Author Archives: Android Developers

Diagnose and understand your app’s GPU behavior with GAPID

Posted by Andrew Woloszyn, Software Engineer

Developing for 3D is complicated. Whether you're using a native graphics API or enlisting the help of your favorite game engine, there are thousands of graphics commands that have to come together perfectly to produce beautiful 3D images on your phone, desktop or VR headsets.

GAPID (Graphics API Debugger) is a new tool that helps developers diagnose rendering and performance issues with their applications. With GAPID, you can capture a trace of your application and step through each graphics command one-by-one. This lets you visualize how your final image is built and isolate problematic calls, so you spend less time debugging through trial-and-error.

GAPID supports OpenGL ES on Android, and Vulkan on Android, Windows and Linux.

Debugging in action, one draw call at a time

GAPID not only enables you to diagnose issues with your rendering commands, but also acts as a tool to run quick experiments and see immediately how these changes would affect the presented frame.

Here are a few examples where GAPID can help you isolate and fix issues with your application:

What's the GPU doing?

Why isn't my text appearing?!

Working with a graphics API can be frustrating when you get an unexpected result, whether it's a blank screen, an upside-down triangle, or a missing mesh. As an offline debugger, GAPID lets you take a trace of these applications, and then inspect the calls afterwards. You can track down exactly which command produced the incorrect result by looking at the framebuffer, and inspect the state at that point to help you diagnose the issue.

What happens if I do X?

Using GAPID to edit shader code

Even when a program is working as expected, sometimes you want to experiment. GAPID allows you to modify API calls and shaders at will, so you can test things like:

What if I used a different texture on this object?
What if I changed the calculation of bloom in this shader?

With GAPID, you can now iterate on the look and feel of your app without having to recompile your application or rebuild your assets.

Whether you're building a stunning new desktop game with Vulkan or a beautifully immersive VR experience on Android, we hope that GAPID will save you both time and frustration and help you get the most out of your GPU. To get started with GAPID and see just how powerful it is, download it, take your favorite application, and capture a trace!

Source: Android Developers Blog

Welcoming Android 8.1 Oreo and Android Oreo (Go edition)

Posted by Dave Burke, VP of Engineering

At Google for India this Monday, we announced the final release of Android 8.1 Oreo. Android 8.1 Oreo is another exciting step toward bringing to life our vision of an AI-first mobile platform, for everyone, everywhere.

Android 8.1 introduces support for our new Android Oreo (Go edition) software experience for entry-level devices. Android Oreo (Go edition) brings the best of Android to the rapidly growing market for low-memory devices around the world, including your apps and games.

Android 8.1 also introduces the Neural Networks API, a hardware accelerated machine learning runtime to support ML capabilities in your apps. On supported devices, the Neural Networks API enables fast and efficient inference for a range of key use cases, starting with vision-based object classification.

You can get started with Android 8.1 Oreo (API level 27) today. We're pushing sources to Android Open Source Project now, and rolling out the update to supported Pixel and Nexus devices over the next week. We're also working with our device maker partners to bring Android 8.1 to more devices, including Android Oreo (Go edition) devices, in the months ahead.

Android Oreo (Go edition)

As announced at Google I/O 2017, the "Android Go" project is our initiative to optimize the Android experience for billions of people coming online around the world. Starting with Android 8.1, we're making Android a great platform for entry-level devices in the Android Oreo (Go edition) configuration:

Memory optimizations -- Improved memory usage across the platform to ensure that apps can run efficiently on devices with 1GB or less RAM.
Flexible targeting options -- New hardware feature constants to let you target the distribution of your apps to normal or low-RAM devices through Google Play.
Optimized Google apps: Rebuilt and optimized versions of Google apps, using less memory, storage space, and mobile data.
Google Play: While all apps will be available on Android Oreo (Go edition) devices, Google Play will give visibility to apps specifically optimized by developers to provide a great experience for billions of people with the building for billions guidelines.

We've updated the building for billions guidelines with additional guidance on how to optimize your app for Android Oreo (Go edition) devices. For most developers, optimizing your existing APK or using Google Play's Multiple APK feature to target a version of your APK to low-RAM devices is the best way to prepare for Android Oreo (Go edition) devices. Remember that making your app lighter and more efficient benefits your whole audience, regardless of device.

