It was AndroidTO Developer Conference on Wednesday the 20th and it was a major success! It wouldn’t be such a fantastic event without awesome sponsors such as GDC, TD, Symbility Intersect, the MaRS team and GM! As I gaze over the event area from high above, you can see a crew of volunteer running around and getting the event ready for the slew of developers that will be charging in. At that time it was roughly 7h30 am and the event didn’t start until 8 am. I might have been a little bit early, but I typically am.
Just a little near 9 am and the opening of AndroidTO 2017 with people buzzing around. Sponsors getting ready to promote their reasons for being here. Talent agency sourcing out developers, innovative groups that are showcasing some of the stuff they’re actively working on and so on.
The opening remarks and how far AndroidTO has come from its early days is interesting, from the little event down in a basement to this large even is impressive in just 8 years and this followed through with the introduction of Ty Smith from Uber who will be presenting elements of “Deep Android Integration”. As I’m sitting here, I’m pondering to myself, and by that I mean I’m no developer, so this is going to be intriguing, what does this stand for? Even for having a large grasp on the world of Android, some people have more in-depth knowledge than I and that’s ok. I’m looking forward to the first few minutes of the presentation to get a notion of what this topic will be.
Let’s see about those “Deep Android Integration”; Dev-Platform / API / SDK / Dev Outreach. Usable and efficient app-to-app interactions can empower magical moments for your user, provide growth opportunities, and re-engage existing users, but they can be difficult to reason about and even more difficult to design and build for. Having those links within your application allows for a more user-friendly approach and making items available at the fingertips of the user. It was interesting on how the deep level interaction we’re made from going to Google maps to ordering your UBER which parsed and pass information from one app to the other to get the job without much fuss for the consumer.
There was an element of security which was something that grabs my attention this part of the conference was orchestrated by Peter Organa a senior engineer at Symbility Intersect. The topic is “Demystifying Android Security” for which was a fancy catchphrase to the real topic “Application Attack Vectors”. As Peter mentioned, there are multiple ways that people can attack an application and he listed the major attack points:
- Certificate Pinning
- Storage layers
- Application code / Decompiling
It’s important for the developer to secure their application from being copied, misused, stealing of private information etc. The easiest part in all of this is usually the hardware, the backend can easily be secure depending on how you have your infrastructure setup.
HTTPS is already part of the Android world, why not implement it by default for your application’s communication. It was noted that using custom encryption keys isn’t as safe as some developers might think, HTTPS is so used it.
Some of this might just go over the heads of many people, but in short, when you use an application on your phone and you see something like Facebook or Uber and the likes the communication needs to be secured in between the application, the internet and the servers. This ensures that your information remains secure. Of course, if someone really wanted to get your information they’d eventually get to it.
Most devices are already loaded with a pool of certificates by default that allows a trust to be established, but what if only one of them among the hundreds was compromised? This is where “Certificate Pinning” avoids this issue. It allows for “only” that specific certificate for the means of security and authentication. By setting up the communication level this way for an application you as the developer are ensuring that your application can’t be spoofed or coerced as easily as you remain the authority for it.
One of the most common forms of attack against an application is the decompiling of an application. There’s plenty of tools on the internet that can help someone in doing so, but there are also some solutions to mitigate that and or make it even harder for them get what they want. Two of the recommended helpers are Proguard and Dexguard, best implement them in the very early stage of your application development versus doing it later in the game as you might break your application in the end and waste countless hours in fixing it.
Recommendation to this would be to use C++ code which makes it even more complicated and by many, the best way to go. Google’s even introduced a system called SafetyNet which checks if the devices are rooted, URL classified as unsafe, reCAPTHCA, etc…
Before Peter ended, he recommended that everyone should code in C++ which makes it even harder to decompile an application on Android or at least it won’t be as easy. Where there’s a will there’s a way.
As I sit there pondering elements of my text and what I can write and how I should write it, I had to craft some phrases that most would understand the level of information being distributed.
Building Instant Apps requires a lot of work on the architecture side, modularization and reducing the app size. Instant Apps types, architecture changes, project structure, size and feature constraints, practical tips to slim down the application.
It was interesting to see how far we’ve grown in this area and where this will lead for the near future. Since instant app can be made available for just about anything it’s a wonder if will even need that much storage on our devices. At least for people with less than 32GB of storage that might be a good solution.
While overlooking the conference area I can see that the lightning talks are generating some buzz, a number of people crammed into this small section is generating some serious buzz. I decided to check the schedule to see what this was all about. “Getting Started with Android Things” — With Android Things, Google has made it easier for us to experiment with interesting hardware solutions using typical Android development skills. Join us as we go through how we modified our simple voice-driven assistant app to take run on an Android Things device, using a Pico NXP kit. We’ll go over how to set up the device and handle the I/O with the device. We’ll also highlight a few of the challenges that we came across while integrating with Android Things for the first time.
This session should expose you to some basic Android things ideas, and equip you with the knowledge to get started on your own Android Things application.
– Setting up Android Things for the first time
– Using Android to talk to the I/O ports on an Android Things device
– Some challenges you may encounter along the way
I probably could write a lot more on the subject and give you my notes and so on, but I think this suffices to say it was a very productive AndroidTO 2017 conference. Kudos to everyone who made this possible. I’ve learned a few interesting points and I’ll be sure to come back again next year for the event! People should really come to the after party, the networking and personal interaction is really worth and you can get into some really interesting conversation.