Category Archives: Android Developers Blog

An Open Handset Alliance Project

Updating your games for modern Android

Posted by Tom Greenaway, Senior Partner Developer Advocate

Last year we announced that starting from August 2018 Google Play will require all new apps and games to target a recent Android API level – set to API level 26 (Android 8.0 Oreo), or higher. Additionally, this requirement will extend to updates for existing apps and games starting from November 2018.

Every new Android version introduces changes that bring significant security and performance improvements – and enhance the user experience of Android overall. Updating your games to target the latest API level ensures that your users can benefit from these improvements, while still allowing your games to run on older Android versions.

Simple next steps:

Install the Android 8.0 Oreo SDK (API level 26) via Android Studio by navigating to (Tools > Android > SDK Manager > Android SDK > SDK Platforms).
Update your game to target API level 26 and see whether your game has any incompatibilities or issues as soon as possible. Update any external dependencies as necessary. Learn more about the incremental changes between versions of Android here.
If you are using an advertising network, SDK or plugin which is incompatible with API level 26, reach out to your contacts and find out their timeline for supporting target API level 26. The sooner they're aware of these changes the better.
If you build your game with Unity, support for target API 26 is built into Unity 5.6.6 and beyond. Simply ensure the latest target API level is selected in your Android build settings for Unity (Build Settings > Android > Player Settings). For versions of Unity 5.6.5 and prior, consult this documentation which includes a workaround for versions dating back to 4.3.
For games built with Unreal, check your Android platform settings has the "Target SDK Version" set to 26.
If you use Cocos2D-X, check the target API level in the gradle.properties file that is generated.

Significant changes to be aware of:

Since API 23, we have required permissions be requested at runtime which helps streamline the app install process.
Since API 24, apps can no longer dynamically link against non-NDK libraries. If your app (including third-party static libraries) contains native code, you should only be using public NDK APIs.
If your game uses Android push notifications, the Google Play Services SDK in your game will need to be updated to version 10.2.1 or above for your game to support API level 26.
If your game uses opaque binary blobs (OBB), then your game must check if it can access the directory before attempting to access the OBB files themselves. We recommend explicitly requesting permission for access using the Runtime Permissions API, and gracefully handling cases wherein the permission is not granted. Additionally, add an entry in the manifest for the external storage access:
```
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
```

Moving ahead

Remember, updating the target API level is just the first step – make sure your game is compatible with the behavior changes between your current target API level and API level 26. Check out further guidance on the changes in past versions of Android to help in your migration process. These policy changes are important for moving the Android ecosystem forward and keeping it healthy for our users – and yours.

How useful did you find this blog post?

★ ★ ★ ★ ★

Source: Android Developers Blog

How creating an Action can complement your Android app

Posted by Neto Marin - Actions on Google Developer Advocate

There are millions of apps in the Android ecosystem, so helping yours get discovered can require some investment. Your app needs to offer something that differentiates it from other similar apps to stand out to users.

Building a companion Action is a fast and simple way to increase your Android app's potential reach by creating a new entrypoint from devices covered by the Google Assistant. This lets you bring your services to users without needing to install anything through voice, and can bring people into your app when it can provide more value.

Your companion Action complements your Android app's experience by offering some of your services through the Google Assistant, which is available on more than 500 million devices including speakers, phones, cars, headphones, and more. Creating an Action provides a frictionless way for users to start engaging with your services wherever the Google Assistant is available.

Creating an Action for the Assistant will extend your brand presence, bringing your services to new devices and contexts as users interact with the Google Assistant.

Feature what your app does better

It is probably a mistake to try to rewrite all of your Android app as a conversational Action, since voice is a different modality with different constraints and usage patterns. Instead, you should start by selecting the most important or popular features in your app that translate well into a voice context and can be more easily accomplished there. Then, you can create your conversational experience to offer these features on Google Assistant devices. Check out the Conversation design site, which has several articles and guides about how to create a great voice UI.

Let's take a look at a hypothetical example. Imagine you have a mobile commerce app. Some features include searching for products, navigating to different categories, adding payment information, and checking out. You could build an Action for the Assistant with most of the same functionality, but we encourage you to look for what makes the most sense in a conversational experience.

In this case, your Action could focus on everything that a user would want to know after they've purchased a product through your Android app or web page. You could offer a quick way to get updates about a purchase's status (if you provide different states for payment/purchase process) and shipment information, or provide an interface for re-ordering a user's favorite products. Then, your users would be able to ask something like, "Hey Google, ask Voice Store about my last purchase."

Or, to reach users who have never made a purchase before, you could create an Action to offer exciting deals for common products. For example, you could create an Action that is invoked with, "Hey Google, ask Voice Store what are the deals on TVs today".

As you can see, starting with a "hero" use case for your Action is an exciting way to introduce conversational features that complement your Android app, and it will take less time than you think.

At Google I/O 2018, we presented a talk, "Integrating your Android apps with the Google Assistant" which contains more details and examples for developers.

Delivering user's purchases across surfaces

In-app purchases, subscriptions, and one-time products have proven successful for Android developers when it comes to monetization, allowing developers to offer different kinds of digital goods and additional value for paying users. These types of monetization are proven to drive user conversion and make the app more profitable.

Google Play Billing offers a series of tools, APIs, and documentation to help developers manage the subscription life-cycle, build server-side validation, and much more. If you are new to in-app billing, check out the Google Play Billing Overview page.

Now, Android developers can expand where users can access these goods or upgraded experiences by offering them through Actions, as well. This expansion is accomplished by honoring the user's entitlements on Google Play across different surfaces and devices, reaching users when they can't (or don't want to) use an app, like while cooking or driving.

For non-Android platforms, you'll need to ask your users to link their accounts. You can then use your user's account history to identify what purchases they've made on other surfaces.

Check the Accessing Digital Purchases page for a step-by-step guide on how to enable access to the user's purchases and request and parse the purchase data.

What's next?

If you are not familiar with Actions on Google yet, start by checking out our overview page, which describes the platform in detail and tells you all you need to know to create your Actions for the Google Assistant.

Stay tuned for more posts about how to improve your Android app experience with Actions on Google.

Thanks for reading!

Source: Android Developers Blog

Android Emulator – AMD Processor & Hyper-V Support

Posted by Jamal Eason, Product Manager, Android

Since the major revamp of the Android Emulator two years ago, we have focused on delivering a fast and feature-rich emulator to help you build great app experiences for users. Today, the Android Emulator is the top device deployed to from Android Studio — more than 2x over physical Android devices. We are humbled to hear from many of you that the Android Emulator has come a long way, but we are not done yet.

Making the Android Emulator faster is one of the top priorities for the Android Studio team. Over the last few releases, we have launched quick boot & emulator snapshots for quickly starting and resuming emulator sessions in under 2 seconds. Up until now, our emulator experience has almost universally worked on macOS^® and Linux computers. But for users of Microsoft^® Windows^® or the Microsoft^® Hyper-V^™ platform, our hardware accelerated speed enhancements for the Android Emulator only worked with computers with Intel^® processors. Support for AMD^® processors and Microsoft Hyper-V hypervisor are two long-standing user requests from the Android developer community that we are happy to address with this Android Emulator update.

Today, you can download the latest Android Emulator release, which is enabled to run x86 based Android Virtual Devices (AVD) on computers that use AMD processors. This exciting update makes the Android Emulator more accessible to a new set of Android app developers that were previously limited to software emulation, but can now have hardware accelerated performance. Moreover, for those of you who use Hyper-V to run your local app backend, the Android Emulator can now also coexist with other Hyper-V-backed applications on Windows^® 10.

Thanks to a new Microsoft Windows Hypervisor Platform (WHPX) API and recent open-source contributions from Microsoft, even more Android app developers can take advantage of all the speed improvements and features in the Android Emulator.

Android Emulator running on Windows 10 with AMD Processor Screenshot Configuration: Asus ROG Strix GL 702ZC, Processor: AMD^® Ryzen^™ 7 1700 Processor, Chipset: AMD 5350, Graphics: AMD^® Radeon^™ RX580

Support for these technologies was initially available in the v27.3.8 Android Emulator canary release and today we are releasing this set of preview features (AMD processor & Hyper-V support) on the stable channel for more feedback. Alongside this update, we have added additional speed improvements in loading emulator snapshots for those developers using the Intel^® Hardware Accelerated Execution Manager (HAXM).

How to use

Linux

If you use Linux for Android app development, the Android Emulator will continue to use the native Kernel-based Virtual Machine (KVM) hypervisor for both Intel and AMD based computers for a fast and performant virtualization solution. An update to the v27.3.8 Android Emulator will offer you the new snapshots UI along with improvements to performance, reliability and resource usage.

macOS

For OS X v10.10 Yosemite and higher, the Android Emulator uses the built-in Hypervisor.Framework by default, and falls back to using the Intel Hardware Accelerated Execution Manager (HAXM) if Hypervisor.Framework fails to initialize (such as when running on OS X v10.9 or earlier). Once you update to the latest Android Emulator on macOS, you will also have access to the new snapshots UI along with under the hood performance and reliability improvements.

Android Emulator - Snapshots Extended Controls

Microsoft Windows

On Intel x86-based computers, the Android Emulator will continue to use Intel HAXM by default. Intel HAXM is a mature and open-sourced hypervisor solution developed by Intel. Thanks to on-going development by Intel, the fastest emulator performance on Windows is still with Intel HAXM. To download the latest Intel HAXM v7.2.0, check for updates in the Android SDK Manager.

If you have an AMD processor in your computer you need the following setup requirements to be in place:

AMD Processor - Recommended: AMD^® Ryzen^™ processors
Android Studio 3.2 Beta or higher - download via Android Studio Preview page
Android Emulator v27.3.8+ - download via Android Studio SDK Manager
x86 Android Virtual Device (AVD) - Create AVD
Windows 10 with April 2018 Update
Enable via Windows Features: "Windows Hypervisor Platform"

Windows Hypervisor Platform setting in Windows 10

If you want to use Hyper-V at the same time as the Android Emulator on your Intel processor-based computer, you will also need the same Android Studio and Android Emulator versions as listed above, but with the additional requirements:

Enable via Windows Features: "Hyper-V" - Only available for Windows 10 Professional/Education/Enterprise
Intel Processor : Intel^® Core^™ processor that supports Virtualization Technology (VT-x), Extended Page Tables (EPT), and Unrestricted Guest (UG) features. Additionally VT-x needs to be enabled in the BIOS.

For more setup tips and troubleshooting details, check out the documentation page.

Again, for existing Windows users who have an Intel-based processor, the Android Emulator will continue to use the faster and recommended Intel HAXM configuration. For those using AMD processors, and those who use Hyper-V hypervisors, this should be an exciting step forward to start using the Android Emulator.

Next Steps & Feedback

Download the latest Android Emulator from the Android Studio 3.2 Beta SDK Manager for the latest performance updates across all supported platforms that you are using. We are going to continue to invest in performance improvements for each of the platforms and we look forward to your feedback and feature requests.

If you find a bug or issue, feel free to file an issue. Connect with us -- the Android Studio development team ‐ on our Google+ page or on Twitter.

Source: Android Developers Blog

What’s new for text in Android P

Posted by Florina Muntenescu, Developer Advocate & Siyamed Sinir Android Text Technical Lead

In "What's new in Android P Beta" we mentioned two of the new text features in Android.. Now that Android P Beta 2 and the final APIs are here, it's time to dive deeper into what's new for text. We know that TextView is one of the most critical components of the Android view system. This is why we continue to invest in both developer- and user-facing features and API improvements.

PrecomputedText

Displaying text can be complex, encompassing features like multiple fonts, line spacing, letter spacing, text direction, line breaking, hyphenation and more. TextView has to do a lot of work to measure and lay out the given text: reading the font file, finding a glyph, decide the shape, measure the bounding box, and caching the word in an internal word cache. What's more, all of this work takes place on the UI thread, where it could potentially cause your app to drop frames.

We found that measuring text can take up to 90% of the time required to set the text. To solve this problem, in Android P and as part of Jetpack, we introduced a new API: PrecomputedText. This API is available as far back as API 14 via PrecomputedTextCompat.

PrecomputedText enables an app to perform the most time-consuming parts of text layout beforehand, even on a background thread, caching the layout result and returning valuable measurement data. The result of PrecomputedText.create(CharSequence, params) can then be set on a TextView. With this, only about 10% of the work remains to be done by the TextView.

Percentage of time taken to measure and layout text

// UI thread
val params: PrecomputedText.Params = textView.getTextMetricsParams()
val ref = WeakReference(textView)
executor.execute {
    // background thread
    val text = PrecomputedText.create("Hello", params)
    val textView = ref.get()
    textView?.post {
        // UI thread
        val textViewRef = ref.get()
        textViewRef?.text = text
    }
}

Magnifier

Even with features like Smart Text Selection, precisely selecting text can be challenging. Android P introduces the text Magnifier to improve the user experience of selecting text. The magnifier helps users precisely position the cursor or the text selection handles by viewing magnified text through a pane that can be dragged over the text.

Magnifying text in Android P

We wanted users to have the same experience across all apps, whether in custom widgets or during custom text-rendering, so we provided a Magnifier widget that can be applied to any view that is attached to a window. The Magnifier widget can provide a zoomed-in version of any view or surface, not just text.

The Magnifier has 3 main methods: show, update and dismiss. For example, you could call these methods when implementing onTouchEvent-handling for your custom view. This would cause the Magnifier to follow the user's finger along the screen.

fun onTouchEvent(event: MotionEvent): Boolean {
    when (event.actionMasked) {
        MotionEvent.ACTION_DOWN -> 
              magnifier.show(event.x, event.y)
        MotionEvent.ACTION_MOVE -> 
             magnifier.show(event.x, event.y)
        MotionEvent.ACTION_UP -> 
             magnifier.dismiss()
    }
}

Smart Linkify

The Linkify class, which has existed since API 1, allows adding links to text using regexes. On top of that, finding physical addresses spins up a WebView instance to produce the results, which can degrade the performance of the app requesting links. To make link resolution more accurate, especially for internationalized text, and to mitigate the performance degradation caused by the WebView, we created Smart Linkify. Smart Linkify can be accessed using TextClassifier API.

Smart Linkify uses machine-learning algorithms and models to recognize entities in text. This improves the reliability of the entities recognized. Smart Linkify can, based on entity type,suggest actions that the user can perform. For example, if Smart Linkify recognizes a phone number, the API suggests actions such as sending a text message, making a call, or adding to contacts.

Smart Linkify in Android P

To improve the performance of your app, move the work of generating and applying links to a background thread.

// UI thread
val text: Spannable = ...
val request = TextLinks.Request.Builder(text)
val ref = WeakReference(textView)
executor.execute {
    // background thread
    TextClassifier.generateLinks(request).apply(text)
    val textView = ref.get()
    textView?.post {
        // UI thread
        val textViewRef = ref.get()
        textViewRef?.text = text
    }
}

Line Height and Baseline Text Alignment

Designers sometimes provide layout specifications to developers that do not match existing TextView attributes perfectly. On Android P and in Jetpack we added three attributes, together with their corresponding functions, to help bridge this gap between how designers and developers work.

Setting line height

Before Android P, the spacing between lines could be controlled using the lineSpacingExtra and lineSpacingMultiplier attributes. However, designers will commonly provide these values as a simple line height, instead. For this reason, on Android P, we added the lineHeight attribute to set the line height of the text: that is, the distance between the top and bottom of a line (or distance between subsequent baselines). Under the hood, this attribute actually uses and modifies the existing lineSpacingExtra and lineSpacingMultiplier attributes.

Size of line height and font size

<TextView
    android:layout_height="wrap_content"
    android:layout_width="match_parent"
    android:text="Lorem ipsum dolor sit amet"
    app:lineHeight="50sp"/>

// or in code
TextView.setLineHeight(@Px int)

Setting the baseline text alignment

To control the distances of the first and last baselines from the view boundaries, we added two new attributes: firstBaselineToTopHeight and lastBaselineToBottomHeight.

firstBaselineToTopHeight: Sets the distance between the TextView's top boundary and the baseline of the first line of the TextView. Under the hood this attribute updates the top padding.

lastBaselineToBottomHeight: Sets the distance between the TextView's bottom boundary and the baseline of the last line of the TextView. Under the hood, this attribute actually updates the bottom padding.

Distances between first base line to top and last baseline to bottom

<TextView
    android:layout_height="wrap_content"
    android:layout_width="match_parent"
    android:text="Lorem ipsum dolor sit amet"
    app:firstBaselineToTopHeight="28sp"
    app:lastBaselineToBottomHeight="20sp"/>

// or in code
TextView.setFirstBaselineToTopHeight(@Px int)
TextView.setLastBaselineToBottomHeight(@Px int)

Text plays an important role in a vast majority of apps - it's a crucial part of an app's design language. Text is consumed by users, and it even renders emoji ?. We're continuing to invest in text, improving the experience of both app users and developers.

To learn more about working with text APIs and what's new in Android P for text, check out the Google I/O 2018 talk on "Best practices with text":

Source: Android Developers Blog

Congrats to the new Android Excellence apps and games on Google Play

Posted by Kacey Fahey, Developer Marketing, Google Play

Join us in congratulating the latest apps and games entering the Android Excellence program on Google Play. This diverse group of apps and games is recognized for their high quality, great user experience, and strong technical performance. Whether you're interested in learning meditation or a new language, or are looking for a game about butterflies or warships, we're excited to dive in to these new collections.

Check out a few of our highlighted apps.

Beelinguapp: Learn a new language with this unique app. Read and listen to stories with side by side text of the language you're learning, while following along with your language as a reference.
Fortune City: If you're looking for a fun app to help manage your personal finances, learn how Fortune City teaches good budgeting habits as you build a prospering metropolis.
ShareTheMeal: Feed a child in need with one tap on your phone, or create a team to fight hunger together with your friends, using this app by the World Food Programme.

Test your skills with these highlighted games.

Animal Crossing™: Pocket Camp: Take on the role of campsite manager as you collect items to decorate and build your ultimate dream campsite. Meet animals, build friendships and invite your favorite animals over for a fun time.
Cash, Inc.: Be the big boss of your business empire in this fun game. Work your way up to join a community of business elites and become the most famous money tycoon.
Shadowgun Legends: Save humanity from an alien invader in an epic Story Campaign spanning over 200+ mission on 4 diverse planets. Along the way, customize your character, team up with friends, and become a celebrity of the Shadowgun Universe.

See the full list of Android Excellence apps and games.

New Android Excellence apps	New Android Excellence games
Beelinguapp BTFIT Fortune City Letras.mus.br LingoDeer Memrise PicsArt Pocket Casts ShareTheMeal The Mindfulness App Tokopedia Trello VivaReal Wynk Music	Animal Crossing™: Pocket Camp Cash, Inc. Flutter: Starlight Shadow Fight 3 Shadowgun Legends War Heroes World of Warships Blitz

Explore other great apps and games in the Editors' Choice section on Google Play and discover best practices to help you build quality apps and games.

How useful did you find this blogpost?

★ ★ ★ ★ ★

Source: Android Developers Blog

Android P Beta 3 is now available

Posted by Dave Burke, VP of Engineering

Today we're rolling out Beta 3 of Android P, our next milestone in this year's Android P developer preview. With the developer APIs already finalized in the previous update, Beta 3 now takes us very close to what you'll see in the final version of Android P, due later this summer.

Android P Beta 3 includes the latest bug fixes and optimizations for stability and polish, together with the July 2018 security updates. It's a great way to test your apps now to make sure they are ready before the final release. Give Beta 3 a try and let us know what you think!

You can get Android P Beta 3 on Pixel devices by enrolling here. If you're already enrolled and received the Android P Beta 2 on your Pixel device, you'll automatically get the update to Beta 3. Partners who are participating in the Android P Beta program will also be updating their devices to Beta 3 over the coming weeks.

What's in this update?

Today's preview update includes the Beta 3 system images for Pixel devices and the Android Emulator, as well as an update to the Android Studio build tools to include D8 as independent tool. Beta 3 is an early release candidate build of Android with near-final system behaviors and the official Android P APIs (API level 28).

With the Beta 3 system images and updated build tools, you've got everything you need to test your apps or extend them with Android P features like multi-camera support, display cutout, enhanced notifications, ImageDecoder, TextClassifier, and many others. In your testing, make sure to account for App standby buckets, privacy restrictions, and restrictions on non-SDK interfaces.

Get started in a few simple steps

First, make your app compatible and give your users a seamless transition to Android P. Just install your current app from Google Play on an Android P Beta device or emulator and test -- the app should run and look great, and handle the Android P behavior changes properly. After you've made any necessary updates, we recommend publishing to Google Play right away without changing the app's platform targeting.

If you don't have a supported device, remember that you can instead set up an Android Virtual Device on the Android Emulator for your test environment. If you haven't tried the emulator recently, you'll find that it's incredibly fast, boots in under 6 seconds, and even lets you model next-gen screens -- such as long screens and screens with a display cutout.

Next, update your app's targetSdkVersion to 28 as soon as possible, so Android P users of your app can benefit from the platform's latest security, performance, and stability features. If your app is already targeting API 26+ in line with Google Play's upcoming policies, then changing to target API 28 should be a small jump. When you change your targeting, make sure your app supports all of the applicable behavior changes.

It's also important to test your apps for uses of non-SDK interfaces and reduce your reliance on them. As noted recently, Android P restricts access to selected non-SDK interfaces. Watch for logcat warnings that highlight direct uses of restricted non-SDK interfaces and try the new StrictMode method detectNonSdkApiUsage() to catch accesses programmatically. Where possible, you should move to using public equivalents from the Android SDK or NDK. If there's no public API that meets your use-case, please let us know.

When you're ready, dive into Android P and learn about the new features and APIs that you can use in your apps. To build with the new APIs, just download the official API 28 SDK and tools into Android Studio 3.1, or use the latest version of Android Studio 3.2. Then update your project's compileSdkVersion and targetSdkVersion to API 28.

Visit the Developer Preview site for details and documentation. Also check out this video and the Google I/O Android playlist for more on what's new in Android P for developers.

Publish to Google Play alpha, beta, or production channels

As soon as you're ready, publish your APK updates that are compiled against, or optionally targeting, API 28. Publishing an update to Google Play during the preview lets you push updates to existing users to test compatibility on their devices.

To make sure that your updated app runs well on Android P as well as older versions, a common strategy is to use Google Play's beta testing feature. With beta testing you can get early feedback from a small group of users -- including Beta 3 users — and then do a staged rollout to production.

What's next?

Thanks for all of your feedback so far. Please continue to share feedback or requests as we work towards the consumer release later this summer. Feel free to use our hotlists for platform issues, app compatibility issues, and third-party SDK issues.

Also, the Android engineering team will host a Reddit AMA on r/androiddev to answer your technical questions about Android P on July 19 from 11:30-1 PM (Pacific Time). Look out for an announcement on r/androiddev in the coming weeks. We look forward to addressing your questions!

Source: Android Developers Blog

Improving discovery of quality apps and games on the Play Store

Posted by Paul Bankhead, Director, Product Management, Google Play

Every day, millions of people come to the Play Store to discover the best apps and games. As part of our continued effort to deliver great experiences to our users, we regularly update the Play Store to help people find and discover safe, high quality, and relevant apps and games.

Over the last year, we've been enhancing our search and discovery algorithms' consideration of app quality and user engagement. This means that apps and games that have high retention rates, low crash rates, low uninstalls, and many other factors, are recommended more often.

Recently, we increased the importance of engagement and app quality in our recommendation systems and users reacted favorably to the changes. With more high quality titles being surfaced in the Play Store's recommendations, people are playing the games they download more often.

We believe that providing great experiences for our users on Google Play will encourage a healthier, growing Android ecosystem. We encourage all developers to review some of the suggestions in this post and on developers.android.com for guidance and best practices.

Source: Android Developers Blog

A New Universal Music Player

Posted by Nicole Borrelli, Android Developer, Programs Engineer

The Universal Android Music Player (or "UAMP") is a favorite on GitHub for music app developers with over 9,500 stars and 3,000 forks. Since UAMP was first released, Android development has changed significantly. ExoPlayer has improved, Architecture Components were introduced, and Kotlin became a first-class language for Android developers.

We decided that the best way to integrate the modern features for our beloved music app would be to re-write UAMP.

UAMP v2 was built from the ground up in Kotlin. The UI is built around ViewModels and LiveData. Playback, and particularly integration with MediaSessionCompat, was vastly simplified by utilizing the MediaSession extension of ExoPlayer.

We also added a bunch of new songs by The Kyoto Connection and Kai Engel.

There are some features from UAMP v1 that haven't been integrated into the new code yet. The missing features include Android TV with the Leanback library and remote playback via Google Cast. Even though these features aren't yet included in v2, we wanted to show you the new updates as soon as possible. The old code will continue to be available in the v1 branch on GitHub, so please take a look there to see how to use those features in a music app.

We would love your feedback on which features to add next. We are considering offline playback, improving the integration with Android Auto, and using the upcoming Navigation components of Jetpack for the UI. We'll be creating GitHub issues for features and improvements to help you let us know what is most important to you. Go vote on these features to let us know where we should focus our efforts.

We'd also like to invite you to open pull requests for bug fixes and features that are missing. See the contributions process for more information.

Grab the code from GitHub!

Source: Android Developers Blog

Automating your app releases with Google Play

Posted by Nicholas Lativy, Software Engineer

At Google I/O we shared how Google's own apps make use of Google Play for successful launches and updates and introduced the new Google Play Developer Publishing API Version 3.

The Publishing API enables you to integrate publishing operations into your existing release process or automated workflows by providing the ability to upload APKs and roll out releases. Here's an overview of some of the improvements you can now take advantage of in Version 3 of the API.

Releases in the API

The Publishing API now uses the release model you are familiar with from the Play Console.

{
  "track": "production",
  "releases": [
    {
      "name": "Release One", 
      "versionCodes": ["100"],
      "status": "completed"
    }
  ]
}

This gives you full control over releases via the API allowing a number of operations which were previously available only in the Play Console. For example, you can now control the name of releases created via the API, and we have now relaxed the constraints on what can be rolled out via the API to match the Play Console.

Additional testing tracks

The API now supports releasing to any of the testing tracks you have configured for your application as well as the production track. This makes it possible to configure your continuous integration system to push a new build to your internal test track as soon as it's ready for QA.

Staged rollout

Staged rollouts are the recommended way to deploy new versions of your app. They allow you to make your new release available to a small percentage of users and gradually increase this percentage as your confidence in the release grows.

Staged rollouts are now represented directly in the API as inProgress releases.

{
  "track": "production",
  "releases": [
    {
      "versionCodes": ["100"],
      "status": "completed"
    },
    {
      "versionCodes": ["200"],
      "status": "inProgress",
      "userFraction": 0.1
    }
  ]
}

You can now halt a staged rollout via the API by changing its status to halted. This makes it possible to automatically respond to any problems you detect while performing a rollout. If it turns out to be a false alarm, the API now also allows you to resume a halted release by changing its status back to inProgress.

Release notes

Release notes are a useful way to communicate to users new features you have added in a release. In V3 we have simplified how these are specified via the API by adding the releaseNotes field to release.

{
  "track": "production",
  "releases": [
    {
      "versionCodes": ["100"],
      "status": "completed",
      "releaseNotes": [
        {
          "language": "en-US",
          "text": "Now it's easier to specify release notes."
        },
        {
           "language": "it-IT",
           "text": "Ora è più semplice specificare le note sulla versione."
        }
    }
  ]
}

Draft releases

We know that while many developers are comfortable deploying test builds automatically, they like using the Play Console when rolling out to production.

So, in the V3 API we have added the ability to create and manage Draft Releases.

{
  "track": "production",
  "releases": [
    {
      "name": "Big Launch",
      "versionCodes": ["200"],
      "status": "draft"
    }
  ]
}

This allows you to upload APKs or App Bundles and create a draft release from your continuous integration system, and then have your product manager log in, check that everything looks good, and hit "Confirm and Rollout".

We hope you find these features useful and take advantage of them for successful launches and updates with Google Play. If you're interested in some of the other great tools for distributing your apps, check out the I/O sessions which have now been posted to the Android Developers YouTube Channel.

How useful did you find this blogpost?

★ ★ ★ ★ ★

Source: Android Developers Blog

Compiler-based security mitigations in Android P

Posted by Ivan Lozano, Information Security Engineer

Android's switch to LLVM/Clang as the default platform compiler in Android 7.0 opened up more possibilities for improving our defense-in-depth security posture. In the past couple of releases, we've rolled out additional compiler-based mitigations to make bugs harder to exploit and prevent certain types of bugs from becoming vulnerabilities. In Android P, we're expanding our existing compiler mitigations, which instrument runtime operations to fail safely when undefined behavior occurs. This post describes the new build system support for Control Flow Integrity and Integer Overflow Sanitization.