Neural Networks API

The Neural Networks API provides accelerated computation and inference for on-device machine learning frameworks like TensorFlow Lite -- Google's cross-platform ML library for mobile -- as well as Caffe2 and others. TensorFlow Lite is now available to developers, so visit the TensorFlow Lite open source repo for downloads and docs. TensorFlow Lite works with the Neural Networks API to run models like MobileNets, Inception v3, and Smart Reply efficiently on your mobile device.

Autofill enhancements and more

Android 8.1 includes select new features and developer APIs (API level 27), along with the latest optimizations, bug fixes, and security patches. Extend your app with Autofill enhancements, a SharedMemory API, and more. You can also add established Android Oreo features as well, see the Android Oreo site for details.

Test your apps on Android 8.1

If haven't already, take a few moments today to test your apps and make sure they offer the experience you want for users upgrading to Android 8.1 Oreo.

Just install your current app from Google Play onto a device or emulator running Android Oreo and test the user flows. The app should run and look great, and handle the Android Oreo behavior changes properly. In particular, pay attention to background location limits, notification channels, and changes in networking, security, and identifiers.

Speed your development with Android Studio

To build with Android 8.1, we recommend updating to Android Studio 3.0, which is now available from the stable channel. On top of the new app performance profiling tools, support for the Kotlin programming language, and Gradle build optimizations, Android Studio 3.0 makes it easier to develop for Android Oreo features like Instant Apps, XML Fonts, downloadable fonts, and adaptive icons.

With the final platform we're updating the SDK and build tools in Android Studio, as well as the API Level 27 emulator system images. We recommend updating to the Android Support Library 27.0.2, which is available from Google's Maven repository. See the version notes for details on what's new.

As always, we're providing downloadable factory and OTA images on the Nexus Images page to help you do final testing on your Pixel and Nexus devices.

Publish your updates to Google Play

When you're ready, you can publish your APK updates targeting API level 27 in your alpha, beta, or production channels. Make sure that your updated app runs well on Android Oreo as well as older versions. We recommend using beta testing to get early feedback from a small group of users and a pre-launch report to help you identify any issues, then do a staged rollout. Head over to the Android Developers site to find more info on launch best practices. We're looking forward to seeing your app updates!

What's next for Android Oreo?

We'll soon be closing the Developer Preview issue tracker, but please keep the feedback coming! If you still see an issue that you filed in the preview tracker, just file a new issue against Android 8.1 in the AOSP issue tracker. You can also continue to give us feedback or ask questions in the developer community.

Source: Android Developers Blog

Tuning your apps and games for long screen devices

Posted by Fred Chung, Developer Advocate

In recent months, there's a growing trend for handset makers to ship new devices with long screen aspect ratio (stretching beyond 16:9), many of which also sport rounded corners. This attests to the Android ecosystem's breadth and choice. Pixel 2 XL and Huawei Mate 10 Pro are just two of many examples. These screen characteristics could bring a very immersive experience to users and they take notice of apps and games that don't take advantage of the long aspect ratio screen on these new devices. Therefore it is important for developers to optimize for these screen designs. Let's have a look at related support provided by the Android OS.

Optimize for long aspect ratio screens

Most apps using standard UI widgets will likely work out-of-the-box on these devices. Android documentation details techniques for flexibly working on multiple screen sizes. However, some games and apps with custom UIs may run into issues due to incorrect assumptions on certain aspect ratios. We're sharing a few typical issues faced by developers, so you can pay attention to those relevant to you:

Certain sides of the screen are cropped. This makes any graphic or UI elements in the affected regions look incomplete.
Touch targets are offset from UI elements (e.g. buttons). Users may be confused on UI elements that are seemingly interactive.
For full screen mode on rounded corners devices, any UI elements very close to the corners may be outside of the curved corner viewable area. Imagine if a commerce app's "Purchase" button was partially obstructed? We recommend referencing Material Design guidelines by leaving 16dp side margins in layouts.

