Android Security Is Still Secure. Seriously.

Share if the site was helpful

Android Security Is Still Secure. Seriously.

There’s been a lot of media hype this past month about Android phones and their lack of security.  Headlines such as “How Android Phones Hide Missed Security Updates From You” have been floating around causing mass panic.

Take a deep breath.  It’s ok.

Despite the plethora of recent articles claiming that Android phones are under attack and that you’re a victim, chances are you’re actually safer than you think.  Yes there was a study earlier this month that found some phones were behind on their security updates.  But that doesn’t mean that all of your data is exposed to whoever wants to take it.  Even with a few security updates missing, you should be alright.  Let’s take a second to discuss some of the other security features that Android architecture has in place to protect you:

Google Play Protect

Google Play Protect is a safeguard to protect Android users from malicious apps.  Even with Google’s screening process to let apps onto the Play Store, chances are some baddies will slip through the cracks and are available for download.  Google Play Protect attempts to stop these apps in their tracks by doing routine scans on your phone for every app even after it’s been installed.  If there’s a cause for concern detected, you’ll be notified. 

This software also applies to apps updates, so the short version of it is that apps can’t just slide by once. As long as you have Play Protect enabled on your phone, apps are continuously exposed to it.  Chances are your phone already has Play Protect, but if you want to be sure (or just see what it’s been up to) you can find it in the Play Store.  Open the store and then tap the 3 horizontal bars menu icon.  Then select “Play Protect” and you’ll be taken to a page showing what apps have been scanned recently and how your device looks.

Sandboxing

Android apps are naturally sandboxed from one another.  What this means is that each apps data and code execution is isolated from others.  So if you happen to download the wrong app it doesn’t mean it will automatically have access to all of the apps already on your phone.  We go into depth about the android security framework in our Android development course over at Phonlab.  Content Providers offer a storage mechanism for apps so that their information has to be requested before it can become accessible to just anyone.

Android Permissions work along with this to make sure that no matter what if you have some common sense you should be safe.  Permissions essentially are requirements that if an app utilizes a certain feature (such as syncing with your contacts) it has to be granted permission by the user.

These permissions are presented to a user when the app attempts to access them, and are only allowed when the user says so.  You retain complete control over what access an app has.  Imagine you downloaded a game and it started asking you for access to your contacts and your saved media files.  Red flags should be going up right away since a game has no reason to use these.  As long as you don’t blindly hit accept to every permission, you retain a ton of control over what an app can actually do.

What are your thoughts on Android’s security measures?  Let us know in the comments below!

Malicious Apps: Mining Your Own Business

Share if the site was helpful

Malicious Apps: Mining Your Own Business

Whether you know it or not, you may be an investor in bitcoin.  Ok, that’s not entirely true.  But your phone may have helped someone else mine it without your consent.

Researchers at Kaspersky Lab, a cybersecurity company, have recently found multiple “mining” apps on the Google Play Store that are disguised otherwise.  Apps hiding under the mask of games or streaming apps have secretly been using smartphone processors to mine cryptocurrency without the user’s knowledge.

Mining in Smartphones

Thanks to its recent news hype, most people are familiar with the concept of cryptocurrencies such as Bitcoin and how it’s mined.   There’s no physical digging, but instead users are rewarded the currency in return for processing transactions and updating the blockchain ledger.  And since processing transactions takes hardware and electricity, the more technology you have at your disposal, the more currency you can earn.  This has resulted in giants entering the business and consolidating massive amounts of hardware in warehouses.

Smartphone processors are not as powerful as their desktop counterparts, but when one app is able to tap into thousands of them, the results are still significant.   Kaspersky Labs has found multiple apps with this affliction, some of which have been downloaded more than 100,000 times.  Some of these apps are even programmed to keep tabs on how much processing power their using so as to easily fly under the radar of the average user.

Google’s response

Google has since removed the known abusers of this tactic, but it’s hard to say how many apps are in public hands right now doing the same thing.  It also seems that the betrayal of trust isn’t the only underlying issue here.  Recently Google announced that it would remove any and all mining extension in the Chrome Web Store, regardless of if users were aware of what they were doing or it the extensions were legitimate.  The question remains whether this policy will expand into the Google Play Store, but I think it’s safe to assume it’s only a matter of time before it does.

And until then the question becomes how to avoid these kinds of apps.  Right now from a development standpoint there are no permissions that must be accounted for in relation to mining, so there doesn’t seem to be much security that can block these kinds of apps (other than mindful downloading).

What are your thoughts on your phone being used as a mining tool without your consent or knowledge?  Do you have any thoughts on how to prevent this?  Let us know in the comments below!

Building Your First Augmented Reality App Pt. 2

Share if the site was helpful

Building Your First Augmented Reality App Pt. 2

Welcome to part two of this Augmented Reality tutorial.  Now that we’re done with the boring set-up process, we’re ready to dive into Unity and see a final product!

As a quick review, in part 1 you created a Vuforia account and a license key.  Then on Vuforia’s website you created a database to hold your image target (the dollar bill) and downloaded that along with our 3D elephant.  Finally you downloaded/opened Unity (our game editor) and changed the build settings to Android.  Ok, now let’s continue from there:

Setting our Package Name:

Remember how last time we opened “Player Settings” and then the tab that said “XR Settings”?  Well there are a few more small things we’ll have to do in this section.  Instead of “XR Settings” open up the “Other Settings” tab.  Every app that is published on the Google Play Store needs a unique ID so that it doesn’t get mixed up with other apps.  So while you may see two apps with the same name, under the hood their ID’s are different.  This ID is known as the app’s package name.

In our “Other Settings” tab we’ll write what we want our package name to be.  This can be whatever you want, but I’ll use “com.rootjunky.vuforiaelephant”.  Now my app has an ID and Unity will be able to run it on any mobile phone.  Also go ahead and uncheck the box “Android TV Compatibility”, since this app won’t work on Android TVs.

Now to import all of our materials from the first post.  In your Unity project you should see a section for the Project hierarchy.  This shows all the files/resources in the project, and we’ll be storing everything inside the folder named Assets.  We already have our Vuforia files in here, and to get everything else into this folder you can click and drag the following into the Assets folder:

  1. The Vuforia database you downloaded
  2. The 3D elephant model

Creating the Scene:

Once all of these assets are together we can begin messing with our scene.  Go to “file” then “Save Scene”, and save this scene as main (we can think of scenes as different parts of our game, but we only need one for this project).    Now inside of our scene’s hierarchy right click on the Main Camera and delete it.  Then click “Create” -> “Vuforia” -> “AR Camera”.  This will add Vuforia’s custom camera to our scene that takes care of all image targeting (i.e. recognizing dollar bills).

But now that we have the AR camera, we still need to tell it to look for a dollar bill, and to place an elephant on top of that dollar bill once we find it.  To do this select “Create” -> “Vuforia” -> “Camera Image” -> “Camera Image Target”.  If you click on an object in the scene the right-side tab will show details about it, and selecting the Image Target will display a detail section titles “Image Target Behavior”.  In here set Type to “Predefined”, Database to “DollarElephant”, and Image Target to “dollarTarget” (see the following image).

Setting these values connects our database to the image target, so now our camera knows to look for a dollar bill.  But in order to use Vuforia we also need to add our license key.  Make sure you have this still copied to your clipboard, and then selected the AR Camera in the scene.  One of the details you’ll see appear for it is labeled “Vuforia Behaviour”,  In here click the Open Vuforia configuration button and then paste in your App License Key.  Then in the Databases dropdown check the boxes that say “Load DollarElephant Data” and “Activate”.

Displaying The Elephant:

Now for the final step: attaching our elephant.  Find the elephant model inside of your Assets folder (most likely named “source” right now).  Click and drag this little guy onto your ImageTarget in the Hierarchy tab.  This will make the elephant become a “child” of the ImageTarget.

Chances are things look funky though on your screen, and this is because the elephant model is HUGE.  Inside of its Inspector tab we can change its position, rotation, and scale, so lets drop its x, y, and z values for scale down to 0.1.  Then set the position to 0 for the x and z axis, and 0.5 for the y axis (this just raises the elephant a bit so he’s on top of the dollar).

And that’s it!  We’ve attached our Vuforia files to the scene and bound a 3D model to Vuforia’s image target.  With just a few steps we’re now ready to see our augmented reality creation come to life. Connect your phone to your computer (make sure it’s USB Debuggable) and then go to File -> Build Settings again.  Select “Build and Run”, and your game will download onto the connected device.

