SlideShare ist ein Scribd-Unternehmen logo
1 von 36
Downloaden Sie, um offline zu lesen
EUROPE
Developer Session
What’s Different in
Android L, M, N, O
Darryn Campbell & Pietro Maggi
Software Experts
• Android Trends & Trajectory
• Android Lollipop
• Android Marshmallow
• Android Nougat
• Android ‘O’
Agenda
What’s Different in Android L, M, N, O
COMMON PATTERNS
There are some interesting patterns emerging as Android evolves:
• Notifications have undergone major (or at least noteworthy) changes in every
release from KitKat to ‘O’.
• Notifications feature heavily in enterprise use cases it becomes increasingly
complex to lock down what the user is able to control
• Pushes towards power saving, taking flexibility away from developers with
consumer end user battery life in mind
• Locking down your device becomes increasingly complex.
• E.g. More system apps to prohibit
Common Patterns & Trajectory
Controlling device access
ANDROID LOLLIPOP
• Introduced in API 21
• Google sample: https://github.com/googlesamples/android-JobScheduler
• Helps perform background work in an efficient way, especially networking
• For older devices, with GMS, GCM Network Manager provides efficient background
job scheduling
• https://developers.google.com/cloud-messaging/network-manager
• GCMTaskService is typically simpler to manage and more difficult to mess up than
JobService
Note that GCMTaskService is implemented using the JobScheduler API on Lollipop
and newer OS.
Android Lollipop
JobScheduler API
• Many enhancements to BLE between Android 4.4 and Android 5.0
• Addition of peripheral mode
• Support for Beacon or iBeacon packets
• Allows broadcasting of advertising packets (hardware permitting)
• Improved background scanning no longer prevents the device from sleeping.
• API backwardly compatible with KitKat
Android Lollipop
Bluetooth LE Matures
ANDROID
MARSHMALLOW
• Dynamic runtime permissions
• Doze mode
• Bluetooth changes
• Encryption & Adoptable storage
• Trusted & untrusted resets
• Enterprise Android: COSU support (Corporate-owned single-use)
Android Marshmallow
Behaviour changes affecting Enterprise
Targeting API 23+
If you target API level 23+, your application is not going to
have the dangerous permission granted at install time, but
it needs to:
• Check
• Request
• Fail gracefully if not permission is not granted
Targeting API 23+
When the user installs or updates the app, the system grants the app all permissions that the app requests that fall
under PROTECTION_NORMAL.
For example, alarm clock and internet permissions fall under PROTECTION_NORMAL, so they are automatically
granted at install time.
Some of the permission that are now granted automatically are:
1. GET_ACCOUNTS
2. READ_PHONE_STATE
3. READ_EXTERNAL_STORAGE
4. GET_TASKS, REORDER_TASKS, KILL_BACKGROUND_PROCESSES
5. EXPAND_STATUS_BAR
What if I’m targeting API level 22 or older?
The new permission system is not enforce at install time.
If the user install your application, like before, it gets all the requested
permissions. BUT.
If an user can go into the settings application, it can removes the
permissions.
Lock down the device looks like a good idea to me!
Reminder: adb install Needs -g To Auto-Grant Permissions
If your app has a targetSdkVersion of 23 or higher, and you are
installing the app via the command line, note that adb install has two
possible behaviors:
• Used normally, the app is installed without any runtime permissions
granted. This mimics a normal app install, where you have to ask
for the permissions at runtime.
• Used with the -g switch, the app is installed with all runtime
permissions pre-granted, as if the app had a targetSdkVersion
below 22. This can be handy for rapid testing, though it is not
indicative of what the user will see.
Source: https://commonsware.com/blog/2016/03/18/reminder-adb-install-needs-auto-grant-permissions.html
It’s all about the battery!
Source: https://www.bignerdranch.com/blog/diving-into-doze-mode-for-developers/
GMS and AOSP – it makes a difference
Doze Mode is enabled only on GMS devices
This is where you can use an High-Priority Firebase Cloud Message to wake up the device and kick an application
temporarily out of Doze mode:
In Doze or App Standby mode, the system delivers the message and gives the app temporary access to network
services and partial wakelocks, then returns the device or app to the idle state.
Source: https://developer.android.com/training/monitoring-device-state/doze-standby.html
Whitelisting an application
• An app that is whitelisted can use the network and hold partial wake locks during Doze and App Standby.
However, other restrictions still apply to the whitelisted app, just as they do to other apps.
• An app can check whether it is currently on the exemption whitelist by calling
isIgnoringBatteryOptimizations().
• Users can manually configure the whitelist in Settings > Battery > Battery Optimization.
• Alternatively, the system provides ways for apps to ask users to whitelist them:
• An app can fire the ACTION_IGNORE_BATTERY_OPTIMIZATION_SETTINGS intent to take the user directly to the Battery
Optimization, where they can add the app.
• An app holding the REQUEST_IGNORE_BATTERY_OPTIMIZATIONS permission can trigger a system dialog to let the user
add the app to the whitelist directly, without going to settings.
• The app fires a ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS Intent to trigger the dialog.
• The user can manually remove apps from the whitelist as needed.
Source: https://developer.android.com/training/monitoring-device-state/doze-standby.html
Testing for Doze Mode and App-Standby
You can simulate Doze mode using adb while your application is running:
$ adb shell dumpsys deviceidle force-idle
You can simulate App-Standby using adb while your application is running:
Force the app into App Standby mode by running the following commands:
$ adb shell dumpsys battery unplug
$ adb shell am set-inactive <packageName> true
Simulate waking your app using the following commands:
$ adb shell am set-inactive <packageName> false
$ adb shell am get-inactive <packageName>
Source: https://developer.android.com/training/monitoring-device-state/doze-standby.html
Two modes:
1. Full Storage Card Encryption Mode
• Matches what Adoptable Storage is with the same limitations
• Can be provisioned via StageNow
• Duplicates Android functionality so potential for future deprecation
2. Folder Encryption Mode
• Supports encryption in /data and on the Storage Card
• Allows a common encrypted implementation in common with non-Marshmallow devices in
your deployment
Android Marshmallow
Encryption & Adoptable storage – Interaction with Encrypt Manager
Android Marshmallow
Encryption & Adoptable storage
Reset Action Emulated
storage cards
Physical
storage cards
Adopted
storage cards
Enterprise
partition
Reboot Retained Retained Retained Retained
Full Device
Wipe
Wiped Wiped Wiped Wiped
Factory
Reset
Wiped Retained Wiped Wiped
Enterprise
Reset
Wiped Retained Wiped Retained
• Designed to reduce the value of stolen (consumer) devices
• Trusted factory resets:
• Do NOT mandate reentry any previously associated Google creds
• Invoked from device settings UI
• Untrusted factory resets:
• GMS Only
• DO mandate reentry of any previously associated Google creds
• Factory resets invoked from MX Power manager
• Factory reset packages available from Zebra support
• Note: If you forget your previously associated Google creds contact
Zebra support
Android Marshmallow
Trusted & untrusted factory resets
• Applications and services have to call scanner disable when device is suspending [e.g.
onPause/onDestroy callback].
• On Lollipop (Android v5.x) or KitKat (Android v4.4) devices we don't have imager
standby mode supported, in this mode imager would consume lowest power, with
TC51/TC56/TC70x/TC75x, using Marshmallow (Android 6.0), this was a requirement to
have lowest power on suspend.
• With this mode, imager loses all it's configurations which is done in enable, hence user
needs to recall enable again, however after disabling scanner, otherwise scan
framework will not accept another enable due to state machine.
Android Marshmallow
Imager goes into standby mode when devices goes into suspend.
• Android for Work started with 5.0 (lollipop). Announced at Google I/O 2014
• Initially targeted BYOD (Bring your own device) use cases
• Separation of ‘Work’ mode from personal applications
• ‘Work profile’ owned by a “Profile Owner” which would be a device policy controller (DPC)
• Enhancements for COPE (Corporate owned, personally enabled)
• Expectation that device or profile will owned by a DPC
• DPC is acting as device owner (DO) or profile owner (PO)
• Enhancements for COSU (Corporate owned, single use) [6.0+]
• Expectation that these devices will only have a device owner (DO)
• Typical Zebra device use cases
• Non-Zebra single use Android devices could be a payment terminal or airport check-in.
• DO provisioning via NFC prioritized by Google (also possible via adb)
Android Marshmallow
Android in the Enterprise: Recap
• COSU support (Corporate Owned – Single Use)
• Managed configurations via bundle data types
• Lock Task Mode in additional to lollipop’s consumer oriented ‘Pinning’
DEMOS
Android Marshmallow
Android in the Enterprise: COSU support in Marshmallow
Android Marshmallow
Managed Configurations
Android Marshmallow
Lock Task Mode
ANDROID NOUGAT
• Multi-Window Support
• Notification Enhancements
• Doze on the Go
• Data Saver
• Tile API
• Number Blocking
• New Emojis 
Android Nougat (7.0)
Behaviour changes affecting Enterprise
• WebView enhancements, now
using Chrome (on GMS)
• Enterprise updates (incremental)
• Hardware back keystore
• App Shortcuts
• Image Keyboard Support
• “Professional” Emoji   
• Storage Manager Intent
Android Nougat (7.1)
Behaviour changes affecting Enterprise
ANDROID ‘O’
• Background execution limits
• Background service limitations
• Implicit broadcast reception limitations
• Android background location limits
• Notification enhancements for ‘Channels’
giving users more granular control of
notification importance & how they should
be notified.
• Launcher shortcut pinning
Android O PREVIEW
Behaviour changes affecting Enterprise
• Enterprise updates:
• COMP (Corporate owned, managed profile)
devices
• Incremental improvements to DPC APIs
(new & existing).
• E.g. inter profile application communication.
• Autofill Framework
• Google Safe Browsing API in WebViews
Questions?
• Android M developer impact: https://developer.zebra.com/community/android/android-forums/android-
blogs/blog/2017/01/20/what-s-new-for-android-m-and-the-impact-on-zebra-developers
• Deploying applications on Zebra devices from JellyBean to Marshmallow & beyond:
https://developer.zebra.com/community/android/android-forums/android-blogs/blog/2017/02/08/deploying-an-application-to-zebra-
android-devices-ranging-from-jellybean-to-marshmallow-and-beyond
• Google official docs for:
• Lollipop: https://developer.android.com/about/versions/lollipop.html
• Marshmallow: https://developer.android.com/about/versions/marshmallow/android-6.0-changes.html
• Nougat: https://developer.android.com/about/versions/nougat/android-7.0-changes.html
• O: https://developer.android.com/preview/behavior-changes.html
Useful Links
Android Alphabet Soup
Please take a moment to rate this session
using the APPFORUM mobile app.
THANK YOU
• Bullet text
Content Slide Title Goes Here
Sub title goes here
What are your options:
1. Continue to target API 22 (Lollipop)
2. Implement Google’s runtime model
3. Use an MX AppManager profile to install the application
4. Use an EMM that supports managed Android devices
Android Marshmallow
Dynamic runtime permissions

Weitere ähnliche Inhalte

Was ist angesagt?

Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depthSander Alberink
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewAshish Patel
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Developmenthackstuff
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionTandhy Simanjuntak
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardeninganupriti
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Mobile application security
Mobile application securityMobile application security
Mobile application securityShubhneet Goel
 

Was ist angesagt? (20)

Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Android Security
Android SecurityAndroid Security
Android Security
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
 
Android security
Android securityAndroid security
Android security
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3
 
Android security
Android securityAndroid security
Android security
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product Overview
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardening
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile Applications
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Mobile application security
Mobile application securityMobile application security
Mobile application security
 

Ähnlich wie Whats different in android L, M, N and O

New features in android m upload
New features in android m   uploadNew features in android m   upload
New features in android m uploadBin Yang
 
Android Enterprise vs Legacy Android (Device Admin APIs)
Android Enterprise vs Legacy Android (Device Admin APIs)Android Enterprise vs Legacy Android (Device Admin APIs)
Android Enterprise vs Legacy Android (Device Admin APIs)Ashish Sharma
 
CNIT 128 8. Android Implementation Issues (Part 2)
CNIT 128 8. Android Implementation Issues (Part 2)CNIT 128 8. Android Implementation Issues (Part 2)
CNIT 128 8. Android Implementation Issues (Part 2)Sam Bowne
 
CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)Sam Bowne
 
Google IO 2017 Recap
Google IO 2017 RecapGoogle IO 2017 Recap
Google IO 2017 RecapVishal Nayak
 
Application module slides
Application module slidesApplication module slides
Application module slidesJoanne Scouler
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Mohammed Adam
 
How to create android applications
How to create android applicationsHow to create android applications
How to create android applicationsTOPS Technologies
 
Security on android
Security on androidSecurity on android
Security on androidpk464312
 
Pentestflashkeybpardpaper
PentestflashkeybpardpaperPentestflashkeybpardpaper
PentestflashkeybpardpaperAndrey Apuhtin
 
Working of Cyanogen mod
Working of Cyanogen modWorking of Cyanogen mod
Working of Cyanogen modallwin thomas
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetupkunwaratul hax0r
 
IRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET Journal
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security WorkshopOWASP
 

Ähnlich wie Whats different in android L, M, N and O (20)

New features in android m upload
New features in android m   uploadNew features in android m   upload
New features in android m upload
 
Android ch2..pptx
Android ch2..pptxAndroid ch2..pptx
Android ch2..pptx
 
Android Enterprise vs Legacy Android (Device Admin APIs)
Android Enterprise vs Legacy Android (Device Admin APIs)Android Enterprise vs Legacy Android (Device Admin APIs)
Android Enterprise vs Legacy Android (Device Admin APIs)
 
CNIT 128 8. Android Implementation Issues (Part 2)
CNIT 128 8. Android Implementation Issues (Part 2)CNIT 128 8. Android Implementation Issues (Part 2)
CNIT 128 8. Android Implementation Issues (Part 2)
 
CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)
 
Google IO 2017 Recap
Google IO 2017 RecapGoogle IO 2017 Recap
Google IO 2017 Recap
 
Mobile security
Mobile securityMobile security
Mobile security
 
Application module slides
Application module slidesApplication module slides
Application module slides
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
How to create android applications
How to create android applicationsHow to create android applications
How to create android applications
 
Security on android
Security on androidSecurity on android
Security on android
 
Securing Android
Securing AndroidSecuring Android
Securing Android
 
Appium
AppiumAppium
Appium
 
128-ch4.pptx
128-ch4.pptx128-ch4.pptx
128-ch4.pptx
 
Appium solution artizone
Appium solution   artizoneAppium solution   artizone
Appium solution artizone
 
Pentestflashkeybpardpaper
PentestflashkeybpardpaperPentestflashkeybpardpaper
Pentestflashkeybpardpaper
 
Working of Cyanogen mod
Working of Cyanogen modWorking of Cyanogen mod
Working of Cyanogen mod
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetup
 
IRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security Assessment
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
 

Kürzlich hochgeladen

RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 

Kürzlich hochgeladen (20)

RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 

Whats different in android L, M, N and O

  • 2. Developer Session What’s Different in Android L, M, N, O Darryn Campbell & Pietro Maggi Software Experts
  • 3. • Android Trends & Trajectory • Android Lollipop • Android Marshmallow • Android Nougat • Android ‘O’ Agenda What’s Different in Android L, M, N, O
  • 5. There are some interesting patterns emerging as Android evolves: • Notifications have undergone major (or at least noteworthy) changes in every release from KitKat to ‘O’. • Notifications feature heavily in enterprise use cases it becomes increasingly complex to lock down what the user is able to control • Pushes towards power saving, taking flexibility away from developers with consumer end user battery life in mind • Locking down your device becomes increasingly complex. • E.g. More system apps to prohibit Common Patterns & Trajectory Controlling device access
  • 7. • Introduced in API 21 • Google sample: https://github.com/googlesamples/android-JobScheduler • Helps perform background work in an efficient way, especially networking • For older devices, with GMS, GCM Network Manager provides efficient background job scheduling • https://developers.google.com/cloud-messaging/network-manager • GCMTaskService is typically simpler to manage and more difficult to mess up than JobService Note that GCMTaskService is implemented using the JobScheduler API on Lollipop and newer OS. Android Lollipop JobScheduler API
  • 8. • Many enhancements to BLE between Android 4.4 and Android 5.0 • Addition of peripheral mode • Support for Beacon or iBeacon packets • Allows broadcasting of advertising packets (hardware permitting) • Improved background scanning no longer prevents the device from sleeping. • API backwardly compatible with KitKat Android Lollipop Bluetooth LE Matures
  • 10. • Dynamic runtime permissions • Doze mode • Bluetooth changes • Encryption & Adoptable storage • Trusted & untrusted resets • Enterprise Android: COSU support (Corporate-owned single-use) Android Marshmallow Behaviour changes affecting Enterprise
  • 11. Targeting API 23+ If you target API level 23+, your application is not going to have the dangerous permission granted at install time, but it needs to: • Check • Request • Fail gracefully if not permission is not granted
  • 12. Targeting API 23+ When the user installs or updates the app, the system grants the app all permissions that the app requests that fall under PROTECTION_NORMAL. For example, alarm clock and internet permissions fall under PROTECTION_NORMAL, so they are automatically granted at install time. Some of the permission that are now granted automatically are: 1. GET_ACCOUNTS 2. READ_PHONE_STATE 3. READ_EXTERNAL_STORAGE 4. GET_TASKS, REORDER_TASKS, KILL_BACKGROUND_PROCESSES 5. EXPAND_STATUS_BAR
  • 13. What if I’m targeting API level 22 or older? The new permission system is not enforce at install time. If the user install your application, like before, it gets all the requested permissions. BUT. If an user can go into the settings application, it can removes the permissions. Lock down the device looks like a good idea to me!
  • 14. Reminder: adb install Needs -g To Auto-Grant Permissions If your app has a targetSdkVersion of 23 or higher, and you are installing the app via the command line, note that adb install has two possible behaviors: • Used normally, the app is installed without any runtime permissions granted. This mimics a normal app install, where you have to ask for the permissions at runtime. • Used with the -g switch, the app is installed with all runtime permissions pre-granted, as if the app had a targetSdkVersion below 22. This can be handy for rapid testing, though it is not indicative of what the user will see. Source: https://commonsware.com/blog/2016/03/18/reminder-adb-install-needs-auto-grant-permissions.html
  • 15. It’s all about the battery! Source: https://www.bignerdranch.com/blog/diving-into-doze-mode-for-developers/
  • 16. GMS and AOSP – it makes a difference Doze Mode is enabled only on GMS devices This is where you can use an High-Priority Firebase Cloud Message to wake up the device and kick an application temporarily out of Doze mode: In Doze or App Standby mode, the system delivers the message and gives the app temporary access to network services and partial wakelocks, then returns the device or app to the idle state. Source: https://developer.android.com/training/monitoring-device-state/doze-standby.html
  • 17. Whitelisting an application • An app that is whitelisted can use the network and hold partial wake locks during Doze and App Standby. However, other restrictions still apply to the whitelisted app, just as they do to other apps. • An app can check whether it is currently on the exemption whitelist by calling isIgnoringBatteryOptimizations(). • Users can manually configure the whitelist in Settings > Battery > Battery Optimization. • Alternatively, the system provides ways for apps to ask users to whitelist them: • An app can fire the ACTION_IGNORE_BATTERY_OPTIMIZATION_SETTINGS intent to take the user directly to the Battery Optimization, where they can add the app. • An app holding the REQUEST_IGNORE_BATTERY_OPTIMIZATIONS permission can trigger a system dialog to let the user add the app to the whitelist directly, without going to settings. • The app fires a ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS Intent to trigger the dialog. • The user can manually remove apps from the whitelist as needed. Source: https://developer.android.com/training/monitoring-device-state/doze-standby.html
  • 18. Testing for Doze Mode and App-Standby You can simulate Doze mode using adb while your application is running: $ adb shell dumpsys deviceidle force-idle You can simulate App-Standby using adb while your application is running: Force the app into App Standby mode by running the following commands: $ adb shell dumpsys battery unplug $ adb shell am set-inactive <packageName> true Simulate waking your app using the following commands: $ adb shell am set-inactive <packageName> false $ adb shell am get-inactive <packageName> Source: https://developer.android.com/training/monitoring-device-state/doze-standby.html
  • 19. Two modes: 1. Full Storage Card Encryption Mode • Matches what Adoptable Storage is with the same limitations • Can be provisioned via StageNow • Duplicates Android functionality so potential for future deprecation 2. Folder Encryption Mode • Supports encryption in /data and on the Storage Card • Allows a common encrypted implementation in common with non-Marshmallow devices in your deployment Android Marshmallow Encryption & Adoptable storage – Interaction with Encrypt Manager
  • 20. Android Marshmallow Encryption & Adoptable storage Reset Action Emulated storage cards Physical storage cards Adopted storage cards Enterprise partition Reboot Retained Retained Retained Retained Full Device Wipe Wiped Wiped Wiped Wiped Factory Reset Wiped Retained Wiped Wiped Enterprise Reset Wiped Retained Wiped Retained
  • 21. • Designed to reduce the value of stolen (consumer) devices • Trusted factory resets: • Do NOT mandate reentry any previously associated Google creds • Invoked from device settings UI • Untrusted factory resets: • GMS Only • DO mandate reentry of any previously associated Google creds • Factory resets invoked from MX Power manager • Factory reset packages available from Zebra support • Note: If you forget your previously associated Google creds contact Zebra support Android Marshmallow Trusted & untrusted factory resets
  • 22. • Applications and services have to call scanner disable when device is suspending [e.g. onPause/onDestroy callback]. • On Lollipop (Android v5.x) or KitKat (Android v4.4) devices we don't have imager standby mode supported, in this mode imager would consume lowest power, with TC51/TC56/TC70x/TC75x, using Marshmallow (Android 6.0), this was a requirement to have lowest power on suspend. • With this mode, imager loses all it's configurations which is done in enable, hence user needs to recall enable again, however after disabling scanner, otherwise scan framework will not accept another enable due to state machine. Android Marshmallow Imager goes into standby mode when devices goes into suspend.
  • 23. • Android for Work started with 5.0 (lollipop). Announced at Google I/O 2014 • Initially targeted BYOD (Bring your own device) use cases • Separation of ‘Work’ mode from personal applications • ‘Work profile’ owned by a “Profile Owner” which would be a device policy controller (DPC) • Enhancements for COPE (Corporate owned, personally enabled) • Expectation that device or profile will owned by a DPC • DPC is acting as device owner (DO) or profile owner (PO) • Enhancements for COSU (Corporate owned, single use) [6.0+] • Expectation that these devices will only have a device owner (DO) • Typical Zebra device use cases • Non-Zebra single use Android devices could be a payment terminal or airport check-in. • DO provisioning via NFC prioritized by Google (also possible via adb) Android Marshmallow Android in the Enterprise: Recap
  • 24. • COSU support (Corporate Owned – Single Use) • Managed configurations via bundle data types • Lock Task Mode in additional to lollipop’s consumer oriented ‘Pinning’ DEMOS Android Marshmallow Android in the Enterprise: COSU support in Marshmallow
  • 28. • Multi-Window Support • Notification Enhancements • Doze on the Go • Data Saver • Tile API • Number Blocking • New Emojis  Android Nougat (7.0) Behaviour changes affecting Enterprise • WebView enhancements, now using Chrome (on GMS) • Enterprise updates (incremental) • Hardware back keystore
  • 29. • App Shortcuts • Image Keyboard Support • “Professional” Emoji    • Storage Manager Intent Android Nougat (7.1) Behaviour changes affecting Enterprise
  • 31. • Background execution limits • Background service limitations • Implicit broadcast reception limitations • Android background location limits • Notification enhancements for ‘Channels’ giving users more granular control of notification importance & how they should be notified. • Launcher shortcut pinning Android O PREVIEW Behaviour changes affecting Enterprise • Enterprise updates: • COMP (Corporate owned, managed profile) devices • Incremental improvements to DPC APIs (new & existing). • E.g. inter profile application communication. • Autofill Framework • Google Safe Browsing API in WebViews
  • 33. • Android M developer impact: https://developer.zebra.com/community/android/android-forums/android- blogs/blog/2017/01/20/what-s-new-for-android-m-and-the-impact-on-zebra-developers • Deploying applications on Zebra devices from JellyBean to Marshmallow & beyond: https://developer.zebra.com/community/android/android-forums/android-blogs/blog/2017/02/08/deploying-an-application-to-zebra- android-devices-ranging-from-jellybean-to-marshmallow-and-beyond • Google official docs for: • Lollipop: https://developer.android.com/about/versions/lollipop.html • Marshmallow: https://developer.android.com/about/versions/marshmallow/android-6.0-changes.html • Nougat: https://developer.android.com/about/versions/nougat/android-7.0-changes.html • O: https://developer.android.com/preview/behavior-changes.html Useful Links Android Alphabet Soup
  • 34. Please take a moment to rate this session using the APPFORUM mobile app. THANK YOU
  • 35. • Bullet text Content Slide Title Goes Here Sub title goes here
  • 36. What are your options: 1. Continue to target API 22 (Lollipop) 2. Implement Google’s runtime model 3. Use an MX AppManager profile to install the application 4. Use an EMM that supports managed Android devices Android Marshmallow Dynamic runtime permissions

Hinweis der Redaktion

  1. Background services, location services, doze mode, enhanced doze mode Notifications: material design, long press in M, reply in line in N, channels in O
  2. Interaction with Encrypt Manager – Adoptable Storage http://techdocs.zebra.com/emdk-for-android/6-0/mx/encryptmgr/ Note: Encryption Manager will not be aware that an adopted SD card is encrypted, the two are mutually exclusive.
  3. Still in the process of defining what Zebra are doing for Android N: Multi-Window. How to provision? Use cases include drag & drop. More for tablet form factors. Notification enhancements are reply inline, custom views and bundling notifications together. Consider using 3rd party messaging apps like Whats-app in an enterprise deployment of GMS devices, you get these features for ‘free’ automatically. 1st party apps (Gmail) obviously also support notification bundling Doze on the Go. More aggressive doze can now block network access & syncs / jobs even if the device is moving Data Saver blocks data for apps in the background & foreground apps may use less frequently. Could impact field workers or anybody on a data plan. Consider provisioning your app to have unrestricted data access (by default play services have unrestricted access) Tile API. Two considerations: 1. How control users from moving tiles around? 2. You can define our own quick settings tiles which could greatly increase productivity depending on the use case. Do you want to restrict access to specific tiles? The API is ADD tiles only. Note: Quick settings are urgently required or frequently used actions, NOT shortcuts to launching an application. Number Blocking. Strong Enterprise Use case but currently apps have NO access to the blocked number list. Enterprise use cases include whitelisting, blacklisting incoming & outgoing calls. Similar features may appear on Zebra hardware. Additional functionality through carrier integration (server-side blocking) prevents forwarding. Call Screening also has enterprise use cases, you might not want to show notifications under some conditions (e.g. during customer interaction). Emojis are not supported by the Enterprise Keyboard: https://www.zebra.com/gb/en/products/software/mobile-computers/enterprise-keyboard.html Starting with Chrome version 51 on Android 7.0 and above, the Chrome APK on your device is used to provide and render Android System WebViews. Great for receiving security updates and maintaining parity with the Chrome apk Only available on GMS devices. Non-GMS devices will fall behind. You will see a difference in rendering between the same EB app on two devices (one GMS, one non-GMS) Can chose your webview provider on GMS, at least for now but that is a developer option and likely could not provision. Webview APK, Dev Chrome, Beta Chrome, Stable Chrome. Continued enterprise Android updates (always on VPN, corporate colours during provisioning) Key Attestation with hardware backed keys allows your to have greater confidence that the device in use has not been compromised and enables greater protection of your data at rest https://developer.android.com/about/versions/nougat/android-7.0.html
  4. Still in the process of defining what Zebra are doing for Android N: New App shortcut paradigm. Unsure of EHS support for new App shortcuts? Image Keyboard support & Professional emoji. Again, Enterprise Keyboard is more suited for Enterprise. Storage Manager Intent: Apps can now fire an ACTION_MANAGE_STORAGE intent, taking the user to the system's Free up space screen. For example, if an app requires more space than is currently available, it can use this intent to let the user delete unneeded apps and content to free up sufficient space. Will want to find a way to block this. https://developer.android.com/about/versions/nougat/android-7.1.html
  5. Migration guide for Background SERVICE execution limits: https://developer.android.com/preview/features/background.html (target API level 25 or below, Use JobScheduler API, foreground service, FCM to wake the application, defer work). Whitelist exists but not user editable – whitelisted for a few minutes for PendingIntents, receiving intents or FCM. Android background location limits affect Fused and non-fused providers. Geofencing still works. Mitigation: bring your app to the foreground, use a foreground service, use a passive location listener. Background apps have location computed a few times each hour. Launcher shortcut pinning requires user to acknowledge. Could lead to quicker access to an app or functionality. Must be supported by the home screen. Autofill framework: could be used in conjunction with managed configurations to help pre-populate fields with existing applications.
  6. Recommendation: A combination of 2 and 3 to debug and deploy respectively. Lock down the app permissions dialog.