Slashdot Mirror

Speaking of the state of Android apps' security, Google today published its annual Android Security & Privacy Year in Review, a comprehensive report that details the company's ongoing efforts to keep over two billion devices running Android mobile operating system secure. From a report: Google says that Google Play Protect, Android's AI-driven built-in defense mechanism, substantially cut down on the number of Potentially Harmful Applications (PHAs) in Google Play. Last year, only 0.08 percent of devices that used Google Play exclusively for app downloads were affected by PHAs, and even devices that installed apps from outside of Play -- 0.68 percent of which were affected by one or more PHAs, down from 0.80 percent in 2017 -- saw a 15 percent reduction in malware. In fact, Play Protect prevented 1.6 billion PHA installation attempts from outside of Google Play in 2018, Google says [PDF]. Installation attempts outside of Google Play fell by 20 percent from the previous year, and 73 percent of PHA installations were successfully stopped compared to 71 percent in 2017 and 59 percent in 2016. In all, 0.45 percent of Android devices running Play Protect installed PHAs in 2018 compared with 0.56 percent of devices in 2017, equating to a 20 percent year-over-year improvement.

An innocent-looking image -- sent either via the internet or text -- could open your Android phone up to hacking. "While this certainly doesn't apply to all images, Google discovered that a maliciously crafted PNG image could be used to hijack a wide variety of Androids -- those running Android Nougat (7.0), Oreo (8.0), and even the latest Android OS Pie (9.0)," reports CSO Online. From the report: The latest bulletin lists 42 vulnerabilities in total -- 11 of which are rated as critical. The most severe critical flaw is in Framework; it "could enable a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process." Although Google had no report of the security flaws being actively exploited, it remains to be seen if and how long it will take before attackers use the flaw for real-world attacks. Android owners were urged to patch as soon as security updates becomes available. But let's get real: Even if your Android still receives security updates, there's no telling how long it will be (weeks or months) before manufacturers and carriers get it together to push out the patches.

Android Studio 3.3 is now available to download through stable channel, Google said Monday. The top new features of Android Studio 3.3 include a navigation editor, profiler tracking options, improvements on the build system, and lazy task configuration. However, the big focus with the new version was on "refinement and quality," the company said. Further reading: VentureBeat.

An anonymous reader quotes a report from The Verge: Google announced today that it's working with Danish hearing aid manufacturer GN Hearing to create a new hearing aid spec for Android smartphones called ASHA, or Audio Streaming for Hearing Aids. It's designed to be battery-efficient, while providing high quality audio with low latency. Hearing aids utilizing this spec will be able to connect to and stream from Android devices without having to use another intermediate device. ASHA will enable Bluetooth hearing aids to be utilized the same way as headphones, used to call friends or listen to music. Google has published the new protocol specifications online for any hearing aid manufacturer to build native hearing aid support for Android. GN Hearing has announced that the ReSound LiNX Quattro and Beltone Amaze will be the first hearing aids to receive direct streaming support in a future update.

An anonymous reader quotes a report from The Verge: Google announced today that it's working with Danish hearing aid manufacturer GN Hearing to create a new hearing aid spec for Android smartphones called ASHA, or Audio Streaming for Hearing Aids. It's designed to be battery-efficient, while providing high quality audio with low latency. Hearing aids utilizing this spec will be able to connect to and stream from Android devices without having to use another intermediate device. ASHA will enable Bluetooth hearing aids to be utilized the same way as headphones, used to call friends or listen to music. Google has published the new protocol specifications online for any hearing aid manufacturer to build native hearing aid support for Android. GN Hearing has announced that the ReSound LiNX Quattro and Beltone Amaze will be the first hearing aids to receive direct streaming support in a future update.

An anonymous reader quotes a report from The Verge: Google is beginning to roll out desktop browser support for Android Messages, allowing people to use their PC for sending messages and viewing those that have been received on their Android smartphone. Google says the feature is starting to go out to users today and continuing for the rest of the week. Text, images, and stickers are all supported on the web version.

To get started, the Android Messages website has you scan a QR code using the Android Messages mobile app, which creates a link between the two. In today's blog post, Google also goes over numerous other recent improvements to Android Messenger including built-in GIF search, support for smart replies on more carriers, inline link previews, and easy copy/paste for two-factor authentication messages.

An anonymous reader writes: Google today launched the second Android P beta with final APIs and 157 new emoji. If you're a developer, this is your third Android P preview, and you can start testing your apps against this release by downloading the new preview from developer.android.com/preview. The preview includes an updated SDK with system images for the Pixel, Pixel XL, Pixel 2, Pixel 2 XL, and the official Android Emulator. If you're already enrolled and received the Android P Beta 1 on your Pixel device, you'll automatically get the update to Beta 2.

Google logins on unlicensed devices will now fail at setup, and a warning message will pop up stating "Device is not certified by Google," reports Ars Technica. "This warning screen has appeared on and off in the past during a test phase, but XDA (and user reports) indicate it is now headed for a wider rollout." From the report: While the basic operating system code contained in the Android Open Source Project is free and open source, Google's apps that run on top of Android (like the Play Store, Gmail, Google Maps, etc.) and many others are not free. Google licenses these apps to device makers under a number of terms designed to give Google control over how the OS is used. Google's collection of default Android apps must all be bundled together, there are placement and default service requirements, and devices must pass an ever-growing list of compatibility requirements to ensure app compatibility. Android distributions that don't pass Google's compatibility requirements aren't allowed to be called "Android" (which is a registered trademark of Google), so they are Android forks. The most high-profile example of an Android fork is Amazon's Kindle Fire line of products, but most devices that ship in China (where Google doesn't do much business) fall under the umbrella of an "Android fork," too.

