Thursday, July 28, 2016

Announcing Android add-ons for Docs and Sheets







We know many of you consider your mobile device as your primary tool to consume business information, but what if you could use it to get more work done, from anywhere?

We�re excited to introduce Android add-ons for Docs and Sheets, a new way for you to do just that�whether it�s readying a contract you have for e-signature from your phone, or pulling in CRM data on your tablet for some quick analysis while waiting for your morning coffee, Android add-ons can help you accomplish more.





Get more done with your favorite third-party apps, no matter where you are


We�ve worked with eight integration partners who have created seamless integrations for Docs and Sheets. Here�s a preview of just a few of them:




  • DocuSign - Trigger or complete a signing process from Docs or Sheets, and save the executed document to Drive. Read more here.






DocuSign lets you easily create signature envelopes right from Google Docs



  • ProsperWorks - Import your CRM data to create and update advanced dashboards, reports and graphs on Sheets, right from your device. Read more here.

  • AppSheet - Create powerful mobile apps directly from your data in Sheets instantly � no coding required. Read more here.

  • Scanbot - Scan your business documents using built-in OCR, and insert their contents into Docs as editable text. Read more here.






You can find these add-ons and many more, including PandaDoc, ZohoCRM, Teacher Aide, EasyBib and Classroom in our Google Play collection as well as directly from the add-on menus in Docs or Sheets.






Try them out today, and see how much more you can do.






Calling all developers: try our developer preview today!



As you can see from above, Android add-ons offer a great opportunity to build
innovative integrations and reach Docs and Sheets users around the world.
They�re basically Android apps that connect with href="http://developers.google.com/apps-script?utm_campaign=android_discussion_googledocs_072816&utm_source=anddev&utm_medium=blog">Google Apps Script projects
on the server-side, allowing them to access and manipulate data from Google Docs
or Sheets using standard Apps Script techniques. Check out href="https://developers.google.com/apps-script/add-ons/mobile?utm_campaign=android_discussion_googledocs_072816&utm_source=anddev&utm_medium=blog">our
documentation which includes href="https://developers.google.com/apps-script/add-ons/mobile/mobile-style?utm_campaign=android_discussion_googledocs_072816&utm_source=anddev&utm_medium=blog">UI
guidelines as well as href="https://developers.google.com/apps-script/add-ons/mobile/?utm_campaign=android_discussion_googledocs_072816&utm_source=anddev&utm_medium=blog#see_what_you_can_make">sample
code to get you started. We�ve also made it easy for you to publish your
apps with the Apps Script editor.



Android add-ons are available today as a developer preview. We look forward to
seeing what you build!

Wednesday, July 27, 2016

Protecting Android with more Linux kernel defenses


Posted by Jeff Vander Stoep, Android Security team



Android relies heavily on the Linux kernel for enforcement of its security
model. To better protect the kernel, we�ve enabled a number of mechanisms within
Android. At a high level these protections are grouped into two
categories�memory protections and attack surface reduction.


Memory protections



One of the major security features provided by the kernel is memory protection
for userspace processes in the form of address space separation. Unlike
userspace processes, the kernel�s various tasks live within one address space
and a vulnerability anywhere in the kernel can potentially impact unrelated
portions of the system�s memory. Kernel memory protections are designed to
maintain the integrity of the kernel in spite of vulnerabilities.


Mark memory as read-only/no-execute



This feature segments kernel memory into logical sections and sets restrictive
page access permissions on each section. Code is marked as read only + execute.
Data sections are marked as no-execute and further segmented into read-only and
read-write sections. This feature is enabled with config option
CONFIG_DEBUG_RODATA. It was put together by Kees Cook and is based on a subset
of Grsecurity�s KERNEXEC feature by Brad
Spengler and Qualcomm�s CONFIG_STRICT_MEMORY_RWX feature by Larry Bassel and
Laura Abbott. CONFIG_DEBUG_RODATA landed in the upstream kernel for arm/arm64
and has been backported to Android�s 3.18+ arm/href="https://android-review.googlesource.com/#/c/174947/">arm64 common
kernel.


Restrict kernel access to userspace



This feature improves protection of the kernel by preventing it from directly
accessing userspace memory. This can make a number of attacks more difficult
because attackers have significantly less control over kernel memory
that is executable, particularly with CONFIG_DEBUG_RODATA enabled. Similar
features were already in existence, the earliest being Grsecurity�s UDEREF. This
feature is enabled with config option CONFIG_CPU_SW_DOMAIN_PAN and was
implemented by Russell King for ARMv7 and backported to href="https://android-review.googlesource.com/#/q/topic:sw_PAN">Android�s
4.1 kernel by Kees Cook.


Improve protection against stack buffer overflows



Much like its predecessor, stack-protector, stack-protector-strong protects
against stack
buffer overflows
, but additionally provides coverage for href="https://outflux.net/blog/archives/2014/01/27/fstack-protector-strong/">more
array types, as the original only protected character arrays.
Stack-protector-strong was implemented by Han Shen and href="https://gcc.gnu.org/ml/gcc-patches/2012-06/msg00974.html">added to the gcc
4.9 compiler.


Attack surface reduction



Attack surface reduction attempts to expose fewer entry points to the kernel
without breaking legitimate functionality. Reducing attack surface can include
removing code, removing access to entry points, or selectively exposing
features.