If responsive UI is really not suitable for your situation, as a last resort declare an explicit maximum supported aspect ratio as follows. On devices with a wider aspect ratio, the app will be shown in a compatibility mode padded with letterbox. Keep in mind that certain device models provide an override for users to force the app into full-screen compatibility mode, so be sure to test under these scenarios too!

Targets API level 26 or higher: Use android:maxAspectRatioattributes.

Targets API level 25 or lower: Use android.max_aspect meta-data. Note that maximum aspect ratio values will be respected only if your activities don't support resizableActivity. See documentation for detail.

System letterboxes an app when the declared maximum aspect ratio is smaller than the device's screen.

Consider using side-by-side activities

Long aspect ratio devices enable even more multi-window use cases that could increase user productivity. Beginning in Android 7.0, the platform offers a standard way for developers to implement multi-window on supported devices as well as perform data drag and drop between activities. Refer to documentation for details.

Testing is crucial. If you don't have access to one of these long screen devices, be sure to test on the emulator with adequate screen size and resolution hardware properties, which are explained in the emulator documentation.

We know you want to delight your users with long screen devices. With a few steps, you can ensure your apps and games taking full advantage of these devices!

Source: Android Developers Blog

Android Things Developer Preview 6

Posted by Wayne Piekarski, Developer Advocate for IoT

The next release of Android Things Developer Preview 6 (DP6) is here with lots of new features and bug fixes. Android Things is Google's platform that enables Android Developers to create Internet of Things (IoT) devices with support for powerful applications such as video and audio processing and on-board machine learning with TensorFlow. For the specifics on what is new, visit the release notes. Here are a few of the highlights of what is in DP6.

IoT launcher

DP6 includes a new IoT launcher that allows the user to see the current state of the device and change settings using a touch screen or USB input devices. Settings such as configuring the WiFi, finding the build ID, and checking for updates is now something that can be done interactively, making it even easier to get started. This launcher is visible when no other developer-provided IOT_LAUNCHER Activity is present.

Graphics acceleration defaults

Android Things uses the open-source SwiftShader library, a CPU-based implementation of the OpenGL ES APIs. This enables common OpenGL support across all platforms, even those with no GPU hardware. However, many simple 2D UIs render faster if the drawing is done directly to the framebuffer and OpenGL emulation is not used. In DP6, OpenGL rendering is disabled by default to ensure that most apps run with the fastest UI possible. If you need OpenGL support for 3D rendering, WebView, or TextureView, then explicitly enable it in your AndroidManifest.xml according to the documentation:

<activity

    ...
    android:hardwareAccelerated="true">

API 27 and Google Play Services

DP6 is now based on the latest Android 8.1 developer preview, with API level 27. Most of the standard Android samples now work on DP6. For example, the Camera2Basic sample using the Camera2 API and TextureView now works on both NXP and Raspberry Pi based devices (with the hardwareAccelerated flag set to true). Google Play Services has been updated to support SDK version 11.6, supporting all the latest features.

Command-line flashing tool

We heard from developers that flashing and configuring a board using fastboot can be tedious, so the Android Things Console now brings a new and simpler way of flashing device images. Instead of using fastboot and adb commands manually, a new interactive command-line android-things-setup-utility is now provided. This tool makes it much easier to get started with Android Things, and automates the download and flashing process.

Android Things Console updates

DP6 introduces the new partition scheme that will be used for the upcoming production release. Due to the new partition layout, the over-the-air update (OTA) system cannot update existing DP5.1 or earlier devices. Developers will need to go to the Android Things Console, and download and flash a new DP6 build. The Console UI has also been changed for DP6 features, and will only allow you to create new builds based on DP6. If you have any older existing builds, they are still available for download but will not support OTA updates. Developers are encouraged to move all work to DP6.

GPIO pin naming

The interactive IoT launcher shown at boot now includes an I/O pinout section where you can discover the labels of all the pins. The pin naming used by the i.MX7 has been changed, and you should update your code to use this new naming convention. See the i.MX7 documentation for the complete list of pin names.

Settings and Device Update APIs

New APIs have been added to Android Things that control the configuration of the local device and device updates. UpdateManager gives developers control over when updates and reboots can be performed, ensuring the device is available for the user when needed. DeviceManager controls factory reset, reboot, and device locales. APIs are also provided for settings such as ScreenManager to control the screen, and TimeManager to control the clock and time zone.

