back to the previous known working version, so future updates are still possible. Developers will be able to test new releases of Android Things in advance and decide whether devices should be updated automatically.

Feedback

The Android Things Console is currently a preview, and we are working on many more features and customizations. We encourage all Android Things developers to check out the Android Things Console and provide feedback. You can do this by filing bug reports and feature requests, and asking any questions on Stack Overflow. To learn more about the Android Things Console, read the detailed documentation. We also encourage everyone to join Google's IoT Developers Community on Google+, a great resource to get updates and discuss ideas.

28 Jun 2017 4:00pm GMT

22 Jun 2017

feedAndroid Developers Blog

What’s new in WebView security

Posted by Xiaowen Xin and Renu Chaudhary, Android Security Team

The processing of external and untrusted content is often one of the most important functions of an app. A newsreader shows the top news articles and a shopping app displays the catalog of items for sale. This comes with associated risks as the processing of untrusted content is also one of the main ways that an attacker can compromise your app, i.e. by passing you malformed content.

Many apps handle untrusted content using WebView, and we've made many improvements in Android over the years to protect it and your app against compromise. With Android Lollipop, we started delivering WebView as an independent APK, updated every six weeks from the Play store, so that we can get important fixes to users quickly. With the newest WebView, we've added a couple more important security enhancements.

Isolating the renderer process in Android O

Starting with Android O, WebView will have the renderer running in an isolated process separate from the host app, taking advantage of the isolation between processes provided by Android that has been available for other applications.

Similar to Chrome, WebView now provides two levels of isolation:

  1. The rendering engine has been split into a separate process. This insulates the host app from bugs or crashes in the renderer process and makes it harder for a malicious website that can exploit the renderer to then exploit the host app.
  2. To further contain it, the renderer process is run within an isolated process sandbox that restricts it to a limited set of resources. For example, the rendering engine cannot write to disk or talk to the network on its own.
    It is also bound to the same seccomp filter (blogpost on seccomp is coming soon) as used by Chrome on Android. The seccomp filter reduces the number of system calls the renderer process can access and also restricts the allowed arguments to the system calls.

Incorporating Safe Browsing

The newest version of WebView incorporates Google's Safe Browsing protections to detect and warn users about potentially dangerous sites.. When correctly configured, WebView checks URLs against Safe Browsing's malware and phishing database and displays a warning message before users visit a dangerous site. On Chrome, this helpful information is displayed more than 250 million times a month, and now it's available in WebView on Android.

Enabling Safe Browsing

To enable Safe Browsing for all WebViews in your app, add in a manifest tag:

<manifest>
     <meta-data android:name="android.webkit.WebView.EnableSafeBrowsing"
                android:value="true" />
      . . .
     <application> . . . </application>
</manifest>

Because WebView is distributed as a separate APK, Safe Browsing for WebView is available today for devices running Android 5.0 and above. With just one added line in your manifest, you can update your app and improve security for most of your users immediately.

22 Jun 2017 9:29pm GMT

20 Jun 2017

feedAndroid Developers Blog

Ending support for Android Market on Android 2.1 and lower

Posted by Maximilian Ruppaner, Software Engineer on Google Play

On June 30, 2017, Google will be ending support for the Android Market app on Android 2.1 Eclair and older devices. When this change happens, users on these devices will no longer be able to access, or install other apps from, the Android Market. The change will happen without a notification on the device, due to technical restrictions in the original Android Market app.

It has been 7 years since Android 2.1 Eclair launched. Most app developers are no longer supporting these Android versions in their apps given these devices now account for only a small number of installs.

We will still be supporting later versions of Android Market for as long as feasible. Google Play, the replacement for Android Market, is available on Android 2.2 and above.

20 Jun 2017 6:00pm GMT

16 Jun 2017

feedAndroid Developers Blog

Semantic Time support now available on the Awareness APIs

Posted by Ritesh Nayak M, Product Manager

Last year at I/O we launched the Awareness API, a simple yet powerful API that let developers use signals such as Location, Weather, Time and User Activity to build contextually relevant app experiences.