Remove default access to debug features



The kernel�s perf system provides infrastructure for performance measurement and
can be used for analyzing both the kernel and userspace applications. Perf is a
valuable tool for developers, but adds unnecessary attack surface for the vast
majority of Android users. In Android Nougat, access to perf will be blocked by
default. Developers may still access perf by enabling developer settings and
using adb to set a property: �adb shell setprop security.perf_harden 0�.



The patchset for blocking access to perf may be broken down into kernel and
userspace sections. The href="https://android-review.googlesource.com/#/c/234573/">kernel patch is
by Ben Hutchings and is
derived from Grsecurity�s CONFIG_GRKERNSEC_PERF_HARDEN by Brad Spengler. The
userspace changes were href="https://android-review.googlesource.com/#/q/topic:perf_harden">contributed
by Daniel Micay. Thanks to href="https://conference.hitb.org/hitbsecconf2016ams/sessions/perf-from-profiling-to-kernel-exploiting/">Wish
Wu and others for responsibly disclosing security vulnerabilities in perf.


Restrict app access to ioctl commands



Much of Android security model is described and enforced by SELinux. The ioctl()
syscall represented a major gap in the granularity of enforcement via SELinux.
Ioctl command
whitelisting with SELinux
was added as a means to provide per-command
control over the ioctl syscall by SELinux.



Most of the kernel vulnerabilities reported on Android occur in drivers and are
reached using the ioctl syscall, for example href="https://source.android.com/security/bulletin/2016-03-01.html#elevation_of_privilege_vulnerability_in_mediatek_wi-fi_kernel_driver">CVE-2016-0820.
Some ioctl commands are needed by third-party applications, however most are not
and access can be restricted without breaking legitimate functionality. In
Android Nougat, only a small whitelist of socket ioctl commands are available to
applications. For select devices, applications� access to GPU ioctls has been
similarly restricted.


Require seccomp-bpf



Seccomp provides an additional sandboxing mechanism allowing a process to
restrict the syscalls and syscall arguments available using a configurable
filter. Restricting the availability of syscalls can dramatically cut down on
the exposed attack surface of the kernel. Since seccomp was first introduced on
Nexus devices in Lollipop, its availability across the Android ecosystem has
steadily improved. With Android Nougat, seccomp support is a requirement for all
devices. On Android Nougat we are using seccomp on the mediaextractor and
mediacodec processes as part of the href="http://android-developers.blogspot.com/2016/05/hardening-media-stack.html">media
hardening effort.


Ongoing efforts



There are other projects underway aimed at protecting the kernel:


  • The href="http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project">Kernel
    Self Protection Project is developing runtime and compiler defenses for the
    upstream kernel.
  • Further sandbox tightening and attack surface reduction with SELinux is
    ongoing in AOSP.
  • href="https://www.chromium.org/chromium-os/developer-guide/chromium-os-sandboxing#h.l7ou90opzirq">Minijail
    provides a convenient mechanism for applying many containment and sandboxing
    features offered by the kernel, including seccomp filters and namespaces.
  • Projects like href="https://www.kernel.org/doc/Documentation/kasan.txt">kasan and href="https://www.kernel.org/doc/Documentation/kcov.txt">kcov help fuzzers
    discover the root cause of crashes and to intelligently construct test cases
    that increase code coverage�ultimately resulting in a more efficient bug hunting
    process.


Due to these efforts and others, we expect the security of the kernel to
continue improving. As always, we appreciate feedback on our work and welcome
suggestions for how we can improve Android. Contact us at href="mailto:security@android.com">security@android.com.



Android Developer Story: Culture Alley reaches millions of English learners on Google Play

Posted by Lily Sheringham, Google Play team



href="https://play.google.com/store/apps/developer?id=Culture%20Alley&hl=en_GB">Culture
Alley developed the app href="https://play.google.com/store/apps/details?id=com.CultureAlley.japanese.english&hl=en_GB&e=-EnableAppDetailsPageRedesign">Hello
English to help Indians learn English through gamification, supporting over
15 dialects. More than 13 million people now use Hello English in India and
around the world.



Hear Nishant Patni, Founder & CEO and Pranshu Bhandari, Co-Founder, explain how
they optimized the app to address challenges faced by emerging markets. Learn
how they used various Google Play tools to address varying levels of
connectivity and device capabilities, and improve user retention.




href="https://play.google.com/store/books/details/Google_Inc_The_Building_for_Billions_Playbook_for?id=cJEjDAAAQBAJ&e=-EnableAppDetailsPageRedesign">Learn
more best practices about building for billions and href="https://www.youtube.com/watch?v=PfwHq8w9GBc&list=PLWz5rJ2EKKc_ElGrEtiEXc83m1SeYu3-Q&index=11">watch
the �10 tips to build an app for billions of users� video to get more tips.
Also, get the
Playbook for Developers app
and stay up-to-date with more features and best
practices that will help you grow a successful business on Google Play.

Tuesday, July 26, 2016

Introducing new app categories -- From Art to Autos to Dating -- to help users better find your apps

Posted by By Sarah Karam, Google Play Apps Business Development




With more than 1 billion active users in 190 countries around the world, Google
Play continues to be an important distribution platform for you to build a
global audience. To help you get your apps in front of more users, it�s
important to make them more quickly and easily discoverable in Google Play.
That�s why we rolled out major features, such as href="https://adwords.googleblog.com/2015/07/launching-search-ads-on-play.html">Search
Ads, href="https://play.google.com/store/apps/collection/promotion_3001ed4_indie_corner?hl=en&e=-EnableAppDetailsPageRedesign">Indie
Corner, href="https://developer.android.com/distribute/users/experiments.html">store
listing experiments, and more, over the past year.