Peripheral command-line tool

We now provide a command-line tool pio that gives developers access to the Peripheral API via the adb shell. Developers can interactively test GPIO, PWM, UART, I2C, SPI, and future interfaces from an adb shell, which is useful for debugging and automated testing.

Feedback

DP6 includes significant changes and improvements to the platform. Please send us your feedback by filing bug reports and feature requests, as well as asking any questions on Stack Overflow. To start using DP6, use the Android Things Console to download system images and flash existing devices, or use the android-things-setup-utility. More information about the changes are available in the release notes. You can also join Google's IoT Developers Community on Google+, a great resource to get updates and discuss ideas. Also, we have our new hackster.io community, where everyone can share the amazing projects they have built. We look forward to seeing what you build with Android Things!

Source: Android Developers Blog

Delve deeper into Android development with our new course!

Posted by Jocelyn Becker, Senior Program Manager, Google Developer Training

If you know the basics of building Android apps and want to delve deeper, take a look at our new Advanced Android Development course built by the Google Developers Training team.

Do you want to learn how to use fragments, add widgets for your app, and fine tune your app's performance? Make your app available to a diverse user base through localization and accessibility features? Use sensors in your app? How about creating custom views, drawing directly to the screen and running animations?

Each lesson in our new course takes you through building an app that illustrates an advanced concept, from incorporating maps into your app to using a SurfaceView to draw outside the main UI thread.

This course is intended for experienced Java programmers who already know the fundamentals of building Android apps. It is a follow-on course to our Android Developer Fundamentals course. The course is intended to be taught as instructor-led training. However, all the materials are published online and are available to anyone who wants to learn more advanced concepts of Android development.

We have published detailed written tutorials, concept guides, slide decks, and most importantly, a treasure trove of apps in GitHub. You can find links to everything at developers.google.com/training/android-advanced.

Educational institutions worldwide are invited to use this course to teach your students. Individual developers are welcome (and encouraged) to work through the tutorials to learn on their own.

Each lesson presents a different, advanced topic, and you can teach or learn each topic independently of the others.

Build apps as you learn how to use sensors, add places to your app, and draw directly to a canvas. And much more!

The new course covers:

using fragments
building widgets
using sensors
measuring and improving application performance
localizing your app
making your app accessible
adding location, places and maps to your apps
creating custom views
drawing to the canvas
drawing to a SurfaceView off the main thread
running animations

Learn more at developers.google.com/training/android-advanced.

Source: Android Developers Blog

Final preview of Android 8.1 now available

Posted by Dave Burke, VP of Engineering

Starting today we're rolling out an update to the Android 8.1 developer preview, the last before the official launch to consumers in December. Android 8.1 adds targeted enhancements to the Oreo platform, including optimizations for Android Go (for devices with 1GB or less of memory) and a Neural Networks API to accelerate on-device machine intelligence. We've also included a few smaller enhancements to Oreo in response to user and developer feedback.

If you have a device enrolled in the Android Beta Program, you'll receive the update over the next few days. If you haven't enrolled yet, just visit the Android Beta site to enroll and get the update.

At the official release in December we'll bring Android 8.1 to all supported Pixel and Nexus devices worldwide -- including Pixel 2 and Pixel 2 XL, Pixel, Pixel XL, Pixel C, Nexus 5X, and Nexus 6P. Watch for announcements soon.

What's in this update?

This preview update includes near-final Android 8.1 system images for Pixel and Nexus devices, with official APIs (API level 27), the latest optimizations and bug fixes, and the November 2017 security patch updates. You can use the images for compatibility testing or to develop using new Android 8.1 features like the Neural Networks API and others.

Also, for Pixel 2 users, the Android 8.1 update on these devices enables Pixel Visual Core -- Google's first custom-designed co-processor for image processing and ML -- through a new developer option. Once enabled, apps using Android Camera API can capture HDR+ shots through Pixel Visual Core. See the release notes for details.

Get your apps ready

With the consumer launch coming in December, it's important to test your current app now. This ensures that users transition seamlessly to Android 8.1 when it arrives on their devices.

Just enroll your eligible device in Android Beta to get the latest update, then install your app from Google Play and test. If you don't have a Pixel or Nexus device, you can set up an Android 8.1 emulator for testing instead. If you notice any issues, fix them and update your app in Google Play right away -- without changing the app's platform targeting.

When you're ready, take advantage of new features and APIs in Android 8.1. See the developer preview site, the API 27 diff report, and the updated API reference for details.

Speed your development with Android Studio

To build with Android 8.1, we recommend updating to Android Studio 3.0, which is now available from the stable channel. On top of the new app performance profiling tools, support for the Kotlin programming language, and Gradle build optimizations, Android Studio 3.0 makes it easier to develop with Android Oreo features like Instant Apps, XML Fonts, downloadable fonts, and adaptive icons.

We also recommend updating to the Android Support Library 27.0.0, which is available from Google's Maven repository. See the version notes for details on what's new.

Publish your updates to Google Play

Google Play is open for apps compiled against or targeting API 27. When you're ready, you can publish your APK updates in your alpha, beta, or production channels.

To make sure your app runs well on Android 8.1 as well as older versions, we recommend using Google Play's beta testing feature to run an alpha test on small group of users. Then run a much open beta test on a much larger group of users. When you're ready to launch your update, you can use a staged rollout in your production channel. We're looking forward to seeing your app updates!

Give us your feedback

As always, your feedback is crucial, so please keep it coming!. We've set up different hotlists where you can report Android platform issues, app compatibility issues, and third-party SDKs and tools issues. We also have a dedicated hotlist for Neural Networks API issues.

You can also give us feedback through the Android Developer community or Android Beta community as we work towards the consumer release in December.

Source: Android Developers Blog

Google Play Referrer API: Track and measure your app installs easily and securely

Posted by Neto Marin, Developer Advocate

Understanding how people find your app and what they do once they've installed it is crucial to helping you make the right product and marketing decisions. This is especially important when you're deciding your advertising strategy and budget. Today many app measurement companies and ad networks offer ad attribution solutions based on referral data. As such accurate install referral data is vital for correctly attributing app installs, as well as discounting fraudulent attempts for install credit.

To help you obtain more accurate and reliable data about your installs, we're introducing the Google Play Install Referrer API, a reliable way to securely retrieve install referral content. Using this API, your app will get precise information straight from the Play Store, including:

The referrer URL of the installed package.
The timestamp, in seconds, of when the referrer click happened.
The timestamp, in seconds, of when the installation began.

We've tested the API with our App Attribution Program partners including Adjust, AppsFlyer, Singular and TUNE.

"The new Play API provides us with the data we need to effectively detect and prevent click injection; it's a monumental step in securing a crucial information exchange on Android."

- Paul Müller, CTO & Co-Founder, Adjust

"The new Google Play API introduces fresh insights into both mobile ad fraud and the mobile user journey, two key domains with impact across the ecosystem."

- Elad Mashiach, VP, AppsFlyer

"Google's new API is a game changer that will help marketing analytics platforms like Singular identify and prevent a significant portion of Ad Fraud, and provide security and accuracy to mobile advertisers"

- Gadi Eliashiv, CEO & Co-Founder, Singular

"This new data from Google Play is essential for marketers who demand accountability out of their mobile app install advertising spend. At TUNE, this data is allowing us to outright eliminate entire forms of mobile app install fraud while providing new insight into how mobile app installs are driven."

– Dan Koch, Chief Technical Officer, TUNE

Starting today, the API works with the Play Store app from version 8.3.73 and later for all developers.

Play Install Referrer Library 1.0 now available

To make it easy to integrate the Install Referrer API, we've released the Install Referrer Library 1.0 for Android. The library is available in our Maven repository. To start using it, add the following dependency to your app module build.gradle file:

dependencies {
          ...
          compile 'com.android.installreferrer:installreferrer:1.0'
      }

All communication with the Play Store app happens through a Service, so the first step is to establish the connection between your app and the Play Store. Also, to receive the connection result and updates it's necessary to implement a listener, InstallReferrerStateListener. This listener could be your current Activity or any other class you want to use:

public class MainActivity extends AppCompatActivity 
    implements InstallReferrerStateListener {
    …
}

Now that you have an InstallReferrerStateListener, you can start binding your app to the Play Store app service. To establish the connection, you must build an InstallReferrerClient instance and call the startConnection() method:

InstallReferrerClient mReferrerClient
...
mReferrerClient = newBuilder(this).build();
mReferrerClient.startConnection(this);

Then, handle the connection result in the onInstallReferrerSetupFinished() method. If the connection is OK, the app can retrieve install referrer information, by calling the getInstallReferrer() method:

@Override
public void onInstallReferrerSetupFinished(int responseCode) {
   switch (responseCode) {
       case InstallReferrerResponse.OK:
           try {
               Log.v(TAG, "InstallReferrer conneceted");
               ReferrerDetails response = mReferrerClient.getInstallReferrer();
               handleReferrer(response);
               mReferrerClient.endConnection();
           } catch (RemoteException e) {
               e.printStackTrace();
           }
           break;
       case InstallReferrerResponse.FEATURE_NOT_SUPPORTED:
           Log.w(TAG, "InstallReferrer not supported");
           break;
       case InstallReferrerResponse.SERVICE_UNAVAILABLE:
           Log.w(TAG, "Unable to connect to the service");
           break;
       default:
           Log.w(TAG, "responseCode not found.");
   }
}

For more details about the new API and the client library, visit the Install Referrer Client Library page and the reference documentation.

Other Implementations

If you are not able to use our client library, you can use the AIDL interface and establish the connection with Google Play Store on your own. Check out the IGetInstallReferrerService AIDL reference for details of the methods and the service specification.

What's next?

Check out the Play Install Referrer API documentation for details about the new API, the library's reference docs, and our Quick Start guide.

Source: Android Developers Blog

Android Things Contest Winners

Posted by Dave Smith, Developer Advocate for IoT

Back in September, we worked with Hackster.io to encourage the developer community to build smart connected devices using Android Things and post their projects to the Developer Challenge for Android Things. The goal was to showcase the combination of turnkey hardware and a powerful SDK for building and maintaining devices at scale.

Thank you to everyone who participated in the contest and submitted a project or idea. We had over 1100 participants register for the contest, resulting in over 350 submissions. Out of that group, we've chosen three winners. Each winner will receive support and tools from Dragon Innovation to develop their concepts into commercial products. Join us in congratulating the following makers!

Best Enterprise Project: Distributed Air Quality Monitoring

Maker: James Puderer

Monitor air quality on a street-by-street level using Android Things, Google Cloud IoT Core, and taxis!

This project showcases how Android Things makes it easy to build devices that integrate with the various services provided by the Google Cloud Platform for robust data collection and analysis. It's a clever end-to-end solution that shows understanding of both the problem domain as well as the technology.

Best Start Up Project: BrewCentral

Maker: Trent Shumay and Steven Pridie

Brewing amazing beer is a balance of art, science, and ritual. The BrewCentral system makes it possible for anyone to do an all-grain brew!

BrewCentral pairs a real-time PID controller with the touch-enabled UI and decision-making compute power of Android Things. The result is a system that accurately controls the time, temperature, and flow rates necessary to achieve repeatable results during a brew cycle. The planned enhancements for cloud-based brewing recipes will make this a connected experience for the entire brewing community.

Best IoT Project: BrailleBox - Braille News Reader

Maker: Joe Birch

BrailleBox is a small piece of hardware that empowers users who are hard-of-sight to read the latest news articles in Braille.

This project is a great use case of using IoT to have a social impact. The current proof of concept streams articles from a news feed to the Braille pad, but this project has the potential to leverage machine learning on the device to translate additional input from the physical world into a Braille result.

Honorable Mentions

The community submitted some amazing projects for the contest, which made the choice of picking only three winners extremely difficult. Here are a few of our favorite projects that weren't selected for a prize:

Andro Cart: A shopping cart device powered by Android Things. Designed to help decentralize point of sale (POS) billing.
SIGHT: For the Blind: A pair of smart glasses for the blind, powered by Android Things and TensorFlow.
Industrial IoT Gateway: A smart industrial gateway for the IoT world based on Android Things.
Sentinel: The first semi-autonomous home security robot based on Android Things.
Word Clock: A creative take on reading the time, powered by Android Things. Control it via the Nearby API or the Google Assistant.

