Thoughts on Google I/O 14

June 26th, 2014
googleio.pngHere are my immediate thoughts, from a developer perspective, on the announcements from Google I/O.

1 billion 30 day active Android users is huge. It’s also impressive that Android has managed to achieve 62% tablet market share. These are the headline numbers that should attract developers and cause apps to be created. While wearables, TV and automotive might have potential, they won’t (yet) be attracting that much investment for 3rd party apps to be created.

AndroidOne, formerly rumoured to be Android Silver, is a hardware reference platform to allow OEMs to get to market quickly. It will be stock Android with quick updates from Google and promises phones under $100. This has the potential to cause new low end phones to run Android 4.x+ rather than 2.x. It could also upend other mobile OS initiatives at the low end: Nokia X and Firefox OS. However, this primarily depends on takeup by China OEMs. Let’s wait and see. UPDATE: More on Silver (and Nexus).

Android ‘L’ rethinks the UI design, called ‘Material’ design. It’s still in development and it will be the end of the year before it’s on shipping devices. I do wonder if a UI re-design was really needed. As with iOS, I think this will cost developers and stakeholders a lot of development time. Some iOS developers I know have said that the iOS re-design cost them a year of app innovation - and so it might be on Android. Even then, there will be old apps and old devices so it will end up being a mishmash anyway. I am not yet liking the common desktop/mobile metro-esqe feel that in some ways looks like it was invented at Microsoft - and killed the Windows 8 interface. However, I might eventually be won over when I examine in more detail.

On a more positive note, pre and post activity animations will improve look and feel. The new z arg for views to give depth/shadow is interesting. It can be used to show something can be pressed. This is often missing on Android list views where iOS has the disclosures (chevrons). Being able to colour widgets is also interesting as I have had to do this in the past to create/configure white label apps. Currently, it’s possible but difficult and it will be great when this can be done easily - but probably only for new devices which kills my excitement somewhat.

And this leads me to the support library. The usefulness of all of this depends on how much Google supplies in the support library for use by earlier devices. If it’s only for new devices then we have yet more fragmentation and less consistency across the platform. Here’s a vote for getting as much as possible in the support library. However, I suspect this is a big wish given ‘L’ will be "The biggest release in the history of Android". Google have over 100 teams working on Android and there will be over 5000 new APIs in ‘L’ ….

lchanges.png

As rumoured, Android ‘L’ devices will use ART instead of Dalvik leading to up to 2x performance improvement, less invasive garbage collection and fewer out of memory errors …

artperformance_02.png

gcpausetimes_01.png 

Android Piracy and Fraud Woes

June 25th, 2014

swrve.pngSwrve has some new research that shows that 19% of Android in-app purchases (IAP) are frudulent. Swrve used their ‘fraud filter’ to compare on-device purchase events against Google Play receipts to determine if they were valid or fraudulent.

What does this mean? How can it happen? There are some hacking apps that, if used to run apps that offer IAP, can be used to trick Google Play into allowing the IAP to happen without a valid payment. The device has to be rooted and running the hacking apps themselves is a significant risk as who knows what else they do. Nevertheless, this looks to be a large hole that Google really ought to fix ASAP.

The current problems are not just related to IAP fraud. PlayDrone (pdf slides from presentation), an application used to measure apps on Google Play, has found that 25% of apps are copies of others. That is, a significant proportion of the code in 25% of the apps is the same as found in other apps. Some other insights are that only 15% of apps are obfuscated and native apps (as opposed to app generator and Webview-based) correlate strongly to those that apps that are popular.

Related Articles:

App User Retention iOS vs Android

June 23rd, 2014

openxcell.pngOpenxcell has a useful article on mobile app user retention. That is, the number of users who continue to use an app. They describe how gamification, rewarding users and giving them a sense of achievement can make apps more compelling and improve retention.

While retention rates were similar across Android and iOS last year, 2014 has seen Android surpass iOS…

appretentionrate.png

Openxcell doesn’t provide any explanation why retention is so much better on Android. I doubt it’s because Android developers are better at retention. I suspect it’s to do with the difference in the types of apps across iOS and Android.

Openxcell also provides a list of analytics tools that can be used to measure app retention.

