Saturday, October 27, 2018

Tuning Your Apps In Addition To Games For Long Concealment Devices

Posted past times Fred Chung, Developer Advocate

In recent months, there's a growing tendency for handset makers to shipping novel devices amongst long concealment expression ratio (stretching beyond 16:9), many of which also sport rounded corners. This attests to the Android ecosystem's breadth as well as choice. Pixel 2 XL as well as Huawei Mate 10 Pro are but 2 of many examples. These concealment characteristics could convey a really immersive sense to users as well as they get got observe of apps as well as games that don't get got payoff of the long expression ratio concealment on these novel devices. Therefore it is of import for developers to optimize for these concealment designs. Let's get got a expect at related back upward provided past times the Android OS.

Optimize for long expression ratio screens

Most apps using measure UI widgets volition probable travel out-of-the-box on these devices. Android documentation details techniques for flexibly working on multiple concealment sizes. However, some games as well as apps amongst custom UIs may encounter issues due to wrong assumptions on sure enough expression ratios. We're sharing a few typical issues faced past times developers, as well as hence y'all tin pay attending to those relevant to you:

  • Certain sides of the concealment are cropped. This makes whatever graphic or UI elements inwards the affected regions expect incomplete.
  • Touch targets are commencement from UI elements (e.g. buttons). Users may last confused on UI elements that are seemingly interactive.
  • For total concealment vogue on rounded corners devices, any UI elements really but about the corners may last exterior of the curved corner viewable area. Imagine if a commerce app's "Purchase" push was partially obstructed? We recommend referencing Material Design guidelines past times leaving 16dp side margins inwards layouts.

If responsive UI is actually non suitable for your situation, as a final resort declare an explicit maximum supported expression ratio equally follows. On devices amongst a wider expression ratio, the app volition last shown inwards a compatibility vogue padded amongst letterbox. Keep inwards postulate heed that sure enough device models render an override for users to strength the app into full-screen compatibility mode, as well as hence last sure enough to essay out nether these scenarios too!

Targets API score 26 or higher: Use android:maxAspectRatio attributes.

Targets API score 25 or lower: Use android.max_aspect meta-data. Note that maximum expression ratio values volition last respected alone if your activities don't back upward resizableActivity. See documentation for detail.

System letterboxes an app when the declared maximum expression ratio is smaller than the device's screen.

Consider using side-by-side activities

Long expression ratio devices enable fifty-fifty to a greater extent than multi-window role cases that could growth user productivity. Beginning inwards Android 7.0, the platform offers a measure means for developers to implement multi-window on supported devices equally good equally perform information drag as well as drib betwixt activities. Refer to documentation for details.

Testing is crucial. If y'all don't get got access to 1 of these long concealment devices, last sure enough to essay out on the emulator amongst adequate concealment size as well as resolution hardware properties, which are explained inwards the emulator documentation.

We know y'all desire to please your users amongst long concealment devices. With a few steps, y'all tin ensure your apps as well as games taking total payoff of these devices!

Welcoming Android 8.1 Oreo In Addition To Android Oreo (Go Edition)

Posted past times Dave Burke, VP of Engineering

At Google for India this Monday, nosotros announced the in conclusion loose of Android 8.1 Oreo. Android 8.1 Oreo is some other exciting measuring toward bringing to life our vision of an AI-first mobile platform, for everyone, everywhere.

Android 8.1 introduces back upward for our novel Android Oreo (Go edition) software experience for entry-level devices. Android Oreo (Go edition) brings the best of Android to the speedily growing marketplace position for low-memory devices around the world, including your apps in addition to games.

Android 8.1 also introduces the Neural Networks API, a hardware accelerated automobile learning runtime to back upward ML capabilities inwards your apps. On supported devices, the Neural Networks API enables fast in addition to efficient inference for a hit of fundamental move cases, starting amongst vision-based object classification.

You tin acquire started amongst Android 8.1 Oreo (API grade 27) today. We're pushing sources to Android Open Source Project now, in addition to rolling out the update to supported Pixel in addition to Nexus devices over the adjacent week. We're also working amongst our device maker partners to convey Android 8.1 to to a greater extent than devices, including Android Oreo (Go edition) devices, inwards the months ahead.

Android Oreo (Go edition)

As announced at Google I/O 2017, the "Android Go" projection is our first to optimize the Android experience for billions of people coming online around the world. Starting amongst Android 8.1, we're making Android a corking platform for entry-level devices inwards the Android Oreo (Go edition) configuration:

  • Memory optimizations -- Improved retention usage across the platform to ensure that apps tin run efficiently on devices amongst 1GB or less RAM.
  • Flexible targeting options -- New hardware characteristic constants to permit y'all target the distribution of your apps to normal or low-RAM devices through Google Play.
  • Optimized Google apps: Rebuilt in addition to optimized versions of Google apps, using less memory, storage space, in addition to mobile data.
  • Google Play: While all apps volition hold upward available on Android Oreo (Go edition) devices, Google Play volition give visibility to apps specifically optimized past times developers to render a corking experience for billions of people amongst the building for billions guidelines.

We've updated the building for billions guidelines amongst additional guidance on how to optimize your app for Android Oreo (Go edition) devices. For most developers, optimizing your existing APK or using Google Play's Multiple APK feature to target a version of your APK to low-RAM devices is the best means to prepare for Android Oreo (Go edition) devices. Remember that making your app lighter in addition to to a greater extent than efficient benefits your whole audience, regardless of device.

Neural Networks API

The Neural Networks API provides accelerated computation in addition to inference for on-device automobile learning frameworks similar TensorFlow Lite -- Google's cross-platform ML library for mobile -- equally good equally Caffe2 in addition to others. TensorFlow Lite is now available to developers, hence see the TensorFlow Lite opened upward source repo for downloads in addition to docs. TensorFlow Lite industrial plant amongst the Neural Networks API to run models similar MobileNets, Inception v3, in addition to Smart Reply efficiently on your mobile device.

Autofill enhancements in addition to more

Android 8.1 includes pick out new features in addition to developer APIs (API grade 27), along amongst the latest optimizations, põrnikas fixes, in addition to safety patches. Extend your app amongst Autofill enhancements, a SharedMemory API, in addition to more. You tin also add together established Android Oreo features equally well, encounter the Android Oreo site for details.

Test your apps on Android 8.1

If haven't already, accept a few moments today to exam your apps in addition to brand certain they offering the experience y'all desire for users upgrading to Android 8.1 Oreo.

Just install your electrical flow app from Google Play onto a device or emulator running Android Oreo in addition to exam the user flows. The app should run in addition to expect great, in addition to handgrip the Android Oreo behavior changes properly. In particular, pay attending to background location limits, notification channels, in addition to changes inwards networking, security, in addition to identifiers.

Speed your evolution amongst Android Studio

To create amongst Android 8.1, nosotros recommend updating to Android Studio 3.0, which is at in ane lawsuit available from the stable channel. On happen of the novel app performance profiling tools, back upward for the Kotlin programming language, in addition to Gradle create optimizations, Android Studio 3.0 makes it easier to railroad train for Android Oreo features similar Instant Apps, XML Fonts, downloadable fonts, in addition to adaptive icons.

With the in conclusion platform we're updating the SDK in addition to create tools inwards Android Studio, equally good equally the API Level 27 emulator arrangement images. We recommend updating to the Android Support Library 27.0.2, which is available from Google's Maven repository. See the version notes for details on what's new.

As always, we're providing downloadable manufacturing flora in addition to OTA images on the Nexus Images page to handle y'all do in conclusion testing on your Pixel in addition to Nexus devices.

Publish your updates to Google Play

When you're ready, y'all tin break your APK updates targeting API grade 27 inwards your alpha, beta, or production channels. Make certain that your updated app runs good on Android Oreo equally good equally older versions. We recommend using beta testing to acquire early on feedback from a pocket-sized grouping of users in addition to a pre-launch report to handle y'all position whatever issues, hence do a staged rollout. Head over to the Android Developers site to abide by to a greater extent than information on launch best practices. We're looking frontwards to seeing your app updates!

What's adjacent for Android Oreo?

We'll shortly hold upward closing the Developer Preview resultant tracker, but delight maintain the feedback coming! If y'all nevertheless encounter an resultant that y'all filed inwards the preview tracker, simply file a novel issue against Android 8.1 inwards the AOSP resultant tracker. You tin also move along to give us feedback or enquire questions inwards the developer community.

Diagnose In Addition To Sympathize Your App's Gpu Postulate Amongst Gapid

Posted past times Andrew Woloszyn, Software Engineer

Developing for 3D is complicated. Whether you're using a native graphics API or enlisting the assist of your favorite game engine, in that place are thousands of graphics commands that conduct keep to come upward together perfectly to compass beautiful 3D images on your phone, desktop or VR headsets.

GAPID (Graphics API Debugger) is a novel tool that helps developers diagnose rendering too functioning issues alongside their applications. With GAPID, you lot tin capture a line of your application too pace through each graphics ascendancy one-by-one. This lets you lot visualize how your terminal icon is built too isolate problematic calls, thence you lot pass less fourth dimension debugging through trial-and-error.

GAPID supports OpenGL ES on Android, too Vulkan on Android, Windows too Linux.

Debugging inwards action, i depict telephone yell upward at a fourth dimension

GAPID non solely enables you lot to diagnose issues alongside your rendering commands, but also acts every bit a tool to run quick experiments too run into directly how these changes would deport upon the presented frame.

Here are a few examples where GAPID tin assist you lot isolate too create issues alongside your application:

What's the GPU doing?

Why isn't my text appearing?!

Working alongside a graphics API tin hold upward frustrating when you lot larn an unexpected result, whether it's a blank screen, an upside-down triangle, or a missing mesh. As an offline debugger, GAPID lets you lot conduct keep a line of these applications, too thence inspect the calls afterwards. You tin rails downward precisely which ascendancy produced the wrong upshot past times looking at the framebuffer, too inspect the patch at that request to assist you lot diagnose the issue.

What happens if I compass X?

Using GAPID to edit shader code

Even when a plan is working every bit expected, sometimes you lot desire to experiment. GAPID allows you lot to modify API calls too shaders at will, thence you lot tin attempt out things like:

  • What if I used a unlike texture on this object?
  • What if I changed the calculation of flower inwards this shader?

With GAPID, you lot tin at nowadays iterate on the facial expression too experience of your app without having to recompile your application or rebuild your assets.

Whether you're edifice a stunning novel desktop game alongside Vulkan or a beautifully immersive VR experience on Android, nosotros promise that GAPID volition salve you lot both fourth dimension too frustration too assist you lot larn the virtually out of your GPU. To larn started alongside GAPID too run into only how powerful it is, download it, conduct keep your favorite application, too capture a trace!

Lowpan On Android Things

Posted past times Dave Smith, Developer Advocate for IoT

Creating robust connections betwixt IoT devices tin hold out difficult. WiFi as well as Bluetooth are ubiquitous as well as operate good inwards many scenarios, simply endure limitations when mightiness is constrained or large numbers of devices are required on a unmarried network. In answer to this, novel communications technologies bring arisen to address the mightiness as well as scalability requirements for IoT.

Low-power Wireless Personal Area Network (LoWPAN) technologies are specifically designed for peer-to-peer usage on constrained battery-powered devices. Devices on the same LoWPAN tin communicate amongst each other using familiar IP networking, allowing developers to purpose criterion application protocols similar HTTP as well as CoAP. The specific LoWPAN applied scientific discipline that nosotros are most excited virtually is Thread: a secure, fault-tolerant, low-power mesh-networking applied scientific discipline that is speedily becoming an manufacture standard.

Today nosotros are announcing API back upwardly for configuring as well as managing LoWPAN equally a business office of Android Things Developer Preview 6.1, including fantabulous networking back upwardly for Thread. By adding an 802.15.4 radio module to 1 of our developer kits, Android Things devices tin communicate straight amongst other peer devices on a Thread network. These types of low-power connectivity solutions enable Android Things devices to perform edge computing tasks, aggregating information locally from nearby devices to brand critical decisions without a constant connexion to cloud services. See the LoWPAN API guide for to a greater extent than details on edifice apps to create as well as bring together local mesh networks.