While Google's Android apps are only properly available as a pre-loaded app (or through the pre-loaded Play Store), they are openly distributed on forums, custom ROM sites, third-party app stores, and other places online. When a non-compatible device seller (or a user) loads these on a device, they can potentially trigger Google's new message at login. The message pops up when you try to log in to Google's services, which usually happens during the device setup. Users who purchased the device are warned that "the device manufacturer has preloaded Google apps and services without certification from Google," and users aren't given many options other than to complain to the manufacturer. At this point, logging in to Google services is blocked, and non-tech-savvy users will have to live without the Google apps. Users of custom Android ROMs -- which wipe out the stock software and load a modified version of Android -- will start seeing this message, too.

Google logins on unlicensed devices will now fail at setup, and a warning message will pop up stating "Device is not certified by Google," reports Ars Technica. "This warning screen has appeared on and off in the past during a test phase, but XDA (and user reports) indicate it is now headed for a wider rollout." From the report: While the basic operating system code contained in the Android Open Source Project is free and open source, Google's apps that run on top of Android (like the Play Store, Gmail, Google Maps, etc.) and many others are not free. Google licenses these apps to device makers under a number of terms designed to give Google control over how the OS is used. Google's collection of default Android apps must all be bundled together, there are placement and default service requirements, and devices must pass an ever-growing list of compatibility requirements to ensure app compatibility. Android distributions that don't pass Google's compatibility requirements aren't allowed to be called "Android" (which is a registered trademark of Google), so they are Android forks. The most high-profile example of an Android fork is Amazon's Kindle Fire line of products, but most devices that ship in China (where Google doesn't do much business) fall under the umbrella of an "Android fork," too.

While Google's Android apps are only properly available as a pre-loaded app (or through the pre-loaded Play Store), they are openly distributed on forums, custom ROM sites, third-party app stores, and other places online. When a non-compatible device seller (or a user) loads these on a device, they can potentially trigger Google's new message at login. The message pops up when you try to log in to Google's services, which usually happens during the device setup. Users who purchased the device are warned that "the device manufacturer has preloaded Google apps and services without certification from Google," and users aren't given many options other than to complain to the manufacturer. At this point, logging in to Google services is blocked, and non-tech-savvy users will have to live without the Google apps. Users of custom Android ROMs -- which wipe out the stock software and load a modified version of Android -- will start seeing this message, too.

Google today launched the first Android P developer preview, available for download now at developer.android.com. From a report: The preview includes an updated SDK with system images for the Pixel, Pixel XL, Pixel 2, Pixel 2 XL, and the official Android Emulator. Unlike last year, there is no emulator for testing Android Wear on Android P.

[...] Today's preview includes the following new APIs and features (but you can expect much more; this is just the first preview, after all): Display cutout support; HDR VP9 Video, HEIF image compression, and Media APIs; HEIF (heic) images encoding has been added to the platform; multi-camera API; ImageDecoder for bitmaps and drawables; Improved messaging notifications; Data cost sensitivity in JobScheduler; indoor positioning with Wi-Fi RTT: Platform support for the IEEE 802.11mc WiFi protocol -- also known as WiFi Round-Trip-Time (RTT) -- lets you take advantage of indoor positioning in your apps. Other features and their descriptions are listed here.

According to Google's Platform Versions page, Android 8.0 Oreo mobile operating system finally has 1.1 percent adoption. Like Android Nougat before it, Android Oreo took five months to pass the 1 percent adoption mark. VentureBeat reports: On the bright side, Nougat this month has passed Marshmallow, meaning the second newest Android version is now the most widely used. The latest version of Android typically takes more than a year to become the most-used release, and so far it doesn't look like Oreo's story will be any different. Google's Platform Versions tool uses data gathered from the Google Play Store app, which requires Android 2.2 and above. This means devices running older versions are not included, nor are devices that don't have Google Play installed (such as many Android phones and tablets in China, Amazon's Fire line, and so on). Also, Android versions that have less than 0.1 percent adoption, such as Android 3.0 Honeycomb and Android 2.2 Froyo, are not listed. The two next-oldest Android versions are thus set to drop off the list sometime this year. The Android adoption order now stands as follows: Nougat in first place, Marshmallow in second place, Lollipop in third, KitKat in fourth, Jelly Bean in fifth, Oreo in sixth, ICS in seventh, and Gingerbread in last. All eyes are now on Oreo to see how slowly it can climb the ranks.

