There’s a growing number of tools that analyse Android .apks for app vulnerabilities, over zealous permissions, data leakage and malware. You can find a great list at ashishb.net.

I expect tools such as these and those provided by security consultancies will more important as Android becomes even more popular and pervasive. This takes me back to my Symbian days when I thought that Symbian Platsec was over-zealous and instead, thought a phone might police itself in realtime.

There are probably opportunities for such tools (apps) that go further than just looking for signatures of malware.

IDC has new Worldwide statistics that show for Q1 2013 Android and iOS represented 92.3% of all smartphone OS Shipments. Android had a 75% market share, iOS 17.3%, Windows Phone 3.2% and BlackBerry 2.9%.

 

From my perspective, as predominantly an Android developer, I can see Android has ‘grown up’. Companies are no longer going iOS first usually because their clients are insisting on both iOS and Android versions of apps. The amount of Android development has increased and diversified. My next project is indicative of this being based on the Google Android TV platform.

Android development has matured. I am using more and more Apache licenced libraries where, only a few years ago, I had to write my own code. Almost any Android complex development problem I have can be answered using StackOverflow. Clients are better understanding the need to use Android UI idioms and dissuading them from iOS idioms is less of a hard sell.

However, the popularity attracts malware that feeds on Android’s slow and, for some companies, non-existent OS update processes (meet X-ray). Google is tightening up the OS but only for new versions. For example, on later versions of Android third party apps can’t read the developer output (logcat) and only trusted desktop machines can connect via Android Debug Bridge (ADB). This is also making things slightly more difficult for developers. In these examples, I am finding it harder to do automated testing (robotium + spoon) via ADB from arbitrary desktop machines and I can no longer ask clients to send me ADB output captured from 3rd party apps such as catlog.

I also find it difficult to understand why so many people root their phones - so much so there’s a large market for some apps that only work on rooted phones. The built in Android security is the first line of defence and people rooting their phones really should think more about what they are doing.

This has some interesting implications for BYOD. An employee with a rooted device can have all the information on their device shadow copied off just by someone having contact with the phone for a very short time. I will be speaking about this and other issues at Make IT Mobile at the end of the month.

Google has some new free research, conducted by M/A/R/C Research and the Google Shopper Marketing Agency Council, into the use of mobile when people shop in-store. The research covers topics such as pre-shopping, shopping categories, time spent in store, consumer needs, self help and how mobile sites are preferred over apps…

The report shows that retailers should be responding to the showrooming challenge and that mobile can be used to get customers to the  store and keep them there. For more ways to do this you might like to read my previous post on a report that goes into ways of implementing a mobile retail strategy.

Mobiquity has a recent infographic on the connected traveller showing the findings of an independent study of 1000 people using smartphones and tablets to plan and book travel with 19 top travel brands. While it’s all about travel, the learnings are probably just as applicable to other industries.

The main factors that cause poor mobile experiences are…

 

The tablet is the preferred device for booking future travel. One in four people book on their tablet after reseaching on their tablet. 35% of travellers who have an unsatisfactory experience are less likely to book again.

Slow load time is the top reason for an unsatisfactory experience. So what can developers do about this? Here are some thoughts on some of my past projects that are more pertinent to apps rather than mobile sites…

• Bundle up as much as is sensible/possible into the initial install rather than relying on http for static images that will never or are unlikely to change.
• Mobile isn’t that good at fetching lots of small downloads (images). If there are a lot of them think about bundling them up into one larger zip. The bonus is that the server will also be less loaded and hence serve information quicker. In fact, I have seen some projects re-implement the server side to aggregate up data just so that the server is less loaded.
• Perform lazy self-loading of images. Show textual information before the corresponding images have been downloaded that will show as ‘loading…’ until they self-load.
• Make sure you are not duplicating downloaded data. I have worked on too many projects that download the same data again and again just because the server side API designer has been lazy.
• Think about using push rather than pull. Asking the user to wait while there’s going to be a very long download causes a poor mobile experience. If you really know you can’t do something quickly then tell the user you will inform them when the information is ready - and then push it via a notification.

Security Week has an interesting article on Android anti-virus software. In summary, most Android anti-virus software relies on signature based analysis that’s easily fooled using simple obfuscation techniques. Obfuscation is more usually used by developers to hide source code from hackers but it can be used by the hackers themselves to transform code into new code that is less likely to be detected by today’s anti-virus software.

The article is based on a paper by North Western University on Evaluating Android Anti-malware against Transformation Attacks (pdf). The authors advocate more research into ways of detecting malware on smartphones. Such methods might include heuristic static analysis of code, crowd sourcing/cluster-analysis of apps system calls and analysis of app power consumption.

IDC has some new statistics on Q1 tablet shipments showing that Android is, for the first time, more popular (56.6%) than iOS (39.6%). These market share numbers are similar to those previously reported by Strategy Analytics and also demonstrate that Microsoft’s tablet strategy was flawed.