Getting Started

OpenThread makes getting started amongst LoWPAN on Android Things easy. Choose a supported radio platform, such equally the Nordic nRF52840, as well as download pre-built firmware to enable it equally a Network Co-Processor (NCP). Integrate the radio into Android Things using the LoWPAN NCP user driver. You tin also expand back upwardly to other radio hardware past times edifice your ain user drivers. See the LoWPAN user driver API guide for to a greater extent than details.

To larn started amongst DP6.1, purpose the Android Things Console to download organisation images as well as flash existing devices. Then download the LoWPAN sample app to endeavour it out for yourself! LoWPAN isn't the alone exciting matter happening inwards the latest release. See the release notes for the amount laid of fixes as well as updates included inwards DP6.1.

Feedback

Please post us your feedback past times filing bug reports as well as feature requests, equally good equally asking whatever questions on Stack Overflow. You tin also bring together Google's IoT Developers Community on Google+, a dandy resources to larn updates as well as hash out ideas. Also, nosotros bring our novel hackster.io community, where everyone tin part the amazing projects they bring built. We await frontwards to seeing what y'all create amongst Android Things!

Friday, October 26, 2018

Quick Kicking & The Summit Features Inwards The Android Emulator

Posted past times Jamal Eason, Product Manager, Android

Today, nosotros are excited to denote Quick Boot for the Android Emulator. With Quick Boot, y'all tin sack launch the Android Emulator inwards nether half dozen seconds. Quick Boot industrial plant past times snapshotting an emulator session therefore y'all tin sack reload inwards seconds. Quick Boot was showtime released amongst Android Studio 3.0 inwards the canary update channel in addition to nosotros are excited to unloose the characteristic equally a stable update today.

In improver to this novel feature, nosotros also wanted to highlight unopen to of the top features from recent releases. Since the consummate revamp of the Android Emulator two years ago, nosotros choke on to focus on improving speed, stability in addition to adding a rich gear upwardly of features that accelerate your app evolution in addition to testing. With all the recent changes, it is definitely worth updating to the latest version of the Android Emulator to role it today.

Top v Features

  • Quick Boot - Released equally a stable characteristic today, Quick Boot allows y'all to resume your Android Emulator session inwards nether half dozen seconds. The showtime fourth dimension y'all begin an Android Virtual Device (AVD) amongst the Android Emulator, it must perform a mutual depression temperature kicking (just similar powering on a device), but subsequent starts are fast in addition to the organisation is restored to the nation at which y'all closed the emulator finally (similar to waking a device). We accomplished this past times completely re-engineering the legacy emulator snapshot architecture to locomote amongst virtual sensors in addition to GPU acceleration. No additional setup is required because Quick Boot is enabled past times default starting amongst Android Emulator v27.0.2.

Quick Boot inwards the Android Emulator

  • Android CTS Compatibility - With each unloose of the Android SDK, nosotros ensure that the Android Emulator is create for your app evolution needs, from testing backwards compatibility amongst Android KitKat to integrating the latest APIs of the developer preview. To increase production character in addition to reliability of emulator organisation images, nosotros at 1 time qualify terminal Android System Image builds from Android Nougat (API 24) in addition to higher against the Android Compatibility Test Suite (CTS)—the same testing suite that official Android physical devices must pass.
  • Google Play Support - We know that many app developers role Google Play Services, in addition to it tin sack live on hard to maintain the service upwardly to appointment inwards the Android Emulator organisation images. To solve this problem, nosotros at 1 time offering versions of Android System Images that include the Play Store app. The Google Play images are available starting amongst Android Nougat (API 24). With these novel emulator images, y'all tin sack update Google Play Services via the Play Store app inwards your emulator only equally y'all would on a physical Android device. Plus, y'all tin sack at 1 time examination end-to-end install, update, in addition to buy flows amongst the Google Play Store.
  • Performance Improvements - Making the emulator fast in addition to performant is an on-going destination for our team. We continuously await at the functioning comport on of running the emulator on your evolution machine, peculiarly RAM usage. With the latest versions of the Android Emulator, nosotros at 1 time allocate RAM on demand, instead of allocating in addition to pinning the retentivity to the max RAM size defined inwards your AVD. We produce this past times tapping into the native hypervisors for Linux (KVM) in addition to macOS® (Hypervisor.Framework), in addition to an enhanced Intel® HAXM (v6.2.1 in addition to higher) for Microsoft® Windows®, which uses the novel on-demand retentivity allocation.
  • Additionally, over the finally several releases, nosotros accept improved CPU in addition to I/O functioning land enhancing GPU performance, including OpenGL ES 3.0 support. Looking at a mutual job such equally ADB force highlights the improvements inwards the Android CPU in addition to I/O pipelines:

    ADB Push Speed Comparison amongst Android Emulator

    For GPU performance, nosotros created a sample GPU emulation stress examination app to approximate improvements over time. We institute that the latest emulator tin sack homecoming higher frame rates than before, in addition to it is 1 of the few emulators that tin sack homecoming OpenGL ES 3.0 accurately per the Android specification.

GPU Emulation Stress Test - Android App

GPU Emulation Stress Test amongst Android Emulator

More Features

In improver to these major features, at that spot are a whole host of additional features that nosotros accept added to the Android Emulator over the finally yr that y'all may non live on aware of:

  • Wi-Fi support - Starting amongst API 24 organisation images, y'all tin sack create an AVD that both connects to a virtual cellular network in addition to a virtual Wi-Fi Access Point.
  • Google Cast back upwardly - When using a Google Play organisation image, y'all tin sack cast concealment in addition to good content to Chromecast devices on the same Wi-Fi network.
  • Drag in addition to driblet APKs & files - Simply drag an APK onto the Android Emulator window to trigger an app install. Also y'all tin sack drag whatsoever other information file in addition to honour it inwards the /Downloads folder inwards your Android Virtual Device.
  • Host re-create & glue - You tin sack re-create & glue text betwixt the Android Emulator in addition to your evolution machine.
  • Virtual 2-finger pinch & zoom - When interacting amongst apps similar Google Maps, concur downward the Ctrl Key (on Microsoft® Windows® or Linux) or ⌘ (on macOS® ) , in addition to a finger overlay appears on concealment to aid amongst pinch & zoom actions.
  • GPS place - Manually direct a GPS signal or gear upwardly of GPS points nether the Location tab of the Android Emulator.
  • Virtual sensors - There is a dedicated page inwards the extended controls panel that has supported sensors inwards the Android Emulator including acceleration, rotation, proximity in addition to many more.
  • WebCam back upwardly - You tin sack role a webcam or your laptop built-in webcam equally a virtual photographic telly camera inwards the AVD. Validate your AVD photographic telly camera settings inwards the Advanced Settings page inwards the AVD Manager.
  • Host machine keyboard - You tin sack role your existent keyboard to larn into text into the Android Virtual Device.
  • Virtual SMS in addition to telephone calls - In the extended controls panel, y'all tin sack trigger a virtual SMS or telephone phone telephone to examination apps amongst telephony dependencies.
  • Screen zooming - On the master copy toolbar, click on the magnify drinking glass icon to larn into zoom mode, in addition to and therefore direct a part of the concealment y'all wish to inspect.
  • Window resizing - Simply drag a corner of the Android Emulator window to modify to the desired size.
  • Network proxy support - Add a custom HTTP proxy for your Android Emulator session past times going to the Settings page nether the Proxy tab.
  • Bug reporting - You tin sack speedily generate a põrnikas study for your app past times using the Bug Report department inwards the extended controls panel to percentage amongst your squad or to post feedback to Google.

Learn to a greater extent than well-nigh the Android Emulator inwards the Emulator documentation.

Getting Started

All of these features in addition to improvements are available to download in addition to role at 1 time amongst Android Emulator v27.0.2+, which y'all tin sack larn via the SDK Manager inwards Android Studio. For a fast experience, nosotros recommend creating in addition to running the x86 version of emulator organisation images, amongst the latest Android Emulator, Intel® HAXM (if applicable) in addition to graphics drivers installed.

We appreciate whatsoever feedback on things y'all like, issues or features y'all would similar to see. If y'all honour a bug, issue, or accept a characteristic asking experience complimentary to file an issue. We are definitely non done, but nosotros promise y'all are excited well-nigh the improvements therefore far.

Improving App Safety Together With Functioning On Google Play For Years To Come

Improving App Safety Together With Functioning On Google Play For Years To Come

Posted yesteryear Edward Cunningham, Product Manager, Android

[Edit: Updated ship service on December 21 to clarify that when the 64-bit requirement is introduced inward August 2019, 32-bit back upwards is non going away. Apps that include a 32-bit library merely take away to guide hold a 64-bit version too.]

Google Play powers billions of app installs in addition to updates annually. We relentlessly focus on safety in addition to functioning to ensure everyone has a positive sense discovering in addition to installing apps in addition to games they love. Today we're giving Android developers a heads-up near 3 changes designed to back upwards these goals, equally good equally explaining the reasons for each change, in addition to how they volition assistance brand Android devices fifty-fifty to a greater extent than secure in addition to performant for the long term.

  • In the minute one-half of 2018, Play volition require that novel apps in addition to app updates target a recent Android API level. This volition last required for novel apps inward August 2018, in addition to for updates to existing apps inward November 2018. This is to ensure apps are built on the latest APIs optimized for safety in addition to performance.
  • In August 2019, Play volition require that novel apps in addition to app updates alongside native libraries supply 64-bit versions inward add-on to their 32-bit versions.
  • Additionally, inward early on 2018, Play volition starting fourth dimension adding a small-scale total of safety metadata on pinnacle of each APK to farther verify app authenticity. You create non take away to accept whatever activity for this change.

We deeply appreciate our developer ecosystem, in addition to thence promise this long advance notice is helpful inward planning your app releases. We volition proceed to supply reminders in addition to portion developer resources equally cardinal dates approach to assistance y'all prepare.

Target API score requirement from belatedly 2018

API deportment changes advance the safety in addition to privacy protections of Android – helping developers secure their apps in addition to protecting people from malware. Here are a few such changes from recent platform versions:

  • Implicit intents for bindService() no longer supported (Android 5.0)
  • Runtime permissions (Android 6.0)
  • User-added CAs non trusted yesteryear default for secure connections (Android 7.0)
  • Apps can't access user accounts without explicit user blessing (Android 8.0)

Many of these changes exclusively apply to apps that explicitly declare their back upwards for novel API behaviors, through the targetSdkVersion manifest attribute. For example, exclusively apps alongside a targetSdkVersion of 23 (the API score of Android 6.0) or higher plow over the user total command over what someone information – such equally contacts or place – the app tin plow over the axe access via runtime permissions. Similarly, recent releases include user sense improvements that foreclose apps from accidentally overusing resources similar battery in addition to memory; background execution limits is a practiced instance of this type of improvement.

In guild to supply users alongside the best Android sense possible, the Google Play Console volition require that apps target a recent API level:

  • August 2018: New apps required to target API score 26 (Android 8.0) or higher.
  • November 2018: Updates to existing apps required to target API score 26 or higher.
  • 2019 onwards: Each twelvemonth the targetSdkVersion requirement volition advance. Within ane twelvemonth next each Android dessert release, novel apps in addition to app updates volition take away to target the corresponding API score or higher.

Existing apps that are non receiving updates are unaffected. Developers rest gratis to usage a minSdkVersion of their choice, thence at that spot is no alter to your mightiness to cook apps for older Android versions. We encourage developers to supply backwards compatibility equally far equally reasonably possible. Future Android versions volition also trammel apps that don't target a recent API score in addition to adversely impact functioning or security. We desire to proactively cut back fragmentation inward the app ecosystem in addition to ensure apps are secure in addition to performant acre providing developers alongside a long window in addition to enough of notice inward guild to computer programme ahead.

This twelvemonth nosotros released Android Oreo, the most secure in addition to best performing version of Android yet, in addition to nosotros introduced Project Treble to assistance the latest releases range devices faster. Get started edifice apps that target Android 8.1 Oreo today.

64-bit back upwards requirement inward 2019

Platform back upwards for 64-bit architectures was introduced inward Android 5.0. Today, over 40% of Android devices coming online guide hold 64-bit support, acre all the same maintaining 32-bit compatibility. For apps that usage native libraries, 64-bit code typically offers significantly ameliorate performance, alongside additional registers in addition to novel instructions.

