The CommonsBlog


New Subscriber Benefit: Discussion Group

I used to have a Google Group for my subscribers, but I discontinued it several years ago, steering people towards sites like Stack Overflow. But those sites do not necessarily handle all sorts of questions — Stack Overflow in particular has fairly stringent guidelines as to what is and is not on-topic.

So, I have set up a new discussion group, this time in the form of a category on the CommonsWare Community site. While the category is publicly readable, posting is limited to authorized subscribers. The idea is that this category can be used for:

  • Questions about the books

  • Questions that might run afoul of Stack Overflow guidelines, such as asking for suggestions for third-party libraries

  • Questions that you might have asked elsewhere and did not get the answers that you sought

Subscribers can request permission to post by logging into the Warescription site and visiting Other Stuff > Settings from the nav bar. In there you will find a panel for “Discussion Group Access” with details.

If you run into any problems in signing up for this, let me know.

Jul 25, 2017


GraphQL and Android Version 0.2 Released

Subscribers now have access to Version 0.2 of GraphQL and Android, in PDF, EPUB, and MOBI/Kindle formats. Just log into your Warescription page and download away, or set up an account and subscribe!

In this update, there are three new chapters:

  • One on authentication and the “viewer” pattern for having a schema based on what the user is authorized to do

  • One on securing GraphQL access in Android, focusing at the moment on network security

  • One on testing your GraphQL code, with a particular emphasis on different mocking approaches

In addition:

  • All URLs in the samples and prose now point to 0.2/ instead of 0.1/ in their paths

  • The samples using Apollo-Android now use 0.3.3 of that library

  • There are a few errata fixes and the like.

The next update to this book should be out in 1-2 months.

Jul 24, 2017


Introducing CWAC-SafeRoom

As part of my work on Android’s Architecture Components, I put together CWAC-SafeRoom. This is bridge code, connecting Room with SQLCipher for Android.

A little-known bit of the Architecture Components is the SupportSQLite... series of interfaces. These represent a wrapper around a SQLite implementation, with an API that is reminiscent of the native SQLiteDatabase and related classes. Room not only has these interfaces but an implementation (Framework...) that delegates to the native Android classes. But, you can provide a SupportSQLiteOpenHelper.Factory to your RoomDatabase.Builder, via openHelperFactory(), and that will cause Room to use some other implementation of the SupportSQLite... bits.

That’s where CWAC-SafeRoom comes in.

So, if you have an EditText named passphraseField, you can initialize an encrypted RoomDatabase via:

SafeHelperFactory factory=SafeHelperFactory.fromUser(passphraseField.getText());

StuffDatabase db=Room.databaseBuilder(ctxt, StuffDatabase.class, DB_NAME)
  .openHelperFactory(factory)
  .build();

Alternatively, you can create a SafeHelperFactory using a constructor that takes a char[] parameter. As part of setting up the database, CWAC-SafeRoom will clear that Editable (from getText() on your EditText) or that char[], so that the passphrase is no longer in cleartext in memory.

CWAC-SafeRoom has been lightly tested — there is a reason for the 0.0.1 version. A fair bit of the SupportSQLite... API cannot be implemented using SQLCipher for Android right now, as the SQLCipher for Android API is based on very old versions of Android, and SupportSQLite... wants a few newer features. So far, Room does not seem to be using those, which is why the partial implementation of SupportSQLite... in CWAC-SafeRoom is holding up as well as it is. Plus, Room itself is still an alpha, and who knows what the future may bring?

(hopefully not zombies)

This library was developed with patent-pending Insta-Deprecation Technology™. Should Google or Zetitec (developers of SQLCipher) offer their own equivalent library, use theirs.

So, while work remains to be done, CWAC-SafeRoom demonstrates the possibility of an encrypted Room implementation.

Jul 11, 2017


Android's Architecture Components Version 0.1 Released

Subscribers now have access to the inaugural release of Android’s Architecture Components, known as Version 0.1, in PDF, EPUB, and MOBI/Kindle formats. Just log into your Warescription page and download away, or set up an account and subscribe!

As I mentioned two weeks ago, when I released Version 0.1 of GraphQL and Android, I plan to break topics out into their own book when they are “bigger than a breadbox”.

Google released the Architecture Components to much fanfare at Google I|O 2017. This book will explore these components in depth, identifying their pros and cons, along with how to apply them to your Android projects. Particular emphasis will be placed on Room, given its comparative complexity.

This first beta version of the book covers the basics of using the Architecture Components. This book will evolve fairly rapidly over the next few months, to cover topics like integration with RxJava and data binding, polymorphic Room relations, and packaging databases with your app. Stay tuned to this blog, the @CommonsWare Twitter feed, etc. for announcements about updates.

Again, if you have any questions or concerns, drop me a line.

Jul 10, 2017


Samba and a Uri

As noted by Android Police, Google has released a Samba client app for Android on the Play Store. Users can use this app to connect their device to a SMB/CIFS file server, which is the protocol typically used for Windows file servers.

And, as you can see from the source code, the implementation is a DocumentsProvider. Any app that uses ACTION_OPEN_DOCUMENT, ACTION_OPEN_DOCUMENT_TREE, or ACTION_CREATE_DOCUMENT can now work seamlessly with Windows file servers… except for those apps written by developers who keep insisting that a Uri always points to a local file.

If you are using these Storage Access Framework actions, the Uri that you get back does not have to point to anything on the device’s filesystem that you can access. Always use a ContentResolver and openInputStream()/openOutputStream() to manipulate the content. For more, see this post from March 2016.

Jul 06, 2017


Older Posts