To improve the overall search experience, we�re introducing new app categories
and renaming a few existing ones, making them more comprehensive and relevant to
what users are looking for today.



The new categories include:


  • Art & Design
  • Auto & Vehicles
  • Beauty
  • Dating
  • Events
  • Food & Drink
  • House & Home
  • Parenting


In addition, the �Transportation� category will be renamed �Maps & Navigation,�
and the �Media & Video� category will be renamed �Video Players & Editors.�



To select a new category for your app or game


  1. Sign in to your Google Play
    Developer Console
    .
  2. Select an app.
  3. On the left menu, click Store Listing.
  4. Under "Categorization," select an application type and category.
  5. Near the top of the page, click Save draft (new apps) or Submit update
    (existing apps).


Newly added categories will be available on Google Play within 60 days. If you
choose a newly added category for an app before the category is available for
users, your current app category may change. See additional details and view our
full list of categories in the href="https://support.google.com/googleplay/android-developer/answer/113475">Help
Center.

Friday, July 22, 2016

Improvements for smaller app downloads on Google Play


Posted by Anthony Morris, SWE Google Play and Andrew Hayden, software engineer



Google Play continues to grow rapidly, as Android users installed over 65
billion apps in the last year from the Google Play Store. We�re also seeing
developers move to update their apps more frequently to push great new content,
patch security vulnerabilities, and iterate quickly on user feedback.



However, many users are sensitive to the amount of data they use, especially if
they are not on Wi-Fi. Google Play is investing in improvements to reduce the
data that needs to be transferred for app installs and updates, while making
data cost more transparent to users.



Read on to understand the updates and learn some tips for ways to optimize the
size of your APK.


New Delta algorithm to reduce the size of app updates



For approximately 98% of app updates from the Play Store, only changes
(deltas) to APK files are downloaded and merged with the existing
files, reducing the size of updates. Google Play has used delta algorithms since 2012, and we recently rolled out an additional delta algorithm, href="http://www.daemonology.net/bsdiff/">bsdiff href="http://www.daemonology.net/bsdiff/">(created by Colin Percivalid="fnref1">1href="http://www.daemonology.net/bsdiff/">), that our experimentation shows
can reduce delta size by up to 50% or more compared to the previous algorithm
for some APKs. Bsdiff is
specifically targeted to produce more efficient deltas of native libraries by
taking advantage of the specific ways in which compiled native code changes
between versions. To be most effective, native libraries should be stored
uncompressed (compression interferes with delta algorithms).



An example from Chrome:

















Patch Description Previous patch size Bsdiff Size
M46 to M47 major update 22.8 MB 12.9 MB
M47 minor update 15.3 MB 3.6 MB



Apps that don�t have uncompressed native libraries can see a 5% decrease in size
on average, compared to the previous delta algorithm.


Applying the delta algorithm to APK Expansion Files to further
reduce update size



APK Expansion Files allow you to include additional large files up to 2GB in
size (e.g. high resolution graphics or media files) with your app, which is
especially popular with games. We have recently expanded our delta and
compression algorithms to apply to these APK Expansion Files in addition to
APKs, reducing the download size of initial installs by 12%, and updates by 65%
on average. APK Expansion file patches use the href="http://xdelta.org/">xdelta algorithm.


Clearer size information in the Play Store



Alongside the improvements to reduce download size, we also made information
displayed about data used and download sizes in the Play Store clearer. You can
now see actual download sizes, not the APK file size, in the Play Store. If you
already have an app, you will only see the update size. These changes are
rolling out now.







  1. Colin Percival, Naive differences of executable code,
    http://www.daemonology.net/bsdiff/, 2003. 





Example 1: Showing new �Download size� of APK




Example 2: Showing new �Update size� of APK


Tips to reduce your download sizes


1. Optimize for the right size measurements: Users care about download size (i.e. how many bytes are transferred when installing/updating an app), and they care about disk size (i.e. how much space the app takes up on disk). It�s important to note that neither of these are the same as the original APK file size nor necessarily correlated.




Chrome example:


























Compressed Native Library Uncompressed Native Library
APK Size 39MB 52MB (+25%)
Download size (install) 29MB 29MB (no change)
Download size (update) 29MB 21MB (-29%)
Disk size 71MB 52MB (-26%)



Chrome found that initial download size remained the same by not compressing the native library in their APK, while the APK size increased, because Google Play already performs compression for downloads. They also found that the update size decreased, as deltas are more effective with uncompressed files, and disk size decreased as you no longer need an compressed copy of the native library. However, please note, native libraries should only be uncompressed when the minimum SDK version for an APK is 23 (Marshmallow) or later.


2. Reduce your APK size: Remove unnecessary data from the APK like unused resources and code.


3. Optimize parts of your APK to make them smaller: Using more efficient file formats, for example by using WebP instead of JPEG, or by using Proguard to remove unused code.


href="https://medium.com/google-developers/smallerapk-part-1-anatomy-of-an-apk-da83c25e7003#.jgy8wuni9">Read
more about reducing APK sizes and watch the I/O 2016 session href="https://www.youtube.com/watch?v=xctGIB81D2w">�Putting Your App on a
Diet� to learn from
Wojtek Kalicinski, about how to reduce the size of your APK
.