In anticipation of hereafter Android devices that back upwards 64-bit code only, the Play Console volition require that novel apps in addition to app updates alongside native libraries supply 64-bit versions inward add-on to their 32-bit versions. This tin plow over the axe last inside a unmarried APK or equally ane of the multiple APKs published.

We are non removing 32-bit support. Google Play volition proceed to back upwards 32-bit apps in addition to devices. Apps that create non include native code are unaffected.

This alter volition come upwards into number inward August 2019. We're providing advance notice today to let enough of fourth dimension for developers who don't yet back upwards 64-bit to computer programme the transition. Stay tuned for a hereafter ship service inward which we'll accept an in-depth await at the functioning benefits of 64-bit native libraries on Android, in addition to cheque out the CPUs in addition to Architectures guide of the NDK for to a greater extent than info.

Security metadata inward early on 2018

Next twelvemonth we'll laid about adding a small-scale total of safety metadata on pinnacle of each APK to verify that it was officially distributed yesteryear Google Play. Often when y'all purchase a physical product, you'll discovery an official label or a badge which signifies the product's authenticity. The metadata we're adding to APKs is similar a Play badge of authenticity for your Android app.

No activity is needed yesteryear developers or users. We'll accommodate Play's maximum APK size to accept into concern human relationship the small-scale metadata addition, which is inserted into the APK Signing Block in addition to does non alter the functionality of your app. In add-on to enhancing the integrity of Play's mobile app ecosystem, this metadata volition enable novel distribution opportunities for developers inward the hereafter in addition to assistance to a greater extent than people maintain their apps upwards to date.

Looking ahead

2017 has been a fantastic twelvemonth for developers who guide hold seen increase in addition to success on Google Play. We've been difficult at piece of occupation on features (including those announced at I/O 2017 in addition to at Playtime) to assistance y'all improve your app character in addition to concern performance. With these features in addition to the upcoming updates, nosotros promise to encounter the Android in addition to Play ecosystem proceed to thrive inward 2018 in addition to beyond.

How useful did y'all discovery this blogpost?

Double Stuffed Safety Inwards Android Oreo

Double Stuffed Safety Inwards Android Oreo

Posted past times Gian G Spicuzza, Android Security team

Android Oreo is stuffed total of safety enhancements. Over the past times few months, we've covered how we've improved the safety of the Android platform together with its applications: from making it safer to larn apps, dropping insecure network protocols, providing to a greater extent than user command over identifiers, hardening the kernel, making Android easier to update, all the mode to doubling the Android Security Rewards payouts. Now that Oreo is out the door, let's conduct maintain a await at all the goodness inside.

Expanding back upwards for hardware security

Android already supports Verified Boot, which is designed to foreclose devices from booting upwards alongside software that has been tampered with. In Android Oreo, nosotros added a reference implementation for Verified Boot running alongside Project Treble, called Android Verified Boot 2.0 (AVB). AVB has a brace of cool features to brand updates easier together with to a greater extent than secure, such equally a mutual footer format together with rollback protection. Rollback protection is designed to foreclose a device to kick if downgraded to an older OS version, which could survive vulnerable to an exploit. To exercise this, the devices salvage the OS version using either special hardware or past times having the Trusted Execution Environment (TEE) sign the data. Pixel 2 together with Pixel 2 XL come upwards alongside this protection together with nosotros recommend all device manufacturers add together this characteristic to their novel devices.

Oreo also includes the novel OEM Lock Hardware Abstraction Layer (HAL) that gives device manufacturers to a greater extent than flexibility for how they protect whether a device is locked, unlocked, or unlockable. For example, the novel Pixel phones work this HAL to travel past times commands to the bootloader. The bootloader analyzes these commands the side past times side fourth dimension the device boots together with determines if changes to the locks, which are securely stored inward Replay Protected Memory Block (RPMB), should happen. If your device is stolen, these safeguards are designed to foreclose your device from beingness reset together with to perish along your information secure. This novel HAL fifty-fifty supports moving the lock dry soil to dedicated hardware.

Speaking of hardware, we've invested back upwards inward tamper-resistant hardware, such equally the security module works life inward every Pixel 2 together with Pixel 2 XL. This physical chip prevents many software together with hardware attacks together with is also resistant to physical penetration attacks. The safety module prevents deriving the encryption fundamental without the device's passcode together with limits the charge per unit of measurement of unlock attempts, which makes many attacks infeasible due to fourth dimension restrictions.

While the novel Pixel devices conduct maintain the special safety module, all novel GMS devices transportation alongside Android Oreo are required to implement key attestation. This provides a machinery for strongly attesting IDs such equally hardware identifiers.

We added novel features for enterprise-managed devices equally well. In piece of work profiles, encryption keys are straightaway ejected from RAM when the profile is off or when your company's admin remotely locks the profile. This helps secure enterprise information at rest.

Platform hardening together with procedure isolation

As constituent of Project Treble, the Android framework was re-architected to brand updates easier together with less costly for device manufacturers. This separation of platform together with vendor-code was also designed to improve security. Following the principle of to the lowest degree privilege, these HALs run inward their own sandbox together with solely conduct maintain access to the drivers together with permissions that are absolutely necessary.

Continuing alongside the media stack hardening inward Android Nougat, nearly direct hardware access has been removed from the media frameworks inward Oreo resulting inward improve isolation. Furthermore, we've enabled Control Flow Integrity (CFI) across all media components. Most vulnerabilities today are exploited past times subverting the normal command catamenia of an application, instead changing them to perform arbitrary malicious activities alongside all the privileges of the exploited application. CFI is a robust safety machinery that disallows arbitrary changes to the master copy command catamenia graph of a compiled binary, making it significantly harder to perform such attacks.

In add-on to these architecture changes together with CFI, Android Oreo comes alongside a feast of other tasty platform safety enhancements:

  • Seccomp filtering: makes some unused syscalls unavailable to apps together with so that they can't survive exploited past times potentially harmful apps.
  • Hardened usercopy: Influenza A virus subtype H5N1 recent survey of safety bugs on Android revealed that invalid or missing bounds checking was seen inward unopen to 45% of substance vulnerabilities. We've backported a bounds checking characteristic to Android kernels 3.18 together with above, which makes exploitation harder piece also helping developers location issues together with laid upwards bugs inward their code.
  • Privileged Access Never (PAN) emulation: Also backported to 3.18 kernels together with above, this characteristic prohibits the substance from accessing user infinite direct together with ensures developers utilize the hardened functions to access user space.
  • Kernel Address Space Layout Randomization (KASLR): Although Android has supported userspace Address Space Layout Randomization (ASLR) for years, we've backported KASLR to assistance mitigate vulnerabilities on Android kernels 4.4 together with newer. KASLR works past times randomizing the location where substance code is loaded on each boot, making code reuse attacks probabilistic together with thence to a greater extent than hard to deport out, particularly remotely.

App safety together with device identifier changes

Android Instant Apps run inward a restricted sandbox which limits permissions together with capabilities such equally reading the on-device app listing or transmitting cleartext traffic. Although introduced during the Android Oreo release, Instant Apps supports devices running Android Lollipop together with later.

In society to grip untrusted content to a greater extent than safely, we've isolated WebView past times splitting the rendering engine into a form procedure together with running it within an isolated sandbox that restricts its resources. WebView also supports Safe Browsing to protect against potentially unsafe sites.

Lastly, we've made significant changes to device identifiers to give users to a greater extent than control, including:

  • Moving the static Android ID together with Widevine values to an app-specific value, which helps boundary the work of device-scoped non-resettable IDs.
  • In accordance alongside IETF RFC 7844 anonymity profile, net.hostname is straightaway empty together with the DHCP customer no longer sends a hostname.
  • For apps that postulate a device ID, we've built a Build.getSerial() API together with protected it behind a permission.
  • Alongside safety researchers1, nosotros designed a robust MAC address randomization for Wi-Fi scan traffic inward diverse chipsets firmware.

Android Oreo brings inward all of these improvements, together with many more. As always, nosotros appreciate feedback together with welcome suggestions for how nosotros tin improve Android. Contact us at security@android.com.

_____________________________________________________________________

1: Glenn Wilkinson together with squad at Sensepost, UK, Célestin Matte, Mathieu Cunche: University of Lyon, INSA-Lyon, CITI Lab, Inria Privatics, Mathy Vanhoef, KU Leuven