A mobile application dubbed ZAO is the latest viral trend that has Chinese internet users doing a double-take over how they might appear as celebrities through artificial intelligence technologies.
From late Friday night, savvy social media users started posting videos starring themselves in footage taken from blockbuster movies or hit TV series. ZAO means “make” or “manufacture “in Chinese.
The app was developed by an internet technology company based in Changsha, Hunan province, whose head Lei Xiaoliang was co-founder of stranger social media app Momo. The company was essentially controlled by Momo, according to Tianyancha, a Chinese corporate information data provider.
To experience the digital makeover, users should upload a photo featuring their full-frontal face with a resolution the system deems qualifiable for the “masquerader”. They also need to follow a string of instructions such as “opening the mouth” or “lifting the head” to authenticate it’s a real person using the app.
Upon that, users can choose from hundreds of video footage and replace a star’s face with that of their own. It normally takes about 10 seconds to finish the face-swapping for a 20-second video.
Creative works sweeping WeChat Moment had almost “paralyzed” the server of ZAO as of Saturday morning, with users reporting malfunction or severe delays in video synthetization.
Every now and then face-changing apps have caught attention on social media, with the likes of FaceApp instantly altering the appearance of a person’s face by adding wrinkles and grey hair. But this one is particularly popular as it churns out videos in motion rather than static pictures.
“I just cannot keep my hands off it,” said Shen from Shanghai, who admitted playing the “mockup” game for the entire night and churning out over 20 videos. “I believe people playing this are truly bringing the character to themselves, and that explains why it successfully got into people’s head.”
But privacy concerns are also there. Users signing up for the service will need to nod to clauses that allow the company to use their original photos, synthesized photos and videos for free and for good on a global scale. The company also retains the right to make modifications on these photos using technologies.
“While such protocols are highly controversial, the app itself seem to really make people happy,” said Cheng Mingxia, assistant dean of Tencent Research Institute. “This is the kind of challenge facing future science and technology applications.”
Since the early days of the OS, widgets for Android have allowed users to engage with their favourite apps, from the comfort of their homescreen. So how do you create an Android widget?
For the developer, widgets give your application a valuable presence on the user’s homescreen. Instead of being tucked out of sight in the app drawer, users will be reminded about your app every single time they glance at their homescreen – while also getting a preview of your app’s most interesting and useful content.
Widgets give your application a valuable presence on the user’s homescreen
In this article, I’ll show you how to provide a better user experience while encouraging users to engage with your app, by creating an Android widget! By the end of this article, you’ll have created a scrollable collection widget that displays a complete data set on the user’s homescreen.
To ensure you’re delivering the kind of widget that users want to place on their homescreen, we’ll also be creating a configuration Activity, which will allow users to customize the widget’s content, appearance and features. Finally, I’ll show how you can encourage people to use your widget, by creating a Widget Preview image that showcases the best that your widget has to offer.
An application widget is a lightweight, miniature application that lives on the user’s homescreen.
Widgets for Android can provide a range of content, but generally fall into one of the following categories:
Information widget. This is a non-scrollable widget that displays some information, such as today’s weather forecast or the date and time.
Collection widgets. This is a scrollable widget that displays a set of related data, formatted as a ListView, GridView, StackView, or an AdapterViewFlipper. Collection widgets are usually backed by a data source, such as a database or an Array.
Control widgets. These widgets act as a remote control that enables users to interact with your application, without having to bring it to the foreground. Apps that play media, such as podcasts or music, often have control widgets that allow the user to trigger Play, Pause, and Skip actions directly from their homescreen.
Hybrid widgets. Sometimes you may be able to deliver a better user experience by combining elements from multiple categories. For example, if you’re developing a control widget for a music application then you can provide Play, Pause and Skip controls, but you may also decide to display some information, such as the song’s title and artist. If you do decide to mix and match, then don’t get carried away! Widgets tend to deliver the best user experience when they provide easy access to a small amount of timely, relevant information or a few commonly-used features. To help keep your hybrid widgets lightweight, it’s recommended that you identify your widget’s primary category, develop it according to that category, and then add a few elements from the widget’s secondary category.
Does my project really need an application widget?
There’s several reasons why you should consider adding an application widget to your Android project.
Widgets for Android can improve the user experience
As a general rule, the fewer navigational steps required to complete a task, the better the user experience.
By providing an application widget, you can remove multiple navigational steps from your app’s most commonly-used flows. In the best case scenario, your users will be able to get the information they need just by glancing at their homescreen, or perform the desired task simply by tapping a button in your control widget.
More powerful than application shortcuts
App widgets often respond to onClick events by launching the top level in the associated application, similar to an application shortcut. However, widgets can also provide direct access to specific Activities within an application, for example tapping a widget’s New Message Received notification might launch the associated app with the new message already open.
By embedding multiple links in your widget’s layout, you can provide one-tap access to all of your app’s most important Activities, removing even more navigational steps from your most commonly-used flows.
By embedding multiple links in your widget’s layout, you can provide one-tap access to all of your app’s most important Activities.
Note that widgets respond to onClick events only, which prevents users from accidentally interacting with your widget while they’re swiping around the homescreen. The only exception is when the user is attempting to delete your widget by dragging it towards their homescreen’s Remove action, as in this scenario your widget will respond to a vertical swipe gesture.
This interaction is managed by the Android system, so you don’t need to worry about manually implementing vertical swipe support in your widget.
Create an Android widget to drive long-term engagement
Convincing people to download your app is only the first step to creating a successful Android application. Chances are, if you grab your own Android smartphone or tablet and swipe through the app drawer, then you’ll discover multiple apps that you haven’t used in days, weeks or potentially even months!
Once your app is successfully installed on the user’s device, you’ll need to work hard to keep them engaged and enjoying your app. Giving your app a presence on the homescreen can be a powerful tool to help drive long-term engagement, simply because it’s a constant reminder that your application exists!
A well-designed widget can also serve as an ongoing advert for your app. Every time the user glances at their homescreen, your widget has the opportunity to actively encourage them to re-engage with your app, by presenting them with all of your app’s most interesting and useful content.
Creating a collection app widget
In this tutorial, we’ll be building a collection widget that displays an array as a scrollable ListView.
To help you track the app widget lifecycle, this widget will also trigger various toasts as it moves through the different lifecycle states. Towards the end of this tutorial, we’ll be enhancing our widget with a custom preview image that’ll be displayed in Android’s Widget Picker, and a configuration Activity, which will allow users to customize the widget before placing it on their homescreen.
Create a new Android project with the settings of your choice, and let’s get started!
Building your widget’s layout
To start, let’s define the widget’s user interface (UI).
Application widgets are displayed in a process outside your application, so you can only use layouts and Views that are supported by RemoteViews.
When building your layout, you’re restricted to the following:
AnalogClock
Button
Chronometer
FrameLayout
GridLayout
ImageButton
ImageView
LinearLayout
ProgressBar
RelativeLayout
TextView
ViewStub
AdapterViewFlipper
GridView
ListView
StackView
ViewFlipper
Note that subclasses of the above classes and Views are not supported.
Create a new layout resource file named list_widget.xml. Since we’ll be displaying our data using a ListView, this layout mainly serves as a container for a <ListView> element:
Next, we need to create a data provider for our ListView. Create a new Java class named DataProvider.java and add the following:
import android.content.Context;
import android.content.Intent;
import android.widget.RemoteViews;
import android.widget.RemoteViewsService;
import java.util.ArrayList;
import java.util.List;
import static android.R.id.text1;
import static android.R.layout.simple_list_item_1;
public class DataProvider implements RemoteViewsService.RemoteViewsFactory {
List<String> myListView = new ArrayList<>();
Context mContext = null;
public DataProvider(Context context, Intent intent) {
mContext = context;
}
@Override
public void onCreate() {
initData();
}
@Override
public void onDataSetChanged() {
initData();
}
@Override
public void onDestroy() {
}
@Override
public int getCount() {
return myListView.size();
}
@Override
public RemoteViews getViewAt(int position) {
RemoteViews view = new RemoteViews(mContext.getPackageName(),
simple_list_item_1);
view.setTextViewText(text1, myListView.get(position));
return view;
}
@Override
public RemoteViews getLoadingView() {
return null;
}
@Override
public int getViewTypeCount() {
return 1;
}
@Override
public long getItemId(int position) {
return position;
}
@Override
public boolean hasStableIds() {
return true;
}
private void initData() {
myListView.clear();
for (int i = 1; i <= 15; i++) {
myListView.add("ListView item " + i);
}
}
}
AppWidgetProvider: Configuring your widget
To create an Android widget, you need to create several files.
Our first widget-specific file is an AppWidgetProvider, which is a BroadcastReceiver where you’ll define the various widget lifecycle methods, such as the method that’s called when your widget is first created and the method that’s called when that widget is eventually deleted.
Create a new Java class (File > New > Java Class) named CollectionWidget.
To start, all widget provider files must extend from the AppWidgetProvider class. We then need to load the list_widget.xml layout resource file into a RemoteViews object, and inform the AppWidgetManager about the updated RemoteViews object:
public class CollectionWidget extends AppWidgetProvider {
static void updateAppWidget(Context context, AppWidgetManager appWidgetManager,
int appWidgetId) {
//Instantiate the RemoteViews object//
RemoteViews views = new RemoteViews(context.getPackageName(), R.layout.list_widget);
setRemoteAdapter(context, views);
//Request that the AppWidgetManager updates the application widget//
appWidgetManager.updateAppWidget(appWidgetId, views);
}
Create the adapter
Since we’re displaying our data in a ListView, we need to define a setRemoteAdapter() method in our AppWidgetProvider. The setRemoteAdapter() is equivalent to calling AbsListView.setRemoteViewsAdapter() but is designed to be used in application widgets.
In this method, we need to define the id of the AdapterView (R.id.widget_list) and the intent of the service that’ll eventually provide the data to our RemoteViewsAdapter – we’ll be creating this WidgetService class shortly.
private static void setRemoteAdapter(Context context, @NonNull final RemoteViews views) {
views.setRemoteAdapter(R.id.widget_list,
new Intent(context, WidgetService.class));
}
}
Defining the widget lifecycle methods
In our AppWidgetProvider, we also need to define the following widget lifecycle methods:
Retrieving new content with onUpdate
The onUpdate() widget lifecycle method is responsible for updating your widget’s Views with new information.
This method is called each time:
The user performs an action that manually triggers the onUpdate() method.
The application’s specified update interval has elapsed.
The user places a new instance of this widget on their homescreen.
An ACTION_APPWIDGET_RESTORED broadcast intent is sent to the AppWidgetProvider. This broadcast intent is triggered if the widget is ever restored from backup.
This is also where you’ll register any event handlers that your widget should use.
When updating an Android widget, it’s important to remember that users can create multiple instances of the same widget. For example, maybe your widget is customizable and the user decides to create several “versions” that display different information, or provide access to unique functionality.
When you call onUpdate(), you need to specify whether you’re updating every instance of this widget, or a specific instance only. If you want to update every instance, then you can use appWidgetIds, which is an array of IDs that identifies every instance across the device.
In the following snippet, I’m updating every instance:
@Override
public void onUpdate(Context context, AppWidgetManager appWidgetManager, int[] appWidgetIds) {
for (int appWidgetId : appWidgetIds) {
//Update all instances of this widget//
updateAppWidget(context, appWidgetManager, appWidgetId);
}
super.onUpdate(context, appWidgetManager, appWidgetIds);
}
Note that to help keep the code straightforward, this onUpdate() method isn’t currently making any changes to the widget.
onEnabled: Performing the initial setup
The onEnabled() lifecycle method is called in response to ACTION_APPWIDGET_ENABLED, which is sent when an instance of your widget is added to the homescreen for the first time. If the user creates two instances of your widget, then onEnabled() will be called for the first instance, but not for the second.
The onEnabled() lifecycle method is where you should perform any setup that’s required for all instances of your widget, such as creating the database that’ll feed your widget information.
I’m going to display a toast, so you can see exactly when this lifecycle method is called:
@Override
public void onEnabled(Context context) {
Toast.makeText(context,"onEnabled called", Toast.LENGTH_LONG).show();
}
Note that if the user deletes all instances of your widget and then creates a new instance, then this is classed as the first instance, and the onEnabled() lifecycle method will be called once again.
Cleaning up, with onDisabled
The onDisabled() method is called in response to ACTION_APPWIDGET_DISABLED, which is triggered when the user deletes the last instance of your widget.
This widget lifecycle method is where you should cleanup any resources you created in the onEnabled() method, for example deleting the database you created in onEnabled().
To help keep our code straightforward, I’ll simply be displaying a toast every time this method is triggered:
@Override
public void onDisabled(Context context) {
Toast.makeText(context,"onDisabled called", Toast.LENGTH_LONG).show();
}
The completed AppWidgetProvider
Your CollectionWidget file should now look something like this:
import android.appwidget.AppWidgetManager;
import android.appwidget.AppWidgetProvider;
import android.content.Context;
import androidx.annotation.NonNull;
import android.content.Intent;
import android.widget.RemoteViews;
import android.widget.Toast;
//Extend from the AppWidgetProvider class//
public class CollectionWidget extends AppWidgetProvider {
static void updateAppWidget(Context context, AppWidgetManager appWidgetManager,
int appWidgetId) {
//Load the layout resource file into a RemoteViews object//
RemoteViews views = new RemoteViews(context.getPackageName(), R.layout.list_widget);
setRemoteAdapter(context, views);
//Inform AppWidgetManager about the RemoteViews object//
appWidgetManager.updateAppWidget(appWidgetId, views);
}
@Override
public void onUpdate(Context context, AppWidgetManager appWidgetManager, int[] appWidgetIds) {
for (int appWidgetId : appWidgetIds) {
updateAppWidget(context, appWidgetManager, appWidgetId);
}
super.onUpdate(context, appWidgetManager, appWidgetIds);
}
@Override
public void onEnabled(Context context) {
Toast.makeText(context,"onEnabled called", Toast.LENGTH_LONG).show();
}
@Override
public void onDisabled(Context context) {
Toast.makeText(context,"onDisabled called", Toast.LENGTH_LONG).show();
}
private static void setRemoteAdapter(Context context, @NonNull final RemoteViews views) {
views.setRemoteAdapter(R.id.widget_list,
new Intent(context, WidgetService.class));
}
}
The AppWidgetProviderInfo file
Your application widget also requires an AppWidgetProviderInfo file, which defines several important properties, including your widget’s minimum dimensions and how frequently it should be updated.
The AppWidgetProviderInfo file is stored in your project’s res/xml folder.
If your project doesn’t already contain this folder, then you’ll need to create it:
Control-click your project’s res folder.
Select New > Android Resource Directory.
In the subsequent window, open the Resource type dropdown, and select xml.
The Directory name should update to xml automatically, but if it doesn’t then you’ll need to change it manually.
Click OK.
Next, create a collection_widget_info file, which we’ll be using as our AppWidgetProviderInfo:
Control-click your project’s xml folder.
Select New > XML resource file.
Name this file collection_widget_info.
Click OK.
In our AppWidgetProviderInfo file, we need to define the following properties:
1. android:previewImage
This is the drawable that represents your application widget in the device’s Widget Picker.
If you don’t provide a previewImage, then Android will use your application’s icon instead. To encourage users to select your widget from the Widget Picker, you should provide a drawable that shows how your widget will look once it’s properly configured on the user’s homescreen.
The easiest way to create a preview image, is to use the Widget Preview application that’s included in the Android emulator. This app lets you configure your widget and then generate an image, which you can then use in your Android project.
We’ll be creating this image once we’ve finished building our widget, so for now I’ll be using the automatically-generated mipmap/ic_launcher resource as a temporary preview image.
2. android:widgetCategory
Application widgets must be placed inside an App Widget Host, which is usually the stock Android homescreen, but can also be a third party launcher such as Evie Launcher or Nova Launcher.
Between API levels 17 and 20, it was possible to place application widgets on the homescreen or the lockscreen, but lockscreen support was deprecated in API level 21.
You can specify whether your app widget can be placed on the homescreen, the lockscreen (which Android refers to as the “keyguard”) or both, using the android:widgetCategory attribute. Since it’s not possible to place widgets on the lockscreen in the most recent versions of Android, we’ll be targeting the homescreen only.
To preserve the user’s privacy, your widget shouldn’t display any sensitive or private information when it’s placed on the lockscreen.
If you give users the option to place your widget on the lockscreen, then anyone who glances at the user’s device could potentially see your widget, and all of its content. To help preserve the user’s privacy, your widget shouldn’t display any sensitive or private information when it’s placed on the lockscreen. If your widget does contain personal data, then you may want to consider providing separate homescreen and lockscreen layouts.
3. android:initialLayout
This is the layout resource file that your widget should use when it’s placed on the homescreen, which for our project is list_widget.xml.
4. android:resizeMode=”horizontal|vertical”
The android:resizeMode attribute lets you specify whether your widget can be resized horizontally, vertically, or along both axes.
To ensure your widget displays and functions correctly across a variety of screens, it’s recommended that you allow your widget to be resized horizontally and vertically, unless you have a specific reason not to.
5. android:minHeight and android:minWidth
If your widget is resizable, then you need to ensure the user doesn’t shrink your widget to the point where it becomes unusable. You can use the minHeight and minWidth attributes to define the smallest your app will shrink when it’s being resized by the user.
These values also represent your widget’s initial size, so if your widget isn’t resizable then minHeight and minWidth will define the widget’s permanent sizing.
6. android:updatePeriodMillis
The AppWidgetProviderInfo is also where you’ll specify how often your widget should request new information.
The smallest supported update interval is once every 1800000 milliseconds (30 minutes). Even if you declare a shorter update interval, your widget will still only update once every half an hour.
While you may want to display the latest information as quickly as possible, the system will wake a sleeping device in order to retrieve new information. Frequent updates can burn through a device’s battery, particularly during periods where the device is left idle for a significant period of time, such as overnight. Providing the best possible user experience means striking a balance between limiting battery consumption, and providing new information within a reasonable time frame.
You should also take into account the kind of content your widget will display.
You should also take into account the kind of content your widgets for Android will display. For example, a weather widget may only need to retrieve an updated forecast once per day, whereas an app that displays breaking news will need to update more frequently.
To find this perfect balance, you may need to test your widget across a range of update frequencies and measure the impact on battery life, and the timeliness of your widget’s content. If you have a willing group of testers, then you could even setup A/B testing, to see whether some update frequencies are received more positively than others.
Finally, once you’ve identified the perfect update interval, you may want to use a shorter interval when developing and testing your app. For example, you could use the shortest possible update frequency (android:updatePeriodMillis=”1800000″) when you’re testing that your app’s onUpdate() method is triggering correctly, and then change this value before releasing your app to the general public.
The completed AppWidgetProviderInfo
The finished collection_widget_info.xml file should look something like this:
To ensure the homescreen never looks cluttered, we’re going to add some padding and margins to our widget. If your project doesn’t already contain a dimens.xml file, then you’ll need to create one:
Control-click your project’s values folder.
Select New > Values resource file.
Give this file the name dimens.
Click OK.
Open your dimens.xml file and define the following margin and padding values:
Next, we need to create a widget service, which will be responsible for sending our collection data to the widget.
Create a new Java class (New > Java Class) named WidgetService, and add the following:
import android.content.Intent;
import android.widget.RemoteViewsService;
public class WidgetService extends RemoteViewsService {
@Override
public RemoteViewsFactory onGetViewFactory(Intent intent) {
return new DataProvider(this, intent);
}
}
Registering your widget in the Manifest
We now need to make some changes to our project’s Manifest.
To start, open the Manifest and register your widget as a BroadcastReceiver. We also need to add an intent filter for the android.appwidget.action.APPWIDGET_UPDATE action:
Finally, we need to declare the service that will send data to our widget, which in this instance is the WidgetService class. This service requires the android.permission.BIND_REMOTEVIEWS permission:
If you’ve been following along with this tutorial, then you’ll now have a complete collection widget that displays a set of data on the user’s homescreen.
If this was a real-life Android project, then you’d typically expand on the lifecycle methods, particularly the onUpdate() method, but this is all we need to create a widget that you can install and test on your Android device:
Install this project on a compatible Android smartphone, tablet or AVD (Android Virtual Device).
Long-press any empty section of the homescreen, and select Widgets when prompted; this launches the Widget Picker.
Swipe through the Widget Picker until you find the application widget you just created.
Long-press this widget to add it to your homescreen.
Since this is the first instance of this particular widget, the onEnabled() method should run, and you’ll see an “onEnabled called” toast.
Resize your widget. If you set a minimum supported size, then check that you cannot shrink the widget past this value.
Test that the ListView scrolls, as expected.
Next, you should check the onDisabled() method, by deleting your widget. Long-press the widget, and then select Remove from Home screen. Since this is the last instance of this particular widget, the onDisabled() method should run, and you’ll see an “onDisabled called” toast.
This is all you need to deliver a functioning Android application widget, but there’s a few additions that can often improve the user experience. In the following sections, we’ll encourage users to choose this widget from the Widget Picker, by creating a preview image that showcases the widget at its best. I’ll also show you how to create a fully-customizable widget, by adding a configuration Activity to your project.
Creating an Android widget preview image
If you grab your Android device and swipe through the Widget Picker, you’ll see that every widget is represented by an image, which usually demonstrates how this widget will look once it’s configured on the user’s homescreen.
To encourage users to select your widget, you should provide a preview image that highlights all of the useful information and features that your widget has to offer.
You can quickly and easily create a preview image, using the Widget Preview application that’s included in the Android emulator.
Note that Widget Preview isn’t included in the latest Android system images, so you’ll need to create an AVD using Nougat (API Level 25) or earlier:
Install your application on an AVD that’s running API 25 or lower.
Open the AVD’s app drawer and launch the Widget Preview app.
The Widget Preview will display a list of every application that’s currently installed on this AVD; select your application from the list.
Your widget will now be displayed on a blank background. Spend some time resizing and tweaking your widget until it’s showing the very best that your widget has to offer.
Once you’re happy with your widget’s appearance and content, select Take Snapshot.
To retrieve your snapshot, switch back to Android Studio and select View > Tool Windows > Device File Explorer from the toolbar. This launches Android Studio’s Device File Explorer.
In the Device File Explorer, navigate to sdcard/Download. You should find your preview image saved in the following format: [application_name]_ori_[orientation].png
Drag this image out of Android Studio and drop it somewhere easily accessible, such as your Desktop.
Give this image file a descriptive name.
Drag and drop the file into your project’s drawable folder.
Open your AppWidgetProviderInfo, which for this project is collection_widget_info.xml.
Find the android:previewImage=”@mipmap/ic_launcher” line and update it to reference your preview image.
Your widget will now use this new image resource as its preview image:
Install the updated project on your physical Android device or AVD.
Long-press any empty section of the homescreen.
Tap Widgets, which launches the Widget Picker.
Scroll to your widget; it should now be using the updated preview image.
Customizable widgets: Adding a configuration Activity
A configuration Activity launches automatically when the user places each instance of your widget on their homescreen.
There’s several reasons why you might want to add a configuration Activity to your project.
widgets tend to provide the best user experience when they provide access to the information or features that are most important to the individual user.
Firstly, some widgets require initial setup, for example a widget that displays traffic alerts might need to know the user’s home address, where they work, and the times when they typically commute. Without some way to enter this information, your widget might be completely useless!
In addition, widgets tend to provide the best user experience when they provide access to the information or features that are most important to the individual user. By adding a configuration Activity to your project, you can give users the freedom to pick and choose exactly what’s included in your widget.
Even relatively straightforward customizations, such as changing a widget’s background or font, can have a positive impact on the user experience – after all, no-one’s going to appreciate a widget that visually clashes with the rest of their homescreen!
No-one’s going to appreciate a widget that visually clashes with the rest of their homescreen!
Alternatively, sometimes you may have a long list of content that you want to include in your widget, and you’re struggling to narrow down your options. A configuration Activity can be a way to put all of your ideas to good use, without creating a cluttered, confusing widget. Just bear in mind that setting up a widget shouldn’t feel like a chore, so if you do provide a configuration Activity then it’s recommended that you limit yourself to three configuration options.
Let’s add a configuration Activity to our project!
Firstly, our configuration Activity needs a layout, so create a new layout resource file named config_activity.xml.
I’m going to add the following buttons to this layout:
A configuration button. In a real-life project, this button would modify the widget in some way, for example adding or removing content, or changing how frequently the widget updates. To help keep our code straightforward, clicking this button will simply display a Configuration Options toast.
A setup button. Once the user is happy with how their widget is configured, pressing this button will place the newly-configured widget on their homescreen.
Now, we need to create our configuration Activity.