Wednesday, July 20, 2016

Connecting your App to a Wi-Fi Device

Posted by Rich Hyndman, Android Developer Advocate




With the growth of the Internet of Things, connecting Android applications to
Wi-Fi enabled devices is becoming more and more common. Whether you�re building
an app for a remote viewfinder, to set up a connected light bulb, or to control
a quadcopter, if it�s Wi-Fi based you will need to connect to a hotspot that may
not have Internet connectivity.



From Lollipop onwards the OS became a little more intelligent, allowing multiple
network connections and not routing data to networks that don�t have Internet
connectivity. That�s very useful for users as they don�t lose connectivity when
they�re near Wi-Fis with captive portals. Data routing APIs were added for
developers, so you can ensure that only the appropriate app traffic is routed
over the Wi-Fi connection to the external device.



To make the APIs easier to understand, it is good to know that there are 3 sets
of networks available to developers:


  • WiFiManager#startScan returns a list of available Wi-Fi networks. They are
    primarily identified by SSID.
  • WiFiManager#getConfiguredNetworks returns a list of the Wi-Fi networks
    configured on the device, also indexed by SSID, but they are not necessarily
    currently available.
  • ConnectivityManager#getAllNetworks returns a list of networks that are being
    interacted with by the phone. This is necessary as from Lollipop onwards a
    device may be connected to multiple networks at once, Wi-Fi, LTE, Bluetooth,
    etc� The current state of each is available by calling href="https://developer.android.com/reference/android/net/ConnectivityManager.html#getNetworkInfo(android.net.Network)">ConnectivityManager#getNetworkInfo
    and is identified by a network ID.


In all versions of Android you start by scanning for available Wi-Fi networks
with href="https://developer.android.com/reference/android/net/wifi/WifiManager.html#startScan()">WiFiManager#startScan,
iterate through the href="https://developer.android.com/reference/android/net/wifi/ScanResult.html">ScanResults
looking for the SSID of your external Wi-Fi device. Once you�ve found it you can
check if it is already a configured network using href="https://developer.android.com/reference/android/net/wifi/WifiManager.html#getConfiguredNetworks()">WifiManager#getConfiguredNetworks
and iterating through the href="https://developer.android.com/reference/android/net/wifi/WifiConfiguration.html">WifiConfigurations
returned, matching on SSID. It�s worth noting that the SSIDs of the configured
networks are enclosed in double quotes, whilst the SSIDs returned in href="https://developer.android.com/reference/android/net/wifi/ScanResult.html">ScanResults
are not.



If your network is configured you can obtain the network ID from the
WifiConfiguration object. Otherwise you can configure it using href="https://developer.android.com/reference/android/net/wifi/WifiManager.html#addNetwork(android.net.wifi.WifiConfiguration)">WifiManager#addNetwork
and keep track of the network id that is returned.



To connect to the Wi-Fi network, register a BroadcastReceiver that listens for
href="https://developer.android.com/reference/android/net/wifi/WifiManager.html#NETWORK_STATE_CHANGED_ACTION">WifiManager.NETWORK_STATE_CHANGED_ACTION
and then call href="https://developer.android.com/reference/android/net/wifi/WifiManager.html#enableNetwork(int,%20boolean)">WifiManager.enableNetwork
(int netId, boolean disableOthers), passing in your network ID. The
enableNetwork call disables all the other Wi-Fi access points for the next scan,
locates the one you�ve requested and connects to it. When you receive the
network broadcasts you can check with href="https://developer.android.com/reference/android/net/wifi/WifiManager.html#getConnectionInfo()">WifiManager#getConnectionInfo
that you�re successfully connected to the correct network. But, on Lollipop and
above, if that network doesn�t have internet connectivity network, requests will
not be routed to it.



Routing network requests



To direct all the network requests from your app to an external Wi-Fi device,
call href="https://developer.android.com/reference/android/net/ConnectivityManager.html#setProcessDefaultNetwork(android.net.Network)">ConnectivityManager#setProcessDefaultNetwork
on Lollipop devices, and on Marshmallow call href="https://developer.android.com/reference/android/net/ConnectivityManager.html#bindProcessToNetwork(android.net.Network)">ConnectivityManager#bindProcessToNetwork
instead, which is a direct API replacement. Note that these calls require
android.permission.INTERNET; otherwise they will just return false.



Alternatively, if you�d like to route some of your app traffic to the Wi-Fi
device and some to the Internet over the mobile network:


  • For HTTP requests you can use href="https://developer.android.com/reference/android/net/Network.html#openConnection(java.net.URL)">Network#openConnection(java.net.URL),
    directly routing your request to this network.
  • For low-level socket communication, open a socket and call href="https://developer.android.com/reference/android/net/Network.html#bindSocket(java.net.Socket)">Network#bindSocket(java.net.Socket),
    or alternatively use href="https://developer.android.com/reference/android/net/Network.html#getSocketFactory()">Network#getSocketFactory.


Now you can keep your users connected whilst they benefit from your innovative
Wi-Fi enabled products.

Android Developer Story: StoryToys finds success in the �Family� section on Google Play


Posted by Lily Sheringham, Google Play team



Based in Dublin, Ireland, href="https://play.google.com/store/apps/dev?id=8762313232916265908">StoryToys
is a leading publisher of interactive books and games for children. Like most
kids� app developers, they faced the challenges of engaging with the right
audiences to get their content discovered. Since the launch of the Family
section on Google Play, StoryToys has experienced an uplift of 270% in revenue
and an increase of 1300% in downloads.



Hear Emmet O�Neill, Chief Product Officer, and Gavin Barrett, Commercial
Director, discuss how the Family section creates a trusted and creative space
for families to find new content. Also hear how beta testing, localized pricing
and more, has allowed StoryToy�s flagship app, href="https://play.google.com/store/apps/details?id=com.storytoys.myveryhungrycaterpillar.free.android.googleplay">My
Very Hungry Caterpillar, to significantly increase engagement and revenue.




href="https://developer.android.com/distribute/googleplay/families/about.html">Learn
more about Google Play for Families and href="http://g.co/play/playbook-androiddevblogposts-evergreen">get the Playbook
for Developers app to stay up-to-date with more features and best practices
that will help you grow a successful business on Google Play.

Tuesday, July 19, 2016

Strictly Enforced Verified Boot with Error Correction

Posted by Sami Tolvanen, Software Engineer



Overview



Android uses multiple layers of protection to keep users safe. One of these
layers is verified
boot
, which improves security by using cryptographic integrity checking to
detect changes to the operating system. Android has href="https://g.co/ABH">alerted about system integrity since Marshmallow,
but starting with devices first shipping with Android 7.0, we require verified
boot to be strictly enforcing. This means that a device with a corrupt boot
image or verified partition will not boot or will boot in a limited capacity
with user consent. Such strict checking, though, means that non-malicious data
corruption, which previously would be less visible, could now start affecting
process functionality more.



By default, Android verifies large partitions using the dm-verity kernel driver,
which divides the partition into 4 KiB blocks and verifies each block when read,
against a signed hash tree. A detected single byte corruption will therefore
result in an entire block becoming inaccessible when dm-verity is in enforcing
mode, leading to the kernel returning EIO errors to userspace on verified
partition data access.



This post describes our work in improving dm-verity robustness by introducing
forward error correction (FEC), and explains how this allowed us to make the
operating system more resistant to data corruption. These improvements are
available to any device running Android 7.0 and this post reflects the default
implementation in AOSP that we ship on our Nexus devices.


Error-correcting codes



Using forward error correction, we can detect and correct errors in source data
by shipping redundant encoding data generated using an error-correcting code.
The exact number of errors that can be corrected depends on the code used and
the amount of space allocated for the encoding data.



href="https://en.wikipedia.org/wiki/Reed%E2%80%93Solomon_error_correction">Reed-Solomon
is one of the most commonly used error-correcting code families, and is readily
available in the Linux kernel, which makes it an obvious candidate for
dm-verity. These codes can correct up to ?t/2? unknown errors and up to
t known errors, also called href="https://en.wikipedia.org/wiki/Erasure_code">erasures, when t
encoding symbols are added.



A typical RS(255, 223) code that generates 32 bytes of encoding data for every
223 bytes of source data can correct up to 16 unknown errors in each 255 byte
block. However, using this code results in ~15% space overhead, which is
unacceptable for mobile devices with limited storage. We can decrease the space
overhead by sacrificing error correction capabilities. An RS(255, 253) code can
correct only one unknown error, but also has an overhead of only 0.8%.




An additional complication is that block-based storage corruption often occurs
for an entire block and sometimes spans multiple consecutive blocks. Because
Reed-Solomon is only able to recover from a limited number of corrupted bytes
within relatively short encoded blocks, a naive implementation is not going to
be very effective without a huge space overhead.


Recovering from consecutive corrupted blocks



In the changes we made to href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a739ff3f543afbb4a041c16cd0182c8e8d366e70">dm-verity
for Android 7.0, we used a technique called interleaving to allow us to recover
not only from a loss of an entire 4 KiB source block, but several consecutive
blocks, while significantly reducing the space overhead required to achieve
usable error correction capabilities compared to the naive implementation.



Efficient interleaving means mapping each byte in a block to a separate
Reed-Solomon code, with each code covering N bytes across the corresponding N
source blocks. A trivial interleaving where each code covers a consecutive
sequence of N blocks already makes it possible for us to recover from the
corruption of up to (255 - N) / 2 blocks, which for RS(255, 223) would
mean 64 KiB, for example.



An even better solution is to maximize the distance between the bytes covered by
the same code by spreading each code over the entire partition, thereby
increasing the maximum number of consecutive corrupted blocks an RS(255, N) code
can handle on a partition consisting of T blocks to ?T/N? � (255 -
N) / 2
.




Interleaving with distance D and block size B.



An additional benefit of interleaving, when combined with the integrity
verification already performed by dm-verity, is that we can tell exactly where
the errors are in each code. Because each byte of the code covers a different
source block�and we can verify the integrity of each block using the existing
dm-verity metadata�we know which of the bytes contain errors. Being able to
pinpoint erasure locations allows us to effectively double our error correction
performance to at most ?T/N? � (255 - N) consecutive blocks.



For a ~2 GiB partition with 524256 4 KiB blocks and RS(255, 253), the maximum
distance between the bytes of a single code is 2073 blocks. Because each code
can recover from two erasures, using this method of interleaving allows us to
recover from up to 4146 consecutive corrupted blocks (~16 MiB). Of course, if
the encoding data itself gets corrupted or we lose more than two of the blocks
covered by any single code, we cannot recover anymore.



