Subscribers now have
access to Version 1.0 of Elements of Kotlin,
in PDF, EPUB, and MOBI/Kindle formats. Just log into
your Warescription page to download it,
or set up an account and subscribe!
This is unchanged from Version 0.9, other than updating two screenshots and standard
changes in the preface. Version 1.0 is a milestone release, and there were no bugs
reported against Version 0.9, so that is why it is largely the same.
I plan to update this book after new versions of Kotlin ship,
such as the upcoming Kotlin 1.5.
—Apr 19, 2021
Subscribers now have
access to Version 0.9 of Elements of Kotlin,
in PDF, EPUB, and MOBI/Kindle formats. Just log into
your Warescription page to download it,
or set up an account and subscribe!
There are a few new “Kotlin, WTF?” chapters:
Plus, there were a few bug fixes.
In about a month, Version 1.0 will be available, which will be purely bug fixes.
After that, I plan to update this book after new versions of Kotlin ship,
such as the upcoming Kotlin 1.5.
—Mar 24, 2021
A bit less than two months ago, I wrote “Checking for Poisoned Projects”.
This outlined how malware embedded in a Visual Studio project — not in
the app the project would build, but in the project itself. Designed to infect
security researchers, this malware was distributed as a Windows DLL that would
be executed through “build events” on the researchers’ machines.
Today, we find out that iOS developers were attacked in a similar fashion.
Apparently, Xcode offers “run scripts” that run as part of the build process.
In this case, the run script downloaded spyware and installed it on the developers’
machines.
It is merely a matter of time before we find out that Android developers are being
similarly attacked.
Please be very very careful when working with projects that you get from the
Internet, including from popular sources like GitHub. In
“Checking for Poisoned Projects”,
I point out some of the standard developer security advice regarding using
somebody else’s project that I have been giving for years. Basically, be very
careful about the Gradle wrapper, as that is an easy way for an attacker
to get malware onto your development machine. There are other attack avenues as well,
such as Gradle plugins, compiler plugins, and annotation processors, that we need
to worry about.
It would be lovely if somehow Android app development was immune to this sort of
problem. That is very unrealistic. Someday, I fear that we will get a better picture
of exactly how unrealistic it is.
—Mar 18, 2021
Each time Google releases a follow-on developer preview, I rummage through
the incremental API differences report,
the release notes,
and even the release blog post,
to see if there are things that warrant more attention from
developers. I try to emphasize things that mainstream developers might use but may not
get quite as much attention, because they are buried in the JavaDocs.
Just shy of a month after Developer Preview 1 was released, we got Developer Preview
2!
What Amuses Me
Google has gotten into a bit of a habit of soft-releasing certain changes. They
include the changes in the SDK, but do not talk about them in the announcements
and documentation. Then, when the next developer preview comes around, they start
touting the “new” stuff… even when it had been in the SDK already. So, you may want
to start by reviewing my Developer Preview 1 musings,
as I mention some things there that only formally got announced today, including:
-
Hiding application overlay windows
-
Secure lockscreen notification actions
-
App digest API
-
Keeping companion apps awake
And, as a result, these random musings will be a mix of stuff that is “really real”
here in DP2 and a preview of stuff that might get announced in DP3 in a month or so.
What I Apparently Missed For Years
I never noticed the bandwidth estimation APIs
tucked away in the NetworkCapabilities object. They have been around since Android 5.0;
Android 12 is improving them a fair bit, in terms of expected accuracy and relevance.
What May Cause Problems For You
If you use the accelerometer, gyroscope, or magnetic field sensors, you may need
to declare a permission to read those at high rates.
What Is Finally Getting Some Love
App widgets — which had been a moribund backwater for years — are getting
some updates. It’s almost as if competition matters or something.
But, we can
apparently use subclasses of CompoundButton now,
including RadioButton and RadioGroup.
A bunch of new methods were added for configuring particular elements
(e.g., setColorStateList()). We can request specific sizes
and control the maximum size for a resize operation.
And we can provide a description
and a layout to use instead of an image for the preview.
I thought app widgets might get replaced someday, but at least for now, Google
is trying to improve what we already have.
What Just Keeps Getting More and More Love
Notifications now have a CallStyle.
Despite the description, based on other options,
this appears to be designed for VOIP apps or other apps that might raise a notification
representing an incoming call.
What May Make a Splash in DP3
SplashScreen
is a thing now.
I seem to recall a certain firm decrying the use of splash screens a few years ago —
wonder whatever became of them…
What Makes Me Wish I Knew More About Mobile Carriers
Apparently, 5G networks can be “sliced”.
Mobile carriers can “virtually divide their
networks in portions and use different portions for specific use cases; for example,
a corporation can have a deal/agreement with a carrier that all of its employees’
devices use data on a slice dedicated for enterprise use.” I am not well-versed in 5G,
but I am still surprised that I had not heard about this capability.
There is a new VcnManager
to be able to “configure and manage Virtual Carrier Networks”. I am not an expert
in mobile networks, but this feels a bit like exposing Google Fi-like ability to
combine multiple networks into a seamless aggregate network.
What May Be Good or May Be Bad
There is a new SCHEDULE_EXACT_ALARM permission,
described as “allows an app to use exact alarm scheduling APIs to perform timing sensitive background work”.
I do not know if this means that the exact family of AlarmManager APIs will
now work better (good!) or if this means that you need a permission to be able
to use them even in their current state (less good!).
What Is Here Today, Gone Tomorrow
The SMS_FINANCIAL_TRANSACTIONS permission
is deprecated. And the DP1 BACKGROUND_CAMERA and RECORD_BACKGROUND_AUDIO
permissions were removed outright.
A version of sendStickyBroadcast()
was added and deprecated… both in Android 12 DP2, if the docs are to be believed.
What Is Gone Today, Stumbling Around Like a Zombie Tomorrow
The deprecated AnalogClock widget got new methods.
What Is Still Missing in Action
The app search APIs were revised
but were not yet announced.
What Else Seems Interesting
Apps can now persist a preferred night mode behavior.
There may be a new option to initialize the native heap with zeros,
which, if true, is a nice safety enhancement.
There are now List forms of methods like checkUriPermissions(),
for being able to check a list of Uri values at once.
We can now ask a PendingIntent what it is used for,
such as isActivity().
There is now a new external storage directory for recordings.
We can control the thumb and track icons used by a Switch,
as well as the button icon for a CompoundButton.
We now have solid and patterned ripples.
Apps can control notification channel… fields?.
There is a new MediaMetricsManager.
that does… something with media metrics.
There are now an official system color palette.
We may be getting APIs for determining the status of individual batteries.
It’s unclear if this is for devices with multiple internal batteries or if
this is for some sort of external battery.
There may be an option
for enabling hardware-assisted memory tagging.
There may be new options for different types of app installs, such as
“bulk”.
We now have headless users
and foreground users.
—Mar 17, 2021
