getMacAddress()
WifiInfo object and the BluetoothAdapter.getDefaultAdapter().getAddress()
02:00:00:00:00:00
Posted by, Rich Hyndman, Developer Advocate
Testing is important whether you’re building a dedicated app for the workplace, rolling out new features, or making it easy for IT departments to deploy.
Test DPC is now available for you and is a fully featured, open-source, sample Device Policy Controller (DPC) which allows you to test your apps with any Android for Work feature. A DPC manages the security policies and work apps on devices using Android for Work. You can configure Test DPC to be either a device or profile owner to test all the Android for Work scenarios:
Test DPC simplifies testing and development because you can use it to set the kinds of policies an IT administrator might enforce. You can establish app and intent restrictions, set up managed work profiles, enforce policies, and can even set up fully managed Android devices — something you might find as an info board or kiosk in a public place.
The Test DPC app can be found on Google Play with the source on GitHub. Set up Test DPC as a device/profile owner on your device by checking out this user guide.
If you want to learn more about Android for Work and its capabilities, check out Android for Work Application Developer Guide for full guidance on optimizing your app for Android for Work.
Note: Your test Android device needs to run Android 5.0 or later and be able to support Android for Work natively.
Posted by Takeshi Hagikura, Yuichi Araki, Developer Programs Engineer
As we announced in the previous blog post, Android 6.0 Marshmallow is now publicly available to users. Along the way, we’ve been updating our samples collection to highlight exciting new features available to developers.
This week, we’re releasing AsymmetricFingerprintDialog, a new sample demonstrating how to securely integrate with compatible fingerprint readers (like Nexus Imprint) in a client/server environment.
Let’s take a closer look at how this sample works, and talk about how it complements the FingerprintDialog sample we released earlier during the public preview.
The Android Fingerprint API protects user privacy by keeping users’ fingerprint features carefully contained within secure hardware on the device. This guards against malicious actors, ensuring that users can safely use their fingerprint, even in untrusted applications.
Android also provides protection for application developers, providing assurances that a user’s fingerprint has been positively identified before providing access to secure data or resources. This protects against tampered applications, providing cryptographic-level security for both offline data and online interactions.
When a user activates their fingerprint reader, they’re unlocking a hardware-backed cryptographic vault. As a developer, you can choose what type of key material is stored in that vault, depending on the needs of your application:
This sample demonstrates how to use an asymmetric key, in the context of authenticating an online purchase. If you’re curious about using symmetric keys instead, take a look at the FingerprintDialog sample that was published earlier.
Here is a visual explanation of how the Android app, the user, and the backend fit together using the asymmetric key flow:
First you need to create an asymmetric key pair as follows:
KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore"); keyPairGenerator.initialize( new KeyGenParameterSpec.Builder(KEY_NAME, KeyProperties.PURPOSE_SIGN) .setDigests(KeyProperties.DIGEST_SHA256) .setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")) .setUserAuthenticationRequired(true) .build()); keyPairGenerator.generateKeyPair();
Note that .setUserAuthenticationRequired(true) requires that the user authenticate with a registered fingerprint to authorize every use of the private key.
.setUserAuthenticationRequired(true)
Then you can retrieve the created private and public keys with as follows:
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); PublicKey publicKey = keyStore.getCertificate(MainActivity.KEY_NAME).getPublicKey(); KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); PrivateKey key = (PrivateKey) keyStore.getKey(KEY_NAME, null);
Second, you need to transmit the public key to your backend so that in the future the backend can verify that transactions were authorized by the user (i.e. signed by the private key corresponding to this public key). This sample uses the fake backend implementation for reference, so it mimics the transmission of the public key, but in real life you need to transmit the public key over the network.
boolean enroll(String userId, String password, PublicKey publicKey);
To allow the user to authenticate the transaction, e.g. to purchase an item, prompt the user to touch the fingerprint sensor.