While making error correction feasible for block-based storage, interleaving
does have the side effect of making decoding slower, because instead of reading
a single block, we need to read multiple blocks spread across the partition to
recover from an error. Fortunately, this is not a huge issue when combined with
dm-verity and solid-state storage as we only need to resort to decoding if a
block is actually corrupted, which still is rather rare, and random access reads
are relatively fast even if we have to correct errors.


Conclusion



Strictly enforced verified boot improves security, but can also reduce
reliability by increasing the impact of disk corruption that may occur on
devices due to software bugs or hardware issues.



The new error correction feature we developed for dm-verity makes it possible
for devices to recover from the loss of up to 16-24 MiB of consecutive blocks
anywhere on a typical 2-3 GiB system partition with only 0.8% space overhead and
no performance impact unless corruption is detected. This improves the security
and reliability of devices running Android 7.0.

Monday, July 18, 2016

Final Developer Preview before Android 7.0 Nougat begins rolling out

Posted by Dave Burke, VP of Engineering






As we close in on the public rollout of href="https://developer.android.com/preview/index.html?utm_campaign=android_launch_developerpreview5_071816&utm_source=anddev&utm_medium=blog">Android 7.0 Nougat
to devices later this summer, today we�re releasing Developer Preview
5
, the last milestone of this preview series. href="http://android-developers.blogspot.com/2016/06/android-n-apis-are-now-final.html">Last
month�s Developer Preview included the final APIs for Nougat; this preview
gives developers the near-final system updates for all of the supported preview
devices, helping you get your app ready for consumers.



Here�s a quick rundown of what�s included in the final Developer Preview of
Nougat:


  • System images for Nexus and other preview devices
  • An emulator that you can use for doing the final testing of your apps to
    make sure they�re ready
  • The final N APIs (API level 24) and latest system behaviors and UI
  • The latest bug fixes and optimizations across the system and in preinstalled
    apps


Working with this latest Developer Preview, you should make sure your app
handles all of the href="https://developer.android.com/preview/behavior-changes.html?utm_campaign=android_launch_developerpreview5_071816&utm_source=anddev&utm_medium=blog">system
behavior changes in Android N, like Doze on the Go, background
optimizations, screen zoom, permissions changes, and more. Plus, you can take
advantage of href="https://developer.android.com/preview/api-overview.html?utm_campaign=android_launch_developerpreview5_071816&utm_source=anddev&utm_medium=blog">new developer
features in Android N such as href="https://developer.android.com/preview/api-overview.html?utm_campaign=android_launch_developerpreview5_071816&utm_source=anddev&utm_medium=blog#multi-window_support">Multi-window
support, Direct Reply and other href="https://developer.android.com/preview/api-overview.html?utm_campaign=android_launch_developerpreview5_071816&utm_source=anddev&utm_medium=blog#notification_enhancements">notifications
enhancements, href="https://developer.android.com/preview/api-overview.html?utm_campaign=android_launch_developerpreview5_071816&utm_source=anddev&utm_medium=blog#direct_boot">Direct
boot, href="https://developer.android.com/preview/api-overview.html?utm_campaign=android_launch_developerpreview5_071816&utm_source=anddev&utm_medium=blog#emoji">new
emojis and more.



Publish your apps to alpha, beta or production channels in Google
Play



After testing your apps with Developer Preview 5 you should publish the updates
to Google Play soon. We recommend compiling against, and optionally targeting,
API 24 and then publishing to your alpha, beta, or production channels in the
Google Play Developer Console. A great strategy to do this is using href="https://developer.android.com/distribute/engage/beta.html?utm_campaign=android_launch_npreview_061516&utm_source=anddev&utm_medium=blog">Google
Play�s beta testing feature to get early feedback from a small group of
users -- including Developer Preview users � and then doing a staged rollout as
you release the updated app to all users.



How to get Developer Preview 5



If you are already enrolled in the Android
Beta program
, your devices will get the Developer Preview 5 update right
away, no action is needed on your part. If you aren�t yet enrolled in Android
Beta, the easiest way to get started is by visiting href="https://android.com/beta">android.com/beta and opt-in your eligible
Android phone or tablet -- you�ll soon receive this preview update over-the-air.
As always, you can also download and href="https://developer.android.com/preview/download.html?utm_campaign=android_launch_npreview_061516&utm_source=anddev&utm_medium=blog#flash">flash
this update manually. The Nougat Developer Preview is available for Nexus 6,
Nexus 5X, Nexus 6P, Nexus 9, and Pixel C devices, as well as General Mobile 4G
[Android One] devices.



Thanks so much for all of your feedback so far. Please continue to share
feedback or requests either in the href="https://code.google.com/p/android/issues/list?can=2&q=label%3ADevPreview-N">N
Developer Preview issue tracker, href="https://plus.google.com/communities/105153134372062985968/stream/755bb91d-c101-4e32-9277-1e560c4e26d2">N Preview
Developer community, or href="https://plus.google.com/communities/106765800802768335079">Android Beta
community as we work towards the consumer release later this summer. Android
Nougat is almost here!



Also, the Android engineering team will host a Reddit AMA on r/androiddev to
answer all your technical questions about the platform tomorrow, July 19
from 12-2 PM (Pacific Time)
. We look forward to addressing your
questions!

Thursday, July 14, 2016

Announcing the Google Play Indie Games Festival in San Francisco, Sept. 24

Posted by Jamil Moledina, Google Play, Games Strategic Lead



If you�re an indie game developer, you know that games are a powerful medium of
expression of art, whimsy, and delight. Being on Google Play can help you reach
over a billion users and build a successful, global business. That�s why we
recently introduced programs, like the href="https://play.google.com/store/info/topic?id=topic_b000054_games_indie_corner_tp&e=-EnableAppDetailsPageRedesign">Indie
Corner, to help more gamers discover your works of art.



To further celebrate and showcase the passion and innovation of indie game
developers, we�re hosting the Google Play Indie Games Festival at the href="https://www.google.com/maps/place/Terra+Gallery+%26+Event+Venue/@37.785531,-122.3929643,15z/data=!4m5!3m4!1s0x0:0xf5fb5bcb9c7795ab!8m2!3d37.785531!4d-122.3929643">Terra
Gallery in San Francisco, on September 24.






This is a great opportunity for you to showcase your indie title to the public,
increase your network, and compete to win great prizes, such as Tango devices,
free tickets for Google I/O 2017, and Google ad campaign support. Admission will
be free and players will get the chance to play and vote on their favorites.



If you�re interested in showcasing your game, we�re href="https://docs.google.com/a/google.com/forms/d/e/1FAIpQLSduaM998L0WXm_4znsZjHX5-unZLBChNXHuCHbTlWuAcmMNmQ/viewform">accepting
submissions now through August 14. We�ll then select high-quality games that
are both innovative and fun for the festival. Submissions are open to US and
Canadian developers with 15 or less full time staff. Only games published on or
after January 1, 2016 or those to be published by December 31, 2016 are
eligible. See href="https://docs.google.com/a/google.com/forms/d/e/1FAIpQLSduaM998L0WXm_4znsZjHX5-unZLBChNXHuCHbTlWuAcmMNmQ/viewform">complete
rules.



We encourage virtual reality and augmented reality game submissions that use the
Google VR SDK and the href="https://store.google.com/product/tango_tablet_development_kit?srp=/product/project_tango_tablet_development_kit">Tango
Tablet Development Kit.



At the end of August, we�ll announce the group of indies to be featured at the
festival.



You can learn more about the event href="https://events.withgoogle.com/google-play-indie-game-festival/">here.
We can�t wait to see what innovative and fun experiences you share with us!



Tuesday, July 12, 2016

Android Wear 2.0 Developer Preview 2


Posted by Hoi Lam, Android Wear
Developer Advocate



At Google I/O 2016, we launched the Android
Wear 2.0 Developer Preview
, which gives developers early access to the next
major release of Android Wear. Since I/O, feedback from the developer community
has helped us identify bugs and shape our product direction. Thank you!



Today, we are releasing the second developer preview with new functionalities
and bug fixes. Prior to the consumer release, we plan to release additional
updates, so please send us your
feedback
early and often. Please keep in mind that this preview is a work in
progress, and is not yet intended for daily use.


What�s new?



  • Platform API 24 - We have incremented the Android Platform
    API version number to 24 to match Nougat. You can now update your Android Wear
    2.0 Preview project�s compileSdkVersion to API 24, and we recommend
    that you also update targetSdkVersion to API 24.
  • Wearable Drawers Enhancements - We launched the href="https://developer.android.com/wear/preview/features/ui-nav-actions.html?utm_campaign=android wear_launch_preview2_071216&utm_source=anddev&utm_medium=blog">wearable
    drawers as part of the Android Wear 2.0 Preview 1, along with UX guidelines
    on how to best integrate the href="https://www.google.com/design/spec-wear/components/navigation-drawer.html">navigation
    drawer and href="https://www.google.com/design/spec-wear/components/action-drawer.html">action
    drawer in your Android Wear app. In Preview 2, we have added additional
    support for wearable drawer peeking, to make it easier for users to access these
    drawers as they scroll. Other UI improvements include automatic peek view and
    navigation drawer closure and showing the first action in
    WearableActionDrawer�s peek view. For developers that want to make
    custom wearable drawers, we�ve added peek_view and
    drawer_content attributes to WearableDrawerView. And
    finally, navigation drawer contents can now be updated by calling href="https://developer.android.com/reference/android/widget/ArrayAdapter.html?utm_campaign=android wear_launch_preview2_071216&utm_source=anddev&utm_medium=blog#notifyDataSetChanged()">notifyDataSetChanged.
  • Wrist Gestures: Since last year, users have been able to
    scroll through the notification stream via href="https://support.google.com/androidwear/answer/6312406?hl=en">wrist
    gestures. We have now opened this system to developers to use within their
    applications. This helps improve single hand usage, for when your users need
    their other hand to hold onto their shopping or their kids. See the code sample
    below to get started with gestures in your app:

 public class MainActivity extends Activity {  
...
@Override /* KeyEvent.Callback */
public boolean onKeyDown(int keyCode, KeyEvent event) {
switch (keyCode) {
case KeyEvent.KEYCODE_NAVIGATE_NEXT:
Log.d(TAG, "Next");
break;
case KeyEvent.KEYCODE_NAVIGATE_PREVIOUS:
Log.d(TAG, "Previous");
break;
}
// If you did not handle, then let it be handled by the next possible element as deemed by
// Activity.
return super.onKeyDown(keyCode, event);
}
}


Get started and give us feedback!



