Android M Arrives In Q3: Native Fingerprint Support, Android Pay, 'Doze' Mode

MojoKid writes with yet more news from the ongoing Google IO conference: Google I/O kicked off this afternoon and the first topic of discussion was of course Google's next generation mobile operating system. For those that were hoping for a huge UI overhaul or a ton of whiz-bang features, this is not the Android release for you. Instead, Android M is more of a maintenance released focused mainly on squashing bugs and improving stability/performance across the board. Even though Android M is about making Android a more stable platform, there are a few features that have been improved upon or introduced for this release: App Permissions, Chrome Custom Tabs for apps, App Links (instead of asking you which app to choose when clicking a link, Android M's new Intent System can allow apps to verify that they are rightfully in possession of a link), NFC-based Android Pay, standardized fingerprint scanning support, and a new "doze" mode that supposedly offers 2X longer battery life when idle.

Laugh

[koan]

"these aren't the droids you're looking for"

useless without updates

The most common Android version in the wild is still.. Jelly Bean.

Android has dropped the ball on OS updates. Apple didn't do it perfect, but they are much better and mostly you can update devices to at least one or two more versions before it beomes obsolete.

Google needs to up their game around OS updates or it doesn't matter what they put in it, if nobody is running it.

Re:useless without updates

[rasmusbr]

The most common version is now KitKat with 39.8%. Jelly Bean is second with 39.2% and Lollipop has just under 10%.

https://developer.android.com/...

Keep in mind that a lot of Android users have low incomes and/or live in countries where an over the air OS update would be a significant cost to the average person. We might think that a smartphone is useless without at least a 1GB per month data plan, but hundreds of millions of users in the developing world think otherwise.

Re:useless without updates

[rasmusbr]

True, but if you're not visiting the Play Store you're probably either not using your phone for anything that would benefit from an OS update, or you're using Cyanogen or some other custom build.

If you look at the distribution of people who actually download your app from Google Play it will be even more skewed towards newer versions of Android, because people download a lot more apps in the days and weeks after they buy a new phone.

I have an app that currently sees about 20% Lollipop and 45% KitKat in new installs.

Large change with app permissions

[SuperKendall]

They talk about how it's a stability release, but if you are going to compile your application with the newer dev tools you are going to have to do some work adapting to the iOS style permission model.

I'm really glad to see Android adopted this model, the previous model made no sense from any standpoint - it was worse for the users, and worse for security. Now that Android will ask for permission when you actually want to use some protected resource, they can make a way more informed choice if they should allow it or not - and on the fly decide an app can access some things and not others (say allowing Contacts but not location).

It's just a shame the older style permission model will be supported for some time to come, as it greatly eases the ability of spyware to operate on Android.

Re:Large change with app permissions

[robmv]

Older applications not targeting M, will show permissions at install time and be granted by default, but the user will be able to revoke them, the platform will just give empty data or fail. From the preview documentation

Note: On devices running the M Developer Preview, a user can turn off permissions for any app (including legacy apps) from the app's Settings screen. If a user turns off permissions for a legacy app, the system silently disables the appropriate functionality. When the app attempts to perform an operation that requires that permission, the operation will not necessarily cause an exception. Instead, it might return an empty data set, signal an error, or otherwise exhibit unexpected behavior. For example, if you query a calendar without permission, the method returns an empty data set.

If you are worried that old applications can use the permissions immediately after installation, before you have time to disable the permissions, take into account that applications are installed on a stopped state, there is no programmatic way for it to auto start itself. Start on boot may work but it is not precisely immediately. So I think the best action is to go to those old applications just after install and remove every permission you don't want to grant before starting it.

Re:Large change with app permissions

[c]

Older applications not targeting M, will show permissions at install time and be granted by default, but the user will be able to revoke them, the platform will just give empty data or fail.

... and for those concerned about old apps failing under those conditions, Cyanogenmod's privacy guard has been doing this for quite some time and I've never heard of an app failing because of it. So it's possible to do it in a safe fashion. Whether that's how Google has actually implemented it remains to be seen.

Re:Fuck Dice.com!!

[0100010001010011]

Is that Dice? Little Registry Cleaner now installs a ton of crap by default. Look at the latest reviews. You can still get a clean install by reading each of the dialog boxes but the point is it comes bundled with crap in the first place.

wat?

[sootman]

"For those that were hoping for a huge UI overhaul..."

Yeah, because we haven't had one of those in a whole year.

No...

[robmv]

No, they grouped them in categories that are granted or revoked at the same time (group => non granular). What they made is make those group be revocable by the user and be able to request them at use time instead of at install time

App Permissions ring hollow

[Voyager529]

The App Permissions seem to be missing the crucial ability to deny internet access to an app. There are apps where network data connectivity is the problem. Similarly, I wonder if Google will have this permission setting capability on its internal applications. I know that I have a rather tightly worn tin foil hat when it comes to Google and the information they get, but the Xprivacy 'deny' list on my phone is a mile long, and that's with most of their apps frozen or forcibly pulled out, I find that Google's data access on the platform demands a tight leash, leading the 'privacy' and 'permissions' charge to ring of hypocrisy - "we'll make sure that only we have your location" doesn't mean much to me :/

Can't really complain... want more encryption

[mlts]

Lots of evolutionary fixes. The privacy stuff is better than nothing... but still all of nothing with legacy apps. The fingerprint standardization is good, because it allows an app that keeps keys to have an easy way to validate that the user is authorized.

Mobile payment - works with credit cards, as opposed to ACH debits, so thumbs up there. This means there is some way of rolling back fraudulent charges should something happen. With ACH based mechanisms, once the crook sucks the money out, there is little or nothing one can do.

Of course, there is one thing missing -- a standardized way to encrypt data on SD cards. Yes, /data is protected, but each device maker has their own way of securing SD card data. What is needed is protection similar to Blackberries in the past:

1: Offer compatibility with vfat and exFAT filesystems, by using loopback encryption (EncFS), as well as adding UNIX permissions via UMSDOSFS to keep apps separated. UMSDOSFS hasn't been used in ages... but is ideal for enforcing basic UNIX permissions while allowing for MS-DOS based filesystems to be used underneath.

2: Encrypt the entire SD card's partitions entirely similar to how /data is encrypted. This is the ideal choice, but it keeps the card from being able to be popped out and used with other devices.

Google's Useless About Updates

[billstewart]

Well, thank you very much, telling me that I'd get better battery life if I installed the new Android version. As far as I can tell (at least with all previous Android versions), Google's instructions for installing the new software are "What? You don't have one of these three Google-brand phones? Then wait for your carrier!".

That's bad enough for my phone (which has a carrier, and Samsung's a reasonably major brand, though my previous HTC phone never got upgraded), but my tablet's Wifi-only, so there's no carrier, just a manufacturer who sold that model 2 years ago and doesn't have that tablet easily located on their website, and as far as I can tell, if I were to dump IceCreamSandwich for Cyanogen (who at least tell you what hardware resources you need for each version), I'd lose access to the Google Play Store?

Re:Google's Useless About Updates

[AmiMoJo]

Google Play works fine with cyanogen.

Re:Fuck Dice.com!!

[ne0n]

I think the theory behind that shit is, if you've already got infected by Windows, what's a little more malware gonna hurt?

Re:Google is as evil as Apple nowadays

[ne0n]

You either consent to wifi passwords etc being backed up or they don't get sent to Google afaik. It's during initial setup of Google services. If you chose it, your fault for not reading some extremely well labelled checkboxes and plain text descriptions.

Apps on the SD card

[Qango]

I'm also sure many Google apps could reside happily on the SD card instead of taking up space on the built-in memory.