Slashdot reader Lauren Weinstein writes from a blog: My inbox has been filling today with questions regarding Google's new warning to Android application developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically being used to help users with "disabilities" (a term not defined by Google in the warning). Beyond the overall vagueness when it comes to what is meant by disabilities, this entire approach by Google seems utterly wrongheaded and misguided. "While the intended purpose is for developers to create apps for users with disabilities, the API is often used for other functionality (to overlay content, fill in text fields, etc.)," reports Android Police. "LastPass, Universal Copy, Clipboard Actions, Cerberus, Signal Spy, Tasker, and Network Monitor Mini are just a few examples of applications heavily using this API." It's likely Google is cracking down on apps that use Accessibility Services due to the security risks they pose. "Once granted the right permissions, the API can be used to read data from other apps," reports Android Police.
The developer of BatterySaver received the following message from Google:

We're contacting you because your app, BatterySaver System Shortcut, with package name com.floriandraschbacher.batterysaver.free is requesting the 'android.permission.BIND_ACCESSIBILITY_SERVICE.' Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.

Action required: If you aren't already doing so, you must explain to users how your app is using the 'android.permission.BIND_ACCESSIBILITY_SERVICE' to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.

Alternatively, you can choose to unpublish the app. All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.

If you've reviewed the policy and feel we may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.

Regards,

The Google Play Review Team

Slashdot reader Lauren Weinstein writes from a blog: My inbox has been filling today with questions regarding Google's new warning to Android application developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically being used to help users with "disabilities" (a term not defined by Google in the warning). Beyond the overall vagueness when it comes to what is meant by disabilities, this entire approach by Google seems utterly wrongheaded and misguided. "While the intended purpose is for developers to create apps for users with disabilities, the API is often used for other functionality (to overlay content, fill in text fields, etc.)," reports Android Police. "LastPass, Universal Copy, Clipboard Actions, Cerberus, Signal Spy, Tasker, and Network Monitor Mini are just a few examples of applications heavily using this API." It's likely Google is cracking down on apps that use Accessibility Services due to the security risks they pose. "Once granted the right permissions, the API can be used to read data from other apps," reports Android Police.
The developer of BatterySaver received the following message from Google:

We're contacting you because your app, BatterySaver System Shortcut, with package name com.floriandraschbacher.batterysaver.free is requesting the 'android.permission.BIND_ACCESSIBILITY_SERVICE.' Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.

Action required: If you aren't already doing so, you must explain to users how your app is using the 'android.permission.BIND_ACCESSIBILITY_SERVICE' to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.

Alternatively, you can choose to unpublish the app. All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.

If you've reviewed the policy and feel we may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.

Regards,

The Google Play Review Team

On Wednesday, Google launched the Android 8.1 Developer Preview. The new version of Android is available for Pixel and Nexus devices, and features a number of under-the-hood changes. The new version tests another change to notifications in which apps can only make a notification sound alert once per second. It also contains an Easter egg: the Android Oreo logo now looks like an actual cookie. The Verge reports that 8.1 is eventually supposed to activate the hidden Pixel Visual Core system-on-a-chip, which aims to make image processing smoother and HDR+ available to third-party developers.

Mark Wilson shares a report from BetaNews: As is easy to tell by comparing versions of Android from different handset manufacturers, developers are -- broadly speaking -- free to do whatever they want with Android, but with Oreo, one aspect of this is changing. Google is introducing a new requirement that OEMs must meet certain requirements when choosing the Linux kernel they use. Until now, as pointed out by XDA Developers, OEMs have been free to use whatever Linux kernel they wanted to create their own version of Android. Of course, their builds still had to pass Google's other tests, but the kernel number itself was not an issue. Moving forward, Android devices running Oreo must use at least kernel 3.18, but there are more specific requirements to meet as well. Google explains on the Android Source page: "Android O mandates a minimum kernel version and kernel configuration and checks them both in VTS as well as during an OTA. Android device kernels must enable the kernel .config support along with the option to read the kernel configuration at runtime through procfs."

Android O is now officially going by the name of Android Oreo. The operating system is available today via Google's Android Open Source Project. OTA rollout is expected to arrive first to Pixel and Nexus devices, with builds currently in carrier testing. The Verge reports: The use of an existing brand makes sense for Google here -- there aren't a ton of good "O" dessert foods out there, and Oreos are pretty much as universally beloved as a cookie can be. There's also precedent for the partnership, as Google had previously teamed up with Nestle and Hershey's to call Android 4.4 KitKat.

Android O is set to arrive on August 21, with a livestreamed unveiling event timed for 2:40 PM ET in NYC -- which is roughly when the maximum solar eclipse is set to occur for New York. TechCrunch reports: Android O will get a full reveal at that time, which seems like kind of a weird time to do it since a lot of people will be watching the NASA eclipse livestream that Google is also promoting, or staring at the sky (with the caveat, hopefully, that they have procured proper glasses for safe viewing). Google says that Android O will have some "super (sweet) new powers," most of which we know all about thanks to pre-release builds and the Android O teaser Google provided at its annual I/O developer event this past May. WE know, for instance, that the notification panel has been changed significantly, and there's new optimization software to improve battery life on all devices. While Android O's name has yet to be confirmed, the official consumer name is speculated to be "Oreo." Prolific leaker Evan Blass posted a picture of an Oreo to Twitter on Friday following the announcement of the reveal date and event.

Regardless of whether or not your phone is full of pictures, or videos, or apps, you will still be able to download and install an OS update with Android 8.0. According to the latest source.android.com documentation, Google has cooked up a scheme to make sure that an "insufficient space" error will never stop an update again. Ars Technica reports: Where the heck can Google store the update if your phone is full, though? If you remember in Android 7.0, Google introduced a new feature called "Seamless Updates." This setup introduced a dual system partition scheme -- a "System A" and "System B" partition. The idea is that, when it comes time to install an update, you can normally use your phone on the online "System A" partition while an update is being applied to the offline "System B" partition in the background. Rather than the many minutes of downtime that would normally occur from an update, all that was needed to apply the update was a quick reboot. At that point, the device would just switch from partition A to the newly updated partition B. When you get that "out of space" error message during an update, you're only "out of space" on the user storage partition, which is just being used as a temporary download spot before the update is applied to the system partition. Starting with Android 8.0, the A/B system partition setup is being upgraded with a "streaming updates" feature. Update data will arrive from the Internet directly to the offline system partition, written block by block, in a ready-to-boot state. Instead of needing ~1GB of free space, Google will be bypassing user storage almost entirely, needing only ~100KB worth of free space for some metadata. Ars Technica goes on to note that the feature will be backported to Google Play Services, and will be enabled on "Android 7.0 and later" devices with a dual system partition setup.

An anonymous reader quotes a report from VentureBeat: Google today launched the third Android O developer preview, available for download now at developer.android.com and via the Android Beta Program. The preview includes an updated SDK with system images for the Nexus 5X, Nexus 6P, Nexus Player, Pixel, Pixel XL, Pixel C, and the official Android Emulator, and there's even an emulator for testing Android Wear 2.0 on Android O. The big highlight with this preview is that the Android O APIs are now final. Google launched the first Android O developer preview in March and the second developer preview in May at its I/O 2017 developer conference. Google is planning to release one more preview with near-final system images in July and has slated the final version for release "later this summer" (in Q3 2017). Developer Preview 3 includes the latest version of the Android O platform with the final API level 26 and "hundreds of bug fixes and optimizations."

An anonymous reader quotes PCWorld: Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps...

In the early days of the App Security Improvement program, developers only received notifications, but were under no pressure to do anything. That changed in 2015 when Google expanded the types of issues it scanned for and also started enforcing deadlines for fixing many of them... Google added checks for six new vulnerabilities in 2015, all of them with a patching deadline, and 17 in 2016, 12 of which had a time limit for fixes. These issues ranged from security flaws in third-party libraries, development frameworks and advertising SDKs to insecure implementations of Android Java classes and interfaces.
100,000 applications had been patched by April of 2016, but that number tripled over the next nine months, with 90,000 developers fixing flaws in over 275,000 apps.

The Android One platform is a program designed by Google to provide budget-friendly Android smartphones to developing markets. The phones are attractive because they contain no bloatware, competing services, and a lack of software and security updates -- the stuff that most low-end smartphones contain. According to a report from The Information, the program is about to make its way to the U.S. market. The Verge reports: Android One phones have historically been produced by companies you probably haven't heard of, like Micromax, Cherry, and QMobile. Originally Google had a direct hand in detailing what components would go into the phone, but apparently became more flexible over time and eventually expanded the program beyond India to parts of Africa, Spain, and Portugal. Android One may not have been the rousing worldwide success Google was hoping for, but it's still an important initiative for the company. Especially at the low end, there's a lot of incentive for manufacturers to pile on extra software in a bid to make those devices more profitable -- but that could cut against Google's efforts to make its own services more pervasive and popular. If Google really does put some real effort behind Android One, it could make its plans for Android a little clearer. Google itself has taken a stand that it wants to make its own hardware at the high-end of the smartphone market with the Pixel, and if The Information's report is accurate, it wants to ensure that its services are not cut out from the low end.

An anonymous reader writes: Walmart will now let customers make purchases with their phone at all 4,600 of its stores in the U.S. The feature is called Walmart Pay and it works by letting the cashier scan a QR code on a customer's phone screen to complete their payment. The technology is different than Apple, Samsung, and Android Pay, which involves tapping your phone next to a payment terminal with NFC. The company wants to make shopping easier and faster, and with its own payment app, Walmart can get insights into consumer behavior, though it says it won't use the data without a shopper's permission. Walmart says no payment information is stored on users' phones or at registers -- card information is stored on Walmart servers. Note: Samsung Pay also uses magnetic secure transmission (MST) to make purchases. When a smartphone with Samsung Pay is held against a register with a magnetic stripe terminal, the phone emits a magnetic signal that simulates the magnetic strip found on the back of a credit or debit card.

An anonymous reader writes: Google first implemented Full Disk Encryption in Android by default with Android 5.0 Lollipop in an effort to prevent criminals or government agencies from gaining unauthorized access to one's data. What it does is it encodes all the data on a user's Android device before it's ever written to disk using a user's authentication code. Once it is encrypted, it can only be decrypted if the user enters his/her password. However, security researcher Gal Beniamini has discovered issues with the full disk encryption. He published a step-by-step guide on how one can break down the encryption protections on Android devices powered by Qualcomm Snapdragon processors. The source of the exploit is posted on GitHub. Android's disk encryption on devices with Qualcomm chips is based only on your password. However, Android uses your password to create a 2048-bit RSA key (KeyMaster) derived from it instead. Qualcomm specifically runs in the Snapdragon TrustZone to protect critical functions like encryption and biometric scanning, but Beniamini discovered that it's possible to exploit a security flaw and retrieve the keys from TrustZone. Qualcomm runs a small kernel in TrustZone to offer a Trusted Execution Environment known as Qualcomm Secure Execution Environment (QSEE), which allows small apps to run inside of QSEE away from the main Android OS. Beniamini has detailed a way for attackers to exploit an Android kernel security flaw to load their own QSEE app inside this secure environment, thereby exploiting privilege escalation flaw and hijacking of the complete QSEE space, including the keys generated for full disk encryption. The researcher also said Qualcomm or OEMs can comply with government or law enforcement agencies to break the FDE: "Since the key is available to TrustZone, Qualcomm and OEMs [Original Equipment Manufacturers] could simply create and sign a TrustZone image which extracts the KeyMaster keys and flash it to the target device," Beniamini wrote. "This would allow law enforcement to easily brute force the FDE password off the device using the leaked keys."

An anonymous reader writes: Google unveiled the biggest update to Android Wear yet at Google I/O -- Android Wear version 2.0. Google VP of Engineering for Android Wear David Singleton said the new version represents a "holistic pass across the design of the whole system" and focuses on providing users more glanceable information, improved messaging tools (including support for keyboards, handwriting recognition and smart replies), as well as new fitness and wellness features. The design features improved Material Design aesthetics with an emphasis on color. By default, the navigation drawer is always at the top of the screen and notifications themselves will always show up at the bottom. Android Wear 2.0 features standalone apps that communicate directly over the Internet via Bluetooth, Wi-Fi, or cellular. Apps are no longer exclusively relying on a tethered phone or cloud syncing. There's a Complications API, which allows developers to pass raw data to watch faces. Wear 2.0 adds two new input methods: a swipe-style keyboard for typing and a handwriting recognition mode to sketch letters on your watch's screen to spell out messages. There have also been various Google Fit-related improvements to make Android Wear watches better fitness trackers. Android Wear 2.0 is available today as a developer preview, with the finished product being released this fall.

An anonymous reader writes: Google unveiled the biggest update to Android Wear yet at Google I/O -- Android Wear version 2.0. Google VP of Engineering for Android Wear David Singleton said the new version represents a "holistic pass across the design of the whole system" and focuses on providing users more glanceable information, improved messaging tools (including support for keyboards, handwriting recognition and smart replies), as well as new fitness and wellness features. The design features improved Material Design aesthetics with an emphasis on color. By default, the navigation drawer is always at the top of the screen and notifications themselves will always show up at the bottom. Android Wear 2.0 features standalone apps that communicate directly over the Internet via Bluetooth, Wi-Fi, or cellular. Apps are no longer exclusively relying on a tethered phone or cloud syncing. There's a Complications API, which allows developers to pass raw data to watch faces. Wear 2.0 adds two new input methods: a swipe-style keyboard for typing and a handwriting recognition mode to sketch letters on your watch's screen to spell out messages. There have also been various Google Fit-related improvements to make Android Wear watches better fitness trackers. Android Wear 2.0 is available today as a developer preview, with the finished product being released this fall.

An anonymous reader writes: Google unveiled the biggest update to Android Wear yet at Google I/O -- Android Wear version 2.0. Google VP of Engineering for Android Wear David Singleton said the new version represents a "holistic pass across the design of the whole system" and focuses on providing users more glanceable information, improved messaging tools (including support for keyboards, handwriting recognition and smart replies), as well as new fitness and wellness features. The design features improved Material Design aesthetics with an emphasis on color. By default, the navigation drawer is always at the top of the screen and notifications themselves will always show up at the bottom. Android Wear 2.0 features standalone apps that communicate directly over the Internet via Bluetooth, Wi-Fi, or cellular. Apps are no longer exclusively relying on a tethered phone or cloud syncing. There's a Complications API, which allows developers to pass raw data to watch faces. Wear 2.0 adds two new input methods: a swipe-style keyboard for typing and a handwriting recognition mode to sketch letters on your watch's screen to spell out messages. There have also been various Google Fit-related improvements to make Android Wear watches better fitness trackers. Android Wear 2.0 is available today as a developer preview, with the finished product being released this fall.

An anonymous reader writes: Google unveiled the biggest update to Android Wear yet at Google I/O -- Android Wear version 2.0. Google VP of Engineering for Android Wear David Singleton said the new version represents a "holistic pass across the design of the whole system" and focuses on providing users more glanceable information, improved messaging tools (including support for keyboards, handwriting recognition and smart replies), as well as new fitness and wellness features. The design features improved Material Design aesthetics with an emphasis on color. By default, the navigation drawer is always at the top of the screen and notifications themselves will always show up at the bottom. Android Wear 2.0 features standalone apps that communicate directly over the Internet via Bluetooth, Wi-Fi, or cellular. Apps are no longer exclusively relying on a tethered phone or cloud syncing. There's a Complications API, which allows developers to pass raw data to watch faces. Wear 2.0 adds two new input methods: a swipe-style keyboard for typing and a handwriting recognition mode to sketch letters on your watch's screen to spell out messages. There have also been various Google Fit-related improvements to make Android Wear watches better fitness trackers. Android Wear 2.0 is available today as a developer preview, with the finished product being released this fall.

An anonymous reader writes: Google on Wednesday released the second developer preview of Android N. The update, which comes a month after the release of first Android N developer preview, brings with it a number of features and improvements. On a blog post, Google wrote that it is adding Vulkan, a low-overhead graphics API to the package. This would supposedly offload some CPU-bound processes to GPU. Also in the build are new "human-looking" emojis. Improvements can be found here.

An anonymous reader quotes a report from VentureBeat: Google today launched Android Studio 2.0, the latest version of its integrated development environment (IDE), with a long list of new features. You can download the new version for Windows, Mac, and Linux now directly from Android.com/SDK. In November, Google unveiled Android Studio 2.0, the second major version of its IDE. Version 2.0 brings a slew of improvements, including Instant Run, a faster Android emulator, and app indexing improvements. Google released a beta in February, though it didn't say when the final version would be ready ([VentureBeat] speculated in time for its I/O developer conference in May, and the company debuted with a month to spare). The full feature list includes Instant Run, Android Emulator, Cloud Test Lab, App Indexing, and GPU Debugger Preview.

An anonymous reader quotes a report from VentureBeat: Google today launched Android Studio 2.0, the latest version of its integrated development environment (IDE), with a long list of new features. You can download the new version for Windows, Mac, and Linux now directly from Android.com/SDK. In November, Google unveiled Android Studio 2.0, the second major version of its IDE. Version 2.0 brings a slew of improvements, including Instant Run, a faster Android emulator, and app indexing improvements. Google released a beta in February, though it didn't say when the final version would be ready ([VentureBeat] speculated in time for its I/O developer conference in May, and the company debuted with a month to spare). The full feature list includes Instant Run, Android Emulator, Cloud Test Lab, App Indexing, and GPU Debugger Preview.

An anonymous reader quotes a report from VentureBeat: Google today launched Android Studio 2.0, the latest version of its integrated development environment (IDE), with a long list of new features. You can download the new version for Windows, Mac, and Linux now directly from Android.com/SDK. In November, Google unveiled Android Studio 2.0, the second major version of its IDE. Version 2.0 brings a slew of improvements, including Instant Run, a faster Android emulator, and app indexing improvements. Google released a beta in February, though it didn't say when the final version would be ready ([VentureBeat] speculated in time for its I/O developer conference in May, and the company debuted with a month to spare). The full feature list includes Instant Run, Android Emulator, Cloud Test Lab, App Indexing, and GPU Debugger Preview.

An anonymous reader quotes a report from VentureBeat: Google today launched Android Studio 2.0, the latest version of its integrated development environment (IDE), with a long list of new features. You can download the new version for Windows, Mac, and Linux now directly from Android.com/SDK. In November, Google unveiled Android Studio 2.0, the second major version of its IDE. Version 2.0 brings a slew of improvements, including Instant Run, a faster Android emulator, and app indexing improvements. Google released a beta in February, though it didn't say when the final version would be ready ([VentureBeat] speculated in time for its I/O developer conference in May, and the company debuted with a month to spare). The full feature list includes Instant Run, Android Emulator, Cloud Test Lab, App Indexing, and GPU Debugger Preview.

An anonymous reader quotes a report from VentureBeat: Google today launched Android Studio 2.0, the latest version of its integrated development environment (IDE), with a long list of new features. You can download the new version for Windows, Mac, and Linux now directly from Android.com/SDK. In November, Google unveiled Android Studio 2.0, the second major version of its IDE. Version 2.0 brings a slew of improvements, including Instant Run, a faster Android emulator, and app indexing improvements. Google released a beta in February, though it didn't say when the final version would be ready ([VentureBeat] speculated in time for its I/O developer conference in May, and the company debuted with a month to spare). The full feature list includes Instant Run, Android Emulator, Cloud Test Lab, App Indexing, and GPU Debugger Preview.

An anonymous reader quotes a report from VentureBeat: Google today launched Android Studio 2.0, the latest version of its integrated development environment (IDE), with a long list of new features. You can download the new version for Windows, Mac, and Linux now directly from Android.com/SDK. In November, Google unveiled Android Studio 2.0, the second major version of its IDE. Version 2.0 brings a slew of improvements, including Instant Run, a faster Android emulator, and app indexing improvements. Google released a beta in February, though it didn't say when the final version would be ready ([VentureBeat] speculated in time for its I/O developer conference in May, and the company debuted with a month to spare). The full feature list includes Instant Run, Android Emulator, Cloud Test Lab, App Indexing, and GPU Debugger Preview.

Google is releasing Android N Preview to developers today. The early release is meant to collect feedback sooner than usual, and even includes a new way to download the update. Instead of installing a drive image, you can participate in an Android Beta Program that installs pre-release versions over the air (as long as you have a relatively recent Nexus device or the Pixel C). The biggest attraction, by far, is a new multi-window mode, which lets you use split-screen modes on phones and tablets, and even specify minimum allowable dimensions. There's even a picture-in-picture video mode, too, so you can keep watching YouTube while you message your friends. Other improvements in the preview include direct reply notifications that let you reply to a message right from an alert, iOS-style. Also, Android N optionally bundles notifications from the same app so that they don't clutter your view. Marshmallow's Doze feature has been improved to save battery life whenever the screen turns off, and coders can take advantage of Java 8 features. Google is also working to reduce the memory needs of Android via Project Svelte, allowing the Android OS to run smoothly on lower specced devices.

itwbennett writes: Google released over-the-air firmware updates for its Nexus devices Monday and will publish the patches to the Android Open Source Project (AOSP) repository by Wednesday, fixing a new batch of vulnerabilities in Android that could allow hackers to take over devices remotely or through malicious applications. The new patches address six critical, two high and five moderate vulnerabilities. The most serious flaw is located in the mediaserver Android component, a core part of the operating system that handles media playback and corresponding file metadata parsing.

