October 31st, 2014
IDC have a new press release showing smartphone vendor shipments for Q3 2014. Samsung lost market share at the expense of Xiaomi, Lenovo and LG. Apple’s market share dropped slightly by 0.9% to 12% meaning shipments of units grew by 16.1% vs 25.2% for all smartphones.
What does this mean for developers? For Android developers it’s going to be increasingly the case that testing mainly on Samsung devices won’t get you the majority of the devices being used. With iOS now having only 12% market share, there’s going to be continuing intolerance by end users of some companies that still only provide an app for iOS.
October 23rd, 2014
There’s an anonymous single-post blog at blogger.com that takes a look at Samsung’s Knox. Surprisingly, Knox relies on security by obscurity to hide the encryption key, the method of generation of which is now public information. It’s now known that it’s generated using the device’s Android ID and a hardcoded string.
As the author states, a stronger key should be derived using Password-Based Key Derivation Function 2(PBKDF2), from the user’s password, that shouldn’t be stored on the device.
Related to this, if you are instead relying on Android OS disk encryption, you might like to read how this has changed over time. Prior to Android 4.4 it was based on a PBKDF2 with only 2000 iterations, using the lockscreen PIN or password which tends to be short and more amenable to brute force attack.
UPDATE: Samsung have now refuted the problem but there seems to be a confusion/discrepancy between the versions of Knox mentioned by Samsung and the version that comes pre-installed on Samsung phones.
October 21st, 2014
There’s an upbeat article at Business Insider that says that Android is suddenly growing massively as an e-commerce, advertising and app platform. It says…
"Too many analysts remain attached to an outdated idea of Google’s mobile operating system as fragmented, malware-ridden, and low-end. They believe Android users don’t spend money on mobile and lack lifetime value. This is no longer true."
One of the report’s takeaways, that "mobile business models that neglect or ignore Android risk severely limiting their market potential" reflects some US conversations I have had where it has been said that Android is a blind-spot for many California tech companies.
The report also covers how Android’s ad traffic and revenue share is rising fast and is producing healthy mobile commerce orders for companies. It also explains why Android’s fragmentation problem is overblown.
Negatives include feature creep and bloatware added by carriers and OEMs. I’d also say security is an issue, especially for security sensitive apps that need to make use of payments. Such apps need to take extra measures to protect themselves.