Category: Android Developer

Google Play security metadata and offline app distribution

Android Developers June 19, 2018 Android Developer, Featured, Google Play

Posted by James Bender, Product Manager, Google Play

In December last year we announced that we would be making updates to app security to help verify product authenticity from Google Play. We are now adding a small amount of security metadata on top of APKs to verify that the APK was distributed by Google Play.

One of the reasons we’re doing this is to help developers reach a wider audience, particularly in countries where peer-to-peer app sharing is common because of costly data plans and limited connectivity.

In the future, for apps obtained through Play-approved distribution channels, we’ll be able to determine app authenticity while a device is offline, add those shared apps to a user’s Play Library, and manage app updates when the device comes back online. This will give people more confidence when using Play-approved peer-to-peer sharing apps.

This also benefits you as a developer as it provides a Play-authorized offline distribution channel and, since the peer-to-peer shared app is added to your user’s Play library, your app will now be eligible for app updates from Play.

No action is needed by developers or by those who use your app or game. We’re adjusting Google Play’s maximum APK size to take into account the small metadata addition, which is inserted into the APK Signing Block. In addition to improving the integrity of Google Play’s mobile app ecosystem, this metadata will also present new distribution opportunities for developers and help more people keep their apps up to date.

How useful did you find this blogpost?


#IMakeApps – Celebrating app makers worldwide

Android Developers June 18, 2018 Android Developer, App, Apps, Featured, Game, Google Play, Story

Posted by Patricia Correa, Director, Developer Marketing, Platforms & Ecosystems

The Android developer ecosystem is made up of exceptional individuals with different backgrounds, interests, and dreams. To celebrate the people who make up our community, starting today, and over the coming months, we’ll be meeting with developers, founders, product managers, designers, and others from around the world to hear more about their passions and discover what they do when they step away from their computers.

Watch stories featuring adventurer Niek Bokkers from Polarsteps (Netherlands), artist Faith Ringgold from Quiltuduko (USA) and chair restorer Hans Jørgen Wiberg from Be My Eyes (Denmark). You can also read more about them and their apps on g.co/play/imakeapps.

Share your story

We’d love to hear from you too. Use the hashtag #IMakeApps on your social channels, sharing the app or game you work on, your role in its creation, and an image that best depicts who you are outside of work. We will regularly select and share some of our favorites on our channels.

If you also want to get featured in an upcoming #IMakeApps film, tell us more about yourself and your app or game, by completing this self-nomination form.

Stay tuned for more #IMakeApps stories by following us on Twitter, YouTube and LinkedIn.

How useful did you find this blogpost?

Time to celebrate the 2018 Google Play Award nominees

Android Developers April 24, 2018 #GPA2018 #GooglePlayAwards #GooglePlay #Games #VR #AR #AndroidWear #Indies #Startup #Apps #Developers #Android #Google Play, Android Developer, Featured, Google Play

Posted by Purnima Kochikar, Director, Apps and Games Business Development, Google Play

2018 Google Play Awards

This year’s Google Play Awards will take place on Monday, May 7th, kicking off the week of Google I/O. Celebrating our third year, we’re excited to highlight nine categories; some you may recognize from previous years, along with new additions highlighting growth areas and trends we’re focused on, such as building for emerging markets.

Each year, the Google Play Awards recognize top apps and games on Google Play. They represent some of the best experiences available on Android, with an emphasis on overall quality, strong design, technical performance, and innovation. The nominees were selected by various teams across Google, and all meet criteria thresholds covering high star rating, Android vitals, and have had a launch or major update since April 2017.

Congratulations to this year’s nominees below and don’t forget to check them out on the Google Play store at g.co/play/gpa2018.

Standout Well-Being App: Clue, Fabulous, Headspace, Lifesum, Simple Habit

Standout Well-Being App

Apps empowering people to live the best version of their lives, while demonstrating responsible design and engagement strategies

Best Accessibility Experience: Audio Game Hub, Be My Eyes, Open Sesame, Universal Copy, Voice Volume Catcher

Best Accessibility Experience

Apps or games enabling device interaction in an innovative way that serves people with disabilities or special needs

Best Social Impact: Forest, Khan Academy, Otsimo, Tala, TODXS

Best Social Impact

Apps or games that create a positive impact in communities around the world (focused on health, education, crisis response, refugees, financial health & fundraising functions)

Standout Indie: Agent A, Bridge Constructor Portal, Flipping Legend, Old Man’s Journey, OPUS: Rocket of Whispers

Standout Indie

Games from indie developers that focus on artistic design, gameplay mechanics, and overall polish

Best Community Building Game: Clash Royale, Lineage 2: Revolution, Pokémon GO, PUBG MOBILE

Best Community Building Game

Games built to connect gamers, encouraging social interaction and community building

Best AR or VR Experience: ASTEROIDS!, BBC Earth: Life in VR, Brickscape, Figment AR, Porsche Mission E

Best AR or VR Experience

Apps or games offering highly engaging and immersive experiences with optimal use of ARCore or Daydream UI

Standout Build for Billions Experience: Cricbuzz, Flipkart, Mercado Libre, Moovit, Viki

Standout Build for Billions Experience

Apps or games with optimized performance, localization, and culturalization for emerging markets

Standout Startup: Astro, Canva, Drops, Kredivo, N26

Standout Startup

Apps from new developers that offer a unique experience while achieving strong organic install growth.

Best Breakthrough Hit: Animal Crossing: Pocket Camp, Cooking Craze, Empires & Puzzles, Final Fantasy XV Pocket Edition, PUBG MOBILE

Best Breakthrough Hit

New apps or games with excellent overall design, user experience, engagement and retention, and strong organic install growth

Check out the winners, and make sure to try out some of these great apps and games on Google Play at g.co/play/gpa2018.

How useful did you find this blogpost?

Introducing new Android Excellence apps and games on Google Play

Android Developers April 5, 2018 Android Developer, App, Develop, Featured, Games, Google Play

Kacey Fahey, Developer Marketing, Google Play

Congratulations to the latest apps and games featured in the Android Excellence program on Google Play. As a reminder, these collections are refreshed every three months and recognize apps and games that set the bar for high quality, great user experience, and strong technical performance.

If you’re looking for some new apps, here are a few highlights.

  • Adobe Photoshop Lightroom CC: Capture, edit, and share your photos with the power of Lightroom on your mobile device. Use presets for quick and easy edits, or dive in with the advanced editing tools.
  • Seven – 7 Minute Workout Training Challenge: Use this app to fit seven minute workouts into your busy lifestyle. Grab your phone, or even your Wear OS device to work out anywhere and anytime. Keep it up to earn achievements and join the 7 Club for even more support.
  • SoloLearn: Learn to Code for Free: Learn one of many new coding languages by joining a community of millions. Tap in to the 24/7 peer support, or create your own lessons to become a community influencer.

Here are a few of our favorite new games joining the collection.

  • CodyCross: Crossword Puzzles: Try this game for a fun new style of crossword puzzles. Play for free on adventure mode or subscribe for special themed packs, varying difficulty levels and fresh content added weekly.
  • MARVEL Contest of Champions: Play with your favorite Marvel Super Heroes and Super Villians in iconic locations from the Marvel Universe. Assemble your team of champions to play through the exciting storyline and even build alliances with your friends.
  • Orbital 1: Test your skills in this real-time multiplayer game with beautiful 3D graphics. Collect and upgrade fighters and weapons to build out your perfect squad for quick battles and new daily quests.

See the full list of Android Excellence apps and games.

New Android Excellence apps New Android Excellence games
Adobe Photoshop Lightroom CC

Dashlane

Holstelworld

iCook

Keeper Password Manager

Keepsafe Photo Vault

Mobisystems OfficeSuite

PhotoGrid

Runtastic Results

Seven – 7 Minute Workout Training Challenge

SoloLearn: Learn to Code for Free

Tube Map

WPS Office

Angry Birds 2

Azur Lane アズールレーン

CodyCross

Into the Dead 2

Little Panda Restaurant

MARVEL Contest of Champions

Orbital 1

Rooms of Doom

Sky Dancer Run

Sling Kong

Soul Knight

Explore other great apps and games in the Editors’ Choice section on Google Play and discover best practices to help you build quality apps and games.

