SlideShare a Scribd company logo

Whats different in android L, M, N and O

Download as PPTX, PDF
Pietro F. Maggi
Pietro F. Maggi

Every new Android version introduces changes and improvements. Even if you're targeting an older Android version in your application, you need to understand what is the trajectory that the OS in following to be prepared. This presentation is targeting the enterprise mobility developers.

Technology
1 of 36
EUROPE
Developer Session What’s Different in Android L, M, N, O Darryn Campbell & Pietro Maggi Software Experts
• Android Trends & Trajectory • Android Lollipop • Android Marshmallow • Android Nougat • Android ‘O’ Agenda What’s Different in Android L, M, N, O
COMMON PATTERNS
There are some interesting patterns emerging as Android evolves: • Notifications have undergone major (or at least noteworthy) changes in every release from KitKat to ‘O’. • Notifications feature heavily in enterprise use cases it becomes increasingly complex to lock down what the user is able to control • Pushes towards power saving, taking flexibility away from developers with consumer end user battery life in mind • Locking down your device becomes increasingly complex. • E.g. More system apps to prohibit Common Patterns & Trajectory Controlling device access
ANDROID LOLLIPOP
• Introduced in API 21 • Google sample: https://github.com/googlesamples/android-JobScheduler • Helps perform background work in an efficient way, especially networking • For older devices, with GMS, GCM Network Manager provides efficient background job scheduling • https://developers.google.com/cloud-messaging/network-manager • GCMTaskService is typically simpler to manage and more difficult to mess up than JobService Note that GCMTaskService is implemented using the JobScheduler API on Lollipop and newer OS. Android Lollipop JobScheduler API
• Many enhancements to BLE between Android 4.4 and Android 5.0 • Addition of peripheral mode • Support for Beacon or iBeacon packets • Allows broadcasting of advertising packets (hardware permitting) • Improved background scanning no longer prevents the device from sleeping. • API backwardly compatible with KitKat Android Lollipop Bluetooth LE Matures
ANDROID MARSHMALLOW
• Dynamic runtime permissions • Doze mode • Bluetooth changes • Encryption & Adoptable storage • Trusted & untrusted resets • Enterprise Android: COSU support (Corporate-owned single-use) Android Marshmallow Behaviour changes affecting Enterprise
Targeting API 23+ If you target API level 23+, your application is not going to have the dangerous permission granted at install time, but it needs to: • Check • Request • Fail gracefully if not permission is not granted
Targeting API 23+ When the user installs or updates the app, the system grants the app all permissions that the app requests that fall under PROTECTION_NORMAL. For example, alarm clock and internet permissions fall under PROTECTION_NORMAL, so they are automatically granted at install time. Some of the permission that are now granted automatically are: 1. GET_ACCOUNTS 2. READ_PHONE_STATE 3. READ_EXTERNAL_STORAGE 4. GET_TASKS, REORDER_TASKS, KILL_BACKGROUND_PROCESSES 5. EXPAND_STATUS_BAR
What if I’m targeting API level 22 or older? The new permission system is not enforce at install time. If the user install your application, like before, it gets all the requested permissions. BUT. If an user can go into the settings application, it can removes the permissions. Lock down the device looks like a good idea to me!
Reminder: adb install Needs -g To Auto-Grant Permissions If your app has a targetSdkVersion of 23 or higher, and you are installing the app via the command line, note that adb install has two possible behaviors: • Used normally, the app is installed without any runtime permissions granted. This mimics a normal app install, where you have to ask for the permissions at runtime. • Used with the -g switch, the app is installed with all runtime permissions pre-granted, as if the app had a targetSdkVersion below 22. This can be handy for rapid testing, though it is not indicative of what the user will see. Source: https://commonsware.com/blog/2016/03/18/reminder-adb-install-needs-auto-grant-permissions.html
