It's been a couple of years since the Autofill API was added to Android and you've been able to use Google or other password managers to fill in your credentials and log in to apps. However, while most third-party password apps require you to verify your identity before releasing your details to another app, Google's autofill just surrendered those details willy-nilly as long as your phone was unlocked. That's not so secure. A recent change to Play Services fixes that by letting you require an on-the-spot authentication before Google autofills the data fields. Read More
YouTube has always been one of Google's less conventional properties, but the sudden leap from version 6.0 to 10.0 gave everybody a surprise. Even stranger is that with such a substantial jump in versions, there are virtually zero meaningful changes to the user-facing features. While there's relatively little for us to enjoy right now, a full teardown reveals that there are at least a few additions that might be worthy of a major version bump.
It's no secret that YouTube is set to gain some basic editing features. Reports have been coming in that the trimming feature discovered back in November has finally started going live. Read More
You hear a lot of reports about malware and other undesirable third-party apps these days, especially from security researchers (and people who want to sell you something to make you feel safe). It's undeniable that malicious apps are a problem on an open system, but new data from Google indicates that the amount of actual harm being done might be negligible. QZ.com reports on a presentation from Google's Android Security Chief Adrian Ludwig at the Virus Conference in Berlin. He estimates that .001% of Android apps are able to get past Google's defenses.
That number includes both apps on the Google Play Store and 1.5 billion side-loaded or non-Play Store app installs, at least on devices that also include the Play Store and its Verify Apps feature. Read More
Remember when Google's app verification and malware scanning service debuted with Android 4.2? No? Well, that's probably because statistically speaking, you're likely to be one of the 95% of Android users rocking 4.1 or earlier. To help address this, it looks like Google has moved the Verify Apps system to Google Play Services, which at this point should be installed on all Google Play Store-equipped Android devices running Gingerbread or higher. The change was spotted by JR Raphael at ComputerWorld.
Verify Apps is not to be confused with the "Bouncer," Google's Play Store watchdog that keeps an eye on the included Android apps, to greater or lesser success. Read More
Tim Bray responded in our comments letting us know Trevor Johns, a hands-on guy in the Android back-rooms, was the author of the post.
After we blew the faults
behind Google's License Verification Library out of the water last week, Google's Tim Bray promised
us some tips for protecting our applications against piracy, and in the latest post at Google's official Android blog he delivered them
. Tim's article is loaded with easy to follow sample code, and advice that just makes sense. Mr. Bray covers several protection methods including:
- customizing the Licensing Library,
- making your application tamper resistant (with a code sample that is nearly identical to what I published a week ago),
- and using a secondary server for added protection.
[Update: 8/24/10 @ 7:45 PM EST by Aaron] Tim Bray responded to Justin's article, but seems to have misunderstood the goal. Thus, Justin has written a follow-up article here.
This article was not written to teach people how to pirate or ridicule Google's Android License Verification Library (LVL) that handles communication with Google's Android Market Licensing Service.
I am very much against piracy, and very much pro-Google. I have spent more time researching copy protection for my applications than development of the applications themselves.
I would like to thank:
- the author of Star Hunt for allowing me to use his application in my demo video
- the author of Tasker for allowing me to use his application, which has the best implementation of LVL I found, in this article
Both of these applications are available in the market - I highly suggest you give them a try. Read More