To start, create a new Java class named ConfigActivity. In this Activity, we’re going to retrieve the App Widget ID from the intent that launched the configuration Activity. If this intent doesn’t have a widget ID, then we’ll need to call the finish() method:
If you provide a configuration Activity, then the ACTION_APPWIDGET_UPDATE broadcast won’t be sent automatically when the configuration Activity is launched, which means the onUpdate() method won’t be called when the user creates an instance of your widget.
To ensure your widget is created with up-to-date information and content, your configuration Activity must trigger the first onUpdate() request.
Once you’ve created a configuration Activity, you need to declare this Activity in the Manifest and specify that it accepts the APPWIDGET_CONFIGURE action:
Finally, since a configuration Activity is referenced outside of the package scope, we need to declare this Activity in our AppWidgetProviderInfo, which in this instance is the collection_widget_info.xml file:
Now it’s time to put your finished project to the test:
Install your updated project on a physical Android device or AVD.
Delete all previous instances of your widget, to ensure you’re working with the very latest version.
Long-press any empty area of the homescreen and select Widgets when prompted.
Find your widget in the Widget Picker and long-press to select it.
Drop the widget onto your homescreen. The Configuration Activity should launch automatically.
Give the Perform Some Configuration button a click, and a Configuration Options toast should appear, confirming that this interaction has been registered successfully.
Imagine that you’ve tweaked the widget’s settings and are now ready to place it on your homescreen; give the Create The Widget button a tap, and this widget should be created successfully.
In this article, we created a scrollable collection widget that displays a data set on the user’s homescreen.
If you want to continue working with this project, then you could try adding your own code to the onUpdate() method, to create a widget that updates with new information at the interval defined in your AppWidgetProviderInfo file (collection_widget_info).
If you do create an Android widget, then be sure to share your creations in the comments below!
More posts about Android Development
Save 60% on our Introduction to Android Development Course
Android Authority has created a course to help you learn how to develop Android Apps! No Coding Experience Required. Start Your Journey on Becoming an Android Developer today.
Visit DGiT Academy today. Enter discount code: SIXTYOFF at checkout to receive 60% off.
The Global Rapid Mobile App Development Tools Market Research Report Forecast 2019-2025 is a valuable source of insightful data for business strategists. It provides the industry overview with growth analysis and historical & futuristic cost, revenue, demand and supply data (as applicable). The research analysts provide an elaborate description of the value chain and its distributor analysis. This Market study provides comprehensive data which enhances the understanding, scope and application of this report.
Top Companies in the Global Rapid Mobile App Development Tools Market:
Neptune Software
FileMaker
WaveMaker
Ionic
Zoho
Capriza
Mi-Corporation
MicroStrategy
Nintex
ProntoForms
AppSheet
Click the link to get a Sample Copy of the Report:
The research report on the Global Rapid Mobile App Development Tools market includes a SWOT analysis and Porter’s five forces analysis, which help in providing the precise trajectory of the market. These market measurement tools help in identifying drivers, restraints, weaknesses, Rapid Mobile App Development Tools market opportunities, and threats. The research report offers global market figures as well as figures for regional markets and segments therein.
Global Rapid Mobile App Development Tools Market Split By Product Type And Applications:
This report segments the global Rapid Mobile App Development Tools Market on the basis ofTypesare:
Web Native Hybrid Applications
On the basis of Application, the Global Rapid Mobile App Development Tools Market is segmented into:
iOS Android Others
Global Rapid Mobile App Development Tools Market by Regions:
North America (United States, Canada and Mexico)
Europe (Germany, France, UK, Russia and Italy)
Asia-Pacific (China, Japan, Korea, India and Southeast Asia)
South America (Brazil, Argentina, Colombia)
Middle East and Africa (Saudi Arabia, UAE, Egypt, Nigeria and South Africa)
(Special Offer: Get flat 15% discount on this report)
What are the market factors that are explained in the report?
-Key Strategic Developments: The study also includes the key strategic developments of the market, comprising R&D, new product launch, M&A, agreements, collaborations, partnerships, joint ventures, and regional growth of the leading competitors operating in the market on a global and regional scale.
-Key Market Features: The report evaluated key market features, including revenue, price, capacity, capacity utilization rate, gross, production, production rate, consumption, import/export, supply/demand, cost, market share, CAGR, and gross margin. In addition, the study offers a comprehensive study of the key market dynamics and their latest trends, along with pertinent market segments and sub-segments.
–Analytical Tools: The Global Rapid Mobile App Development Tools Market report includes the accurately studied and assessed data of the key industry players and their scope in the market by means of a number of analytical tools. The analytical tools such as Porter’s five forces analysis, feasibility study, and investment return analysis have been used to analyzed the growth of the key players operating in the market.
Finally, Rapid Mobile App Development Tools Market report is the believable source for gaining the Market research that will exponentially accelerate your business. The report gives the principle locale, economic situations with the item value, benefit, limit, generation, supply, request and Market development rate and figure and so on. This report additionally Present new task SWOT examination, speculation attainability investigation, and venture return investigation.
Media Contact Us:
Irfan Tamboli (Head of Sales) – Market Insights Reports
Consider all of the functions that exist in a smartphone — GPS, video recording, face detection and the like. Mobile applications that creatively combine them can achieve some pretty neat stuff.
But Some app developers are gunning for better than neat. They want to solve social problems and maybe even save lives. Consider the application these students from Spain developed.
The newly trained coders — all teenage girls — wanted to make something to help women feel safer outdoors. All women know those moments when they’d love to take a jog, but it’s getting a bit dark outside; or they need to run to the store for some essentials late at night. Waiting for daylight might be the smartest choice. But on occasions when they can’t wait, it’s wise to have a defense — like Mace spray — with them.
At Technovation World Pitch, Team LPSN offered another option. Their app — called When and Where — acts a bit like a digital bodyguard with a direct line to the police.
Team members Paula Fernández Rosas, Sandra Caamaño Gómez, Nuria Villoria, Lucía Adrián Tovar, and Lucía Fernández spoke withSonia Tagare, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the Technovation World Pitch event in Santa Clara, California. They discussed women’s safety issues and the challenges they overcame in creating the app (see the full interview with transcript here).
Rush to safety
The team’s app obtains users’ location in real time and detects anomalies while they walk or run. For example, if they stop or if they aren’t getting to their destination on time, it automatically calls emergency services or another emergency contact of the user’s choosing.
Another mode monitors users to make sure they stay on the proper route. “That’s when you, for example, want to go home. And so if you don’t follow your route,the app sends you an alert. And in case of emergency,it sends a message to your contact,” Fernández Rosas said.
The tragic murder of runner Laura Luelmo in Spain last year deeply affected team members. It elevated their awareness of dangers women face in public spaces. When they learned about the Technovation challenge, they realized it was their chance to try to affect change.
Technovation helps teams of girls around the world learn about coding and develop apps to address problems in their communities. “In our country, there have been a lot of women murdered,kidnapped. And we thoughtthat it was something very, very important,” Tovar said.
With only a couple of months to develop the app, the team had to quickly round a learning curve. They managed to build adequate coding and programming muscle to pull it off and make it to World Pitch. They want to continue improving the app, adding new languages and iOS compatibility.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Technovation World Pitch event:
Photo: SiliconANGLE
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
For many a programmer or entrepreneur, becoming an “app millionaire” is the ultimate dream. It must be an amazing feeling to know that you’ll never have to work again, because of a smart idea that you had. And to know that said idea is actually helping people! The problem is that so few people know how to become an app developer.
This is what I find so appealing about programming and software development. This is a set of tools that empowers anyone to make anything they can dream up, and to potentially change their lives and the world in doing so.
Unfortunately, I’m not an app millionaire, but I got a small taste of success a while ago with an Android app, and thought I’d share my experiences here for other hopeful developers.
What happened
I’m not sure if it was exactly $50,000, but that’s a rough estimate. One of my apps got over 70,000 downloads, at $1.20 a pop, and I had a few others sell okay too. I also cut deals with OEMs in India to have the apps appear as preloaded software, which earned me a little extra.
I’m not rich by any means. It might sound like a lot of money, but its impact is felt considerably less over a span of ten years! That isn’t to say it wasn’t awesome, though. And it certainly helped me enjoy a more comfortable lifestyle for a little while. And it wasn’t by following any conventional advice on how to become an app developer.
Ideation
The app that kicked it all off for me was called Multiscreen Multitasking. As a freelance writer who enjoyed the freedom that job afforded me, I wanted a way to work on my massive phone without needing a laptop. I had a bluetooth keyboard, but there was no way for me to split the screen between a browser and a document for research (this was well before baked-in multitasking on Android).
Unfortunately, this limitation was down to the firmware, so no coding on my part would be able to circumvent it without root access.
Scratch your own itch. I knew what problem I wanted to solve, and I found a cool way to do it.
The solution I eventually stumbled onto was to make an app with both a text editor and a WebView so I could see them side by side. I called this “Split Screen Browser and Notepad” because I’m original, and that actually got a few downloads! I didn’t necessarily set out to learn how to become an app developer, but rather I knew what problem I wanted to solve, and I found a cool way to do it. Developers and inventors tend to call this “scratching your own itch” and it’s a great approach to finding “pain points” that can become sellable ideas.
From there, I realized it wouldn’t be that hard to add more mini apps into the mix, like a file browser, a drawing tool, or a movie player. I then figured out a way to move the windows around and resize them just like a Windows desktop. I did this by getting the users’ finger position from a canvas floating on top of all the views, and by allowing that press to pass through if it was inside a window.
I wasn’t expecting the app to take off the way it did.
I released this extremely quickly as Multiscreen Multitasking, and then evolved it over time to incorporate more ideas and features. I also split the app into multiple different versions, to target different types of user, and different types of device. My coding at the time was pretty limited to say the least, so I learned how to be an app developer basically on the job!
A scary time
I wasn’t expecting the app to take off the way it did. Again, I’m no Mark Zuckerberg, but after a day or two, the app was selling numerous copies per hour at the one-off price of $1.20!
I have a vivid memory of being at a house party, checking my phone, realizing this had the potential to be “it.” It was exhilarating! I had always been interested in learning how to become an app developer, but I hadn’t really thought about what it might feel like to see an app of mine succeed.
For about a year the app earned me roughly $30 a day, which actually makes a big difference to a young guy fresh out of Uni. What’s more, is that I could see it had the potential to go much bigger.
Eventually, I was contacted by some guys in India who wanted to act as a kind of agent for my app to sell a license to OEMs in their part of the world. I agreed, and while pretty much everyone tried to con me out of my intellectual property, and I earned barely a pittance for weeks and weeks spent tweaking code, it still felt pretty big league for me at the time. And no one can take that away from me!
How to become an app developer today
So, If you want to know how to become an app developer, what can you learn from my experiences?
I made a lot of mistakes (which I’ll get to in a moment), but one thing I felt I did right was to employ a “fail fast approach” — essentially, I released the app a little half baked.
It sounds like terrible advice, but it works, because you don’t spend too long on an idea with no legs. Prior to Multiscreen Multitasking, I had made a custom keyboard, a game, a word counting app (this wasn’t always a built-in feature at the time), and lots more. None of these sold more than 20-30 copies.
If I’d spent a whole year on my word count app, I’d never have made Multiscreen Multitasking, and I’d have become disheartened really early on.
I see this so often with hopeful entrepreneurs and developers. They spend years living at home with their parents, working on a life-changing app idea. Very often they won’t even tell me what they’re working on, because it’s so revolutionary I might steal the idea (because I’ve got nothing better to do of course!).
Then they release their app/website/business and within two weeks they go bust. Some take out a ton of loans and spend a fortune on branding, legal advice, and bug testing, all without testing to see if anyone actually wanted their idea!
Becoming an app developer doesn’t have to involve moving in with your folks! You can build and learn while holding down a 9-5 (or at least while working online, as I did).
What’s in a name?
Another thing I did right was to give the app a name that sold itself. “Multiscreen Multitasking” is effectively a search term. If you want something that splits the screen to run multiple apps, that’s what you’re going to search for!
I did zero marketing.
This is 100% what made the app a hit. I did zero marketing, and really had no expectation that it would be a modest hit. What also helped, is that the icon I used in the Play Store listing was literally a screenshot of it doing its thing. People could see right away that if they wanted desktop-style multitasking, this was where it was at!
The price is right
I stand by my decision to release the app for a one-off price. I knew from my experiences as a webmaster, advertising revenue doesn’t amount to much unless you have thousands of daily users. That’s rare for any app (how many apps do you truly use daily on your phone?). I knew some people out there might download the app and never even try it once! By charging a one-off fee, I’d still earn off them.
Is that how to become an app developer today? I think there’s a good chance it’s still a good option for smaller, independent developers — especially on iOS.
Finally: I was smart not to trust those agents I worked with. Fortunately, I had baked in a little kill switch into the OEM versions of the app, that would check for the existence of a file on a server, and if it found it, it would flip out and destroy the app. When my app appeared on their website with no mention of my name or business, it was easy for me to convince them to see reason!
Where I went wrong
Although this time in my life was very exciting – and I remember enjoying a huge boost in confidence (I finally felt like my hero, Tony Stark) – I was also incredibly anxious. It would only take the app to be removed from the store for some reason for my success to be brought to a halt. Likewise, there was nothing to say that the app wouldn’t just randomly lose momentum overnight. I was also sure it would be only a matter of time until Android introduced multi-window functionality natively (it turned out to take a few years).
Mine was the first app in the store to work this way, but it was also only a very short time before countless imitators joined the fray. Some worked better than my app, and were completely free. If you want to learn how to become an app developer, should you also learn how to protect your intellectual property, though in all honesty it won’t be worth your while.
Your best defense against imitators is to do it first, and do it best. I squandered that advantage. This is the advice of most Silicon Valley movers and shakers too. However, ask an investor to sign a non-disclosure agreement (NDA) before you tell them your idea and they’ll likely laugh you out the door. They know ideas are worth squat, execution is everything.
Ideas are worth squat. Execution is everything.
This apprehension also stopped me from going all-in on the idea. I was so sure it would become defunct quickly, I still spent 90% of my time freelancing. In retrospect, I could easily have leveraged that early success and given users a reason to stick around. Perhaps I could have turned it into a convenient suite of apps, or made the selling point an increased synergy between apps (I had already added a feature that would open a website in the drawing app for annotation, which I’m proud to say was a little ahead of its time!).
The ghost in the machine
The bigger mistake I made was in the code. I built Multiscreen Multitasking using just a little bit of self-taught coding knowledge, and I didn’t even use Java and Eclipse (the preferred method back then). Instead, I used a tool called B4A, which lets you code in BASIC. My only experience at the time was with a ZXSpectrum, a Tatung Einstein (anyone remember those?), and QBasic; so this was perfect for me.
I built Multiscreen Multitasking using just a little bit of self-taught coding knowledge.
However, if ever an application lent itself to an object-oriented structure (words that meant nothing to me at the time), it would be one that opens lots of iterations of the same app! Learning the official tools (Android Studio in this case) is by far the best advice if you want to become an app developer!
That might be nonsense to you, but you can probably understand my folly when it came to naming variables and functions. I had a terrible habit of calling them things like “JigglyWiggly” and “Cup” (normally if there happened to be a cup on the table). Eventually, this gave way to a kind of internal logic so complex, it was almost its own language. I didn’t write a note of it anywhere either. The old random code was completely obtuse.
Honestly, a serious programmer would have a heart attack if they saw the code. If I decided I didn’t need a function anymore (which remember would just be written in-line in my script), then I just left it there to rot. I didn’t even delete it! This meant when I had to take a small hiatus from my app (my biggest writing client didn’t pay me for about six months, leading me to financial destitution – another fun story), I had absolutely no idea how to get back in when I came back!
It sat there and it rotted until it was eventually taken down.
As Google updated its tools with Android Studio, and its rules with Material Design, my old app just wasn’t adaptable enough to cope.
So it sat there and it rotted until it was eventually taken down for using an image that I didn’t own the rights to in the store listing (the background I had on my phone at the time). Again, not my best move.
Positive takeaways
While Multiscreen Multitasking is no longer for sale and I perhaps missed an opportunity, I still don’t consider the experience a failure over all. For one, it was an experience no one can ever take from me. I’m extremely proud of the app, from the initial idea, to some of the features, to a few resourceful ways I managed to achieve things with limited coding chops.
I still don’t consider the experience a failure.
Moreover, it led to a ton of subsequent opportunities: creating more high profile apps, working for Android Authority, and even getting a book published. I would recommend trying it to anyone.
The experience also taught me how to become an app developer, and that led to more creations, successes, and failures down the line.