It’s all about the battery! Source: https://www.bignerdranch.com/blog/diving-into-doze-mode-for-developers/
GMS and AOSP – it makes a difference Doze Mode is enabled only on GMS devices This is where you can use an High-Priority Firebase Cloud Message to wake up the device and kick an application temporarily out of Doze mode: In Doze or App Standby mode, the system delivers the message and gives the app temporary access to network services and partial wakelocks, then returns the device or app to the idle state. Source: https://developer.android.com/training/monitoring-device-state/doze-standby.html
Whitelisting an application • An app that is whitelisted can use the network and hold partial wake locks during Doze and App Standby. However, other restrictions still apply to the whitelisted app, just as they do to other apps. • An app can check whether it is currently on the exemption whitelist by calling isIgnoringBatteryOptimizations(). • Users can manually configure the whitelist in Settings > Battery > Battery Optimization. • Alternatively, the system provides ways for apps to ask users to whitelist them: • An app can fire the ACTION_IGNORE_BATTERY_OPTIMIZATION_SETTINGS intent to take the user directly to the Battery Optimization, where they can add the app. • An app holding the REQUEST_IGNORE_BATTERY_OPTIMIZATIONS permission can trigger a system dialog to let the user add the app to the whitelist directly, without going to settings. • The app fires a ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS Intent to trigger the dialog. • The user can manually remove apps from the whitelist as needed. Source: https://developer.android.com/training/monitoring-device-state/doze-standby.html
Testing for Doze Mode and App-Standby You can simulate Doze mode using adb while your application is running: $ adb shell dumpsys deviceidle force-idle You can simulate App-Standby using adb while your application is running: Force the app into App Standby mode by running the following commands: $ adb shell dumpsys battery unplug $ adb shell am set-inactive <packageName> true Simulate waking your app using the following commands: $ adb shell am set-inactive <packageName> false $ adb shell am get-inactive <packageName> Source: https://developer.android.com/training/monitoring-device-state/doze-standby.html
Two modes: 1. Full Storage Card Encryption Mode • Matches what Adoptable Storage is with the same limitations • Can be provisioned via StageNow • Duplicates Android functionality so potential for future deprecation 2. Folder Encryption Mode • Supports encryption in /data and on the Storage Card • Allows a common encrypted implementation in common with non-Marshmallow devices in your deployment Android Marshmallow Encryption & Adoptable storage – Interaction with Encrypt Manager
Android Marshmallow Encryption & Adoptable storage Reset Action Emulated storage cards Physical storage cards Adopted storage cards Enterprise partition Reboot Retained Retained Retained Retained Full Device Wipe Wiped Wiped Wiped Wiped Factory Reset Wiped Retained Wiped Wiped Enterprise Reset Wiped Retained Wiped Retained
• Designed to reduce the value of stolen (consumer) devices • Trusted factory resets: • Do NOT mandate reentry any previously associated Google creds • Invoked from device settings UI • Untrusted factory resets: • GMS Only • DO mandate reentry of any previously associated Google creds • Factory resets invoked from MX Power manager • Factory reset packages available from Zebra support • Note: If you forget your previously associated Google creds contact Zebra support Android Marshmallow Trusted & untrusted factory resets
