The CommonsBlog


"Elements of Kotlin" Version 1.0 Released

Subscribers now have access to Version 1.0 of Elements of Kotlin, in PDF, EPUB, and MOBI/Kindle formats. Just log into your Warescription page to download it, or set up an account and subscribe!


This is unchanged from Version 0.9, other than updating two screenshots and standard changes in the preface. Version 1.0 is a milestone release, and there were no bugs reported against Version 0.9, so that is why it is largely the same.

I plan to update this book after new versions of Kotlin ship, such as the upcoming Kotlin 1.5.

Apr 19, 2021


"Elements of Kotlin" Version 0.9 Released

Subscribers now have access to Version 0.9 of Elements of Kotlin, in PDF, EPUB, and MOBI/Kindle formats. Just log into your Warescription page to download it, or set up an account and subscribe!


There are a few new “Kotlin, WTF?” chapters:

Plus, there were a few bug fixes.

In about a month, Version 1.0 will be available, which will be purely bug fixes.

After that, I plan to update this book after new versions of Kotlin ship, such as the upcoming Kotlin 1.5.

Mar 24, 2021


Checking for Poisoned Projects, Again

A bit less than two months ago, I wrote “Checking for Poisoned Projects”. This outlined how malware embedded in a Visual Studio project — not in the app the project would build, but in the project itself. Designed to infect security researchers, this malware was distributed as a Windows DLL that would be executed through “build events” on the researchers’ machines.

Today, we find out that iOS developers were attacked in a similar fashion. Apparently, Xcode offers “run scripts” that run as part of the build process. In this case, the run script downloaded spyware and installed it on the developers’ machines.

It is merely a matter of time before we find out that Android developers are being similarly attacked.

Please be very very careful when working with projects that you get from the Internet, including from popular sources like GitHub. In “Checking for Poisoned Projects”, I point out some of the standard developer security advice regarding using somebody else’s project that I have been giving for years. Basically, be very careful about the Gradle wrapper, as that is an easy way for an attacker to get malware onto your development machine. There are other attack avenues as well, such as Gradle plugins, compiler plugins, and annotation processors, that we need to worry about.

It would be lovely if somehow Android app development was immune to this sort of problem. That is very unrealistic. Someday, I fear that we will get a better picture of exactly how unrealistic it is.

Mar 18, 2021


Random Musings on the Android 12 Developer Preview 2

Each time Google releases a follow-on developer preview, I rummage through the incremental API differences report, the release notes, and even the release blog post, to see if there are things that warrant more attention from developers. I try to emphasize things that mainstream developers might use but may not get quite as much attention, because they are buried in the JavaDocs.

Just shy of a month after Developer Preview 1 was released, we got Developer Preview 2!

What Amuses Me

Google has gotten into a bit of a habit of soft-releasing certain changes. They include the changes in the SDK, but do not talk about them in the announcements and documentation. Then, when the next developer preview comes around, they start touting the “new” stuff… even when it had been in the SDK already. So, you may want to start by reviewing my Developer Preview 1 musings, as I mention some things there that only formally got announced today, including:

  • Hiding application overlay windows

  • Secure lockscreen notification actions

  • App digest API

  • Keeping companion apps awake

And, as a result, these random musings will be a mix of stuff that is “really real” here in DP2 and a preview of stuff that might get announced in DP3 in a month or so.

What I Apparently Missed For Years

I never noticed the bandwidth estimation APIs tucked away in the NetworkCapabilities object. They have been around since Android 5.0; Android 12 is improving them a fair bit, in terms of expected accuracy and relevance.

What May Cause Problems For You

If you use the accelerometer, gyroscope, or magnetic field sensors, you may need to declare a permission to read those at high rates.

What Is Finally Getting Some Love

App widgets — which had been a moribund backwater for years — are getting some updates. It’s almost as if competition matters or something.

But, we can apparently use subclasses of CompoundButton now, including RadioButton and RadioGroup. A bunch of new methods were added for configuring particular elements (e.g., setColorStateList()). We can request specific sizes and control the maximum size for a resize operation. And we can provide a description and a layout to use instead of an image for the preview. I thought app widgets might get replaced someday, but at least for now, Google is trying to improve what we already have.

What Just Keeps Getting More and More Love

Notifications now have a CallStyle. Despite the description, based on other options, this appears to be designed for VOIP apps or other apps that might raise a notification representing an incoming call.

What May Make a Splash in DP3

SplashScreen is a thing now. I seem to recall a certain firm decrying the use of splash screens a few years ago — wonder whatever became of them…

What Makes Me Wish I Knew More About Mobile Carriers

Apparently, 5G networks can be “sliced”. Mobile carriers can “virtually divide their networks in portions and use different portions for specific use cases; for example, a corporation can have a deal/agreement with a carrier that all of its employees’ devices use data on a slice dedicated for enterprise use.” I am not well-versed in 5G, but I am still surprised that I had not heard about this capability.

There is a new VcnManager to be able to “configure and manage Virtual Carrier Networks”. I am not an expert in mobile networks, but this feels a bit like exposing Google Fi-like ability to combine multiple networks into a seamless aggregate network.

What May Be Good or May Be Bad

There is a new SCHEDULE_EXACT_ALARM permission, described as “allows an app to use exact alarm scheduling APIs to perform timing sensitive background work”. I do not know if this means that the exact family of AlarmManager APIs will now work better (good!) or if this means that you need a permission to be able to use them even in their current state (less good!).

What Is Here Today, Gone Tomorrow

The SMS_FINANCIAL_TRANSACTIONS permission is deprecated. And the DP1 BACKGROUND_CAMERA and RECORD_BACKGROUND_AUDIO permissions were removed outright.

A version of sendStickyBroadcast() was added and deprecated… both in Android 12 DP2, if the docs are to be believed.

What Is Gone Today, Stumbling Around Like a Zombie Tomorrow

The deprecated AnalogClock widget got new methods.

What Is Still Missing in Action

The app search APIs were revised but were not yet announced.

What Else Seems Interesting

Apps can now persist a preferred night mode behavior.

There may be a new option to initialize the native heap with zeros, which, if true, is a nice safety enhancement.

There are now List forms of methods like checkUriPermissions(), for being able to check a list of Uri values at once.

We can now ask a PendingIntent what it is used for, such as isActivity().

There is now a new external storage directory for recordings.

We can control the thumb and track icons used by a Switch, as well as the button icon for a CompoundButton.

We now have solid and patterned ripples.

Apps can control notification channel… fields?.

There is a new MediaMetricsManager. that does… something with media metrics.

There are now an official system color palette.

We may be getting APIs for determining the status of individual batteries. It’s unclear if this is for devices with multiple internal batteries or if this is for some sort of external battery.

There may be an option for enabling hardware-assisted memory tagging.

There may be new options for different types of app installs, such as “bulk”.

We now have headless users and foreground users.

Mar 17, 2021


"Elements of Android Room" Version 0.5 Released

Subscribers now have access to Version 0.5 of Elements of Android Room, in PDF, EPUB, and MOBI/Kindle formats. Just log into your Warescription page to download it, or set up an account and subscribe!


This update adds two more chapters, covering:

In addition:

  • A bunch of dependencies were updated, notably Room itself

  • Various bugs were fixed

Mar 15, 2021


Older Posts