The Android Dual-Screen Landscape Free Webinar

My “Gradle for Android… And You!” free webinar has proven popular, with over 300 registered attendees.

So, I am offering another one: “The Android Dual-Screen Landscape”.

This presentation focuses on how you get your Android app, on a phone or tablet, to push content or otherwise interact with televisions, monitors, projectors, and the like. As with the Gradle free webinar, this dual-screen webinar is suitable for managers and developers, as it is mostly describing the possibilities, with basic programming overviews, not down-in-the-weeds details. However, I will point out in the presentation where you can learn more about those programming details, should you have interest.

I’m scheduling this one now for May and June, mostly in support of The Dual-Screen App Challenge, a developer challenge for writing apps that directly connect to external displays, via MHL, HDMI, and so forth.

If you are interested in attending this free 30-minute webinar, sign up!.

Apr 22, 2014


Gradle for Android... And You! Free Webinar Seats Still Available

About a month ago, I announced a free 30-minute Webinar on Gradle for Android. Nearly 300 people have signed up, which is somewhat of a bigger response than I had anticipated.

However, free webinars have one key characteristic: no-shows. Lots of people sign up, and relatively few show up. The Gradle for Android webinar I ran last Wednesday had about 40% turnout, which is actually fairly good.

As a result, I have raised the maximum number of “seats” per webinar, so there are a few dozen slots available, across the seven remaining webinars over the next few weeks.

As noted in the original post, this webinar is designed for people who have perhaps heard about Gradle for Android but are not using it today and may not understand its role or why it will be important for all developers, starting here in 2014. This is not a deep technical dive into using Gradle for Android — Gradleware and I have a half-day virtual training class for that. Instead, this presentation is to explain why you should be thinking about Gradle for Android now, even though it has not yet quite reached a 1.0 release.

If you think this sounds interesting — or it sounded interesting before, but there were no seats available at a convenient time — sign up!.

Apr 21, 2014


More on Android and Revoked SSL Certificates

As a follow-up to yesterday’s post on how Android handles revoked SSL certificates:

  • It looks like the server I was testing has different behavior for different user agents, and HttpURLConnection and OkHttp also do not validate whether the SSL certificate was revoked.

  • Nikolay Elenkov, in addition to pointing out the above, has some useful comments regarding SSL certificate revocation in general in comments on my G+ post pointing to my blog post

  • Dave Bleicher, in those same G+ comments, confirmed that HttpClient does not pay attention to whether the SSL certificate is revoked.

  • StackOverflow user “sergio91pt” points out that the conscrypt OpenSSL-based TrustManager used on current versions of Android specifically disables “CRL checking”, where CRL is “certificate revocation list”.

  • StackOverflow user “Stephen C” points out that stock Java also has certificate revocation checking disabled by default.

Many thanks to all who contributed here!

The upshot that unless you want to do your own CRL work — as Firefox presumably has done — your Android apps will be oblivious to revoked SSL certificates. This is unfortunate though not surprising. However, it would have been nice if this behavior were documented somewhere, other than in random blog posts like this one.

Apr 18, 2014


PSA: WebView, Chrome Accept Revoked SSL Certificates

TL;DR: If your app uses WebView (whether the new 4.4 Chromium-flavored one or the classic one), and it loads a Web page that presents a revoked SSL certificate (whether due to a server configuration error, a Martian-in-the-middle attack, or whatever), WebView will load and show the page anyway, with no warning to the user.

This came up due to due to this issue filed a day ago on the Android issue tracker, pointing out that the Chrome browser on Android blows past revoked SSL certificates as well. A lot of SSL certificates are being revoked now as a result of heartbleed, and the person filing the issue felt that it was important that Chrome do what some other Android browsers do, like Firefox, and alert the user to the potential security issue.

Google, both in that issue and the original issue filed against Chrome, disagrees.

I do not know of an in-WebView way of addressing this; if I hear of one, I will blog about it.

However, based on some light testing, `HttpURLConnection` and `OkHttp` do seem to pay attention to the revocation status of the SSL certificate. Leastways, if I load [this Web page](https://revoked.grc.com/) in Chrome or a `WebView`, the page comes up, but if I try to download the page contents using `HttpURLConnection` or `OkHttp`, I get an empty response. I don't see an `SSLHandshakeException` as I would have expected, though, which [worries me a fair bit](https://stackoverflow.com/questions/23139438/behavior-of-httpurlconnection-for-url-with-revoked-ssl-certificate).

UPDATE: HttpURLConnection and OkHttp do indeed seem to skip by SSL certificate revocation checking. See this post for more.

Note that I have not tested HttpClient on Android and so do not know if it will or will not pay attention to an SSL certificate’s revocation status.

UPDATE #2: HttpClient also skips by SSL certificate revocation checking. See this post for more.

If you have any additional insights on this issue, feel free to contact me.

Apr 17, 2014


Really Blank Activity (Or, Why AppCompat Is Shoved Down Your Throat)

It seems like this question or one just like it shows up almost every day on StackOverflow nowadays. Variations on the theme include:

  • Why do I get a new appcompat_v7 directory in my Eclipse workspace every time I create a new project or activity?

  • Why is it adding appcompat_v7 to my project anyway?

  • How do I get rid of this extra stuff that’s getting generated in my project?

  • HOW DO I MAKE IT STOP???!?

The issue is that the activity templates in Eclipse’s ADT — or at least BlankActivity, as I have not bothered with the others very recently — are set up to have you use ActionBarActivity and appcompat_v7. Technically, creating a project via the new-project wizard does not add appcompat_v7, but creating an activity via the new-activity wizard does. This includes checking the “create activity” checkbox in the new-project wizard, which effectively chains to the new-activity wizard.

There are two major solutions to this at this time, besides learning to love appcompat_v7:

  1. Stop using the ADT wizards to create activities.

  2. Install an activity template that does not use appcompat_v7.

Buried in the SDK source code repo lies documentation on creating ADT templates. Given all the development work on Android Studio, how well or for how long this template format will be honored is anyone’s guess. And, AFAICT, they didn’t actually bother documenting how to install these things (hint: you wind up with directories like extras/templates/activities in your SDK installation).

But they are a solution.

For example, Jeff Gilfelt’s template library has seven total templates, including five for activities, none of which will install appcompat_v7.

And I just tossed together a “Really Blank Activity” template. As the name suggests, the template generates an activity that is pretty darn blank, with just a simple “Hello, world” layout resource. No menu resources, no fragments, no libraries, no cruft.

With luck, a template like this one will ship with some future update to the ADT. Otherwise, you’re welcome to give mine a try.

Apr 15, 2014


Older Posts