• Applications and services have to call scanner disable when device is suspending [e.g. onPause/onDestroy callback]. • On Lollipop (Android v5.x) or KitKat (Android v4.4) devices we don't have imager standby mode supported, in this mode imager would consume lowest power, with TC51/TC56/TC70x/TC75x, using Marshmallow (Android 6.0), this was a requirement to have lowest power on suspend. • With this mode, imager loses all it's configurations which is done in enable, hence user needs to recall enable again, however after disabling scanner, otherwise scan framework will not accept another enable due to state machine. Android Marshmallow Imager goes into standby mode when devices goes into suspend.
• Android for Work started with 5.0 (lollipop). Announced at Google I/O 2014 • Initially targeted BYOD (Bring your own device) use cases • Separation of ‘Work’ mode from personal applications • ‘Work profile’ owned by a “Profile Owner” which would be a device policy controller (DPC) • Enhancements for COPE (Corporate owned, personally enabled) • Expectation that device or profile will owned by a DPC • DPC is acting as device owner (DO) or profile owner (PO) • Enhancements for COSU (Corporate owned, single use) [6.0+] • Expectation that these devices will only have a device owner (DO) • Typical Zebra device use cases • Non-Zebra single use Android devices could be a payment terminal or airport check-in. • DO provisioning via NFC prioritized by Google (also possible via adb) Android Marshmallow Android in the Enterprise: Recap
• COSU support (Corporate Owned – Single Use) • Managed configurations via bundle data types • Lock Task Mode in additional to lollipop’s consumer oriented ‘Pinning’ DEMOS Android Marshmallow Android in the Enterprise: COSU support in Marshmallow
Android Marshmallow Managed Configurations
Android Marshmallow Lock Task Mode
ANDROID NOUGAT
• Multi-Window Support • Notification Enhancements • Doze on the Go • Data Saver • Tile API • Number Blocking • New Emojis  Android Nougat (7.0) Behaviour changes affecting Enterprise • WebView enhancements, now using Chrome (on GMS) • Enterprise updates (incremental) • Hardware back keystore
• App Shortcuts • Image Keyboard Support • “Professional” Emoji    • Storage Manager Intent Android Nougat (7.1) Behaviour changes affecting Enterprise
ANDROID ‘O’
• Background execution limits • Background service limitations • Implicit broadcast reception limitations • Android background location limits • Notification enhancements for ‘Channels’ giving users more granular control of notification importance & how they should be notified. • Launcher shortcut pinning Android O PREVIEW Behaviour changes affecting Enterprise • Enterprise updates: • COMP (Corporate owned, managed profile) devices • Incremental improvements to DPC APIs (new & existing). • E.g. inter profile application communication. • Autofill Framework • Google Safe Browsing API in WebViews
Questions?
• Android M developer impact: https://developer.zebra.com/community/android/android-forums/android- blogs/blog/2017/01/20/what-s-new-for-android-m-and-the-impact-on-zebra-developers • Deploying applications on Zebra devices from JellyBean to Marshmallow & beyond: https://developer.zebra.com/community/android/android-forums/android-blogs/blog/2017/02/08/deploying-an-application-to-zebra- android-devices-ranging-from-jellybean-to-marshmallow-and-beyond • Google official docs for: • Lollipop: https://developer.android.com/about/versions/lollipop.html • Marshmallow: https://developer.android.com/about/versions/marshmallow/android-6.0-changes.html • Nougat: https://developer.android.com/about/versions/nougat/android-7.0-changes.html • O: https://developer.android.com/preview/behavior-changes.html Useful Links Android Alphabet Soup
Please take a moment to rate this session using the APPFORUM mobile app. THANK YOU
• Bullet text Content Slide Title Goes Here Sub title goes here
What are your options: 1. Continue to target API 22 (Lollipop) 2. Implement Google’s runtime model 3. Use an MX AppManager profile to install the application 4. Use an EMM that supports managed Android devices Android Marshmallow Dynamic runtime permissions