How useful did you find this blogpost?

Double Stuffed Security in Android Oreo

Android Developers December 20, 2017 Android, Android Developer, Android O, AndroidO, Develop, Featured, Privacy, security

Posted by Gian G Spicuzza, Android Security team

Android Oreo is stuffed full of security enhancements. Over the past few months,
we’ve covered how we’ve improved the security of the Android platform and its
applications: from making
it safer to get apps
, dropping insecure
network protocols
, providing more user
control over identifiers
, hardening
the kernel
, making
Android easier to update
, all the way to doubling
the Android Security Rewards payouts
. Now that Oreo is out the door, let’s
take a look at all the goodness inside.

Expanding support for hardware security

Android already supports Verified Boot,
which is designed to prevent devices from booting up with software that has been
tampered with. In Android Oreo, we added a reference implementation for Verified
Boot running with Project
Treble
, called Android Verified Boot 2.0 (AVB). AVB has a couple of cool
features to make updates easier and more secure, such as a common footer format
and rollback protection. Rollback protection is designed to prevent a device to
boot if downgraded to an older OS version, which could be vulnerable to an
exploit. To do this, the devices save the OS version using either special
hardware or by having the Trusted Execution Environment (TEE) sign the data.
Pixel 2 and Pixel 2 XL come with this protection and we recommend all device
manufacturers add this feature to their new devices.

Oreo also includes the new OEM
Lock Hardware Abstraction Layer
(HAL) that gives device manufacturers more
flexibility for how they protect whether a device is locked, unlocked, or
unlockable. For example, the new Pixel phones use this HAL to pass commands to
the bootloader. The bootloader analyzes these commands the next time the device
boots and determines if changes to the locks, which are securely stored in
Replay Protected Memory Block (RPMB), should happen. If your device is stolen,
these safeguards are designed to prevent your device from being reset and to
keep your data secure. This new HAL even supports moving the lock state to
dedicated hardware.

Speaking of hardware, we’ve invested support in tamper-resistant hardware, such
as the security
module
found in every Pixel 2 and Pixel 2 XL. This physical chip prevents
many software and hardware attacks and is also resistant to physical penetration
attacks. The security module prevents deriving the encryption key without the
device’s passcode and limits the rate of unlock attempts, which makes many
attacks infeasible due to time restrictions.

While the new Pixel devices have the special security module, all new GMS devices shipping with Android Oreo
are required to implement key
attestation
. This provides a mechanism for strongly attesting
IDs
such as hardware identifiers.

We added new features for enterprise-managed devices as well. In work profiles,
encryption keys are now ejected from RAM when the profile is off or when your
company’s admin remotely locks the profile. This helps secure enterprise data at
rest.

Platform hardening and process isolation

As part of Project
Treble
, the Android framework was re-architected to make updates easier and
less costly for device manufacturers. This separation of platform and
vendor-code was also designed to improve security. Following the principle of
least privilege
, these HALs run in their own
sandbox
and only have access to the drivers and permissions that are
absolutely necessary.

Continuing with the media
stack hardening
in Android Nougat, most direct hardware access has been
removed from the media frameworks in Oreo resulting in better isolation.
Furthermore, we’ve enabled Control Flow Integrity (CFI) across all media
components. Most vulnerabilities today are exploited by subverting the normal
control flow of an application, instead changing them to perform arbitrary
malicious activities with all the privileges of the exploited application. CFI
is a robust security mechanism that disallows arbitrary changes to the original
control flow graph of a compiled binary, making it significantly harder to
perform such attacks.

