Google's new Nexus phones do security update transparency right

A lot has been said in the past few months about mobile OS security and how difficult it is to get updates pushed out in a timely manner. And with the Android 6.0 Marshmallow version launching with the the Nexus 5X and Nexus 6P — and coming to a slew of other Nexus devices as updates — Google is doing things one better.

In the wake of serious (but too often overblown) "Stagefright" issue, Google announced that it would begin issuing monthly security updates to its Nexus line. And we've already started to see them. (A minimum of 12 over-the-air updates a year likely will have some interesting implications on its own, but we're also not going to look a gift horse in the mouth.) But new on the Nexus phones at today's launch event was an extra entry in the settings section — a little bit of transparency telling us, the user, when the phone last received a security update, listed under "Android Security Patch Level."

This is more important than a meaningless version number. In plain English (or presumably whatever language your phone is set to) you'll known when you last received one of these monthly updates. No having to decipher a build number. It's just there.

We expect to see this on all Nexus devices in the near future. And hopefully we'll see the other manufacturers implement this same sort of thing as well.

source: http://www.androidcentral.com

Google Now on Tap is working again in Marshmallow Developer Preview 3

If you’ve been waiting on Google Now to Tap to be available to those running the Android M Developer Preview, the wait is over. Besides a few days when Developer Preview 3 first launched, those running the developer version of M have been left without access to the feature. Now, it seems that Google is finally opening the floodgates…

Google Now on Tap is the latest big feature to come to Google Now, allowing users to quickly find more information about just about anything on their screen. If you’re reading an article about Donald Trump, Now on Tap can give you more info about him and links to his social media profiles and website, for example.

At this point, I’d suggest waiting until October 5th for the official rollout of Android Marshmallow to Nexus devices. But if you’re super antsy and just want to try out Google Now on Tap right now, you can head over and read this guide on how to install the Developer Preview 3 factory image. It’s not too tough, if you have the time.

source: http://9to5google.com

Google doubles the size limit for Android APKs on the Play Store to 100MB

Mobile games have a (somewhat deserved) reputation for being low quality and generally unable to compete with the complexity of console or PC games, but Google has just made it a little easier for mobile Android developers to offer more powerful gaming experiences on the Play Store by doubling the maximum file size allowed for Android application packages (APKs). Play Store APKs can now be 100MB in size, up from 50MB, and developers still have the option of supporting additional data from up to two 2GB expansion files.

“Smartphones are powerful devices that can support diverse tasks from graphically intensive games to helping people get work done from anywhere,” Google Product Manager Kobi Glick wrote in a blog post. “We understand that developers are challenged with delivering a delightful user experience that maximizes the hardware of the device, while also ensuring that their users can download, install, and open the app as quickly as possible. It’s a tough balance to strike, especially when you’re targeting diverse global audiences.

“To support the growing number of developers who are building richer apps and games on Google Play, we are increasing the APK file size limit to 100MB from 50MB. … We hope that, in certain circumstances, this file size increase is useful and enables you to build higher quality apps and games that users love.”

Glick notes that just because developers can create bigger APKs now does not mean that they should. Developers should still consider other limitations that could affect their users, including slow or intermittent mobile data connectivity, mobile data caps, limitations on hardware performance, and long install times.

Doubling the file size limitation will certainly allow for more complex mobile games to be released on the Play Store, but even with the extra 4GB from expansion files, Play Store games are still incredibly small compared to most modern non-mobile games. For example, the recently announced install size for Fallout 4 on Xbox One made headlines for being “only” 28GB, which is still a several times larger than the biggest Play Store games.

Still, as phones become more and more powerful, the gap between mobile and non-mobile software will continue to shrink, and one day there may be little difference between the two.

source: http://siliconangle.com

Android M Begins Locking Down Floating Apps, Requires Users To Grant Special Permission To Draw On Other Apps

Floating apps have become emblematic of Android's unique flexibility and range. No other mobile OS allows non-system apps to directly interact with users and overtake the screen while another app is supposed to be in the foreground. This capability allows for a powerful and customizable user experience, but it can also quickly become a problem if an app is poorly implemented or its developer abuses this privilege for malicious purposes.

Android 6.0 Marshmallow is setting some new rules for drawing on the screen. Starting with Developer Preview 3, apps targeting API 23 (or above) will have to ask users to grant permission for them to draw on top of other apps. This won't be done through the new à la carte-style permission system with friendly pop-up dialogs, but instead with a more daunting context switch to a list of toggles like we're accustomed to visiting after installing a new software keyboard.

Background

The system permission in question is named android.permission.SYSTEM_ALERT_WINDOW and it has been around since API Level 1. The developer documentation is fairly brief, describing it simply as a way to open a window on top of other apps and warning developers that it's only intended for system-level activities.

Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications. Very few applications should use this permission; these windows are intended for system-level interaction with the user.

Facebook Messenger debuted "Chat Heads" just over two years ago, giving users a perpetually available tap target on their screens to quickly see and respond to messages. While Messenger was far from the first app to make use of a floating UI, it can be credited with popularizing the feature and the now-familiar floating bubble interface. Since then, quite a few notable developers have either added floating elements (e.g. LastPass and MusixMatch) or built entire apps around the functionality (e.g. Link Bubble).