We encourage everyone to check out all the new projects in the Google Hackster community, and submit your own as well! You can also join Google's IoT Developers Community on Google+, a great resource to get updates, ask questions, and discuss ideas. We look forward to seeing what exciting projects you build!

Source: Android Developers Blog

Getting your Android app ready for Autofill

Posted by Wojtek Kalicinski, Android Developer Advocate, Akshay Kannan, Product Manager for Android Authentication, and Felipe Leme, Software Engineer on Android Frameworks

Starting in Oreo, Autofill makes it easy for users to provide credit cards, logins, addresses, and other information to apps. Forms in your apps can now be filled automatically, and your users no longer have to remember complicated passwords or type the same bits of information more than once.

Users can choose from multiple Autofill services (similar to keyboards today). By default, we include Autofill with Google, but users can also select any third party Autofill app of their choice. Users can manage this from Settings->System->Languages>Advanced->Autofill service.

What's available today

Today, Autofill with Google supports filing credit cards, addresses, logins, names, and phone numbers. When logging in or creating an account for the first time, Autofill also allows users to save the new credentials to their account. If you use WebViews in your app, which many apps do for logins and other screens, your users can now also benefit from Autofill support, as long as they have Chrome 61 or later installed.

The Autofill API is open for anyone to implement a service. We are actively working with 1Password, Dashlane, Keeper, and LastPass to help them with their implementations towards becoming certified on Android. We will be certifying password managers and adding them to a curated section in the Play Store, which the "Add service" button in settings will link to. If you are a password manager and would like to be certified, please get in touch.

What you need to do as a developer

As an app developer, there are a few simple things you can do to take advantage of this new functionality and make sure that it works in your apps:

Test your app and annotate your views if needed

In many cases, Autofill may work in your app without any effort. But to ensure consistent behavior, we recommend providing explicit hints to tell the framework about the contents of your field. You can do this using either the android:autofillHints attribute or the setAutofillHints() method.

Similarly, with WebViews in your apps, you can use HTML Autocomplete Attributes to provide hints about fields. Autofill will work in WebViews as long as you have Chrome 61 or later installed on your device. Even if your app is using custom views, you can also define the metadata that allows autofill to work.

For views where Autofill does not make sense, such as a Captcha or a message compose box, you can explicitly mark the view as IMPORTANT_FOR_AUTOFILL_NO (or IMPORTANT_FOR_AUTOFILL_NO_EXCLUDE_DESCENDANTS in the root of a view hierarchy). Use this field responsibly, and remember that users can always bypass this by long pressing an EditText and selecting "Autofill" in the overflow menu.

Affiliate your website and mobile app

Autofill with Google can seamlessly share logins across websites and mobile apps ‒ passwords saved through Chrome can also be provided to native apps. But in order for this to work, as an app developer, you must explicitly declare the association between your website with your mobile app. This involves 2 steps:

Step 1: Host a JSON file at yourdomain.com/.well-known/assetlinks.json

If you've used technologies like App Links or Google Smart Lock before, you might have heard about the Digital Asset Links (DAL) file. It's a JSON file placed under a well known location in your website that lets you make public, verifiable statements about other apps or websites.

You should follow the Smart Lock for Passwords guide for information about how to create and host the DAL file correctly on your server. Even though Smart Lock is a more advanced way of signing users into your app, our Autofill service uses the same infrastructure to verify app-website associations. What's more, because DAL files are public, third-party Autofill service developers can also use the association information to secure their implementations.

Step 2: Update your App's Manifest with the same information

Once again, follow the Smart Lock for Passwords guide to do this, under "Declare the association in the Android app."

You'll need to update your app's manifest file with an asset_statements resource, which links to the URL where your assetlinks.json file is hosted. Once that's done, you'll need to submit your updated app to the Play Store, and fill out the Affiliation Submission Form for the association to go live.

When using Android Studio 3.0, the App Links Assistant can generate all of this for you. When you open the DAL generator tool (Tools -> App Links Assistant -> Open Digital Asset Links File Generator), simply make sure you enable the new checkbox labeled "Support sharing credentials between the app and website".