Recommended

Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspectivePietro F. Maggi
 
Mind the gap
Mind the gapMind the gap
Mind the gapPietro F. Maggi
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Android security
Android securityAndroid security
Android securityMidhun P Gopi
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Android sandbox
Android sandboxAndroid sandbox
Android sandboxAnusha Chavan
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Android Security
Android SecurityAndroid Security
Android SecuritySuminda Gunawardhana
 

Recommended

Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspectivePietro F. Maggi
 
Mind the gap
Mind the gapMind the gap
Mind the gapPietro F. Maggi
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Android security
Android securityAndroid security
Android securityMidhun P Gopi
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Android sandbox
Android sandboxAndroid sandbox
Android sandboxAnusha Chavan
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Android Security
Android SecurityAndroid Security
Android SecuritySuminda Gunawardhana
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Android Security
Android SecurityAndroid Security
Android SecurityMehrnaz Amoon
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Android security
Android securityAndroid security
Android securityMohamed Alharbi
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depthSander Alberink
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Krisshhna Daasaarii
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewAshish Patel
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Developmenthackstuff
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionTandhy Simanjuntak
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardeninganupriti
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Mobile application security
Mobile application securityMobile application security
Mobile application securityShubhneet Goel
 
New features in android m upload
New features in android m uploadNew features in android m upload
New features in android m uploadBin Yang
 
Android ch2..pptx
Android ch2..pptxAndroid ch2..pptx
Android ch2..pptxmohamedMoktarMohamed
 

More Related Content

What's hot

Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depthSander Alberink
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewAshish Patel
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Developmenthackstuff
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionTandhy Simanjuntak
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardeninganupriti
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Mobile application security
Mobile application securityMobile application security
Mobile application securityShubhneet Goel
 

What's hot (20)

Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Android Security
Android SecurityAndroid Security
Android Security
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
 
Android security
Android securityAndroid security
Android security
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3
 
Android security
Android securityAndroid security
Android security
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product Overview
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security model
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardening
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile Applications
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Mobile application security
Mobile application securityMobile application security
Mobile application security
 

Similar to Whats different in android L, M, N and O

New features in android m upload
New features in android m uploadNew features in android m upload
New features in android m uploadBin Yang
 
Android Enterprise vs Legacy Android (Device Admin APIs)
Android Enterprise vs Legacy Android (Device Admin APIs)Android Enterprise vs Legacy Android (Device Admin APIs)
Android Enterprise vs Legacy Android (Device Admin APIs)Ashish Sharma
 
CNIT 128 8. Android Implementation Issues (Part 2)
CNIT 128 8. Android Implementation Issues (Part 2)CNIT 128 8. Android Implementation Issues (Part 2)
CNIT 128 8. Android Implementation Issues (Part 2)Sam Bowne
 
CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)Sam Bowne
 
Google IO 2017 Recap
Google IO 2017 RecapGoogle IO 2017 Recap
Google IO 2017 RecapVishal Nayak
 
Application module slides
Application module slidesApplication module slides
Application module slidesJoanne Scouler
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Mohammed Adam
 
How to create android applications
How to create android applicationsHow to create android applications
How to create android applicationsTOPS Technologies
 
Security on android
Security on androidSecurity on android
Security on androidpk464312
 
Pentestflashkeybpardpaper
PentestflashkeybpardpaperPentestflashkeybpardpaper
PentestflashkeybpardpaperAndrey Apuhtin
 
Working of Cyanogen mod
Working of Cyanogen modWorking of Cyanogen mod
Working of Cyanogen modallwin thomas
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetupkunwaratul hax0r
 
IRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET Journal
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security WorkshopOWASP
 

Similar to Whats different in android L, M, N and O (20)

New features in android m upload
New features in android m uploadNew features in android m upload
New features in android m upload
 
Android ch2..pptx
Android ch2..pptxAndroid ch2..pptx
Android ch2..pptx
 
Android Enterprise vs Legacy Android (Device Admin APIs)
Android Enterprise vs Legacy Android (Device Admin APIs)Android Enterprise vs Legacy Android (Device Admin APIs)
Android Enterprise vs Legacy Android (Device Admin APIs)
 
CNIT 128 8. Android Implementation Issues (Part 2)
CNIT 128 8. Android Implementation Issues (Part 2)CNIT 128 8. Android Implementation Issues (Part 2)
CNIT 128 8. Android Implementation Issues (Part 2)
 
CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)CNIT 128: Android Implementation Issues (Part 2)
CNIT 128: Android Implementation Issues (Part 2)
 
Google IO 2017 Recap
Google IO 2017 RecapGoogle IO 2017 Recap
Google IO 2017 Recap
 
