Posted by Lily Sheringham, Google Play team
Google Play lets you distribute your apps and games to over 1 billion active Android users around the world. With advances in space exploration and the advent of galactic tourism, there will be a high number of users beyond this world that developers need to start thinking about, too. Google Play can now help you reach them. We’ve added new features to the Google Play Developer Console and updated the material design guidelines, to help you design, test, and distribute your apps and games in space.
Here’s a look at how The Guardian, one of the largest English-news organizations in the world, enhanced its Android app to enable astronauts and space travellers to stay informed and up-to-date, while in orbit or on the surface of the moon.
"I am pleased to have The Guardian's application to test the growing Interplanetary Internet" says Vint Cerf, distinguished visiting scientist at the Jet Propulsion Laboratory and Google's Chief Internet Evangelist. "The interstellar version is in development and I'm looking forward to having more Google Play apps and games tested in space flight."
Get your apps and games ready for take off today.
Posted by Isabella Chen, Software Engineer, and Laurence Moroney, Developer Advocate
Starting with Google Play services 8.3, we did a major revamp of the Google Sign-In APIs, supporting both client and server auth. Behind the scenes, these APIs use OAuth 2.0 tokens to ensure secure authentication and authorization. To maintain security, we provide tools in the Google Developers Console to register the clients using these tokens.
In this post, we’ll discuss the important task of registering OAuth clients for Google Sign-In, and the tools that we offer to make this as easy as possible.
Here are some scenarios that might apply to you:
In this post, we’ll cover some details on this process and address common pitfalls.
If you have not used Google Sign-In before, you can start integrating the API into your app by following the ‘Get a configuration file’ steps on this site. You’ll be taken to a setup wizard that will create an OAuth 2.0 client ID as shown in Figure 1.
Once you’ve specified your app, you’ll be taken to a screen to choose and configure services such as Google Sign-In, Cloud Messaging or Google Analytics that you want your app to be able to use.
Choose Google Sign-In. In order to use it, you’ll need to get the SHA-1 of the signing certificate for your Android app. This can either be a debug or a release certificate, and for the purposes of this blog you’ll look at a debug one, but keep in mind that you’ll need to repeat this process for each package / certificate pair you end up using (described in the last section below).
You can get the debug SHA-1 using the keytool command like this:
keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android
Once you have your SHA-1, enter it as seen in Figure 2.
Now that your project is set up, you can get started with integrating the Sign-In API. But if you need to configure your project to work with a backend server or additional package name / keystores, keep reading the sections below.
If you have your own web or cloud server with data for your application, you’ll need OAuth credentials for your backend. Details on doing this can be found in the ID token and server auth code documentation.
Before using these flows, you’ll need to make sure you register your web server correctly in the Google Developers Console. Once there, you’ll be asked to select your project. See Figure 3.
Once you’ve selected your project, press the ‘Continue’ button, and you’ll go directly to the Credentials tab where all credential types are managed. Check the “OAuth 2.0 client IDs” section, and you will see the “Web client” and “Android client for com.my.package.name” that were created for you by the setup wizard. See Figure 4.
Take note of the Client ID for for your Web client, you’ll need it for both your app and server as illustrated below. (If you’ve created your project in the past and there’s no OAuth 2.0 client ID with Type “Web application”, then you will need to create one by selecting ‘New Credentials’ -> ‘OAuth client ID’.)
If you use an ID token flow for backend authentication, when you start developing your Android app, request an ID token in your GoogleSignInOptions, supplying the web client ID for your server:
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN) .requestIdToken(serverClientId) .requestEmail() .build();
And then on your server, set the same OAuth client ID for your web application to be the audience:
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory) .setAudience(Arrays.asList(serverClientId)) .setIssuer("https://accounts.google.com") .build();
Successful verification will allow you to authenticate and issue a session for this newly signed-in user.
Alternatively, if you are using the server auth code flow for backend access to Google APIs, request a server auth code in your GoogleSignInOptions on Android, again supplying the web client ID for your server:
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN) .requestScopes(new Scope(Scopes.DRIVE_APPFOLDER)) .requestServerAuthCode(serverClientId) .requestEmail() .build();
And then on the server, both the OAuth client ID and the “Client secret” will be useful. The server SDK from Google can directly consume a downloaded JSON configuration file. You can click the download icon to download the JSON file (as shown in Figure 4) and use below code to construct GoogleClientSecrets:
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load( JacksonFactory.getDefaultInstance(), new FileReader(PATH_TO_CLIENT_SECRET_FILE));
At which point you can access authenticated Google APIs on behalf of the signed-in user. Note that the “client secret” is really a secret that you should never reveal in your Android client.
Note that it can be common for apps to have different package names as well as different certificates (and thus SHA-1 keys) for various types of environment (such for different developers or test and release environments). Google uses your package name together with SHA-1 signing-certificate fingerprint to uniquely identify your Android application. It’s important to register every package name + SHA1 fingerprint pair in Google Developers Console.
For example, to register the release version of this package, you can do so by selecting ‘New Credentials’ -> ‘OAuth client ID’, shown in Figure 5 below, and then following the steps to add the package name and production keystore SHA-1.
Now you are ready to handle the different environments where your app might be running and release to your users!
Hopefully, this has been helpful to you in understanding how to register for OAuth keys to keep your apps and servers secure. For more information, check out the Google Developers homepage for Identity.