Related Articles:

The Apps People Are Using

June 20th, 2014
strategyanalystics.gifStrategy Analytics has some new research that shows that (US) users are spending a lot more time on their devices. The analysis is based on over one million individual application sessions over more than 1500 Android smartphone users.

Wondering what kind of app to create? Here’s a chart showing what apps people are using…

appoptixusamay2014.png 

Strategy Analytics say…

"…niche segments such as LifeStyle, Productivity, and News, Weather & Sports are characterized by a broad range of smaller apps - no single publisher dominates the category and thereby presents opportunities for new and inspiring app concepts."

Android vs iOS Security

June 19th, 2014

marblesecurity.pngIt seems that Android is getting a lot of negative press at the moment concerning security. A few days ago it was Towelroot and yesterday it was ransomware (here in the UK). It turns out Google is already detecting Towelroot apps on the Play Store and the ransomeware itself used poor coding practices that allow its actions to be undone.

However, it’s not just Android. A recent report (pdf) based on a survey of 1.2 million iOS and Android apps has showed that Apple iOS and Android mobile devices are equally vulnerable to attacks. The type of attack and vulnerabilities might differ but the security threats are omnipresent. 

iosandandroidthreatmatrix.png 

While I think there’s an increasing responsibility on developers to think more about security, I think there’s an even greater responsibility on stakeholders commissioning apps to consider security. There is currently too much emphasis on apps "built to a price" or "built for a date" that sometimes implicitly disregards security.

Related Articles:

Enterprise Apps World 2014

June 18th, 2014

enterpriseappsworld.pngThere was a recent article on ReadWrite stating that ‘50% Of Developers Focus On Mobile, But They’re Not Writing The Next Flappy Bird‘. Many are instead working on enterprise apps.

Yesterday I was at Enterprise Apps World in London. Exhibitors included complete enterprise solutions, solution enablers and a few developers of custom solutions. Here are the more developer-centric items I found of interest…

  • Shinobicontrols Android and iOS UI controls. Charts, grids, gauges on iOS and charts on Android (more coming soon). Licensed per developer.
  • InstantAPI, currently in early access, creates a server API from popular databases. They also have features in development such as API usage reporting.
  • OneSky language translation takes in popular app file resource formats. Their tools allow you to also submit screenshots so that the (human) translator can see the context of the text to be translated. The service is priced per word translated.
  • Germany-based TestBirds tests apps via crowdtesting according to your specs.
  • CNS Group provides app and mobile device security testing.

An observation I had is that many of the enterprise vendors, especially the larger ones, seemed to have a closed view of what entails ‘enterprise apps’. It’s largely seen as apps for the workforce as opposed to apps for employees, customers, suppliers and partners.

There were also several very thin/minimal services over cloud services and it wasn’t obvious to me why an enterprise might buy from these companies, who might go bust or whatever, when they can easily implement for themselves either in-house or via a 3rd party.

Related Articles:

Towelroot Vulnerability

June 16th, 2014

android.gifAs if you needed a good reason to think about secure apps (my post last week), a new Android vulnerability has been found called ‘Towelroot’. It’s different in that it exploits a problem in the kernel of Android which means that it’s expected that every device might be vulnerable.

Remember, this still needs an app to be installed by the user so the user would have to be aware they had installed something. However, that ’something’ could be disguised as a legitimate app, especially on one of the non-Google Play stores.

Nevertheless, it yet again demonstrates to developers that they should not solely rely on the Android sandbox to store sensitive information (usernames, passwords, auth tokens etc).

Related Articles:

Secure Apps

June 12th, 2014
penrillian.gifSecurity is becoming more and more important. What with the latest SSL vulnerabilities, NSA/Snowden/GCHQ, user privacy concerns and more sophisticated malware, mobile app developers continually need to put more effort into app security. There’s a particular class of apps, for example banking and payment, that must be as secure as possible. I recently came across a great white paper, Secure Development Process (pdf), by Penrillian that nicely defines these ’secure projects’ as…  
 
"Projects where someone could get significant benefit illegitimately from a security weakness in the deliverables"

If you are developing an app such as this then you would do well to take a deep look at Penrillian’s recommendations. 

penrilliansecureprojects.png 

I suspect as mobile becomes ever more pervasive, some of these process areas might become standard for a greater proportion of apps and not just ’secure apps’.

Related Articles: