Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Android KitKat & Lollipop New Features for Enterprise Developers

Android KitKat & Lollipop New Features for Enterprise Developers

A quick introduction to Android OS and what are the changes for enterprise developer moving from Jelly Bean, to KitKat, Lollipop or Marshmallow.

Pietro F. Maggi

October 14, 2015

More Decks by Pietro F. Maggi

Other Decks in Technology


  1. Agenda •  Android History •  Android Architecture Overview [Linux, Dalvik,

    Security] •  From J to L, what’s new in Android •  What about M?
  2. History 2003   Android  started  as  a  separate  company.  It

     was  run  by  Andy  Rubin  and  a  few  other  big  names  in  the  early  world  of  mobile   tech.  They  were  trying  to  build  so;ware  for  phones  and  digital  cameras.   2005   Google  bought  Android  in  2005.  Andy  Rubin  and  his  team  quietly  worked  on  what  would  become  the  Android  mobile   operaBng  system.   2008   Google  partnered  with  T-­‐Mobile  to  launch  the  first-­‐ever  Android  smartphone,  the  G1.   2007   The  Open  Handset  Alliance,  a  consorBum  of  technology  companies  including  Google,  device  manufacturers  such  as  HTC,   Sony  and  Samsung,  wireless  carriers  such  as  Sprint  Nextel  and  T-­‐Mobile,  and  chipset  makers  such  as  Qualcomm  and  Texas   Instruments,  unveiled  itself,  with  a  goal  to  develop  open  standards  for  mobile  devices   2013   Google's  smartphone  operaBng  system  powers  a  whopping  80%  of  devices  worldwide.    
  3. Android Vision Our goal is not just a single device.

    Our vision is a mobile platform that runs on many many different devices. - Eric Schmidt
  4. Platform Version Version   API  Level   Nickname   2008

     September  23   1.0   1   Android   2009  February  9   1.1   2   Android   2009  April  30   1.5   3   Cupcake   2009  September  15   1.6   4   Donut   2009  October  26   2.0  /  2.0.1  /  2.1   5,  6,  7   Éclair   2010  May  20   2.2.x   8   FroYo   2010  December  6   2.3  –  2.3.2   9   Gingerbread   2011  February  9   2.3.3  –  2.3.7   10   Gingerbread   2011  February  22   3.x   11,  12,  13   Honeycomb   2011  October  19   4.0.0  –  4.0.2  /  4.0.3  –  4.0.4   14,  15   Ice  Cream  Sandwich   2012  July  9   4.1.x   16   Jelly  Bean   2012  November  13   4.2.x   17   Jelly  Bean   2013  July  24   4.3.x   18   Jelly  Bean   2013  October  31   4.4.x   19,  20  (Wear)   KitKat   2014  October  16   5.0   21   Lollipop   2015  March  9   5.1   22   Lollipop   2015  October  6   6.0   23   Marshmallow  
  5. AOSP and Google Mobile Services Android Open Source Project (AOSP)

    This is the Open source version of Android, used by Amazon, Zebra Technologies, Xiaomi and others OEM to build devices without the Google services. Google Mobile Services (GMS) This are additional features only available on devices that signed Google’s Anti-Fragmentation Agreement, including: Google Play Services, Google Maps, Gmail, etc. History Version 1.0 was released on September 26, 2012 Version 4.4 was released on May 7, 2014 Version 5.0 was released on June 25, 2014 Version 6.5, was released on November 17, 2014 Version 7.0 released on March 2, 2015 Version 7.5 released on May 28, 2015 Version 8.1 released on September 24, 2015
  6. ANDROID != LINUX Androidism  –  differences  between  Android  and  Linux

        •  Binder   •  Paranoid  Networking     SELinux  –  further  defines  boundaries  of  the  Android  applicaBon  sandbox   •  Introduced  in  Android  v4.3  –  MAC  not  enforced   •  v4.4  –  MAC  enforced  on  4  core  services  (installd,  netd,  vold  and  zygote)   •  v5.x  –  MAC  enforced  on  everything  (more  than  60  domains)   MAC  =  Mandatory  Access  Control   DAC  =  DiscreBonary  Access  Control  
  7. Android Runtime Dalvik  VM  is  Android  implementaBon   of  Java