In addition to these architecture changes and CFI, Android Oreo comes with a
feast of other tasty platform security enhancements:

  • Seccomp
    filtering
    : makes some unused syscalls unavailable to apps so that
    they can’t be exploited by potentially harmful apps.
  • Hardened
    usercopy
    : A recent survey
    of security bugs
    on Android
    revealed that invalid or missing bounds checking was seen in approximately 45%
    of kernel vulnerabilities. We’ve backported a bounds checking feature to Android
    kernels 3.18 and above, which makes exploitation harder while also helping
    developers spot issues and fix bugs in their code.
  • Privileged Access Never (PAN) emulation: Also backported to
    3.18 kernels and above, this feature prohibits the kernel from accessing user
    space directly and ensures developers utilize the hardened functions to access
    user space.
  • Kernel Address Space Layout Randomization (KASLR):
    Although Android has supported userspace Address Space Layout Randomization
    (ASLR) for years, we’ve backported KASLR to help mitigate vulnerabilities on
    Android kernels 4.4 and newer. KASLR works by randomizing the location where
    kernel code is loaded on each boot, making code reuse attacks probabilistic and
    therefore more difficult to carry out, especially remotely.

App security and device identifier changes

Android
Instant Apps
run in a restricted sandbox which limits permissions and
capabilities such as reading the on-device app list or transmitting cleartext
traffic. Although introduced during the Android Oreo release, Instant Apps
supports devices running Android Lollipop and
later.

In order to handle untrusted content more safely, we’ve isolated
WebView
by splitting the rendering engine into a separate process and
running it within an isolated sandbox that restricts its resources. WebView also
supports Safe Browsing to protect
against potentially dangerous sites.

Lastly, we’ve made significant
changes to device identifiers
to give users more control, including:

  • Moving the static Android ID and Widevine values to an
    app-specific value, which helps limit the use of device-scoped non-resettable
    IDs.
  • In accordance with IETF RFC 7844
    anonymity profile, net.hostname is now empty and the DHCP client no
    longer sends a hostname.
  • For apps that require a device ID, we’ve built a Build.getSerial()
    API
    and protected it behind a permission.
  • Alongside security researchers1, we designed a robust MAC address
    randomization for Wi-Fi scan traffic in various chipsets firmware.

Android Oreo brings in all of these improvements, and many more. As always, we
appreciate feedback and welcome suggestions for how we can improve Android.
Contact us at security@android.com.

_____________________________________________________________________

1: Glenn Wilkinson and team at Sensepost, UK, Célestin Matte, Mathieu Cunche:
University of Lyon, INSA-Lyon, CITI Lab, Inria Privatics, Mathy Vanhoef, KU
Leuven

Making Pixel better for Drivers

Android Developers November 10, 2017 Activity Recognition, Android Developer, Driving Do Not Disturb, On-Device Machine Learning, Pixel

Posted by Marc Stogaitis and Tajinder Gadh, Software Engineers

Driving is an essential part of our daily activities. So at Google we spend a
lot of time thinking how we can make Android devices better and safer for our
users. How we can prevent distracted driving and together build an open
ecosystem to enable safety first smartphone experiences.

Recently we launched Driving Do-Not-Disturb on the newly announced Pixel 2
generation of devices. Once enabled, Driving Do-Not-Disturb automatically puts
your device into a do not disturb mode while driving. During this mode any
incoming messages and notifications are silenced while you can still receive
incoming calls, navigation directions and voice interactions using a connected
Car bluetooth. The product is designed to limit distractions during driving
while at the same time not getting in the way so users can continue to use
navigation or other similar apps with minimal friction.

Behind the scenes, it uses AI powered on-device Activity
Recognition
that detects when a person is driving using low power signals
from multiple sensors, bluetooth and WiFi. Activity Recognition uses the Android
Sensor Hub to ensure low latency, low power and accurate driving detection.

This is a next step in our journey, but we are far from done. Early next year
we are introducing the Activity Recognition Transition API, which is the same
API used by Driving Do Not Disturb to build distraction-free driving
experiences.

We appreciate the feedback, and will continue to listen to your feedback as the
product evolves.

If you have questions about setting up the Driving Do-Not-Disturb, check out our
Help Center.

Update on Kotlin for Android

Android Developers November 2, 2017 Android, Android Developer, Android Studio 3.0, guide, Kotlin

Posted by James Lau, Product Manager (twitter.com/jmslau)

Today is the beginning of KotlinConf.
It’s been almost 6 months since we announced Kotlin as a first-class language
for Android at Google I/O. During this period, the number of apps on Google Play
using Kotlin has more than doubled. More than 17% of the projects in Android
Studio 3.0 are now using Kotlin. We are really excited about the strong
momentum, and we are thrilled that Android developers all over the world are
discovering the joy of Kotlin programming.

Kotlin for Android is production-ready. From startups to Fortune 500 companies,
developers are already using Kotlin to build their apps. Developers from
Pinterest, to Expedia, to Basecamp — and many others — are finding their use
of Kotlin is increasing productivity and their overall developer happiness
levels. Take a look at some of their experiences with Kotlin below.

With the recent release of Android Studio 3.0,
there is now a stable version of our IDE that has Kotlin support built-in. With
Support
Library 27
, we have started adding nullability annotations to make the APIs
friendlier to use in Kotlin. We recently published the Android Kotlin Guides on
GitHub
to provide some guidance for Android Kotlin style and interop. We
have also been porting some of our Android
samples to Kotlin
, and we are adding Kotlin to our official documentation.

Android Studio 3.0

Last week, we released
Android Studio 3.0 on the stable channel
. This is the first stable release
of Android Studio that has Kotlin support built-in. Building on the strength of
IntelliJ’s Kotlin support, many critical IDE features like code completion and
syntax highlighting work well for Kotlin. You can choose to convert Java code to
Kotlin by using CodeConvert Java File to Kotlin
File
, or you can convert snippets of code just by pasting Java code
into a Kotlin file.

Project and code templates have also been updated with Kotlin support. When you
create a new project or add a new code file, you can choose Kotlin as one of the
language options.

The tooling experience with Kotlin is by no means perfect yet. We are aware of
several known
issues
, and we will continue to improve the IDE support for Kotlin in future
releases.

Android Kotlin Guides

There are two separate Android Kotlin Guides:

  1. Style guide
    – details a set of rules and coding standards that Google recommends when
    writing Kotlin for Android. The guide addresses naming conventions, formatting,
    structure of the source contents, and much more.
  2. Interop
    guide
    – provides a set of rules for creating APIs in the Java and Kotlin
    programming languages, so that the consuming code in the other language will
    feel idiomatic.

We intend these guides to be living documents and will evolve them over time.
They are hosted on GitHub and we welcome your contributions.

Nullability Annotations

Null-safety is an important feature of the Kotlin language. It helps developers
avoid NullPointerExceptions and improves the quality of their apps. Null-safety
is a bit more complicated when using Java code from Kotlin. Since any reference
in Java may be null, Kotlin’s requirement for strict null-safety becomes
impractical for Java objects. Types declared in Java that do not contain
nullability annotations are called platform types – this means the Kotlin
compiler does not know whether it is nullable or not. When calling methods with
variables of platform types, the Kotlin compiler relaxes null-safety checks.
That means the overall null-safety of your app is weakened.

To let developers take more advantage of Kotlin’s strict null-safety, we have
started adding nullability annotations in Support
Library 27
. The Support Library contains a huge API surface area, and we
will continue to expand the nullability annotation coverage in the next several
releases. In addition, we will also be adding nullability annotations to other
Android APIs over time.

While the Kotlin adoption growth is fantastic, our commitment to the Java and
C++ programming languages remains unchanged. We’ve added Java 8
language features support in Android Studio 3.0
, and we’ve added more Java
8 language APIs in Android Oreo
. We are also continuing to improve our
support for C++17 in the NDK. So even if you are not using Kotlin, your language
support will continue to improve.

It’s an exciting time to be an Android developer. If you haven’t had a chance to
try Kotlin, you can get started by learning the basic syntax
and by playing with the excellent Kotlin
Koans
. When you are ready to use Kotlin in your Android app, you can jump to
the Android Kotlin page for
more resources. With Kotlin’s Java interoperability and Android Studio’s Java to
Kotlin converter, it’s easy to start using Kotlin in your project.

Happy Kotlin-ing!

Page 1 of 1
Scroll Up