How to create a successful app today
If you want to enjoy success on the app store and become an app developer, what should you do differently? For starters, write good code you’ll be able to return to. You can learn how to build apps the right way here.
Find a pain point and fix it — ideally one people will be searching for. Don’t spend too long working on one app, and choose something relatively simple for your first project. People who have never built an app before shouldn’t be creating cloud-based services with security issues and other complications. They should make calculators.
Likewise, strongly consider using a flat fee as your payment method, unless you are providing a truly amazing service. The next time I release an app it will almost certainly be on the iTunes store where it’s customary to spend $5 or even $20 for something worth having.
I hope you found some of my insights useful. Maybe they helped you set your own course for how to become an app developer. Be sure to share your own in the comments down below. What are you working on right now?
Save 60% on our Introduction to Android Development Course
Android Authority has created a course to help you learn how to develop Android Apps! No Coding Experience Required. Start Your Journey on Becoming an Android Developer today.
Visit DGiT Academy today. Enter discount code: SIXTYOFF at checkout to receive 60% off.
The latest, greatest, as-yet-unnamed version of Android introduces features and APIs that you can use to design new experiences for your users — plus a few behavioral changes that you’ll need to watch out for.
Even if you’re not updating your app to target Android Q just yet, some of these changes will impact every application that’s installed on Android Q, even if your app doesn’t explicitly target this version of Android.
Some of these changes will impact every application that’s installed on Android Q.
Regardless of whether you’re eager to experiment with the latest features, or you just want to ensure your app won’t break the moment it’s installed on Android Q, now’s the perfect time to start preparing for Android Q’s imminent release.
In this article, I’ll cover all the steps you need to take to get your app ready for Android Q — from brand-new features to minor security tweaks that have the potential to break your entire application.
Avoid CPU and GPU throttling: Monitoring the device’s temperature
Overheating can seriously damage your smartphone or tablet. As a protective measure, Android will throttle your device’s CPU and GPU when it detects that temperatures are approaching dangerous levels.
While this behavior helps to protect the device’s hardware, it can also have a noticeable impact on application performance, particularly if your app uses high-resolution graphics, heavy computations, or performs ongoing network activity.
While this slowdown is imposed by the system, your typical smartphone or tablet user will blame your application for any drop in performance. In the worst case scenario, the user may decide that your application is buggy or broken, potentially even uninstalling your app and leaving you a negative Google Play review in the process.
In the worst case scenario, the user may decide that your application is buggy or broken.
Android Q introduces a new Thermal API that can help you avoid this CPU and GPU throttling. You can use this API’s addThermalStatusListener() method to create a listener for thermal status changes, then adjust your app’s behavior whenever the device’s temperature starts to rise. This can help reduce the chances of the system resorting to CPU or GPU throttling. For example, you might reduce the strain your application is placing on the overheating system by lowering your resolution or frame rate, or by disabling resource-intensive features such as network connectivity.
Note that Android Q’s Thermal API requires a new device HAL layer, which at the time of writing was only available on Pixel devices.
More posts about Android Q
Reduce eyestrain and boost visibility with Dark theme
On Android Q, users can activate a system-wide Dark theme that’s designed to reduce eyestrain, improve visibility in low-light conditions, and reduce power usage on devices with OLED screens.
Dark theme is a low-light UI that uses dark surfaces for the background, and light foreground colors for elements such as text and iconography.
Users can activate this system-wide Dark theme at any time via a new Quick Settings tile, or by launching their device’s Settings application and navigating to Display > Theme. On Pixel devices, switching to Battery Saver mode will also enable Dark theme automatically.
Dark Theme is applied across the entire device, so to provide a consistent user experience you’ll need to ensure that your application fully supports Dark theme.
To add Dark Theme support, make sure you’re using the latest version of the Material Android library, then update your app to inherit from Theme.MaterialComponents.DayNight, for example:
Alternatively, you can provide separate Dark and Light themes. To create a Light theme, open your res/values/themes.xml file and inherit from Theme.MaterialComponents.Light:
To provide a good user experience, you may need to modify your app’s behavior when Dark theme is enabled, for example replacing or removing graphics that emit a significant amount of light.
You can check whether Dark theme is enabled, using the following snippet:
int currentNightMode = configuration.uiMode & Configuration.UI_MODE_NIGHT_MASK;
switch (currentNightMode) {
//Dark Theme is not currently active//
case Configuration.UI_MODE_NIGHT_NO:
break;
//Dark Theme is active//
case Configuration.UI_MODE_NIGHT_YES:
break;
}
Your application can then modify its behavior, depending on which Theme is currently active.
Settings Panel API: Displaying device settings inside your app
If your app targets Android Q, you’ll no longer be able to directly alter the device’s Wi-Fi settings. Instead, you’ll need to prompt the user to make the desired changes using the Settings Panel API.
You can use this new API to display content from the device’s Settings application, as an inline panel that slides over your app’s content. From the user’s perspective, these in-app controls allow them to quickly and easily alter their device’s settings without having to launch a separate app. For an application developer, the Settings Panel API lets you change the Wi-Fi status, and other crucial device settings, without encouraging the user to navigate away from your app.
To use the Settings Panel API, you’ll need to fire an intent with one of the following actions, depending on the content you want to display:
ACTION_INTERNET_CONNECTIVITY: This displays settings related to enabling and disabling internet connectivity, including airplane mode, Wi-Fi, and mobile data.
ACTION_WIFI: This displays Wi-Fi settings only. This action is useful if your application specifically requires a Wi-Fi connection. For example, if you need to perform large uploads or downloads and don’t want to burn through the user’s mobile data allowance, use the ACTION_WIFI action.
ACTION_NFC: This displays all the settings related to near-field communication (NFC).
ACTION_VOLUME: This displays the device’s volume settings.
Here, we’re using the Settings Panel API to display the internet connectivity panel:
Intent panelIntent = new Intent(Settings.Panel.ACTION_INTERNET_CONNECTIVITY);
startActivityForResult(panelIntent);
Adding chat head notifications to your app
In Android Q, Google is making chat head-style notifications an official part of the Android platform with the introduction of the Bubble API.
Designed as an alternative to SYSTEM_ALERT_WINDOW, bubble notifications appear to “float” above other application content, in a style that’s reminiscent of the floating notifications used by Facebook Messenger for Android.
Bubble notifications can be expanded to reveal additional information, or custom actions that make it possible for users to interact with your app, from outside the application context.
When your app tries to create its first bubble, Android will ask the user whether they want to allow all bubbles from your application, or block all bubbles. If the user chooses to block all of your app’s bubbles, then they’ll be displayed as standard notifications instead. Your bubbles will also be displayed as standard notifications whenever the device is locked, or always-on-display is active. To provide a good user experience, you need to ensure that all of your bubbles display and function correctly as regular notifications.
To create a bubble, you’ll need an Activity that defines the expanded bubble’s behavior and a layout that defines its user interface. For a step-by-step guide on how to create your first bubble notification, check out Exploring Android Q: Adding bubble notifications to your app.
Increasing accessibility with system-wide gestural navigation
Users with dexterity issues may find it easier to interact with their device using gestures. In Android Q, users have the option to enable gestural navigation across their entire device, which will impact every application installed on that device.
Even if you don’t update your app to target Android Q, your application will be affected by the device’s navigation settings, so you need to ensure that your app is compatible with Android Q’s gestural navigation.
In gestural navigation mode, your app should use the entire screen, so the first step is telling the Android system that your application supports edge-to-edge view. To layout your application fullscreen, you can use the SYSTEM_UI_FLAG_LAYOUT_STABLE and SYSTEM_UI_FLAG_LAYOUT_HIDE_NAVIGATION flags, for example:
When it’s time to test your app, you’ll need to check that Android Q’s system gestures don’t trigger any of your app’s controls, such as buttons or menus. In particular, Android Q uses an inward swipe for the Back action, and an upwards swipe for Home and Quick Switch, which can interfere with any UI elements located in these areas.
If during testing you discover that swiping from the bottom of the screen, or swiping inwards is triggering your app’s controls, then you can indicate which regions are setup to receive touch input. To block out certain areas, pass a List<Rect> to Android Q’s View.setSystemGestureExclusionRects() API, for example:
List<Rect> exclusionRects;
public void onLayout(
boolean changedCanvas, int left, int top, int right, int bottom) {
setSystemGestureExclusionRects(exclusionRects);
}
public void onDraw(Canvas canvas) {
setSystemGestureExclusionRects(exclusionRects);
}
If your app uses any custom gestures, then you should also check that they don’t conflict with the system’s navigation gestures.
Capturing audio from third party applications
Android Q introduces a AudioPlaybackCapture API which makes it possible for your app to capture audio from other applications — perfect if you’re creating a screen recording app!
To capture audio playback, you need to request the RECORD_AUDIO permission, and then:
Build an AudioPlaybackCaptureConfiguration instance, using AudioPlaybackCaptureConfiguration.Builder.build().
Configure and create the AudioRecord instance, by calling setAudioPlaybackCaptureConfig and then passing the configuration to the AudioRecord object.
For example:
MediaProjection mediaProjection;
AudioPlaybackCaptureConfiguration config =
new AudioPlaybackCaptureConfiguration.Builder(mediaProjection)
.addMatchingUsage(AudioAttributes.USAGE_MEDIA)
.build();
AudioRecord record = new AudioRecord.Builder()
.setAudioPlaybackCaptureConfig(config)
.build();
This new API means, by default, third-party apps will be able to record all of your application’s audio. For some apps, this can be a privacy concern or may even put your app at risk of copyright infringement. If required, you can prevent third parties from capturing your app’s audio, by adding android:allowAudioPlaybackCapture=”false” to your Manifest.
Even with this flag in place, system apps will still be able to capture your app’s audio playback, as accessibility features such as captioning depend on audio capture.
To provide an accessible experience, it’s recommended that you always allow system components to capture your app’s audio, but you can block system apps using the ALLOW_CAPTURE_BY_NONE constant, if required.
Before invoking BiometricPrompt, you can now check whether the device supports biometric authentication, using the new canAuthenticate() method.
2. Streamlined biometric authentication dialogs
Android Q makes a subtle change to BiometricPrompt’s authentication dialogs.
Android allows users to authenticate their identify using a number of implicit “hands-free” biometric modalities, such as face or iris authentication. However, even if the user successfully verifies their identify using an implicit modality, they’ll still have to tap the dialog’s Confirm button in order to complete the authentication process.
For many implicit biometric modalities, this Confirm action is unnecessary, so in Android Q you can request that the system removes the Confirm button from your biometric authentication dialog.
This small change can have a positive impact on the user experience, as verifying your identity by looking at your device, is easier than looking at your device, waiting for it to recognize your face, and then tapping the Confirm button.
In Android Q, you can request that the system removes the Confirm button by passing false to the setConfirmationRequired() method. Note that the system may choose to ignore your request in certain scenarios, for example if the user has disabled implicit authentication in their device’s Settings.
3. Alternative authentication methods
At times, a user may be unable to authenticate using biometric input. In these scenarios, you can allow them to authenticate their identify using their device’s PIN, pattern, or password using the new setDeviceCredentialAllowed() method.
Once this fallback is enabled, the user will initially be prompted to authenticate using biometrics, but will then have the option to authenticate using a PIN, pattern, or password.
Run embedded DEX code directly from your APK
In Android Q, it’s possible to run embedded DEX code directly from your APK file, which can help prevent attackers from tampering with your app’s locally compiled code.
You can enable this new security feature by adding the following to your Manifest’s <application> element:
android:useEmbeddedDex="true”
You can then build an APK that contains uncompressed DEX code, by adding the following to your Gradle build file:
aaptOptions {
noCompress 'dex'
}
New permissions for Activity recognition
Android Q introduces a new com.google.android.gms.permission.ACTIVITY_RECOGNITION runtime permission for applications that need to record the user’s step count or categorize their physical activity, such as running or cycling.
Android’s Activity Recognition API will no longer provide results unless your application has this new ACTIVITY_RECOGNITION permission. Note that if your app uses data from built-in sensors such as the gyroscope or accelerometer, then you don’t need to request the ACTIVITY_RECOGNITION permission.
Restrictions on Activity starts
To help minimize interruptions, Android Q places new restrictions on when your application can start an Activity. You’ll find a complete list of all the conditions that allow for Activity starts, over at the official Android docs.
System alert overlays removed from Android Go
If your app winds up on a device that’s running Android Q and Android Go, it’ll be unable to access the SYSTEM_ALERT_WINDOW permission. This change has been implemented to avoid the noticeable performance drops that can occur when Android Go devices attempt to draw the SYSTEM_ALERT_WINDOW overlay window.
Say goodbye to Android Beam
Android Q marks the end of Android Beam, as this data-sharing feature is now officially deprecated.
Keeping your users secure: Key privacy changes
Android Q introduces a number of privacy changes that give users greater control over their data and their device’s sensitive features.
Unfortunately, these changes can affect your app’s behavior and may even completely break your app. When testing your application against Android Q, you should pay particular attention to the following privacy changes:
1. Scoped storage: Android’s new external storage model
Android Q places new restrictions on how applications access external storage.
By default, if your app targets Android Q then it’ll have a “filtered view” into the device’s external storage (previously referred to as a “sandboxed view”), which only provides access to an app-specific directory.
With scoped storage, your application can access this app-specific directory and all of its contents, without having to declare any storage permissions. However, your app can only access files created by other applications if it’s been granted the READ_EXTERNAL_STORAGE permission and the file(s) are located in either Photos (MediaStore.Images), Videos (MediaStore.Video) or Music (MediaStore.Audio). If your app requires access to a file that doesn’t meet this criteria, then you’ll need to use the Storage Access Framework.
At the time of writing, it was possible to opt out of scoped storage by adding android:requestLegacyExternalStorage=”true” to your project’s Manifest, but according to the official Android docs scoped storage will eventually be required by all applications, so it’s recommended that you update your app as soon as possible.
2. Decide when an app can access your location
Android Q gives users more control over when an application can access their location.
When your app requires location information, Android Q will display a dialog asking whether the user wants to share this information:
When your app is running in the foreground only.
All of the time (i.e when your app is in the foreground and the background).
If the user grants your app all-of-the-time access, then Android Q will create regular notifications to remind the user that your app can access their location at any time.
To implement these changes, Android Q introduces a new ACCESS_BACKGROUND_LOCATION permission.
If your app requires access to location information while it’s in the background, you’ll need to request this new permission, alongside the existing ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION permission. For example:
3. New restrictions on non-resettable system identifiers
If you require access to non-resettable system identifiers, such as IMEI and serial number, you’ll now need to request the READ_PRIVILEGED_PHONE_STATE permission.
Wherever possible, it’s recommended that you use alternative methods of tracking the user. For example, if you wanted to record user analytics, you could create an Android Advertising ID rather than requesting access to non-resettable device identifiers.
Make sure you’re ready for Android Q: Testing your app
The best way to ensure that your application provides a good user experience on Android Q, is to test it on a device that’s running Android Q.
While we’re waiting for the official release, there are three ways to test your app against the Android Q developer previews: enroll your device in the Android Beta program, manually flash an Android Q system image onto your device, or use an Android Virtual Device (AVD).
1. Install the Android Q beta on a physical device
If you don’t own a Pixel, the Android Q beta is also available on select devices from a handful of manufacturers, including Asus, Huawei, LG, Xiaomi, and more. For the full list of supported devices, check out the list right here.
Once you’re enrolled, Google estimates that you’ll receive between three and six updates over the course of the program.
Before enrolling in the Beta program, there are several drawbacks you need to be aware of. Pre-release versions of Android may contain bugs and errors that could prevent your device from functioning normally, and there’s no official support available if you do encounter difficulties. Users who are running pre-release versions of Android also won’t receive separate monthly security updates, which could leave your device vulnerable to attacks and exploits.
Finally, although you can opt out of the program and revert to a stable version of Android at any time, all of the locally saved data on your device will be wiped when you revert to the stable release. Note that if you remain enrolled until the end of the beta program, then you’ll graduate and receive the final, public version of Android Q without losing any of your data.
If you want to start receiving over-the-air Android Q updates, head over to the Android Beta website for more information.
2. Manually flash an Android Q system image
If you don’t like the idea of receiving Android Q updates over-the-air, you can download and manually flash an Android Q system image to your Pixel device.
Google has published the system images for all compatible Pixel devices, along with instructions on how to flash a system image. This manual approach can be useful if you need to test against a specific release of Android Q, or if you want to start testing immediately rather than enrolling in the Beta program and potentially waiting up to 24 hours to receive your first update.
3. Use the Android emulator
If you don’t want the risks associated with installing beta software on a physical smartphone or tablet, or if you don’t own a compatible device, you can use an AVD instead.