Available via Google Play services, the Awareness API offers two ways to take advantage of context signals within your app. The Snapshot API lets your app request information about the user's current context, while the Fence API lets your app react to changes in user's context, and when it matches a certain set of conditions. For example, "tell me whenever the user is walking and their headphone is plugged in".

Until now, you could specify a time fence on the Awareness APIs but were restricted to using absolute/canonical representation of time. Based on developer feedback, we realized that the flexibility of the API in regards to building time fences did not support higher level abstractions people use when they think and talk about time. "This weekend", "on the next holiday", "after sunset", are all very common and colloquial ways of expressing time. That's why we're adding Semantic time support to these APIs starting today

For e.g., if you were building a fitness app and wanted a way to prompt users everyday morning to start their routine, or if you're a reading app that wants to turn on night mode after dusk; you would have to query a 3p API for sunrise/sunset information at the user location and then write up an Awareness fence with those canonical time values. With our latest update, you can use our TIME_INSTANT_SUNRISE and TIME_INSTANT_SUNSET constants and let the platform manage all the complexity for you.

Let's look at an example. Suppose you're building a fitness app which prompts users on Tuesday, and Thursday around sunrise to begin their morning work out. You can set up this triggering using the following lines of code.

// A sun-state-based fence that is TRUE only on Tuesday and Thursday during Sunrise 
AwarenessFence.and(
    TimeFence.aroundTimeInstant(TimeFence.TIME_INSTANT_SUNRISE,
            -10 * ONE_MINUTE_MILLIS, 5 * ONE_MINUTE_MILLIS),
    AwarenessFence.or(
        TimeFence.inIntervalOfDay(TimeFence.DAY_OF_WEEK_TUESDAY,
                0, ONE_DAY_MILLIS),
        TimeFence.inIntervalOfDay(TimeFence.DAY_OF_WEEK_THURSDAY,
                0, ONE_DAY_MILLIS)));

One of our favorite semantic time features is public holidays. Every country and regions within it have different holidays. Assume you were a local hiking & adventure app that wants to show users activities they can indulge in on a holiday that falls on a Friday or a Monday. You can use a combination of Days and Holiday flags to identify this state for all your users around the world. You can do this with just 3 lines of code and have this work in any part of the world.

// A local-time fence that is TRUE only on public holidays in the
// device locale that fall on Fridays or Mondays.
AwarenessFence.and(
    TimeFence.inTimeInterval(TimeFence.TIME_INTERVAL_HOLIDAY),
    AwarenessFence.or(
        TimeFence.inIntervalOfDay(TimeFence.DAY_OF_WEEK_FRIDAY,
                9 * ONE_HOUR_MILLIS, 11 * ONE_HOUR_MILLIS),
        TimeFence.inIntervalOfDay(TimeFence.DAY_OF_WEEK_MONDAY,
                9 * ONE_HOUR_MILLIS, 11 * ONE_HOUR_MILLIS)));

In both example cases, Awareness does the heavy lifting of localizing time and holidays based on the device locale settings.

We're excited to see what problems you'll solve using this powerful API. Please join our mailing list to get updates about this and other Context APIs at Google.

16 Jun 2017 5:00pm GMT

15 Jun 2017

feedAndroid Developers Blog

Android Things Developer Preview 4.1

Posted by Wayne Piekarski, Developer Advocate for IoT

Today, we're releasing a new Developer Preview 4.1 (DP4.1) of Android Things, with updates for new supported hardware and bug fixes to the platform. Android Things is Google's platform to enable Android Developers to create Internet of Things (IoT) devices, and seamlessly scale from prototype to production.

New hardware

A new Pico i.MX6UL revision B board has been released, which supports many common external peripherals from partners such as Adafruit and Pimoroni. There were some prototype Pico i.MX6UL boards made available to some early beta testers, and these are not compatible with DP4.1.