Mobile security
Mobile securityMobile security
Mobile security
 
Application module slides
Application module slidesApplication module slides
Application module slides
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
How to create android applications
How to create android applicationsHow to create android applications
How to create android applications
 
Security on android
Security on androidSecurity on android
Security on android
 
Securing Android
Securing AndroidSecuring Android
Securing Android
 
Appium
AppiumAppium
Appium
 
128-ch4.pptx
128-ch4.pptx128-ch4.pptx
128-ch4.pptx
 
Appium solution artizone
Appium solution artizoneAppium solution artizone
Appium solution artizone
 
Pentestflashkeybpardpaper
PentestflashkeybpardpaperPentestflashkeybpardpaper
Pentestflashkeybpardpaper
 
Working of Cyanogen mod
Working of Cyanogen modWorking of Cyanogen mod
Working of Cyanogen mod
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetup
 
IRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security Assessment
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 

Whats different in android L, M, N and O

  • 2. Developer Session What’s Different in Android L, M, N, O Darryn Campbell & Pietro Maggi Software Experts
  • 3. • Android Trends & Trajectory • Android Lollipop • Android Marshmallow • Android Nougat • Android ‘O’ Agenda What’s Different in Android L, M, N, O
  • 5. There are some interesting patterns emerging as Android evolves: • Notifications have undergone major (or at least noteworthy) changes in every release from KitKat to ‘O’. • Notifications feature heavily in enterprise use cases it becomes increasingly complex to lock down what the user is able to control • Pushes towards power saving, taking flexibility away from developers with consumer end user battery life in mind • Locking down your device becomes increasingly complex. • E.g. More system apps to prohibit Common Patterns & Trajectory Controlling device access
  • 7. • Introduced in API 21 • Google sample: https://github.com/googlesamples/android-JobScheduler • Helps perform background work in an efficient way, especially networking • For older devices, with GMS, GCM Network Manager provides efficient background job scheduling • https://developers.google.com/cloud-messaging/network-manager • GCMTaskService is typically simpler to manage and more difficult to mess up than JobService Note that GCMTaskService is implemented using the JobScheduler API on Lollipop and newer OS. Android Lollipop JobScheduler API
  • 8. • Many enhancements to BLE between Android 4.4 and Android 5.0 • Addition of peripheral mode • Support for Beacon or iBeacon packets • Allows broadcasting of advertising packets (hardware permitting) • Improved background scanning no longer prevents the device from sleeping. • API backwardly compatible with KitKat Android Lollipop Bluetooth LE Matures
  • 10. • Dynamic runtime permissions • Doze mode • Bluetooth changes • Encryption & Adoptable storage • Trusted & untrusted resets • Enterprise Android: COSU support (Corporate-owned single-use) Android Marshmallow Behaviour changes affecting Enterprise
  • 11. Targeting API 23+ If you target API level 23+, your application is not going to have the dangerous permission granted at install time, but it needs to: • Check • Request • Fail gracefully if not permission is not granted
  • 12. Targeting API 23+ When the user installs or updates the app, the system grants the app all permissions that the app requests that fall under PROTECTION_NORMAL. For example, alarm clock and internet permissions fall under PROTECTION_NORMAL, so they are automatically granted at install time. Some of the permission that are now granted automatically are: 1. GET_ACCOUNTS 2. READ_PHONE_STATE 3. READ_EXTERNAL_STORAGE 4. GET_TASKS, REORDER_TASKS, KILL_BACKGROUND_PROCESSES 5. EXPAND_STATUS_BAR
  • 13. What if I’m targeting API level 22 or older? The new permission system is not enforce at install time. If the user install your application, like before, it gets all the requested permissions. BUT. If an user can go into the settings application, it can removes the permissions. Lock down the device looks like a good idea to me!