When the app is up and running point it at any dollar bill, and you’ll see a virtual elephant appear on top.  What’s even cooler is that if you pick up the dollar and move it around the elephant will stay on top.

Congratulations on sticking through this whole process.  It’s very possible you got stuck along the way, and if that’s the case just comment below and I’ll try to help you out.  And if you’re interested in learning more about Android development then you can always check out Phonlab’s course HERE.

Building Your First Augmented Reality App

Share if the site was helpful

We’ve talked before about how influential augmented reality is going to be in the future.  What we didn’t mention is how easy it can be to take part in shaping that future.  Over the course of the next two posts we’ll show how to incorporate AR into an app, and when it’s all said and done we’ll be able to look at a virtual elephant in the real world.

It’s not too complicated as far as subject material goes, but there a couple steps involved so we’ll split this into two pieces: gathering our resources and then putting them into action.

Before we do any work though, let’s take a second to discuss the bigger picture of what we’ll be doing here.  If you’ve ever experimented with game development, then you’ve probably heard of Unity.  If not, then some things in this tutorial may seem a little confusing at first (but far from impossible!).  Unity is a development environment where developers can make 2D and 3D games, and we’ll be using it here to host our augmented reality app.  Click here to download Unity, and when you do make sure that you include the Android/iOS and Vuforia plugins.

We all know about Android and iOS, but odds are Vuforia is a new name.  Vuforia is a popular AR platform that allows us to use image targeting in our apps.  Essentially all we have to do is pick a 3D model and an image.  Vuforia will then root our 3D model to any images it sees in the real world.

For example, in this app we’ll be using a 3D model of an elephant made with Blender, and the image will be a $1 bill.  With this combination, any time our app’s camera finds a dollar bill in the real world, it will place the 3D model on top of it.  The result is the title image of this post.

Ok, that’s enough background.  Let’s jump into the actual set up.  Use the above link to download Unity if you don’t already have it, and then go to developer.Vuforia.com and create an account.  After you’ve made an account click on the develop tab and then click to create a new license key.  You can name this anything you want, but as you can see in this image I chose “VuforiaElephant” as my name.

After creating the license key you’ll be able to click on it and see a string of random characters representing it.  Copy and paste this value; we’ll be using it later in this tutorial. 

We create this license key so that our app in Unity will be able to connect to our Vuforia account.  Now for the second step we’ll need to do create a database inside of Vuforia to hold our dollar bill image.  Change your selection from License Manager to Target Manager and then add a new database.  I’ve named mine “DollarElephant”.  Inside of this database we’ll click “Add Target” to add a new target.  Pull any image of a dollar bill from Google images and add it here.  Then set it’s width value to 5 and give it a name (dollarTarget is just fine).

When you’re done with this click to download the database, and that’s everything we’ll need to do in Vuforia.  Before moving into Unity let’s also get the 3D model of an elephant we want to use.  Click here to download the elephant made by sagarkalbande (and feel free to try this out with a different model).  Save this file onto your computer and now let’s move into Unity.

If you’re feeling overwhelmed right now, don’t worry we’re not going to do much else in this first part.  For now let’s open Unity and create a new project named “VuforiaElephant”.  Go to “File”, then “Build Settings” and select Android as your Platform.  After making this change the little Unity cube should appear next to Android.

Finally inside of the Build Settings window click on “Player Settings” and a bar of options will appear on the right side of your screen showing setting options.  Open the tab that says “XR Settings” and check the box that adds Vuforia Augmented Reality to our project.  Go ahead and import the settings that Unity says it needs to add, and now we’re ready to start the fun stuff.

If you’ve made it this far down the blog, then good work sticking through the dry steps.  We created a Vuforia account, made a license key, and selected a dollar bill as our image target.  Then we downloaded our elephant 3D model and created a new project in Unity.

So now we just have to make the connection inside of our Unity app between the dollar and the elephant.  Stay tuned for the second part of this tutorial in the next few days and we’ll finish out the project so that everyone can have their own virtual elephant! Does app development have you completely lost? Check out Phonlab Android app development classes HERE

Android Go For Gold

Share if the site was helpful

Android Go For Gold

Smart phones are naturally the next step in evolution from the flip phones everyone used not too long ago.  That being said, smart phones are expensive.  At least they are right now.

Android Go’s release

If you’re trying to buy one of the newer models you need a decent amount of cash in your wallet.   This trend likely won’t change in the near future as long as consumers are willing to pay top dollar for the high end models, but Google is taking steps to enter lower cost markets.  In a shift of focus from quality to quantity, Android Go is Google’s new initiative to expand its reach into other parts of the world and sell budget smart phones.  Some of these aim to be less than $100.

For a few years Google has been saying that its next billion users will come from countries like India.  And after Google’s Android One initiative failed to corner the budget market, Android Go is Google’s chance to learn from their mistakes and try again.  Android Go aims to provide a variety of smartphone options to users that have limited RAM but updated software.

Android Go specs:

It seems that despite the move towards quantity, quality won’t suffer too much.  Low tier smartphones already exist in the double-digit price range, but Android Go’s goal is to create a fast and smooth performance for users while utilizing the most recent Android software.  The key difference between Android Go devices and other cheap Android smartphones is that Go’s software is guaranteed to be up to date and optimized.  A huge selling point when you consider how most cheap smartphones are running on outdated API levels.

The first batch of Android Go phones such as the ZTE Tempo run on Android Oreo and focuses heavily on security and software updates.  With these in the forefront, less attention is given to low powered processors and roughly 1GB of RAM.

What does this mean for developers?

As with anything new in the tech industry, more than just consumers are impacted.  If you’re an Android developer and you have faith in Android Go’s initiative, then you had better start targeting Oreo or above.  Right now roughly 1% of the world is using Oreo so it’s not the end of the world if your apps are focused on lower level API’s, but in the next year or two this is going to change dramatically.

Of course if you’ve been paying attention to Play Store trends then this is not news.  Starting in August of 2018 all new apps for the store will have to be built with Android 8.0 Oreo or higher as the target API.  In other words, Android Go isn’t the determining factor for Oreo’s importance.

Times are changing and in order to keep up you need to make sure you know all the latest features.  PhonLab offers lessons on how to target different API levels and account for Oreo devices in your apps without leaving older users behind. You can learn all about this in Phonlabs Android app developer course.

Only time will tell how successful Google’s new movement will be, but it’s only a matter of time before everyone owns a smartphone.  There’s still a lot of market to capture in the world.  If you have any thoughts on Android Go’s potential or what it’s missing let us know in the comments below.

Android P In Action

Share if the site was helpful

Android P In Action

Last month we wrote about Android P and how it’s become the talk of the town despite Oreo’s youth.  We’re still some ways off from P (currently known as Pistachio) making its way into the hands of everyday consumers, but earlier this week Google released their first preview of P to developers.  Here’s a quick highlight of some of the cool features it has to offer. Spoiler: some of them are pretty cool.

Android P Highlights:

Wifi RTT – The new API for Wi-Fi Round Trip Time lets you take advantage of indoor positioning in your apps.  RTT measures the distance to nearby Wifi access points that support RTT.  By doing this with 3 access points RTT calculates a triangulated position accurate within about a meter.  There are ton’s of creative opportunities here, and don’t worry about privacy.  Only the user’s phone is able to determine the distance, so no one else will know who you are in a crowded room.

Notifications – In Android 7.0 users gained the capability to reply to messages directly from notifications. Then in 8.0 notification channels were introduced to give users more control over what types of notifications they want to receive from an app.  P takes these features one step further.  Now in the notification bar you can see image messages, and utilize the auto-replies available in your messaging app.  So forget ever using your messaging app, everything can be done from your home screen now.

Animations – The new class AnimatedImageDrawable allows for simple drawing and displaying of GIFs and WebP animated images.  This class lets apps show animated images without having to manage updates or burden the UI thread.

Display Cutout Support – While this feature isn’t going to be in the hands of users, developers are able to modify their phone’s looks in settings under Device theme.  This allows developers to emulate different kinds of screen displays such as including the notch that’s been growing in popularity. Thanks a lot Apple BOOOOOOO.

