Android Developers Blog

Posted by Arindam Basu, Borbala Benko, Alan Butler, Edward Cunningham, William Luh Building innovative security features for Android app developers and their users continues to be a priority. As part of this effort, we provide SafetyNet attestation , an API for developers to remotely evaluate whether they are talking to a genuine Android device. SafetyNet examines software and hardware information on the device to assess its integrity. The result is a cryptographically signed statement, attesting basic properties of the device — such as overall integrity and compatibility with Android ( CTS ) — as well as metadata about your app, such as its package name and signature. The following JSON snippet shows an example of how the API reports this information: { "nonce": "R2Rra24fVm5xa2Mg", "timestampMs": 9860437986543, "apkPackageName": "com.package.name.of.requesting.app", "apkCertificateDigestSha256": ["base64 encoded,...

Posted by Purnima Kochikar, Director, Apps and Games Business Development, Google Play Drum roll please! The Google Play Awards are back again this year and will take place Thursday, May 18th at 6:30pm (Pacific Time) during Google I/O, our annual developer festival. The annual ceremony is a great opportunity for the industry to recognize outstanding developers that continue to set the bar for quality apps and games showing a passion for driving innovation and adoption of new platforms and user experiences. This year we'll be honoring partners across 12 award categories, some familiar and some new. Nominees were selected much like last year by cross-functional teams throughout Google who work hand-in-hand with the relevant categories and product areas. While category specific criteria can be found below, the common requirements across all categories focused on high star rating, technical performance and freshness, requiring a launch or major update since April 2016. The winners of ...

Posted by Josh Solt (Partner Developer Manager, Kids Apps at Google Play) and Noemie Dupuy (Founder & Co-CEO at Budge Studios) Developers spend a considerable amount of resources driving users to download their apps, but what happens next is often the most critical part of the user journey. User onboarding is especially nuanced in the kids space since developers must consider two audiences: parents and children. When done correctly, a compelling onboarding experience will meet the needs of both parents and kids while also accounting for unique considerations, such as a child's attention span. Budge Studios has successfully grown their catalog of children's titles by making onboarding a focal point of their business. Their target demographic is three to eight-year olds, and their portfolio of games include top titles featuring Strawberry Shortcake, Hello Kitty, Crayola, Caillou and The Smurfs. "First impressions matter, as do users' first experience with your app....

Posted by  James Lau , Product Manager Yesterday, we released Android Studio 2.4 Preview 6 . Java 8 language features are now supported by the Android build system in the javac/dx compilation path. Android Studio's Gradle plugin now desugars Java 8 class files to Java 7-compatible class files, so you can use lambdas, method references and other features of Java 8. For those of you who tried the Jack compiler, we now support the same set of Java 8 language features but with faster build speed. You can use Java 8 language features together with tools that rely on bytecode, including Instant Run. Using libraries written with Java 8 is also supported. We first added Java 8 desugaring in Android Studio 2.4 Preview 4. Preview 6 includes important bug fixes related to Java 8 language features support. Many of these fixes were made in response to bug reports you filed. We really appreciate your help in improving Android development tools for the community! It's easy to try using Java ...

Posted by Sandie Gong, Developer Relations Program Manager & Chris Iremonger, Android Technical Program Manager Like many other issue trackers at Google, we're upgrading our Android Open Source Project (AOSP) issue tracking system to Issue Tracker . We are hoping to facilitate a better collaboration between our developers and our Android product teams by using a tool we use internally at Google to track bugs and feature requests during product development. Starting today, all issues formerly at code.google.com/p/android/issues will migrate to Issue Tracker under the Android Public Tracker component . You may have noticed that we are already using the new tool to collect feedback on the O Developer Preview ! What has been migrated All open and closed issues you've filed All your starred issues Allissues you've commented on Getting started with Issue Tracker You can learn more about navigating our Issue Tracker from our developer documentation . By default, Issue Track...

Posted by George Burgess, Software Engineer FORTIFY is an important security feature that's been available in Android since mid-2012. After migrating from GCC to clang as the default C/C++ compiler early last year, we invested a lot of time and effort to ensure that FORTIFY on clang is of comparable quality. To accomplish this, we redesigned how some key FORTIFY features work, which we'll discuss below. Before we get into some of the details of our new FORTIFY, let's go through a brief overview of what FORTIFY does, and how it's used. What is FORTIFY? FORTIFY is a set of extensions to the C standard library that tries to catch the incorrect use of standard functions, such as memset, sprintf, open, and others. It has three primary features: If FORTIFY detects a bad call to a standard library function at compile-time, it won't allow your code to compile until the bug is fixed. If FORTIFY doesn't have enough information, or if the code is definitely safe, FORTIFY...

Posted by Tobias Thierer, Software Engineer To improve security, insecure TLS version fallback has been removed from HttpsURLConnection in Android O. What is changing and why? TLS version fallback is a compatibility workaround in the HTTPS stack to connect to servers that do not implement TLS protocol version negotiation correctly. In previous versions of Android, if the initial TLS handshake fails in a particular way, HttpsURLConnection retries the handshake with newer TLS protocol versions disabled. In Android O, it will no longer attempt those retries. Connections to servers that correctly implement TLS protocol version negotiation are not affected. We are removing this workaround because it weakens TLS by disabling TLS protocol version downgrade protections. The workaround is no longer needed, because fewer than 0.01% of web servers relied on it as of late 2015. Will my app be affected? Most apps will not be affected by this change. The easiest way to be sure is to build and test y...

Posted by Giles Hogben, Privacy Engineer Android O introduces some improvements to help provide user control over the use of identifiers. These improvements include: limiting the use of device-scoped identifiers that are not resettable updating the Android O Wi-Fi stack in conjunction with changes to the Wi-Fi chipset firmware used by Pixel, Pixel XL and Nexus 5x phones to randomize MAC addresses in probe requests updating the way that applications request account information and providing more user-facing control Device identifier changes Here are some of the device identifier changes for Android O: Android ID In O, Android ID (Settings.Secure.ANDROID_ID or SSAID) has a different value for each app and each user on the device. Developers requiring a device-scoped identifier, should instead use a resettable identifier, such as Advertising ID , giving users more control. Advertising ID also provides a user-facing setting to limit ad tracking . Additionally in Android O: The ANDROID_ID...

Posted by Wayne Piekarski , Developer Advocate for IoT Today, we are releasing the Developer Preview 3 (DP3) of Android Things , bringing new features and bug fixes to the platform. This preview is part of our commitment to provide regular updates to developers who are building Internet of Things (IoT) products with our platform. Android developers can quickly build smart devices using Android APIs and Google services, while staying secure with updates directly from Google. The System-on-Module (SoM) architecture supports prototyping with development boards, and then scaling them to large production runs while using the same Board Support Package (BSP) from Google. Android Bluetooth APIs DP3 now includes support for all Android Bluetooth APIs in android.bluetooth and android.bluetooth.le , across all Android Things supported hardware. You can now write code that interacts with both Bluetooth classic and low energy (LE) devices just like a regular Android phone. Existing samples such as...

Posted by Christopher Katsaros, Developer Marketing, Android Robinhood  allows users to buy and sell stocks commission-free* in the US. It is designed to make financial investment easy for all users, even if you’ve never traded before. With a team of two Android developers, the company has relied on fast tools like Android Studio to build rich new features, which have helped make Robinhood the highest-rated stock brokerage app on Google Play. Watch Robinhood's Joe Binney, VP of Product Engineering, and Dan Hill, Android Developer, talk about how Android Studio is helping them achieve strong growth on Android. The top Android developers use Android Studio to build powerful and successful apps on Google Play; learn more about the official IDE for Android app development and get started for yourself . Get more tips and watch other success stories in the Playbook for Developers app . *Free trading refers to $0 commissions for Robinhood Financial self-directed individual cash or mar...

Posted By James Smith, Product Manager, Google Play In order to help developers make great games and build their businesses, we offer Google Play Games Services (GPGS). GPGS provides powerful tools to build, analyze and retain your audience and optimize your game. After listening to developer feedback and examining usage, we have decided to remove some of the features so we can focus on making our offering more useful. In December, we announced the end of support for the creation of new iOS accounts given the low usage of GPGS on iOS. Additionally, our latest Native SDK release (2.3) will no longer support integration with iOS and going forward we will not be supporting or updating the iOS SDK. We've also examined the features that GPGS offers. While developers use engagement and reporting tools extensively, there is lower usage for Gifts, Requests, and Quests. We therefore plan to stop supporting Gifts, Requests, and Quests. In order to help developers that do use these features...

Posted by Rich Cannings, Jason Woloz, Neel Mehta, Ken Bodzak, Wentao Chang, Megan Ruthven Google is constantly working to improve our systems that protect users from Potentially Harmful Applications (PHAs). Usually, PHA authors attempt to install their harmful apps on as many devices as possible. However, a few PHA authors spend substantial effort, time, and money to create and install their harmful app on one or a very small number of devices. This is known as a targeted attack . In this blog post, we describe Chrysaor, a newly discovered family of spyware that was used in a targeted attack on a small number of Android devices, and how investigations like this help Google protect Android users from a variety of threats. What is Chrysaor? Chrysaor is spyware believed to be created by NSO Group Technologies , specializing in the creation and sale of software and infrastructure for targeted attacks. Chrysaor is believed to be related to the Pegasus spyware that was first identified on i...