Posted by Roman Nurik, Senior Interactive Designer, and Richard The, Google Creative Lab
Last summer we launched Android Experiments: a showcase of creative Android projects, and an open invitation for all developers to submit their own experiments to the gallery. So far we’ve seen some amazing work from the developer community - from live wallpaper, to watch faces, to interesting hacks of the IOIO board - and we want to see more.
Today we announce the Android Experiments I/O Challenge: a chance for your experiment (and you) to go to I/O 2016!
From now through April 13, you can enter by submitting your experiments to the gallery. The top three winners of the contest will receive a trip to this year’s Google I/O, and the five runner-ups will get the new Nexus 6P.
So what makes a good Android Experiment? It’s a project that utilizes the unique capabilities of the Android platform in an innovative way. Here are a few suggestions:
All projects on Android Experiments are open source. If you’re not sure where to start take a look on the site gallery, dig in and get inspired.
We can’t wait to see how you’re combining code and creativity! Enter on androidexperiments.com/challenge today.
Posted by Dave Burke, VP of Engineering
Today we’re happy to announce a Developer Preview of the N release of Android! We’re doing something a little different this year by releasing the preview early… really early. By releasing a “work in progress” build earlier in development, we have more time to incorporate developer feedback. Also, the earlier preview allows us to hand off the final N release to device makers this summer, so they can get their hands on the latest version of Android earlier than ever. We’re looking forward to getting your feedback as you get your apps ready for N.
Here are a few APIs and features we want to highlight which are available as a part of the Android N Developer Preview today, with more to come as we continue developing the release:
Multi-window - A new manifest attribute called android:resizableActivity is available for apps targeting N and beyond. If this attribute is set to true, your activity can be launched in split-screen modes on phones and tablets. You can also specify your activity's minimum allowable dimensions, preventing users from making the activity window smaller than that size. Lifecycle changes for multi-window are similar to switching from landscape to portrait mode: your activity can handle the configuration change itself, or it can allow the system to stop the activity and recreate it with the new dimensions. In addition, activities can also go into picture-in-picture mode on devices like TVs, and is a great feature for apps that play video; be sure to set android:supportsPictureInPicture to true to take advantage of this.
Direct reply notifications: The RemoteInput notification API, which was originally added for Android Wear, now works in N for phones and tablets. Using the RemoteInput API enables users to reply to incoming message notifications quickly and conveniently, without leaving the notification shade. Learn more here.
Bundled notifications - With N, you can use the Notification.Builder.setGroup() method to group notifications from the same app together - for example individual messages from a messaging app. Grouped notifications can be expanded into individual notifications by using a two-finger gesture or tapping the new expansion button. Learn more here.
Efficiency - We launched Doze in Marshmallow to save battery when your device is stationary. In N, Doze additionally saves battery whenever the screen turns off. If you’ve already adapted your app for Doze, e.g. by using the GCM high priority message for urgent notifications, then you’re set; if not, here’s how to get started. Also, we’re continuing to invest in Project Svelte, an effort to reduce the memory needs of Android so that it can run on a much broader range of devices, in N by making background work more efficient. If you use JobScheduler for background work, you’re already on the right track. If not, N is a good time to make that switch. And to help you out, we’re making JobScheduler even more capable, so now you can use JobScheduler to react to things like changes to content providers.
JobScheduler
Improved Java 8 language support - We’re excited to bring Java 8 language features to Android. With Android's Jack compiler, you can now use many popular Java 8 language features, including lambdas and more, on Android versions as far back as Gingerbread. The new features help reduce boilerplate code. For example, lambdas can replace anonymous inner classes when providing event listeners. Some Java 8 language features --like default and static methods, streams, and functional interfaces -- are also now available on N and above. With Jack, we’re looking forward to tracking the Java language more closely while maintaining backward compatibility.
The N Developer Preview includes an updated SDK with system images for testing on the official Android emulator and on Nexus 6, Nexus 5X, Nexus 6P, Nexus Player, Nexus 9, and Pixel C devices (and to help test out these features on a tablet, developers can get a $150 discount on Pixel C), as well as on General Mobile 4G (Android One) devices.
This initial preview release is for developers only and not intended for daily use or consumer use. We plan to update the N Developer Preview system images often during the Developer Preview program. As we get closer to a final product, we’ll be inviting consumers to try it out as well.
We are also making it easier for you to try out N on your development devices with the new Android Beta Program. Starting today, you can update your Android devices to the developer preview of N and receive ongoing updates via OTA by visiting g.co/androidbeta.
Click here for more details on getting started with the N Developer Preview and let us know what you think -- the sooner we hear from you, the more of your feedback we can integrate.
Posted by Atul Kumar, Google Play Policy
More than 1 billion Android users come to Google Play every month to discover their favorite apps and games, enabling developers to reach a vast global audience and build successful businesses on the platform. To maintain a positive experience for both users and developers, the Google Play Developer Program Policies play a central role in helping make Google Play an open, safe and enjoyable ecosystem by educating the community and defining appropriate content and activities in the store.
We constantly listen to our developers and users to maintain fair and defined policies and look for ways to improve how we communicate those policies to help developers avoid accidental pitfalls. As part of that effort, we’ve redesigned our Developer Program Policy Center to communicate our policies with greater transparency and clarity. This redesign includes:
From making it easier to self-correct minor violations in minutes using the app publishing status feature to improving our policy communication, the new policy center is part of our ongoing effort to improve the developer experience. We invite you to explore the new policy center and and share your feedback.