Android Things
Use Android Things with AI to create smart devices: Do it Yourself AI kit
IOT Security with Android Things
Android Things – System on Module architecture. Developer console
Security features are built in: on by default, easy to maintain, infrastructure by Google.
Feature features: OS Hardening, updates verified boot, hardware backed keys, attestation
The main problem in IOT secuirty is economics. the cost of building in security vs. cost of risking security. smaller, lower cost devices may not build in security. Exploits have become their own market
How much is the cost to an engineer to create an attack?
- Time
- Money
- Skill
- Grit
attack ROI:
How valuable is it?
Pervasive
Can this attack scale enough to be valuable? WiFi injection may be effective, but it doesn’t scale if you have to be near the router. A default credential, i.e. security cams, can be attacked by the thousands.
Privileged
Does the attack give the person privilege to the hardware, accounts?
Persistant
Does the attack give the engineer significant persistance? Can it survive a device reboot?
Security Cost: not every company has the resources to build and maintain security features and infrastructure.
Android Things goal: raise attack costs, reduce ROI, and reduce security costs.
OS Hardening: All of Android’s hardening is enabled in Android Things. Permissions, app sandbox, mandatory access control (Selinux), kernel syscall filtering, full ASLR, FORTIFY, stack-protector-strong…
Developer Action: Declare permissions only as needed, split out privileged code.
All Android Things devices will get infrastructure updates directly from Google. This reduces attack persistance and drives down the attack ROI. Updates can be controlled during critical operations, like a drone is flying. Developers can also test updates and request an update to be stopped
Attestation: Authentication for devices. Attests to what? Authnetic Android Thing Device, product info, device identity, device state (verified boot state), key attributes (allowed modes,…)
Building for Billions
Building for Billions is Androids best practices for low cost/bandwidth devices. Best practices on how to optimize Android apps for low- and no-bandwidth and low-cost devices.
Kotlin
- Kotlin is now a first-class language for Android.
- Kotlin Programming Language
- Kotlin is a statically typed programming language for the JVM, Android and the browser, 100% interoperable with Java.
- There’s no change in support for Java or C++.
- Comparable to Swift and Objective C.
Watch Google IO talks  for more info on using Kotlin
Android Studio 3.0 canary is available today.
Watch for unified network profiler. It is interactive, you can go into functions and dive into specific code.
Android Architecture Components
A new collection of libraries that help you design robust, testable, and maintainable apps. Start with classes for managing your UI component lifecycle and handling data persistence.
Android is going to have a device catalog, find out the specifics of different phones and devices.
Android Instant Apps
Android Instant Apps available to everyone
They allow Android users to run your apps instantly, without installation. Android users experience what they love about apps—fast and beautiful user interfaces, high performance, and great capabilities—with just a tap.
Android Instant Apps is now open to all developers, so anyone can build and publish an instant app today.
Use the same code to generate the instant app, use feature modules to define what can be included/removed for instant apps. Look for modularize feature in android studio. They also will have optimization tools to make these features faster.
What’s new in Android O keynote…
Picture in picture is coming to Android O. similar to the way YouTube will let the video reduce to a thumbnail while you scroll other videos in a search. Only now the video can be a thumbnail while you open evernote and write notes
Android O color management will allow colors to be more consistent across devices.
Multi-display. user can choose to send information to multiple displays.
Look for ActivityOptions
$adb shell dumpsys display getMetrics() on mediaPlayer, mediaRecorder…
You can now use an arbitrary number of audio/video tracks.
WebView allows Google Safe Browsing API.
<meta-data   android:name=“andorid.webkit.webview.enableSafeBrowsing†  android:value=“true†/>
Web view safe browsing goes back to lollipop
Seek within videos
animatorSet setCurrentPlayTiem (long); - seek within
Reverse
you can now reverse: reverse();
AutoFill
You can now get user name/password and other from Chrome. https://youtu.be/1N9KveJ-FU8?t=9m17s
This will make logging into apps much easier.
Autofill will be included in basic form inputs: Â text view, edit text.. no extra work required
You can use hints to the auto-fill api to define data types. Autofill apis for custom veiws and opaque hierarchies
Fonts
Text Stuff: font files can be added to font directory. Downloadable fonts: declare font to be downloaded and cached.  Font provider in Google play services v1.  There is a beta version available. Access to all 800 google fonts
Auto-sizing Text Views
Fonts with auto-resize will change font size as you resize their container. In the past, the container may grow, but the fonts stay the same size. Now they can grow with the container.
AccessibilityService Utilities
Language detection, accessibility button, separate volume controls, finger print
FindViewById update
Current:
View.java: public View findViewById (int id); TextView tv = (TextView) findViewbyId(R.id.mytextview);
Android O
View.java: public <T extends view> findViewById(int id) TextView tv = findViewById (R.id.mytextview);
Adaptive Icons.
We will need to worry about Adaptive Icons with future releases. Developers provide background + foreground * mask for multiple devices.
Pin request.
Ask people to pin our app to desktop. ShortcutManager and appWidgetManager. requestPinAppWidget…
Notifications
Notifications are getting more power in O. The user should always be in control. Users and developers want ability to tweak notifications from an app. Notification channels give developers and users fine grain control. Apps can define channels, assign notifications to channels, post notifications
Note: Once you target O. You must use channels or notifications will be dropped!
Strict Mode
Thread policy. unbuffered i/o, VM policy
Media file access
Seekable file descriptors from custom document provider. useful for large remote sources. Â Cached data. statey below the quota to avoid aggressive deletion. Use storage manager
getCacheQuoteBytes() allocateBytes() setCacheBehaviorTombstone()
Security
Privacy ANDROID_ID is now different for every app,user
net.hostname is empty
Google Play Protect, scans apps on user’s phone. now they are making it obvious by giving the user a notification when it scans and lets them know the state.
Android Studio 3.0
Kotlin available today.
- You can copy java and paste within kotlin file and it will automatically convert to kotlin code.
- Java: new packages for java.time, java.nio.file, java.lang.invoke
- Runtime: Concurrent -copying collector.
- Smaller heap, faster allocations, faster collections
- v26 has emojiCompat – bundled or updatable.
Animation
Physics animation: velocity, springs, force. This simplifies the process. It is more natural, interactive, interruptible.
Look at ChainedSpringDemo
Architecture components:
easier android development. lifecycle
Background apps:
- location is only going to get coarse grained location info
- wakelocks for cached apps – wakelock is released
- background execution limits
Alert windows
TYPE_APPLICATION_OVERLAY must be used
Leave a Reply