Then start listening for a fingerprint as follows:
Signature.getInstance("SHA256withECDSA"); KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); PrivateKey key = (PrivateKey) keyStore.getKey(KEY_NAME, null); signature.initSign(key); CryptoObject cryptObject = new FingerprintManager.CryptoObject(signature); CancellationSignal cancellationSignal = new CancellationSignal(); FingerprintManager fingerprintManager = context.getSystemService(FingerprintManager.class); fingerprintManager.authenticate(cryptoObject, cancellationSignal, 0, this, null);
After successful authentication, send the signed piece of data (in this sample, the contents of a purchase transaction) to the backend, like so:
Signature signature = cryptoObject.getSignature(); // Include a client nonce in the transaction so that the nonce is also signed // by the private key and the backend can verify that the same nonce can't be used // to prevent replay attacks. Transaction transaction = new Transaction("user", 1, new SecureRandom().nextLong()); try { signature.update(transaction.toByteArray()); byte[] sigBytes = signature.sign(); // Send the transaction and signedTransaction to the dummy backend if (mStoreBackend.verify(transaction, sigBytes)) { mActivity.onPurchased(sigBytes); dismiss(); } else { mActivity.onPurchaseFailed(); dismiss(); } } catch (SignatureException e) { throw new RuntimeException(e); }
Last, verify the signed data in the backend using the public key enrolled in step 2:
@Override public boolean verify(Transaction transaction, byte[] transactionSignature) { try { if (mReceivedTransactions.contains(transaction)) { // It verifies the equality of the transaction including the client nonce // So attackers can't do replay attacks. return false; } mReceivedTransactions.add(transaction); PublicKey publicKey = mPublicKeys.get(transaction.getUserId()); Signature verificationFunction = Signature.getInstance("SHA256withECDSA"); verificationFunction.initVerify(publicKey); verificationFunction.update(transaction.toByteArray()); if (verificationFunction.verify(transactionSignature)) { // Transaction is verified with the public key associated with the user // Do some post purchase processing in the server return true; } } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) { // In a real world, better to send some error message to the user } return false; }
At this point, you can assume that the user is correctly authenticated with their fingerprints because as noted in step 1, user authentication is required before every use of the private key. Let’s do the post processing in the backend and tell the user that the transaction is successful!
We also have a couple of Marshmallow-related updates to the Android For Work APIs this month for you to peruse:
We hope you enjoy the updated samples. If you have any questions regarding the samples, please visit us on our GitHub page and file issues or send us pull requests.
Posted by, Barak Turovsky, Product Lead, Google Translate
Google Translate is used by more than 500 million people every month, translating more than 100 billion words every single day.
Beginning this week, Android mobile users who have the Translate app installed will be able to translate in 90 languages right within some of their favorite apps on any device running the newest version of Android’s operating system (Android 6.0, Marshmallow).
Android apps that use Android text selection behavior will already have this feature enabled, so no extra steps need to be taken. Developers who created custom text selection behavior for their apps can easily implement this feature by following the below steps:
Scan via the PackageManager through all packages that have the PROCESS_TEXT intent filter (for example: com.google.android.apps.translate - if it installed) and add them as MenuItems into TextView selections for your app
private Intent createProcessTextIntent() { return new Intent() .setAction(Intent.ACTION_PROCESS_TEXT) .setType("text/plain"); }
private List getSupportedActivities() { PackageManager packageManager = mTextView.getContext().getPackageManager(); return packageManager.queryIntentActivities(createProcessTextIntent(), 0); }
public void onInitializeMenu(Menu menu) { // Start with a menu Item order value that is high enough // so that your "PROCESS_TEXT" menu items appear after the // standard selection menu items like Cut, Copy, Paste. int menuItemOrder = 100; for (ResolveInfo resolveInfo : getSupportedActivities()) { menu.add(Menu.NONE, Menu.NONE, menuItemOrder++, getLabel(resolveInfo)) .setIntent(createProcessTextIntentForResolveInfo(resolveInfo)) .setShowAsAction(MenuItem.SHOW_AS_ACTION_IF_ROOM); } }
resolveInfo.loadLabel(mPackageManager);
The intent for each item can be created reusing the filter intent that you defined before and adding the missing data:
private Intent createProcessTextIntentForResolveInfo(ResolveInfo info) { return createProcessTextIntent() .putExtra(Intent.EXTRA_PROCESS_TEXT_READONLY, ! mTextView.isTextEditable()) .setClassName(info.activityInfo.packageName, info.activityInfo.name); }
Adding the translation option to your apps text selection menu (if you don’t use default Android text selection behavior) is easy and takes just a few extra lines of code. And remember, when a user is composing a text to translate, your app you should keep the selection when the Translate app is triggered.