The Android Wear 2.0 Developer Preview includes an updated SDK with tools and
system images for testing on the official Android emulator, the href="https://store.google.com/product/lg_watch_urbane_2nd_edition_lte">LG Watch
Urbane 2nd Edition LTE, and the href="https://store.google.com/product/huawei_watch">Huawei Watch.



To get started, follow these steps:


  1. Take a video tour
    of the Android Wear 2.0 developer preview
  2. Update to Android Studio v2.1.1 or later
  3. Visit the Android Wear 2.0 Developer
    Preview site
    for downloads and documentation
  4. Get the emulator system images through the SDK Manager or href="https://developer.android.com/wear/preview/downloads.html?utm_campaign=android wear_launch_preview2_071216&utm_source=anddev&utm_medium=blog">download the
    device system images from the developer preview downloads page
  5. Test your app with your supported device or emulator
  6. Give us feedback


We will update this developer preview over the next few months based on your
feedback. The sooner we hear from you, the more we can include in the final
release, so don't be shy!

Thursday, July 7, 2016

Changes to Trusted Certificate Authorities in Android Nougat

Posted by Chad Brubaker, Android Security team




In Android Nougat, we�ve changed how Android handles trusted certificate
authorities (CAs) to provide safer defaults for secure app traffic. Most apps
and users should not be affected by these changes or need to take any action.
The changes include:


  • Safe and easy APIs to trust custom CAs.
  • Apps that target API Level 24 and above no longer trust user or admin-added
    CAs for secure connections, by default.
  • All devices running Android Nougat offer the same standardized set of system
    CAs�no device-specific customizations.


For more details on these changes and what to do if you�re affected by them,
read on.


Safe and easy APIs



Apps have always been able customize which certificate authorities they trust.
However, we saw apps making mistakes due to the complexities of the Java TLS
APIs. To address this we href="https://developer.android.com/preview/features/security-config.html">improved
the APIs for customizing trust.


User-added CAs



Protection of all application data is a key goal of the Android application
sandbox. Android Nougat changes how applications interact with user- and
admin-supplied CAs. By default, apps that target API level 24 will�by design�not
honor such CAs unless the app explicitly opts in. This safe-by-default setting
reduces application attack surface and encourages consistent handling of network
and file-based application data.


Customizing trusted CAs



Customizing the CAs your app trusts on Android Nougat is easy using the Network
Security Config. Trust can be specified across the whole app or only for
connections to certain domains, as needed. Below are some examples for trusting
a custom or user-added CA, in addition to the system CAs. For more examples and
details, see href="https://developer.android.com/preview/features/security-config.html">the
full documentation.


Trusting custom CAs for debugging



To allow your app to trust custom CAs only for local debugging, include
something like this in your Network Security Config. The CAs will only be
trusted while your app is marked as debuggable.


<network-security-config>  
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="user" />
</trust-anchors>
</domain-config>
</network-security-config>


Trusting custom CAs for a domain



To allow your app to trust custom CAs for a specific domain, include something
like this in your Network Security Config.



<network-security-config>  
<domain-config>
<domain includeSubdomains="true">internal.example.com</domain>
<trust-anchors>
<!-- Only trust the CAs included with the app
for connections to internal.example.com -->
<certificates src="@raw/cas" />
</trust-anchors>
</domain-config>
</network-security-config>


Trusting user-added CAs for some domains



To allow your app to trust user-added CAs for multiple domains, include
something like this in your Network Security Config.



<network-security-config>  
<domain-config>
<domain includeSubdomains="true">userCaDomain.com</domain>
<domain includeSubdomains="true">otherUserCaDomain.com</domain>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</domain-config>
</network-security-config>


Trusting user-added CAs for all domains except some



To allow your app to trust user-added CAs for all domains, except for those
specified, include something like this in your Network Security Config.



<network-security-config>  
<base-config>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
<domain-config>
<domain includeSubdomains="true">sensitive.example.com</domain>
<trust-anchors>
<!-- Only allow sensitive content to be exchanged
with the real server and not any user or
admin configured MiTMs -->
<certificates src="system" />
<trust-anchors>
</domain-config>
</network-security-config>


Trusting user-added CAs for all secure connections



To allow your app to trust user-added CAs for all secure connections, add this
in your Network Security Config.



<network-security-config>  
<base-config>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>


Standardized set of system-trusted CAs



To provide a more consistent and more secure experience across the Android
ecosystem, beginning with Android Nougat, compatible devices trust only the
standardized system CAs maintained in href="https://android.googlesource.com/platform/system/ca-certificates/">AOSP.



Previously, the set of preinstalled CAs bundled with the system could vary from
device to device. This could lead to compatibility issues when some devices did
not include CAs that apps needed for connections as well as potential security
issues if CAs that did not meet our security requirements were included on some
devices.


What if I have a CA I believe should be included on Android?



First, be sure that your CA needs to be included in the system. The preinstalled
CAs are only for CAs that meet our security requirements
because they affect the secure connections of most apps on the device. If you
need to add a CA for connecting to hosts that use that CA, you should instead
customize your apps and services that connect to those hosts. For more
information, see the Customizing trusted CAs section above.



If you operate a CA that you believe should be included in Android, first
complete the Mozilla CA
Inclusion Process
and then file a href="https://code.google.com/p/android/issues/entry">feature request
against Android to have the CA added to the standardized set of system CAs.