How to get Android P:

Right now we may as well say P is for Pixel.  The current release is only available on pixel and pixel2 devices (or an Android emulator running one of these).  And once again, this initial release is for developers only not commercial use.  As such Google has made it only available by manual download in Flash.  Click here to download the Android P beta and see what changes it has in store. If you want to install it on your pixel device then check out this video of installing a developer preview on a Nexus 6p as the process will be the same.

You can read more about each of these features and more at developer.android.com.  There are also some brilliant Easter eggs such as allowing users to rotate their phone to landscape mode even when they have auto-rotate turned off, and improving features for one-handed use.  After you download the Preview let us know what you think the biggest changes are and what still needs to be done.

Comment below on what you think the official name of Android P will be.

 

Augemented Reality is at the ARCore of Android’s future

Share if the site was helpful

ARCore is out!

In the summer of 2016 PokemonGo opened up pandora’s box for augmented reality (AR).  The app was an instant hit around the world.  While it’s user base has certainly declined since then, nearly two years later it still has a constant demand.  Unfortunately, Pokemon are not the topic of this article (I could write some pretty good ones!). Instead we’ll focus on another stride in AR that took place earlier this week; Google’s release of ARCore.

On February 23rd Google officially released v1.0 of ARCore available on over 100 million Android devices.  Individual developers can now design and publish their AR-based apps on the Play Store, and this only means that AR is going to become even more prevalent in our everyday lives. Speaking of Developer, if you are interested in becoming a developer you should check out my new Android developer course on Phonlabteachable.com

Compatible Phones:

While the list of phones is limited at the moment, you can experience this new wave of AR if you have one of the following phones:

  • Pixel/XL
  • Pixel 2/XL
  • Samsung Galaxy S8/S8 Plus
  • Note 8
  • Galaxy S7/S7 Edge
  • LG V30/30+
  • Asus Zenfone AR
  • OnePlus 5 /5T

ARCore is certainly not the first AR software to get into the hands of developers (Apple’s ARKit and Unity’s Vuforia), but it still marks a significant step towards AR becoming the norm on every device.  Google has said they are partnering with many manufacturers this year to enable AR in upcoming devices.  The bottom line: AR is here to stay.

AR’s Implications

As a developer myself AR is a beautiful thing because it empowers us to create more immersive experiences that can connect with other people.  You’ll often hear gamer’s say that gaming is an art form that encompasses many others.  Video games are an interactive visual and audio experience that can invoke feelings just like any other art if the story is told correctly.  AR only creates more opportunities for this to happen, so it’s not surprising that most of the successful AR apps right now are video games.

But of course AR has much more use than just as a gaming feature.  Industry giants like Amazon have already began releasing their personal touches.  Amazon has utilized ARKit for a few months on iOS, and ARCore is now available on Android phones so that users can visualize what products will look like in their homes before ever purchasing.  Google also partnered with Snap to create a virtual tour of Barcelona’s famous Camp Nou soccer stadium.  I think it’s safe to say every tech giant in the world is thinking about either how they can incorporate AR, or what impact it’s going to have on their future.  Even outside of tech a lot of other industries are gearing up for change as well.

With so many new reality technologies emerging, its an exciting time to be either a developer or a user.  And with all this buzz about AR, let’s not forget that the end of the spectrum exists with products like the Vive containing fully immersive VR worlds.  These differ from AR in that 100% of your surroundings are computer generated, not just a portion.  There’s certainly a spectrum of how immersive AR can be.  If we put reality on one end and VR on the other, AR is everything that falls in between.

What do you think the future holds for the immersive computing spectrum?  Let us know in the comments below.

Android P Privacy, Personality, and Pistachios

Share if the site was helpful

Android P

It seems like just yesterday Android Oreo began rolling out to devices, and even now only 1% of android phones are running it.  Yet despite Oreo’s youth, the newest release rumors have already begun spreading about what’s up next.   Internally known as “Android Pistachio Ice Cream”, Android P is close on the horizon.

A little leaked info by Bloomberg has provided some insight to Android’s next release, and the changes are both expected, and somewhat out of left field.  Software features such as Google Assistant are being ramped up to become a more integral part of the interface. On the less predictable end it seems Android P will be revolving heavily around a new “notch” similar to that in the iPhone X.  This seems to be a marketing strategy aimed at converting iPhone users to team Android, but without knowing more about notch details it’s hard to say how impactful this design change will be.