With this new feature, Android Translate app users users will be able to easily translate right from within participating apps. We will be adding more documentation and sample code on this feature in the upcoming weeks.
Posted by, Dave Burke, VP of Engineering, Android
Starting next week, Android 6.0 Marshmallow will begin rolling out to supported Nexus devices around the world, including Nexus 5, Nexus 6, Nexus 7 (2013), Nexus 9, Nexus Player, and Android One. At the same time, we’ll be pushing the Android 6.0 source to the Android Open Source Project (AOSP), which marks the official beginning of public availability.
Today we also introduced two great new Nexus devices that will be among the first to run the Android 6.0 Marshmallow platform. These devices let your apps use the latest platform features and take advantage of the latest hardware optimizations from our partners. Let’s take a look at how to make sure your apps look great on these new devices.
The Nexus 5X is built in partnership with LG. It’s equipped with a 5.2-inch FHD LCD 1080p display, a Snapdragon™ 808 processor (1.8 GHz hexa-core, 64-bit), and a 12.3 MP rear camera. Offering top-line performance in a compact, lightweight device.
The Nexus 6P, built in partnership with Huawei, has a 5.7-inch WQHD AMOLED display, Snapdragon™ 810 v2.1 processor (2.0 GHz octa-core 64-bit), front-facing stereo speakers, and a 12.3 MP rear camera, all housed in a diamond-cut aluminum body.
Both devices have USB Type-C ports and fingerprint sensors, and include the latest hardware features for Android, such as: Android Sensor Hub, low-power Wi-Fi scanning with channel selection, batching, and BSSID hotlists, Bluetooth 4.2 with ultra low-power BLE notifications, and more.
Take some time to make sure your apps and games are ready to give your users the best mobile experience on these devices.
Check your assets
normal
Nexus 5X has a quantized density of 420 dpi, which falls in between the xhdpi and xxhdpi primary density buckets. Nexus 6P has a density of 560 dpi, which falls in between the xxhdpi and xxxhdpi buckets. The platform will scale down any assets from a higher resolution bucket, but if those aren’t available, then it will scale up the assets from a lower-density bucket.
xhdpi
xxhdpi
xxxhdpi
For best appearance in the launcher, we recommend that you provide at least an xxxhdpi app icon because devices can display large app icons on the launcher.
For the rest of your assets, you can consider using vector assets or optionally add versions for the next-higher density bucket. This provides a sharper visual experience, but does increase apk size, so you should make an appropriate decision for your app.
Make sure you are not filtered on Google Play
If you are using the <compatible-screens>: element in your AndroidManifest.xml file, you should stop using it because it’s not scalable to re-compile and publish your app each time new devices come out. If you must use it, make sure to update your manifest to add a new configuration for Nexus 5X, since it uses a new density bucket (420). Otherwise, your app may be filtered from Google Play on these devices.
After three preview releases, and with the final OTA coming soon, it’s time to wrap up the Android M Developer Preview. The feedback you’ve provided has helped make Android 6.0 a great platform for apps and games. Developers in more than 200 countries have been using the Developer Preview to get their apps ready for Android 6.0 Marshmallow users everywhere.