     VM     Dalvik  is  opBmized  for  mobile  devices:   •  Bajery  consumpBon   •  CPU  capabiliBes     Key  Dalvik  differences:   •  Register-­‐based  versus  stack-­‐based  VM   •  Dalvik  runs  .dex  files   •  More  efficient  and  compact  implementaBon   •  Different  set  of  Java  libraries  than  JDK     Oracle  had  accused  Google  of  copying  the  APIs  of  Java,  a  programming   language  Oracle  owns,  and  punng  them  into  Android.  
  8. Android Runtime With  the  latest  I/O  conference,  Google  has  finally

     publicly  announced  its  plans  for  its  new   runBme  on  Android.     ART     ART  is  designed  to  be  fully  compaBble  with  Dalvik’s  exisBng  byte-­‐code  format,  “dex”  (Dalvik   executable).     The  big  paradigm-­‐shi;  that  ART  brings,  is  that  instead  of  being  a  Just-­‐in-­‐Time  (JIT)  compiler,   it  now  compiles  applicaBon  code  Ahead-­‐of-­‐Time  (AOT).     The  performance  gains  over  Dalvik  are  significant;;  roughly  a  2x  improvement  in  speed  for   code  running  on  the  VM.    
  9. Application Security Box Upon  Android  applicaBon  installaBon:   •  A

     unique  user  ID  is  created  for  each  Android  app   •  Each  app  is  started  in  its  own  process   •  Each  app  runs  in  that  DVM   •  The  file  permissions  are  set  for  the  owner  only  to  access  
  10. Application Signing The  important  points  to  understand  about  signing  Android

     applicaBons  are:     •  All  applicaBons  must  be  signed.  The  system  will  not  install  an  applicaBon  on  an  emulator  or  a  device  if  it  is   not  signed.   •  To  test  and  debug  your  applicaBon,  the  build  tools  sign  your  applicaBon  with  a  special  debug  key  that  is   created  by  the  Android  SDK  build  tools.   •  When  you  are  ready  to  release  your  applicaBon  for  end-­‐users,  you  must  sign  it  with  a  suitable  private  key.   You  cannot  publish  an  applicaBon  that  is  signed  with  the  debug  key  generated  by  the  SDK  tools.   •  You  can  use  self-­‐signed  cerBficates  to  sign  your  applicaBons.  No  cerBficate  authority  is  needed.   •  The  system  tests  a  signer  cerBficate's  expiraBon  date  only  at  install  Bme.  If  an  applicaBon's  signer  cerBficate   expires  a;er  the  applicaBon  is  installed,  the  applicaBon  will  conBnue  to  funcBon  normally.  
  11. What NEW IN Android v4.2.x (the  lockdown  release)   • 

    RTL  Layout  support   •  NaBve,  always-­‐on  VPN   •  CerBficate  Pinning   •  New  Bluetooth  stack   •  New  NFC  stack   •  Hidden  developer  menu  and  USB  debug  whitelist   •  System.Senngs  are  now  read-­‐only  (e.g.  Airplane  mode)   •  Content  providers  are  no  longer  exported  by  default   •  AddiBonal  layer  of  security  in  the  WebView  interface  for  JS  binding      
  12. What NEW IN Android v4.3.x •  SELinux  (in  permissive  mode)

      •  MulBple  account  and  restricted  profiles  (tablets)   •  Bluetooth  SMART  support  (aka  BLE)   •  WiFi  Enterprise  API  (e.g.  EAP  access)   •  WiFi  Scan-­‐only-­‐mode  (get  posiBon  even  with  WiFi  off)   •  Improved  RTL  Text  support   •  Hardware  credenBal  storage  
  13. What NEW IN Android v4.4.x •  SELinux  -­‐  in  enforcing

     mode  for  4  core  services   •  RestricBon  on  External  Storage  (SDCard  read  only)   •  NFC  Host  Card  EmulaBon   •  Chromium  webview   •  Screen  recorder  through  adb   •  ART  (Android  Run  Time)  opBonal,  Dalvik  sBll  the  default  RunBme   •  Improved  RTL  (Drawable  Mirroring  and  Force  RTL  for  developers)  
  14. What NEW IN Android v5.x •  SELinux  -­‐  in  enforcing

     mode  for  all  domains   •  WebView  updates  without  OTA   •  MulBple  user  and  restricted  profile  on  phones  (prev.  only  tablets)   •  Full  disk  encrypBon  “enforced”  and  improved   •  ART  (Android  Run  Time)  only  available  RunBme   •  Material  Design   •  Screen  Capture  and  sharing:  hjps://github.com/googlesamples/android-­‐ScreenCapture   •  64-­‐bit  support   •  Managed  provisioning   •  Screen  Pinning  (Kiosk  Mode)   •  Manually:  SeJngs  >  Security  >  Screen  Pinning   •  ProgrammaBcally:  StartLockTask()   V5.1   •  MulBple  SIM  cards  
  15. API Level 23 - MarshMallow •  Doze and App Standby

    •  Doze: Screen off and unplugged device stationary •  App Standby: when an app is idle the OS diable networking •  Removed access to Hardware identifier: •  WifInfo.getMacAddress return always 02:00:00:00:00:00 •  BluetoothAdapter.getAddress return always 02:00:00:00:00:00 •  Fingerprint Authentication •  USB Connection are now charge-only by default •  Adoptable Storage Devices •  App permissions changes •  Check for Permissions •  Request Permissions