Then, click on "Generate Digital Asset Links file", and copy the preview content to the DAL file hosted on your server and in your app. Please remember to verify that the selected domain names and certificates are correct.

Future work

It's still very early days for Autofill in Android. We are continuing to make some major investments going forward to improve the experience, whether you use Autofill with Google or a third party password manager.

Some of our key areas of investment include:

Autofill with Google: We want to provide a great experience out of the box, so we include Autofill with Google with all Oreo devices. We're constantly improving our field detection and data quality, as well as expanding our support for saving more types of data.
WebView support: We introduced initial support for filling WebViews in Chrome 61, and we'll be continuing to test, harden, and make improvements to this integration over time, so if your app uses WebViews you'll still be able to benefit from this functionality.
Third party app support: We are working with the ecosystem to make sure that apps work as intended with the Autofill framework. We urge you as developers to give your app a spin on Android Oreo and make sure that things work as expected with Autofill enabled. For more info, see our full documentation on the Autofill Framework.

If you encounter any issues or have any suggestions for how we can make this better for you, please send us feedback.

Source: Android Developers Blog

How the Pixel 2’s security module delivers enterprise-grade security

Posted by Xiaowen Xin, Android Security Team

The new Google Pixel 2 ships with a dedicated hardware security module designed to be robust against physical attacks. This hardware module performs lockscreen passcode verification and protects your lock screen better than software alone.

To learn more about the new protections, let's first review the role of the lock screen. Enabling a lock screen protects your data, not just against casual thieves, but also against sophisticated attacks. Many Android devices, including all Pixel phones, use your lockscreen passcode to derive the key that is then used to encrypt your data. Before you unlock your phone for the first time after a reboot, an attacker cannot recover the key (and hence your data) without knowing your passcode first. To protect against brute-force guessing your passcode, devices running Android 7.0+ verify your attempts in a secure environment that limits how often you can repeatedly guess. Only when the secure environment has successfully verified your passcode does it reveal a device and user-specific secret used to derive the disk encryption key.

Benefits of tamper-resistant hardware

The goal of these protections is to prevent attackers from decrypting your data without knowing your passcode, but the protections are only as strong as the secure environment that verifies the passcode. Performing these types of security-critical operations in tamper-resistant hardware significantly increases the difficulty of attacking it.

Tamper-resistant hardware comes in the form of a discrete chip separate from the System on a Chip (SoC). It includes its own flash, RAM, and other resources inside a single package, so it can fully control its own execution. It can also detect and defend against outside attempts to physically tamper with it. In particular:

Because it has its own dedicated RAM, it's robust against many side-channel information leakage attacks, such as those described in the TruSpy cache side-channel paper.
Because it has its own dedicated flash, it's harder to interfere with its ability to store state persistently.
It loads its operating system and software directly from internal ROM and flash, and it controls all updates to it, so attackers can't directly tamper with its software to inject malicious code.
Tamper-resistant hardware is resilient against many physical fault injection techniques including attempts to run outside normal operating conditions, such as wrong voltage, wrong clock speed, or wrong temperature. This is standardized in specifications such as the SmartCard IC Platform Protection Profile, and tamper-resistant hardware is often certified to these standards.
Tamper-resistant hardware is usually housed in a package that is resistant to physical penetration and designed to resist side channel attacks, including power analysis, timing analysis, and electromagnetic sniffing, such as described in the SoC it to EM paper.

Security module in Pixel 2

The new Google Pixel 2 ships with a security module built using tamper-resistant hardware that protects your lock screen and your data against many sophisticated hardware attacks.

In addition to all the benefits already mentioned, the security module in Pixel 2 also helps protect you against software-only attacks:

Because it performs very few functions, it has a super small attack surface.
With passcode verification happening in the security module, even in the event of a full compromise elsewhere, the attacker cannot derive your disk encryption key without compromising the security module first.
The security module is designed so that nobody, including Google, can update the passcode verification logic to a weakened version without knowing your passcode first.

Summary

Just like many other Google products, such as Chromebooks and Cloud, Android and Pixel are investing in additional hardware protections to make your device more secure. With the new Google Pixel 2, your data is safer against an entire class of sophisticated hardware attacks.