Google Assistant

On a much more interesting note for developers and practical users, Google Assistant appears to be one of the primary focuses of growth.  This emphasis will likely open all sorts of new possibilities as Android finds ways to not only build out Assistant as a standalone, but to incorporate it into other apps!

Assistant already has high quality performance for asking questions and managing smart-home devices, but incorporating it into 3rd party apps opens a whole new door for creativity.  By opening Assistant up to third-party developers (like Amazon has with Alexa), we could see some groundbreaking apps come into being with voice commands.  Obviously fun from a development standpoint, and users would be empowered to do a whole lot more than just google something or ask to hear a joke.

Privacy

Another welcome feature being added on is privacy.  As it currently stands, when an app is granted camera/microphone recording permission by the user it can turn these on as it pleases.  Not ideal.  Recent code submissions show that Android P plans to be work through this issue by blocking background apps from accessing a device’s microphone or camera.  Whether or not you’re the type to sticky note your camera, this is most definitely a win for privacy.

Android P (any love for popsicle?) will make its debut in 3 months at Google’s annual I/O developer conference, and even then it will be a long way off from gaining a large market share of devices, but stay tuned and we’ll be sure to dive deeper into what it has to offer for both developers and users.

What are your thoughts about the new features coming to Android P?  Please comment below.

 

Learn How To Develop Android Apps

Share if the site was helpful

Coding is like printing your own money!!! 

Everyone has that one app idea that’s sure to be the next big thing, yet so many of these possibilities slip away unnoticed by the world.  The problem isn’t coming up with the idea, it’s crafting it into a tangible app people can download and share.   If you’ve been itching to turn an idea into reality and show the world what it’s been missing, then you’re in luck.

Phonlab’s newest course has officially been released, and to say we’re excited is an understatement.  The Android App Development course is designed to guide a student all the way from writing their first line of code ever to publishing apps on the Google Play Store.  We’ve built it to cover all the basics of Android while throwing in some snazzy features to make your creations more exciting for users.  By the end of the course you’ll not only be set up with the resources need to make a million-dollar app, but you’ll already have a portfolio of 5 apps to show off to family, friends, and potential employers.  

Here’s a quick rundown of the apps you’ll be building:

  1.  ScoreKeeper:  After learning about the basics of Java and XML this multi-sport score keeping app will show students how to build complex layouts.  Here we’ll make the jump to multiscreen apps with complex interactive layouts.  
  2.  SoundScape:  For app #2 students will learn how to include audio into their apps by building a soundboard with their own personal touches.  Audio’s not always a necessity in apps, but learning to include it can create a more immersive experience and really make your app pop.
  3.  NewsNet: In this app students will learn about this beautiful thing called the web and begin streaming live data into their apps.  We’ll consolidate articles from over 5,000 news sources into just one screen and learn some tricks the pros use to speed up development.
  4.  MyReads: Have you ever wanted to keep a log of every book you’ve ever read?  Well if so (and if not) app #4 of the course is centered around building a database for this very purpose.  We’ll learn about SQL, one of the most important languages in the data world, and learn how to share info between apps.
  5.  FireChat: In our 5th app students will build a group messaging app complete with social media incorporation by learning the syntax behind Android’s newest language Kotlin.  Kotlin has a bright future ahead of it, but online learning resources are currently few and far (Phonlab to the rescue!)

These apps are the bedrock of the education, but of course we want to set you up for success, so there are lots of other topics covered along the way.  These include how to use Github to build projects with a team of developers, and diving into the depths of object oriented programming.

Whether you want to learn as a (lucrative) career choice, or as a side hobby, there’s no better time to begin your journey, and we want to be by your side all the way.

Enroll Now At Phonlab

Android 8.0 Oreo whats inside

Share if the site was helpful

What’s Inside Android 8.0 Oreo?

Today Google has released there new Android OS version 8.0. (Code Name Oreo) If you are interesting in watching the live stream announcement from Google then watch the video here.

The Android 8.0 Oreo Firmware has been released and you will find it here, with this link to access all of the new firmware images from Google. You will need to know the code name IE (sailfish Marlin) of your nexus or pixel device to make sure you download the right version. If you need help installing this firmware then check out my tutorial HERE.

Lets take a look.

RootJunky