More developer resources
If you haven’t taken a look at Android 6.0 Marshmallow yet, visit developer.android.com/mm for complete information about about what’s new for developers and important changes to plan for in your apps — runtime permissions, Doze and App Standby idle modes, Auto Backup for Apps, fingerprint support, and others.
We’ve also produced a playlist of developer videos to help you get the most out of all the new features in Android 6.0 Marshmallow. Check it out below.
Final testing and updates
Now is the time to finish up testing and prepare for publishing. You can use the Developer Preview 3 system images for final testing until early October. After the Android 6.0 public release, you’ll be able to download final images from the Nexus factory images page, and final emulator images from Android Studio.
Reminder: Devices flashed with an M Developer Preview build won’t receive the Android 6.0 update automatically. You’ll need to manually flash those devices to a public released image first.
Upload your apps to Google Play
When your apps are ready, you can update them to Google Play via the Developer Console on all release channels (Alpha, Beta & Production). For apps that target API level 23, Google Play will provide the new optimized download and autoupdate flow based on the runtime permissions model in Android 6.0. Give it a try!
To make sure that your updated app runs well on Android 6.0 Marshmallow and older versions, we recommend that you use the newly improved beta testing feature on Google Play to get early feedback. You can then do a staged rollout as you release the new version to all users.
What’s next?
In mid-October, we’ll be turning down the M Developer Preview community and the M Developer Preview issue tracker. If you've filed bugs against the preview, and you'd like to keep these open against the Android 6.0 final builds, you can file a new issue in the AOSP issue tracker.
Thanks to everyone who participated in the Android M Developer Preview. Let us know how this year’s preview met your needs by taking a short survey. Your feedback helps shape our future releases.
Posted by Rich Hyndman, Developer Advocate
Three new Android Marshmallow sample applications have gone live this week. As usual they are available directly from the Google Samples repository on GitHub or through the Android Studio samples browser.
Android Direct Share Sample
Direct Share is a new feature in Android Marshmallow that provides APIs to make sharing more intuitive and quick for users. Direct Share allows users to share content to targets, such as contacts, within other apps. For example, the direct share target might launch an activity in a social network app, which lets the user share content directly to a specific friend in that app.
This sample is a dummy messaging app, and just like any other messaging apps, it receives intents for sharing a plain text. It demonstrates how to show some options directly in the list of share intent candidates. When a user shares some text from another app, this sample app will be listed as an option. Using the Direct Share feature, this app also shows some of contacts directly in the chooser dialog.
To enable Direct Share, apps need to implement a Service extending ChooserTargetService. Override the method onGetChooserTargets() and return a list of Direct Share options.
In your AndroidManifest.xml, add a meta-data tag in your Activity that receives the Intent. Specify android:name as android.service.chooser.chooser_target_service, and point the android:value to the Service.
Android MidiSynth Sample
Android 6.0 introduces new support for MIDI. This sample demonstrates how to use the MIDI API to receive and play MIDI messages coming from an attached input device (MIDI keyboard).
The Android MIDI API (android.media.midi) allows developers to connect a MIDI device to an Android device and process MIDI messages coming from it.
This sample demonstrates some basic features of the MIDI API, such as:
Android MidiScope Sample
A sample demonstrating how to use the MIDI API to receive and process MIDI signals coming from an attached device.
The Android MIDI API (android.media.midi) allows developers to connect a MIDI device to Android and process MIDI signals coming from it. This sample demonstrates some basic features of the MIDI API, such as enumeration of currently available devices (Information includes name, vendor, capabilities, etc), notification when MIDI devices are plugged in or unplugged, and receiving MIDI signals. This sample simply shows all the received MIDI signals to the screen log and does not play any sound for them.
Check out a sample today and jumpstart your Android Marshmallow development.