An anonymous reader writes Google today announced that Android One, the company's standard for bringing smartphones to the developing world, is coming to Indonesia later this month. This makes Indonesia the fifth country to roll out Android One, in addition to India, Bangladesh, Nepal, and Sri Lanka. Yet the bigger news is that these latest devices are shipping with Android 5.1 Lollipop. Before today, the latest known version of Google's mobile operating system was Android 5.0 Lollipop, which debuted in November 2014.

An anonymous reader writes After two years of development, Google today released Android Studio 1.0, the first stable version of its Integrated Development Environment (IDE) aimed solely at Android developers. You can download the tool right now for Windows, Mac, and Linux from the Android Developer site. Google first announced Android Studio, built on the popular IntelliJ IDEA Java IDE, at its I/O Developer conference in May 2013. The company's pitch was very simple: this is the official Android IDE.

oyenamit writes Online shopping in India is still in its infancy but is growing tremendously to reach the mostly untapped market of 1.2 billion people. Invariably, the conflict between pure online retailers like Amazon and Flipkart and brick and mortar stores was bound to emerge. Unfortunately for Google's Android One, it has been on the receiving end of this friction. Leading brick and mortar retailers in India have refused to sell Android One handsets ever since the US company chose to launch its products exclusively online. The three Android One makers in India — Micromax, Karbonn and Spice — launched their handsets exclusively online in mid-September. When sales did not meet their expectations, they decided to release their products via the brick and mortar store channel. However, smaller retailer and mom-n-pop shops have decided to show their displeasure at having being left out of the launch by deciding not to stock Android One. The Android One phones, announced at the most recent Google I/O, are Google's attempt to bring stock Android (as on Google's Nexus devices) to emerging markets, with competent but not high-end phones.

An anonymous reader writes: As promised, Google today released the full Android 5.0 Lollipop SDK, along with updated developer images for Nexus 5, Nexus 7 (2013), ADT-1, and the Android emulator. The latest version of Android isn't available just yet, but the company is giving developers a head start (about two weeks), so they can test their apps on the new platform. To get the latest Android 5.0 SDK, fire up Android SDK Manager and head to the Tools section, followed by latest SDK Tools, SDK Platform-tools, and SDK Build-tools. Select everything under the Android 5.0 section, hit "Install packages...", accept the licensing agreement, and finally click Install. Google also rolled out updated resources for their Material Design guidelines.

An anonymous reader writes: I don't wear a watch. I never have. So, to me, the push for smart watches has always been a non-starter. But I was discussing with friends some of the features of Android Wear that Google demonstrated at the I/O conference today, and it got me wondering: what set of features would be required for a smartwatch to become viable? Obviously, this is different for everybody — millions of people wear regular watches even though they could easily pull out their phone and check the time there. Any smartwatch can also tell time, but it has advantages (apps that do other things), and disadvantages (needs charging). Clearly, there are some functions for which it's useful to have an object strapped to your wrist, even if that function could be served by the device in your pocket. Telling time is one, and lots of people use sundry fitness doo-dads to measure exercise. It makes sense to me that checking the weather forecast would fall into this category, and perhaps checking notifications. (Conversely, other functions do not translate at all, like taking photos or playing games.) Thus, two questions: if you already wear a watch, what would it take for a smartwatch to replace it? If you don't wear a watch, what features would motivate you to get one?

mrspoonsi tips news that Google has announced 'Android Wear,' their effort to bring the Android mobile operating system to wearable devices. Android Wear provides an interface to control other devices through a smartwatch, adds support for Google Now's voice commands, and lets wearables integrate with various apps. Google has made a developer preview available for download immediately. Google's Motorola division concurrently announced a smartwatch that's powered by Android Wear called the Moto 360. LG announced one as well.

The popular Cyanogen Mod distribution of the Android Open Source Project dropped a bombshell today: the founding members have formed a corporation (currently with a team of seventeen hackers) to work on the project with the founder of Boost Mobile as the CEO. Quoting the announcement: "You have probably seen the pace of development pick up drastically over the past few months. More devices supported, bigger projects such as CM Account, Privacy Guard, Voice+, a new version of Superuser, and secure messaging. We vastly improved our infrastructure. We’re doing more bug fixes, creating more features, and improving our communication. We think that the time has come for your mobile device to truly be yours again, and we want to bring that idea to everybody. ... So what does this all mean for the community? The first thing I wanted to do when I realized we were actually doing this, was tell everyone possible. But when starting a company, you have to think about the larger picture. This meant not announcing until the time was right, our house was in order and we would have something to show. I have seen open source projects come and go, some being bought out and closed, others stagnating and falling by the wayside. I don’t want to see this happen with CM."

Today Google revealed that the next major version of the Android mobile operating system will be called 'KitKat.' The naming convention has always used sugary snacks in alphabetical order — Jelly Bean (4.1 - 4.3) followed Ice Cream Sandwich (4.0), which followed Honeycomb (3.1 - 3.2), which followed Gingerbread (2.3), and so on. Unlike the previous releases, KitKat is named after an actual product, rather than a generic treat. Thus, Google contacted Nestle, who was happy to jump on board and take advantage of the cross-marketing opportunities. According to an article at the BBC, the Android team was originally going to use 'Key Lime Pie,' but they decided it wasn't familiar enough to most people. After finding some KitKat bars in the company fridge, they made the choice to switch. Nestle was on board 'within an hour' of hearing the idea.

bogaboga writes "You might be wondering why the U.S. Public Broadcasting Service doesn't have a compelling Android footprint. I was wondering too; until they provided the answer. They say, 'Simply put, it’s too complicated for us to even consider an Android app for the first version; we’ll continue to support those viewers with mobile web. ... As we’re focused on the tablet for this project, we’re only designing for the larger screen sizes. But even there, there are a wide range of sizes and aspect ratios. It’s possible to build flexible sizing for these screen layouts, just as we do for the range of desktop web screen sizes. But the flip side to these wide variations is that in a touch experience, ergonomics plays an important role in the design. Navigational elements need to be within easy reach of the edges of the screens since people often are holding their tablets. If the experience is not fine-tuned to each variation the experience would suffer.' They also cite fragmentation. I'm left wondering whether they didn't find support for various screen sizes on Android developer website. Their budget is undoubtedly limited; are their concerns legit? What companies and organizations have developed Android applications that are good to work with on various screen sizes?"

Nerval's Lobster writes "Apple's developer Website offers a new, handy graph of iOS fragmentation — which, of course, highlights that the mobile operating system isn't fragmented much at all. A full 93 percent of iOS users are on iOS 6, the latest version; another 6 percent rely on iOS 5; and a mere 1 percent use an earlier iOS. Compare that to Google Android, which really is fragmented: some 33 percent of Android devices run some variant (either 4.1.x or 4.2.x) of the 'Jelly Bean' build, while 36.5 percent run a version of 'Gingerbread,' which was first released in December 2010 — ancient history, in mobile-software terms. (Other versions take up varying slices of the Android pie.) For years, Google's rivals have used the 'Android is fragmented' argument to hype their own platforms. But is Android's fragmentation really hurting the platform? Not as far as global shipments are concerned. According to recent data from research firm IDC, Android's market-share stood at 75 percent in the first quarter of 2013 — up from 59.1 percent in the same quarter a year ago. Meanwhile, iOS owned 17.3 percent of the market — compared to 23.1 percent in the year-ago quarter. Whatever the drawbacks of fragmentation (and people can name quite a few), it's clear that it's not really hurting Android device shipments or adoption."

chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."

New submitter tian2992 writes "The new terms for the Android SDK now include phrases such as 'you may not: (a) copy (except for backup purposes), modify, adapt, redistribute, decompile, reverse engineer, disassemble, or create derivative works of the SDK or any part of the SDK' among other non-Free-software-friendly terms, as noted by FSF Europe's Torsten Grote. Replicant, a free fork of Android, announced the release of Replicant SDK 4.0 based on the latest sources of the Android SDK without the new terms."

Nerval's Lobster writes "Google Android's dominance of the smartphone space has been reinforced by a new IDC study that places its market-share at 68.3 percent, well ahead of iOS at 18.8 percent. But which version of Android is most preferred by users? A new set of graphs on the Android Developers Website offers the answer to that question: 'Gingerbread,' or Android versions 2.3 through 2.3.7, dominates with 50.8 percent of the Android pie. 'Ice Cream Sandwich,' or versions 4.0.3 through 4.0.4, is second with 27.5 percent, with the latest 'Jelly Bean' build at 6.7 percent. As demonstrated by that graph on the Android Developers Website, there are a lot of devices running a lot of different versions of Android out there in the ecosystem, all with different capabilities. In turn, that could make it difficult for Google to deliver 'the latest and greatest' to any customer that wants it, and potentially irritates those customers who buy a smartphone (particularly a high-end one) expecting regular upgrades." Here's how Slashdot readers using Android break down: 31.0% Jelly Bean, 31.5% Ice Cream Sandwich, 0.7% Honeycomb, 22.8% Gingerbread, 4.3% Froyo, 1.1% Eclair, 0.05% Donut, 0.02% Cupcake, 8.5% unknown. Looks like you folks are ahead of the curve. iOS breaks down like this: 67% iOS 6, 28.6% iOS 5, 3.2% iOS 4, 0.5% iOS 3, 0.7% unknown. (These numbers include more than just phones, of course.) Overall, our iOS traffic (8.74%) is higher than our Android traffic (6.75%). Windows Phone and BlackBerry both clock in at about 0.2%.

hypnosec writes "Google has released the full SDK for its latest edition of Android, Jelly Bean, which was unveiled during Google I/O. Google has already released the source code of Jelly Bean earlier. Google announced through a blog post that developers can develop application against the API level 16 using the new Jelly Bean APIs. Developers would be able to develop apps that will run on Nexus 7 tablets. Jelly Bean is touted as one of the best from Google and it promises a smoother and more responsive UI across the system."