  • 14. Reminder: adb install Needs -g To Auto-Grant Permissions If your app has a targetSdkVersion of 23 or higher, and you are installing the app via the command line, note that adb install has two possible behaviors: • Used normally, the app is installed without any runtime permissions granted. This mimics a normal app install, where you have to ask for the permissions at runtime. • Used with the -g switch, the app is installed with all runtime permissions pre-granted, as if the app had a targetSdkVersion below 22. This can be handy for rapid testing, though it is not indicative of what the user will see. Source: https://commonsware.com/blog/2016/03/18/reminder-adb-install-needs-auto-grant-permissions.html
  • 15. It’s all about the battery! Source: https://www.bignerdranch.com/blog/diving-into-doze-mode-for-developers/
  • 16. GMS and AOSP – it makes a difference Doze Mode is enabled only on GMS devices This is where you can use an High-Priority Firebase Cloud Message to wake up the device and kick an application temporarily out of Doze mode: In Doze or App Standby mode, the system delivers the message and gives the app temporary access to network services and partial wakelocks, then returns the device or app to the idle state. Source: https://developer.android.com/training/monitoring-device-state/doze-standby.html
  • 17. Whitelisting an application • An app that is whitelisted can use the network and hold partial wake locks during Doze and App Standby. However, other restrictions still apply to the whitelisted app, just as they do to other apps. • An app can check whether it is currently on the exemption whitelist by calling isIgnoringBatteryOptimizations(). • Users can manually configure the whitelist in Settings > Battery > Battery Optimization. • Alternatively, the system provides ways for apps to ask users to whitelist them: • An app can fire the ACTION_IGNORE_BATTERY_OPTIMIZATION_SETTINGS intent to take the user directly to the Battery Optimization, where they can add the app. • An app holding the REQUEST_IGNORE_BATTERY_OPTIMIZATIONS permission can trigger a system dialog to let the user add the app to the whitelist directly, without going to settings. • The app fires a ACTION_REQUEST_IGNORE_BATTERY_OPTIMIZATIONS Intent to trigger the dialog. • The user can manually remove apps from the whitelist as needed. Source: https://developer.android.com/training/monitoring-device-state/doze-standby.html
  • 18. Testing for Doze Mode and App-Standby You can simulate Doze mode using adb while your application is running: $ adb shell dumpsys deviceidle force-idle You can simulate App-Standby using adb while your application is running: Force the app into App Standby mode by running the following commands: $ adb shell dumpsys battery unplug $ adb shell am set-inactive <packageName> true Simulate waking your app using the following commands: $ adb shell am set-inactive <packageName> false $ adb shell am get-inactive <packageName> Source: https://developer.android.com/training/monitoring-device-state/doze-standby.html
  • 19. Two modes: 1. Full Storage Card Encryption Mode • Matches what Adoptable Storage is with the same limitations • Can be provisioned via StageNow • Duplicates Android functionality so potential for future deprecation 2. Folder Encryption Mode • Supports encryption in /data and on the Storage Card • Allows a common encrypted implementation in common with non-Marshmallow devices in your deployment Android Marshmallow Encryption & Adoptable storage – Interaction with Encrypt Manager
  • 20. Android Marshmallow Encryption & Adoptable storage Reset Action Emulated storage cards Physical storage cards Adopted storage cards Enterprise partition Reboot Retained Retained Retained Retained Full Device Wipe Wiped Wiped Wiped Wiped Factory Reset Wiped Retained Wiped Wiped Enterprise Reset Wiped Retained Wiped Retained
  • 21. • Designed to reduce the value of stolen (consumer) devices • Trusted factory resets: • Do NOT mandate reentry any previously associated Google creds • Invoked from device settings UI • Untrusted factory resets: • GMS Only • DO mandate reentry of any previously associated Google creds • Factory resets invoked from MX Power manager • Factory reset packages available from Zebra support • Note: If you forget your previously associated Google creds contact Zebra support Android Marshmallow Trusted & untrusted factory resets
