Google IO 2017 – Android 0, Studio, and Things Notes

Android Things

Use Android Things with AI to create smart devices: Do it Yourself AI kit

IOT Security with Android Things

Android Things – System on Module architecture. Developer console

Security features are built in: on by default, easy to maintain, infrastructure by Google.

Feature features: OS Hardening, updates verified boot, hardware backed keys, attestation

The main problem in IOT secuirty is economics. the cost of building in security vs. cost of risking security. smaller, lower cost devices may not build in security. Exploits have become their own market

How much is the cost to an engineer to create an attack?

  • Time
  • Money
  • Skill
  • Grit

attack ROI:

How valuable is it?

Pervasive

Can this attack scale enough to be valuable? WiFi injection may be effective, but it doesn’t scale if you have to be near the router. A default credential, i.e. security cams, can be attacked by the thousands.

Privileged

Does the attack give the person privilege to the hardware, accounts?

Persistant

Does the attack give the engineer significant persistance? Can it survive a device reboot?

Security Cost: not every company has the resources to build and maintain security features and infrastructure.

Android Things goal: raise attack costs, reduce ROI, and reduce security costs.

OS Hardening: All of Android’s hardening is enabled in Android Things. Permissions, app sandbox, mandatory access control (Selinux), kernel syscall filtering, full ASLR, FORTIFY, stack-protector-strong…

Developer Action: Declare permissions only as needed, split out privileged code.

All Android Things devices will get infrastructure updates directly from Google. This reduces attack persistance and drives down the attack ROI. Updates can be controlled during critical operations, like a drone is flying. Developers can also test updates and request an update to be stopped

Android Things Keystore

Attestation: Authentication for devices. Attests to what? Authnetic Android Thing Device, product info, device identity, device state (verified boot state), key attributes (allowed modes,…)

Building for Billions

Building for Billions is Androids best practices for low cost/bandwidth devices. Best practices on how to optimize Android apps for low- and no-bandwidth and low-cost devices.

Kotlin

  • Kotlin is now a first-class language for Android.
  • Kotlin Programming Language
  • Kotlin is a statically typed programming language for the JVM, Android and the browser, 100% interoperable with Java.
  • There’s no change in support for Java or C++.
  • Comparable to Swift and Objective C.

Watch Google IO talks  for more info on using Kotlin

Android Studio 3.0 canary is available today.

Watch for unified network profiler. It is interactive, you can go into functions and dive into specific code.

Android Architecture Components

A new collection of libraries that help you design robust, testable, and maintainable apps. Start with classes for managing your UI component lifecycle and handling data persistence.

Android is going to have a device catalog, find out the specifics of different phones and devices.

Android Instant Apps

Android Instant Apps available to everyone

They allow Android users to run your apps instantly, without installation. Android users experience what they love about apps—fast and beautiful user interfaces, high performance, and great capabilities—with just a tap.

Android Instant Apps is now open to all developers, so anyone can build and publish an instant app today.

Use the same code to generate the instant app, use feature modules to define what can be included/removed for instant apps. Look for modularize feature in android studio. They also will have optimization tools to make these features faster.

What’s new in Android O keynote…

Picture in picture is coming to Android O. similar to the way YouTube will let the video reduce to a thumbnail while you scroll other videos in a search. Only now the video can be a thumbnail while you open evernote and write notes

Android O color management will allow colors to be more consistent across devices.

Multi-display. user can choose to send information to multiple displays.

Look for ActivityOptions

$adb shell dumpsys display
getMetrics() on mediaPlayer, mediaRecorder…

You can now use an arbitrary number of audio/video tracks.

WebView allows Google Safe Browsing API.

<meta-data
    android:name=“andorid.webkit.webview.enableSafeBrowsing”
    android:value=“true” />

Web view safe browsing goes back to lollipop

Seek within videos

animatorSet setCurrentPlayTiem (long); - seek within

Reverse

you can now reverse: reverse();

AutoFill

You can now get user name/password and other from Chrome. https://youtu.be/1N9KveJ-FU8?t=9m17s

This will make logging into apps much easier.

Autofill will be included in basic form inputs:  text view, edit text.. no extra work required

You can use hints to the auto-fill api to define data types. Autofill apis for custom veiws and opaque hierarchies

Fonts

Text Stuff: font files can be added to font directory. Downloadable fonts: declare font to be downloaded and cached.  Font provider in Google play services v1.  There is a beta version available. Access to all 800 google fonts

Auto-sizing Text Views

Fonts with auto-resize will change font size as you resize their container. In the past, the container may grow, but the fonts stay the same size. Now they can grow with the container.

AccessibilityService Utilities

Language detection, accessibility button, separate volume controls, finger print

FindViewById update

Current:

View.java: public View findViewById (int id);
TextView tv = (TextView) findViewbyId(R.id.mytextview);

Android O

View.java: public <T extends view> findViewById(int id)
TextView tv = findViewById (R.id.mytextview);

Adaptive Icons.

We will need to worry about Adaptive Icons with future releases. Developers provide background + foreground * mask for multiple devices.

Pin request.

Ask people to pin our app to desktop. ShortcutManager and appWidgetManager. requestPinAppWidget…

Notifications

Notifications are getting more power in O. The user should always be in control. Users and developers want ability to tweak notifications from an app. Notification channels give developers and users fine grain control. Apps can define channels, assign notifications to channels, post notifications

Note: Once you target O. You must use channels or notifications will be dropped!

Strict Mode

Thread policy. unbuffered i/o, VM policy

Media file access

Seekable file descriptors from custom document provider. useful for large remote sources.  Cached data. statey below the quota to avoid aggressive deletion. Use storage manager

getCacheQuoteBytes()
allocateBytes()
setCacheBehaviorTombstone()

Security

Privacy ANDROID_ID is now different for every app,user

net.hostname is empty

Google Play Protect, scans apps on user’s phone. now they are making it obvious by giving the user a notification when it scans and lets them know the state.

Android Studio 3.0

Kotlin available today.

  • You can copy java and paste within kotlin file and it will automatically convert to kotlin code.
  • Java: new packages for java.time, java.nio.file, java.lang.invoke
  • Runtime: Concurrent -copying collector.
  • Smaller heap, faster allocations, faster collections
  • v26 has emojiCompat – bundled or updatable.

Animation

Physics animation: velocity, springs, force. This simplifies the process. It is more natural, interactive, interruptible.

Look at ChainedSpringDemo

Architecture components:

easier android development. lifecycle

Background apps:

  • location is only going to get coarse grained location info
  • wakelocks for cached apps – wakelock is released
  • background execution limits

Alert windows

TYPE_APPLICATION_OVERLAY must be used

Create Accessible Word Documents

There’s a big AODA Accessibility deadline hitting Canadian companies (and American companies that have Canadian customers) on January 1, 2016. All large companies must be able to provide an accessible alternative to public documentation on request. This means that if you are sharing a printed document, an untagged .pdf, or other non-accessible form of information, you need to also have a back up that is accessible.

For many people, the first step towards accessible documentation is creating a semantic, accessible Word document. Once this has been established, you can easily paste it into WordPress and other web applications to create a semantic page. This also helps you generate an accessible PDF document. Keep this Word document handy for those requests from a customer.

The Microsoft Accessibility Team has created a great set of short videos that show how to make your word Documents accessible. Take a few moments to watch this and share with your co-workers. It doesn’t take any longer to do it right. Keeping your documents semantic also makes them easier to style with the Word Themes.

The low-vision experience with an iPad

I’ve met many small business owners with low vision that love using an iPad, or other tablet, as their key device. The iPad allows entrepreneurs to use a single device to handle all of their business tasks, such as point of sale, payroll, accounting, purchasing, and creating estimates on location. As a person with low vision, the built-in zooming functionality makes it easy to explore the screen and interact with the elements.

Karo Caran introduces how a person with low vision uses an iPad in this video

She recently created this new vidoe for a presentation on design for low-vision users. There are some key takeaways, such as consistency of banners and using background colors to differentiate between header, body, and footer.

Inheriting user preferences

While zooming is a great way to review content, not all low vision users want to use their applications in this manner. Many simply want to user the built in settings for higher contrast, bigger text, and reduced transparency to use their iPad without continually zooming in and out.

Your applications can automatically inherit these functions if you use standard iOS/Android components and the iOS Dynamic Type. If the app isn’t using Dynamic Type, we’ll need to check for a user’s display preferences and modify the fonts, colors, animation, etc.

Bold Text

The following code checks to see if a person has bold text enabled in their preferences. If so, use Avenir medium instead of light

+ (NSString *)fontName {
    if (UIAccessibilityIsBoldTextEnabled()) {
            return @"Avenir-Medium";
    }
    return @"Avenir-Light";
}

Darker Colors

We can detect if a user prefers darker colors, this is especially helpful for links that sit on colored backgrounds

+ (UIColor *)detailColor {
    if (UIAccessibilityDarkerSystemColorsEnabled()) {
        return [UIColor blackColor];
    }
    return [UIColor grayColor];
}

Additional Checks

Positive Advertisements that Include Accessibility

Inclusion is the goal for all accessibility professionals. Our goal is to give everyone the freedom to accomplish any task independently. We also recognize the importance of social inclusion of people of all abilities. I’ve created a playlist of videos on YouTube that include people with different abilities in a positive spirit without falling into the inspiration porn mindset.

My favorites are the Wimpy’s burgers with braille buns, South Africa tourism, and the singing children from Thailand.