Why Change Anything?

So far, Google hasn't released any official statements regarding this change. In fact, this particular detail was left out of the API Overview for Preview 3. It's probable the Android team doesn't consider this important enough to describe along with all of the new capabilities listed on that page; but strangely, it has also be left out of the Behavior Changes page, where it almost certainly should have been documented. The only place with any record appears to be the Android API Differences Report, a somewhat unwieldy set of automatically generated pages that list modifications from one API level to the next. I'm really not trying to paint a picture where Google is trying to hide this change, but there's obviously no effort to make developers aware of the new behavior, either.

While there's no official explanation, the reasons for locking down this permission aren't hard to guess. The ability to draw on top of other apps is a profoundly risky proposition, especially given that the Android OS doesn't add any decoration to signify a background app is responsible for content on the screen.

For example, a malicious developer could display a cloned login screen for a popular app – let's say Facebook or Twitter – in an effort to steal credentials.

One interesting detail has surfaced thanks to the Developer Preview Issue Tracker. A Googler responded to a question by noting that the SYSTEM_ALERT_WINDOW permission had been "raised to be above dangerous." Android permissions are technically ranked as either 'normal' or 'dangerous' as described by the protection levels. (Note: 'signature' and 'signatureOrSystem' are also options, but they aren't relevant to this discussion.) In rare instances, certain capabilities have been given special attention because they necessarily have to grant very high-risk access to be functional. Some examples are input methods like software keyboards, and device administrators like Android Device Manager, which has the ability to initiate a factory reset. Drawing on top of other apps will now rank in this exceptionally high-risk category.

What Does This Mean For Users?

Users can look forward to yet another prompt asking for a permission, but this one won't look or feel like the new Android M permission dialogs. There's no way to authorize apps to draw onto the screen without a context switch. Developers will have to send their users to a special screen in the Settings app with specific instructions to enable the permission. If this sounds familiar, it's because the same pattern has been used for years when we're setting up Input Methods, and more recently with Accessibility and Device Administrators.


Developers can send users directly to the right screen for each app. There's only a quick context switch, a toggle, and then returning to the calling app with the back button. It's easy enough, but make no mistake, this flow is meant to feel intimidating. People are expected to feel nervous when an app gives them instructions and sends them to an unfamiliar part of the system, at which point they will be faced with a warning message that further reminds them that this might not be safe. For somebody who has never done this before, it should feel a little scary, like carrying a stranger's luggage through security at an airport.

Some major apps are already being updated to support this new requirement. Credit for first raising the flag on this new policy belongs to Sebastiano Gottardo, a MusixMatch developer who discovered the issue while working on an update. Likewise, LastPass has been quick to add support for Android 6.0 permissions, and has already released an update to the Play Store. LastPass's flow simply involves posting a notification the first time a login form is detected, so long as the App Fill-In feature is enabled.

Not all apps that draw on top of the screen will be asking users to go through this step right away. Apps that target API Level 22 or below are automatically granted permission, presumably to maintain compatibility. Only by targeting API Level 23 (Android M) will developers have to send users through the extra steps. At least, that's how it works in Developer Preview 3 – Google could plausibly change this behavior for the final release, but don't bet on it. Regardless of API Level, users can revoke this permission from any app by visiting: Settings -> Apps -> Advanced (the gear button) -> Draw over other apps.

For Developers

If you're working on an app that makes use of the SYSTEM_ALERT_WINDOW permission, there are a few things you'll probably want to know. The Android 6.0 SDK introduces a couple of things to the API that make this new process relatively painless to implement.

To begin with, a call to Settings.canDrawOverlays() reports back whether or not your app has been granted permission to draw on the screen. If permission hasn't been granted yet, create an Intent and set its destination to Settings.ACTION_MANAGE_OVERLAY_PERMISSION and add a URI in the form of "package:" to send users directly to your app's page. Alternatively, you can leave off the URI to send them simply to the full list of apps. For sample code, check out this StackOverflow answer.

Conclusion

Unlike the new permission dialogs, this one should definitely include a custom UI to explain why users are being sent to another screen and what they should do there. The steps to support this change aren't complicated and don't add very much work for developers, but the change in context is an intentional hurdle. Developers will have to earn trust from users before asking for too many permissions, and this one may be just a step too far for some.

Android M may soon earn a reputation for an overabundance of confirmation dialogs, at least that's how it will feel to anybody setting up a new device. Fortunately, we need only grant each permission to an app once, so things will never get as bad as Windows Vista.

source: http://www.androidpolice.com

Vital guide to hire an Android Developer

Android, Google’s open source mobile operating system, has changed the landscape of mobile computing in many ways. Since its inception, Android has become the dominant mobile platform, and has made its way into the realm of cars, TVs, wristwatches, and even video game consoles. This, coupled with Android’s rich ecosystem and development framework, offers nothing less than an immense potential for the success of any Android mobile app.

However, a great system is only as good as the people using it, and amidst the fierce hiring competition for top developers that exists in this day and age, finding a great Android developer is a daunting task in and of itself. The good news is that with a few key strategic approaches, the Android hiring process can be entirely demystified.

Here is the vital guide on how to hire an Android developer.

1. Put thought into your approach

Finding a great Android developer is like searching for a needle in a haystack, except that there are countless other people searching for the same needle. At some point, you’re going to need a shinier, more powerful magnet. Your first magnet is your job description, so it needs to be really excellent.

The hiring process is painful enough already, so save yourself time by using an Android job description template. To reduce the volume of applications you’ll see, customize this so that it clearly discusses the minimum qualifications you expect any candidate to have and include a clear description of the job and the relevant responsibilities. Android as a platform is not limited to handheld devices only, and unlike other platforms such as the web, applications developed for Android usually are capable of going beyond the typical click or tap interactions. They can also use contextual information obtained from available device sensors, take better control of the other device features and resources, and more. Simply describing the position as “Android developer” is far too generic of an approach.

Moreover, make sure that your job description includes information about your company culture and clearly lays out why it’s a great place to work. Remember that great Android developers typically have more than their fair share of opportunities. Your job listing not only needs to weed out bad candidates, it needs to catch the eye of good ones.

2. Establish Your Interview Funnel and Pool of Interview Questions

Technical interviewing is hard, and there are many techniques out there for evaluating a programmer. It’s extremely difficult to tell if someone’s a good programmer unless you are one yourself, so be sure to involve your must trusted developers in the interviewing process. This needs to be done intelligently to avoid overwhelming them (and to avoid diverting their attention too far from your ongoing projects). Be sure to include steps that can be handled by non-technical people in order to weed out obviously unfit candidates.

Even more important than your interview sequence is the questions you use to gauge aptitude. These should be a mix of general intelligence and behavioral questions, software development questions, and Android-specific questions. Questions from all of these categories should ideally be as relevant to your project as possible. Above all, be sure to avoid questions that are irrelevant or that require the candidate to remember random facts. These are a big tip-off to the candidate that you don’t know what you’re doing.

3. Assign a Test Project and Review Past Work

As an open and extremely customizable platform, Android suffers from the obvious problem of fragmentation. Android comes in thousands of device sizes and feature combinations. This issue, and many other potential logical mistakes, can cause applications to fail on any number of devices if not handled with care. To make sure this isn’t a risk for you, check whether anything in your candidate’s portfolio violates any platform guidelines or makes any common Android mistakes that all experts should know how to avoid.

If you still aren’t sure, assign a test project (this can be a highly watered down version of your ongoing project) to get an idea of the candidate’s technical expertise, communication skills, and more.

Conclusion

Mastering Android development requires a lot more than just the ability to program in any particular language. Candidates need to have passion and truly understand the platform inside and out. The best Android developers will be committed to collaborative problem solving, sophisticated design, and creating quality products.

The hiring process has a make-or-break effect on your projects. Do not overlook the importance of a planned and strategic approach to hiring an Android developer.

source: http://tech.co

Android developers can now build Chrome custom tabs into their apps

Google released Chrome 45 for Windows, Mac, Linux, and Android yesterday, and today we’re learning that the Android update includes support for a new feature called Chrome custom tabs. You can download the new Chrome version now from Google Play, but you won’t see Chrome custom tabs right away — today’s news is primarily aimed at developers. That said, Google has partnered with a few apps already — Feedly, The Guardian, Medium, Player.fm, Skyscanner, Stack Overflow, Tumblr, and Twitter will support custom tabs “in the coming weeks.”


Google first shared details about Chrome custom tabs when it unveiled Android Marshmallow at its I/O conference in May, but to be clear, the feature is available to all Android versions that can run Chrome 45 (Jelly Bean and up). Instead of dumping the user into the browser or using a WebView, developers can use Chrome custom tabs to leverage all of the browser’s features while still maintaining the app’s design. Features like automatic sign-in, saved passwords, Tap to Search, and autofill are all available.

Here is how Chrome custom tabs work when developers build the functionality into their app. When the user opens a link in an app, it loads in a Chrome custom tab. This new view appears native to the app, as developers are essentially customizing Chrome’s look and feel to match the app, including changing the toolbar color, adjusting the transition animations, and even adding custom actions to the toolbar that let the user interact with the app. On top of all this, content loads more quickly.

In fact, Google says custom tabs are optimized to load faster than WebViews and traditional methods of launching Chrome. Because apps can prefetch pages in the background, they appear to load nearly instantly when the user navigates to them.

Chrome’s security features, including multiprocess architecture and permissions model, are also available. Custom tabs use the same cookies as Chrome, meaning users stayed signed into sites.
Google explains the issue that Chrome custom tabs is trying to solve:

Android app developers face a difficult tradeoff when it comes to showing web content in their Android app. Opening links in the browser is familiar for users and easy to implement, but results in a heavy-weight transition between the app and the web. You can get more granular control by building a custom browsing experience on top of Android’s WebView, but at the cost of more technical complexity and an unfamiliar browsing experience for users.

If you’re a developer who finds the above intriguing, check out the Chrome custom tabs developer guide.

source: http://venturebeat.com