  • 22. • Applications and services have to call scanner disable when device is suspending [e.g. onPause/onDestroy callback]. • On Lollipop (Android v5.x) or KitKat (Android v4.4) devices we don't have imager standby mode supported, in this mode imager would consume lowest power, with TC51/TC56/TC70x/TC75x, using Marshmallow (Android 6.0), this was a requirement to have lowest power on suspend. • With this mode, imager loses all it's configurations which is done in enable, hence user needs to recall enable again, however after disabling scanner, otherwise scan framework will not accept another enable due to state machine. Android Marshmallow Imager goes into standby mode when devices goes into suspend.
  • 23. • Android for Work started with 5.0 (lollipop). Announced at Google I/O 2014 • Initially targeted BYOD (Bring your own device) use cases • Separation of ‘Work’ mode from personal applications • ‘Work profile’ owned by a “Profile Owner” which would be a device policy controller (DPC) • Enhancements for COPE (Corporate owned, personally enabled) • Expectation that device or profile will owned by a DPC • DPC is acting as device owner (DO) or profile owner (PO) • Enhancements for COSU (Corporate owned, single use) [6.0+] • Expectation that these devices will only have a device owner (DO) • Typical Zebra device use cases • Non-Zebra single use Android devices could be a payment terminal or airport check-in. • DO provisioning via NFC prioritized by Google (also possible via adb) Android Marshmallow Android in the Enterprise: Recap
  • 24. • COSU support (Corporate Owned – Single Use) • Managed configurations via bundle data types • Lock Task Mode in additional to lollipop’s consumer oriented ‘Pinning’ DEMOS Android Marshmallow Android in the Enterprise: COSU support in Marshmallow
  • 28. • Multi-Window Support • Notification Enhancements • Doze on the Go • Data Saver • Tile API • Number Blocking • New Emojis  Android Nougat (7.0) Behaviour changes affecting Enterprise • WebView enhancements, now using Chrome (on GMS) • Enterprise updates (incremental) • Hardware back keystore
  • 29. • App Shortcuts • Image Keyboard Support • “Professional” Emoji    • Storage Manager Intent Android Nougat (7.1) Behaviour changes affecting Enterprise
  • 31. • Background execution limits • Background service limitations • Implicit broadcast reception limitations • Android background location limits • Notification enhancements for ‘Channels’ giving users more granular control of notification importance & how they should be notified. • Launcher shortcut pinning Android O PREVIEW Behaviour changes affecting Enterprise • Enterprise updates: • COMP (Corporate owned, managed profile) devices • Incremental improvements to DPC APIs (new & existing). • E.g. inter profile application communication. • Autofill Framework • Google Safe Browsing API in WebViews
  • 33. • Android M developer impact: https://developer.zebra.com/community/android/android-forums/android- blogs/blog/2017/01/20/what-s-new-for-android-m-and-the-impact-on-zebra-developers • Deploying applications on Zebra devices from JellyBean to Marshmallow & beyond: https://developer.zebra.com/community/android/android-forums/android-blogs/blog/2017/02/08/deploying-an-application-to-zebra- android-devices-ranging-from-jellybean-to-marshmallow-and-beyond • Google official docs for: • Lollipop: https://developer.android.com/about/versions/lollipop.html • Marshmallow: https://developer.android.com/about/versions/marshmallow/android-6.0-changes.html • Nougat: https://developer.android.com/about/versions/nougat/android-7.0-changes.html • O: https://developer.android.com/preview/behavior-changes.html Useful Links Android Alphabet Soup
  • 34. Please take a moment to rate this session using the APPFORUM mobile app. THANK YOU
  • 35. • Bullet text Content Slide Title Goes Here Sub title goes here
  • 36. What are your options: 1. Continue to target API 22 (Lollipop) 2. Implement Google’s runtime model 3. Use an MX AppManager profile to install the application 4. Use an EMM that supports managed Android devices Android Marshmallow Dynamic runtime permissions

Editor's Notes

  1. Background services, location services, doze mode, enhanced doze mode Notifications: material design, long press in M, reply in line in N, channels in O
  2. Interaction with Encrypt Manager – Adoptable Storage http://techdocs.zebra.com/emdk-for-android/6-0/mx/encryptmgr/ Note: Encryption Manager will not be aware that an adopted SD card is encrypted, the two are mutually exclusive.
  3. Still in the process of defining what Zebra are doing for Android N: Multi-Window. How to provision? Use cases include drag & drop. More for tablet form factors. Notification enhancements are reply inline, custom views and bundling notifications together. Consider using 3rd party messaging apps like Whats-app in an enterprise deployment of GMS devices, you get these features for ‘free’ automatically. 1st party apps (Gmail) obviously also support notification bundling Doze on the Go. More aggressive doze can now block network access & syncs / jobs even if the device is moving Data Saver blocks data for apps in the background & foreground apps may use less frequently. Could impact field workers or anybody on a data plan. Consider provisioning your app to have unrestricted data access (by default play services have unrestricted access) Tile API. Two considerations: 1. How control users from moving tiles around? 2. You can define our own quick settings tiles which could greatly increase productivity depending on the use case. Do you want to restrict access to specific tiles? The API is ADD tiles only. Note: Quick settings are urgently required or frequently used actions, NOT shortcuts to launching an application. Number Blocking. Strong Enterprise Use case but currently apps have NO access to the blocked number list. Enterprise use cases include whitelisting, blacklisting incoming & outgoing calls. Similar features may appear on Zebra hardware. Additional functionality through carrier integration (server-side blocking) prevents forwarding. Call Screening also has enterprise use cases, you might not want to show notifications under some conditions (e.g. during customer interaction). Emojis are not supported by the Enterprise Keyboard: https://www.zebra.com/gb/en/products/software/mobile-computers/enterprise-keyboard.html Starting with Chrome version 51 on Android 7.0 and above, the Chrome APK on your device is used to provide and render Android System WebViews. Great for receiving security updates and maintaining parity with the Chrome apk Only available on GMS devices. Non-GMS devices will fall behind. You will see a difference in rendering between the same EB app on two devices (one GMS, one non-GMS) Can chose your webview provider on GMS, at least for now but that is a developer option and likely could not provision. Webview APK, Dev Chrome, Beta Chrome, Stable Chrome. Continued enterprise Android updates (always on VPN, corporate colours during provisioning) Key Attestation with hardware backed keys allows your to have greater confidence that the device in use has not been compromised and enables greater protection of your data at rest https://developer.android.com/about/versions/nougat/android-7.0.html
  4. Still in the process of defining what Zebra are doing for Android N: New App shortcut paradigm. Unsure of EHS support for new App shortcuts? Image Keyboard support & Professional emoji. Again, Enterprise Keyboard is more suited for Enterprise. Storage Manager Intent: Apps can now fire an ACTION_MANAGE_STORAGE intent, taking the user to the system's Free up space screen. For example, if an app requires more space than is currently available, it can use this intent to let the user delete unneeded apps and content to free up sufficient space. Will want to find a way to block this. https://developer.android.com/about/versions/nougat/android-7.1.html
  5. Migration guide for Background SERVICE execution limits: https://developer.android.com/preview/features/background.html (target API level 25 or below, Use JobScheduler API, foreground service, FCM to wake the application, defer work). Whitelist exists but not user editable – whitelisted for a few minutes for PendingIntents, receiving intents or FCM. Android background location limits affect Fused and non-fused providers. Geofencing still works. Mitigation: bring your app to the foreground, use a foreground service, use a passive location listener. Background apps have location computed a few times each hour. Launcher shortcut pinning requires user to acknowledge. Could lead to quicker access to an app or functionality. Must be supported by the home screen. Autofill framework: could be used in conjunction with managed configurations to help pre-populate fields with existing applications.
  6. Recommendation: A combination of 2 and 3 to debug and deploy respectively. Lock down the app permissions dialog.