Improvements

DP4.1 also includes some performance improvements since DP4, such as boot time optimizations that improve the startup time of i.MX7D based hardware. This Developer Preview also includes a version of Google Play Services, specifically optimized for IoT devices. This new IoT variant is a lot smaller and optimized for use with Android Things, and requires the use of play-services 11.0.0 or later in your build.gradle. For more information about the supported features in the IoT variant of Google Play Services, see the information page.

Google I/O

Android Things had a large presence at Google I/O this year, with 7 talks covering different aspects of Android Things for developers, and these are available as videos in a playlist for those who could not attend:

What's New In Google's IoT Platform? Ubiquitous Computing at Google
Bringing Device Production to Everyone With Android Things
From Prototype to Production Devices with Android Things
Developing for Android Things Using Android Studio
Security for IoT on Android Things
Using Google Cloud and TensorFlow on Android Things
Building for Enterprise IoT Using Android Things and Google Cloud Platform

Google I/O also had a codelab area, where attendees could sit down and test out Android Things development with some simple guided training guides. These codelabs are available for anyone to try at https://codelabs.developers.google.com/?cat=IoT

Feedback

Thank you to all the developers who submitted feedback for the previous developer previews. Please continue sending us your feedback by filing bug reports and feature requests, and asking any questions on stackoverflow. To download images for DP4.1, visit the Android Things download page and find the changes in the release notes. You can also join Google's IoT Developers Community on Google+, a great resource to get updates and discuss ideas, with over 5,600 members.

15 Jun 2017 4:59pm GMT

14 Jun 2017

feedAndroid Developers Blog

Reduce friction with the new Location APIs

Posted by Aaron Stacy, Software Engineer, Google Play services

The 11.0.0 release of the Google Play services SDK includes a new way to access LocationServices. The new APIs do not require your app to manually manage a connection to Google Play services through a GoogleApiClient. This reduces boilerplate and common pitfalls in your app.

Read more below, or head straight to the updated location samples on GitHub.

Why not use GoogleApiClient?

The LocationServices APIs allow you to access device location, set up geofences, prompt the user to enable location on the device and more. In order to access these services, the app must connect to Google Play services, which can involve error-prone connection logic. For example, can you spot the crash in the app below?

Note: we'll assume our app has the ACCESS_FINE_LOCATION permission, which is required to get the user's exact location using the LocationServices APIs.

public class MainActivity extends AppCompatActivity implements
        GoogleApiClient.OnConnectionFailedListener {

  @Override
  public void onCreate(@Nullable Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    GoogleApiClient client = new GoogleApiClient.Builder(this)
        .enableAutoManage(this, this)
        .addApi(LocationServices.API)
        .build();
    client.connect();

    PendingResult result = 
         LocationServices.FusedLocationApi.requestLocationUpdates(
                 client, LocationRequest.create(), pendingIntent);

    result.setResultCallback(new ResultCallback() {
      @Override
      public void onResult(@NonNull Status status) {
        Log.d(TAG, "Result: " + status.getStatusMessage());
      }
    });
  }

  // ...
}

If you pointed to the requestLocationUpdates() call, you're right! That call throws an IllegalStateException, since the GoogleApiClient is has not yet connected. The call to connect() is asynchronous.

While the code above looks like it should work, it's missing a ConnectionCallbacks argument to the GoogleApiClient builder. The call to request location updates should only be made after the onConnected callback has fired:

public class MainActivity extends AppCompatActivity implements 
        GoogleApiClient.OnConnectionFailedListener,
        GoogleApiClient.ConnectionCallbacks {

  private GoogleApiClient client;

  @Override
  protected void onCreate(@Nullable Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    client = new GoogleApiClient.Builder(this)
        .enableAutoManage(this, this)
        .addApi(LocationServices.API)
        .addConnectionCallbacks(this)
        .build();

    client.connect();
  }

  @Override
  public void onConnected(@Nullable Bundle bundle) {
    PendingResult result = 
            LocationServices.FusedLocationApi.requestLocationUpdates(
                    client, LocationRequest.create(), pendingIntent);
    
    result.setResultCallback(new ResultCallback() {
      @Override
      public void onResult(@NonNull Status status) {
        Log.d(TAG, "Result: " + status.getStatusMessage());
      }
    });
  }

