Notifications vs Apps

November 3rd, 2014

intercom.pngThere’s a thought-provoking article and discussion at Intercom on "The End of Apps As We Know Them". The premise is that we will use apps directly less and less and instead interact with rich notifications or cards.

While I can see some notification-rich apps might work this way, I am less convinced that the majority of apps will end up working that way. Most apps do too much to be shoehorned into a notification style app. Also, people are more used to invoking apps via icons and I can’t see that going away. I think cards/notifications are great for end user consumption but not end user content creation. If the majority of apps were to use this paradigm then the user would become overwhelmed with notification overload.

Shift in Smartphone Market Shares

October 31st, 2014

idc.gifIDC have a new press release showing smartphone vendor shipments for Q3 2014. Samsung lost market share at the expense of Xiaomi, Lenovo and LG. Apple’s market share dropped slightly by 0.9% to 12% meaning shipments of units grew by 16.1% vs 25.2% for all smartphones.


What does this mean for developers? For Android developers it’s going to be increasingly the case that testing mainly on Samsung devices won’t get you the majority of the devices being used. With iOS now having only 12% market share, there’s going to be continuing intolerance by end users of some companies that still only provide an app for iOS.

Related Articles:

Mobile Potential

October 29th, 2014

benedictevans.pngBenedict Evans has a new presentation given at the WSJD conference and also at the a16z Tech Summit. It consists of very many charts showing how Mobile is Eating the World.

There’s also a related healthy discussion on ycombinator where people question what can be really done on a (UI) limited mobile device, others observe that many popular apps don’t necessarily do anything really useful / don’t fulfil devices’ full potential and how some people suspect we might be in a bubble after which there might be 2nd wave of mobile innovation based on less expensive devices.

Related Articles:

WebView Unbundling

October 28th, 2014

arstechnica.gifThere’s an interesting post on ars technica on "Unwrapping Lollipop" talking to "high ranking members of the Android team" about changes to the OS. It includes a very useful breakdown of what’s now in the Android OS, what’s in Play services and what’s distributed via the Play Store.


Of particular interest is that WebView has been unbundled and now comes from the Play Store. The idea is to be able to more-easily (auto) update WebView for performance and security reasons. However, this won’t be for pre-Lollipop devices. In the near-term, there will still be a large number of old devices on old and varied versions of WebView. Also, unbundling has the side-effect that, going forward, non-Google sanctioned, AOSP-derived devices won’t have the latest WebView. Google will obviously care less about this but it will affect the 20% of developers on those platforms.

Related Articles:

Samsung Knox Security Blunder

October 23rd, 2014

samsungknox.pngThere’s an anonymous single-post blog at that takes a look at Samsung’s Knox. Surprisingly, Knox relies on security by obscurity to hide the encryption key, the method of generation of which is now public information. It’s now known that it’s generated using the device’s Android ID and a hardcoded string.

As the author states, a stronger key should be derived using Password-Based Key Derivation Function 2(PBKDF2), from the user’s password, that shouldn’t be stored on the device.

Related to this, if you are instead relying on Android OS disk encryption, you might like to read how this has changed over time. Prior to Android 4.4 it was based on a PBKDF2 with only 2000 iterations, using the lockscreen PIN or password which tends to be short and more amenable to brute force attack.

UPDATE: Samsung have now refuted the problem but there seems to be a confusion/discrepancy between the versions of Knox mentioned by Samsung and the version that comes pre-installed on Samsung phones.

Related Articles:

Mobile Retail Behaviour is Changing

October 22nd, 2014
gfk.gifGfK has new research into mobile consumer behaviour showing double-digit point changes in metrics that measure where and how people are shopping. 


Gfk says that companies should "build out an up-to-date and nuanced shopper insights platform" to provide insights, without which brands will be in a ‘hit-or-miss’ mode in execution. This dovetails well with my Does OS Market Share Matter post where I encouraged analysis of users on a project-by-project or case-by-case basis.

Related Articles:

Android Growing

October 21st, 2014

businessinsider.gifThere’s an upbeat article at Business Insider that says that Android is suddenly growing massively as an e-commerce, advertising and app platform. It says…

"Too many analysts remain attached to an outdated idea of Google’s mobile operating system as fragmented, malware-ridden, and low-end. They believe Android users don’t spend money on mobile and lack lifetime value. This is no longer true."


One of the report’s takeaways, that "mobile business models that neglect or ignore Android risk severely limiting their market potential" reflects some US conversations I have had where it has been said that Android is a blind-spot for many California tech companies.

The report also covers how Android’s ad traffic and revenue share is rising fast and is producing healthy mobile commerce orders for companies. It also explains why Android’s fragmentation problem is overblown.

Negatives include feature creep and bloatware added by carriers and OEMs. I’d also say security is an issue, especially for security sensitive apps that need to make use of payments. Such apps need to take extra measures to protect themselves.

Related Articles:

Android Binder Subversion

October 20th, 2014

androidsecuritylogo.pngSome of the vulnerabilities in Android allow code to be run as root. Alternatively, if users root their device malware can already run as root. However, what can such code then do?

Nitay Artenstein and Idan Revivo of Checkpoint Research have a new presentation and white paper on how intercepting IPC, via the Android Binder, can be used to provide for keylogging, location tracking and intercepting SMS. Indeed, even sending data from one Activity to the next uses IPC and this can be intercepted.

What can Android developers do about this? Well, if you are handling sensitive information you should consider encrypting data before sending it, to/from, for example, a Service or another Activity. The paper also describes how Android’s keyboard also uses Binder and security sensitive apps should have their own keyboard implemented within the app. I have updated my Android Security site to reflect this information.

Related Articles: