This document discusses several lessons about Android development that are not typically covered in school. It covers architectural changes in Android over time, security best practices, techniques for logging user activity and crash reports, strategies for building hybrid mobile-web applications, considerations for creating mobile SDKs, and approaches for testing Android apps on multiple device configurations.
26. Logging In
• Full Native
• Requires “Login API”
User Experience
• Embedded Web Browser
Security
• “OAuth”
• External Web Browser
27. Tokens
• Obtained from API or OAuth flow
• Equivalent to username + password
• Storage
• Expiry
28. Defending Your Servers
• Need per-user throttles
• Can’t count on IP addresses
• Expect many legit login failures
• Anything your client can do, evil clients can
do too
30. What to log
• User Actions
• Key to A/B Testing
• Crashes & Exceptions
31. Logging User Actions
• Log a lot ... but don’t saturate your
network connection
• Batch logs together
• But don’t block UI thread
• Send when the user’s not busy
32. Crash Logs
• Create your own UncaughtExceptionHandler
• Thread.setDefaultUncaughtExceptionHandler
• Log crash on...
• next app launch
• from background Service
33. Even More Crash Logs
Process process =
Runtime.getRuntime().exec(String.format("logcat -t %d", 100));
InputStream stream = process.getInputStream();
<uses-permission android:name="android.permission.READ_LOGS" />
34.
35.
36. Android Hybrids
App
Web Page
Interface
Easy to expose “native” features to JS
Calling JS from native code, more hacky
41. Public Web Services
(APIs)
• Derive value from 3rd party access
• Legacy services
• Designed for servers and PCs
• Lower barrier of use
• Enforce usage patterns / security
42. An SDK should...
• Provide local APIs to:
• Handle network communication
• Handle serialization of requests
• Handle deserialization of responses
• Deal with security
• Provide useful errors
43. The Java™ Way
• Generate code (bindings) for requests,
responses, error objects
• Provide runtime library for serialization/
deserialization
• Lots of code and lots of methods!
• Larger APKs
• 65536 methods allowed / dex file