  // ...
}

Now the code works, but it's not ideal for a few reasons:

A better developer experience

The new LocationServices APIs are much simpler and will make your code less error prone. The connection logic is handled automatically, and you only need to attach a single completion listener:

public class MainActivity extends AppCompatActivity {

  @Override
  protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    FusedLocationProviderClient client =
            LocationServices.getFusedLocationProviderClient(this);

    client.requestLocationUpdates(LocationRequest.create(), pendingIntent)
        .addOnCompleteListener(new OnCompleteListener() {
          @Override
          public void onComplete(@NonNull Task task) {
            Log.d("MainActivity", "Result: " + task.getResult());
          }
        });
  }
}

The new API immediately improves the code in a few ways:

What happened to all of the callbacks?

The new API will automatically resolve certain connection failures for you, so you don't need to write code that for things like prompting the user to update Google Play services. Rather than exposing connection failures globally in the onConnectionFailed method, connection problems will fail the Task with an ApiException:

    client.requestLocationUpdates(LocationRequest.create(), pendingIntent)
        .addOnFailureListener(new OnFailureListener() {
          @Override
          public void onFailure(@NonNull Exception e) {
            if (e instanceof ApiException) {
              Log.w(TAG, ((ApiException) e).getStatusMessage());
            } else {
              Log.w(TAG, e.getMessage());
            }
          }
        });

Try it for yourself

Try the new LocationServices APIs out for yourself in your own app or head over to the android-play-location samples on GitHub and see more examples of how the new clients reduce boilerplate and simplify logic.

14 Jun 2017 5:00pm GMT

13 Jun 2017

feedAndroid Developers Blog

Recognizing Android Excellence on Google Play

Posted by Kacey Fahey, Developer Marketing, Google Play

Every day developers around the world are hard at work creating high quality apps and games on Android. Striving to deliver amazing experiences for an ever growing diverse user base, we've seen a significant increase in the level of polish and quality of apps and games on Google Play.

As part of our efforts to recognize this content on the Play Store, today we're launching Android Excellence. The new collections will showcase apps and games that deliver incredible user experiences on Android, use many of our best practices, and have great design, technical performance, localization, and device optimization.

Android Excellence collections will refresh quarterly and can be found within the revamped Editors' Choice section of the Play Store - which includes app and game reviews curated by our editorial team.

Congrats to our first group of Android Excellence apps and games!

Android Excellence Apps Android Excellence Games
AliExpress by Alibaba Mobile

B&H Photo Video by B&H Photo Video

Citymapper by Citymapper Limited

Drivvo by Drivvo

drupe by drupe

Evernote by Evernote Corporation

HotelTonight by HotelTonight

Kitchen Stories by Kitchen Stories

Komoot by komoot GmbH

Lifesum by Lifesum

Memrise by Memrise

Pocket by Read It Later

Runtastic Running & Fitness by Runtastic

Skyscanner by Skyscanner Ltd

Sleep as Android by Urbandroid Team

Vivino by Vivino

After the End Forsaken Destiny by NEXON M Inc.

CATS: Crash Arena Turbo Stars by ZeptoLab

Golf Clash by Playdemic

Hitman GO Square Enix Ltd

Horizon Chase by Aquiris Game Studio S.A

Kill Shot Bravo by Hothead Games

Lineage Red Knights by NCSOFT Corporation

Nonstop Knight by flaregames

PAC-MAN 256 - Endless Maze by Bandai Namco Entertainment Europe

Pictionary™ by Etermax

Reigns by DevolverDigital

Riptide GP: Renegade by Vector Unit

Star Wars™: Galaxy of Heroes by Electronic Arts

Titan Brawl by Omnidrone

Toca Blocks by Toca Boca

Transformers: Forged to Fight by Kabam

Stay up-to-date on best practices to succeed on Play and get the latest news and videos with the new beta version of our Playbook app for developers.

How useful did you find this blogpost?

13 Jun 2017 4:00pm GMT