Control Flow Integrity

A key step in modern exploit chains is for an attacker to gain control of a program's control flow by corrupting function pointers or return addresses. This opens the door to code-reuse attacks where an attacker executes arbitrary portions of existing program code to achieve their goals, such as counterfeit-object-oriented and return-oriented programming. Control Flow Integrity (CFI) describes a set of mitigation technologies that confine a program's control flow to a call graph of valid targets determined at compile-time.

While we first supported LLVM's CFI implementation in select components in Android O, we're greatly expanding that support in P. This implementation focuses on preventing control flow manipulation via indirect branches, such as function pointers and virtual functions—the 'forward-edges' of a call graph. Valid branch targets are defined as function entry points for functions with the expected function signature, which drastically reduces the set of allowable destinations an attacker can call. Indirect branches are instrumented to detect runtime violations of the statically determined set of allowable targets. If a violation is detected because a branch points to an unexpected target, then the process safely aborts.

Figure 1. Assembly-level comparison of a virtual function call with and without CFI enabled.

For example, Figure 1 illustrates how a function that takes an object and calls a virtual function gets translated into assembly with and without CFI. For simplicity, this was compiled with -O0 to prevent compiler optimization. Without CFI enabled, it loads the object's vtable pointer and calls the function at the expected offset. With CFI enabled, it performs a fast-path first check to determine if the pointer falls within an expected range of addresses of compatible vtables. Failing that, execution falls through to a slow path that does a more extensive check for valid classes that are defined in other shared libraries. The slow path will abort execution if the vtable pointer points to an invalid target.

With control flow tightly restricted to a small set of legitimate targets, code-reuse attacks become harder to utilize and some memory corruption vulnerabilities become more difficult or even impossible to exploit.

In terms of performance impact, LLVM's CFI requires compiling with Link-Time Optimization (LTO). LTO preserves the LLVM bitcode representation of object files until link-time, which allows the compiler to better reason about what optimizations can be performed. Enabling LTO reduces the size of the final binary and improves performance, but increases compile time. In testing on Android, the combination of LTO and CFI results in negligible overhead to code size and performance; in a few cases both improved.

For more technical details about CFI and how other forward-control checks are handled, see the LLVM design documentation.

For Android P, CFI is enabled by default widely within the media frameworks and other security-critical components, such as NFC and Bluetooth. CFI kernel support has also been introduced into the Android common kernel when building with LLVM, providing the option to further harden the trusted computing base. This can be tested today on the HiKey reference boards.

Integer Overflow Sanitization

The UndefinedBehaviorSanitizer's (UBSan) signed and unsigned integer overflow sanitization was first utilized when hardening the media stack in Android Nougat. This sanitization is designed to safely abort process execution if a signed or unsigned integer overflows by instrumenting arithmetic instructions which may overflow. The end result is the mitigation of an entire class of memory corruption and information disclosure vulnerabilities where the root cause is an integer overflow, such as the original Stagefright vulnerability.

Because of their success, we've expanded usage of these sanitizers in the media framework with each release. Improvements have been made to LLVM's integer overflow sanitizers to reduce the performance impact by using fewer instructions in ARM 32-bit and removing unnecessary checks. In testing, these improvements reduced the sanitizers' performance overhead by over 75% in Android's 32-bit libstagefright library for some codecs. Improved Android build system support, such as better diagnostics support, more sensible crashes, and globally sanitized integer overflow targets for testing have also expedited the rollout of these sanitizers.

We've prioritized enabling integer overflow sanitization in libraries where complex untrusted input is processed or where there have been security bulletin-level integer overflow vulnerabilities reported. As a result, in Android P the following libraries now benefit from this mitigation:

libui
libnl
libmediaplayerservice
libexif
libdrmclearkeyplugin
libreverbwrapper

Future Plans

Moving forward, we're expanding our use of these mitigation technologies and we strongly encourage vendors to do the same with their customizations. More information about how to enable and test these options will be available soon on the Android Open Source Project.

Acknowledgements: This post was developed in joint collaboration with Vishwath Mohan, Jeffrey Vander Stoep, Joel Galenson, and Sami Tolvanen