To download the latest Android Q preview image, follow these steps:
Launch Android Studio.
Select Tools > SDK Manager from the Android Studio toolbar.
Make sure the SDK Platforms tab is selected.
Select Show Package Details.
Select Google Play Intel x86 Atom System Image.
Click OK.
Create an AVD using this system image.
How do I test my app against Android Q?
Once you have a physical device or AVD that’s running Android Q, you should put your app through the same testing processes and procedures you use when preparing any release. During testing, you should also pay particular attention to Android Q’s privacy changes, as these have the potential to break your app.
Once you’ve verified that your application is providing a good user experience on Android Q, you should publish your Android Q-compatible app to Google Play as soon as possible. By releasing your app early, you can gather feedback before the majority of your user base move to Android Q.
Alternatively, you can use Google Play testing tracks to push your APK to a select group of testers, then perform a staged rollout to production when you’re happy with their feedback.
We hope this article helped you get your app ready for Android Q! Which Android Q feature are you most excited about?
“Global Mobile App Optimization Software Market Report 2019-2025” helps the clients to take business decisions and to understand strategies of major players in the industry. The report also calls for market – driven results deriving feasibility studies for client needs. Marketinsightsreports ensures qualified and verifiable aspects of market data operating in the real- time scenario. The analytical studies are conducted ensuring client needs with a thorough understanding of market capacities in the real- time scenario.
Prominent Players in the global Mobile App Optimization Software market are –
Mobile application optimization products analyze the user-experience flow and interface functionality of mobile applications. These tools to show which components of an application are being accessed most frequently or rarely. They also provide statistics and information related to user behavior within a mobile application. Product teams will often use these tools to perform A/B testing to analyze the effects of changing features. Many products also possess targeting tools to display different features or advertisements based on specific regions or user demographics.
The report contains pages which highly exhibit on current market analysis scenario, upcoming as well as future opportunities, revenue growth, pricing and profitability.
Market Segmentation by Types:
Cloud Based Web Based
Market Segmentation by Applications:
Large Enterprises SMEs
Mobile App Optimization Software Market research report delivers a close watch on leading competitors with strategic analysis, micro and macro market trend and scenarios, pricing analysis and a holistic overview of the market situations in the forecast period. It is a professional and a detailed report focusing on primary and secondary drivers, market share, leading segments and geographical analysis. Further, key players, major collaborations, merger and acquisitions along with trending innovation and business policies are reviewed in the report. The report contains basic, secondary and advanced information pertaining to the Mobile App Optimization Software Market global status and trend, market size, share, growth, trends analysis, segment and forecasts from 2019–2025.
There are 15 Chapters to deeply display the global Mobile App Optimization Software market:
Chapter 1, to describe Mobile App Optimization Software Introduction, product scope, market overview, market opportunities, market risk, market driving force;
Chapter 2, to analyze the top manufacturers of Mobile App Optimization Software, with sales, revenue, and price of Mobile App Optimization Software, in 2017 and 2018;
Chapter 3, to display the competitive situation among the top manufacturers, with sales, revenue and market share in 2017 and 2018;
Chapter 4, to show the global market by regions, with sales, revenue and market share of Mobile App Optimization Software, for each region, from 2014 to 2019;
Chapter 5, 6, 7, 8 and 9, to analyze the market by countries, by type, by application and by manufacturers, with sales, revenue and market share by key countries in these regions;
Chapter 10 and 11, to show the market by type and application, with sales market share and growth rate by type, application, from 2014 to 2019;
Chapter 12, Mobile App Optimization Software market forecast, by regions, type and application, with sales and revenue, from 2019 to 2025;
Chapter 13 and 14, to describe Mobile App Optimization Software sales channel, distributors, traders, dealers, Research Findings and Conclusion, appendix and data source
Regional Analysis For Mobile App Optimization Software Market:
For comprehensive understanding of market dynamics, the global Mobile App Optimization Software market is analyzed across key geographies namely: North America, Europe, Asia-Pacific, South America, Middle East and Africa. Each of these regions is analyzed on basis of market findings across major countries in these regions for a macro-level understanding of the market.
Influence Of The Mobile App Optimization Software Market Report:
-Comprehensive assessment of all opportunities and risk in the Mobile App Optimization Software market.
-Mobile App Optimization Software market recent innovations and major events.
-Detailed study of business strategies for growth of the Mobile App Optimization Software market-leading players.
-Conclusive study about the growth plot of Mobile App Optimization Software market for forthcoming years.
-In-depth understanding of Mobile App Optimization Software market-particular drivers, constraints and major micro markets.
-Favourable impression inside vital market latest trends striking the Mobile App Optimization Software market.
Customization of the Report:
Marketinsightsreports provides customization of reports as per your need. This report can be personalized to meet your requirements. Get in touch with our sales team, who will guarantee you to get a report that suits your necessities.
ABOUT US:
MarketInsightsReports provides syndicated market research on industry verticals including Healthcare, Information and Communication Technology (ICT), Technology and Media, Chemicals, Materials, Energy, Heavy Industry, etc. MarketInsightsReports provides global and regional market intelligence coverage, a 360-degree market view which includes statistical forecasts, competitive landscape, detailed segmentation, key trends, and strategic recommendations.
CONTACT US:
Irfan Tamboli (Head of Sales) – Market Insights Reports
Researchers at bot mitigation firm White Ops have been tracking fraudulent apps in the Google Play store. These apps often imitate legitimate apps, even going so far as to lift code directly from them, but instead of providing true functionality they harvest user data and send it back to command and control servers.
Marcelle Lee is a principal threat intel researcher at White Ops, and she shares their findings.
The original research can be found here
Transcript
Dave Bittner: [00:00:03] Hello everyone, and welcome to the CyberWire’s Research Saturday, presented by Juniper Networks. I’m Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down threats and vulnerabilities, and solving some of the hard problems of protecting ourselves in a rapidly evolving cyberspace. Thanks for joining us.
Dave Bittner: [00:00:26] And now a word about our sponsor, Juniper Networks. Organizations are constantly evolving and increasingly turning to multicloud to transform IT. Juniper’s connected security gives organizations the ability to safeguard users, applications, and infrastructure by extending security to all points of connection across the network. Helping defend you against advanced threats, Juniper’s connected security is also open, so you can build on the security solutions and infrastructure you already have. Secure your entire business, from your endpoints to your edge, and every cloud in between, with Juniper’s connected security. Connect with Juniper on Twitter or Facebook. And we thank Juniper for making it possible to bring you Research Saturday.
Dave Bittner: [00:01:13] And thanks also to our sponsor Enveil, whose revolutionary ZeroReveal solution closes the last gap in data security: protecting data in use. It’s the industry’s first and only scalable commercial solution enabling data to remain encrypted throughout the entire processing lifecycle. Imagine being able to analyze, search, and perform calculations on sensitive data, all without ever decrypting anything – all without the risks of theft or inadvertent exposure. What was once only theoretical is now possible with Enveil. Learn more at enveil.com.
Marcelle Lee: [00:01:53] To have an app in the Google Play Store, actually, there isn’t a huge barrier to entry for that.
Dave Bittner: [00:01:58] That’s Marcelle Lee. She’s a principal threat intel researcher at White Ops. The research we’re discussing today is titled, “Another Day, Another Fraudulent App.”
Marcelle Lee: [00:02:08] There’s a lot of apps that we’ve come across that, you know, they don’t have, like, a known website or, you know, it’s not like Zynga. It could be, you know, Marcelle at Marcelle dot com has created some app. So basically, they just join the Google Developer network, and most of the exchange between the developer and the Google Play Store is done via API access. But yeah, like I said, the barrier to entry is pretty low. And Google, of course, does monitor for bad activity, but it’s, like everything else in this field, whack-a-mole. It’s almost impossible to keep up with everything that’s being placed in the Play Store.
Dave Bittner: [00:02:47] And so, you all set your sights on this app that’s called “Crazy Brainstorming.” First of all, describe to us – what does this app claim that it’s going to do for you when you download it?
Marcelle Lee: [00:02:59] Crazy Brainstorming is a game kind of app, and basically like brain teaser puzzles and that sort of thing. That’s what it was purported to do. It didn’t really function particularly that way, as we reveal within the course of our research. But ostensibly, that’s what it was meant to be doing.
Dave Bittner: [00:03:17] And so, I see this app, I think this is something I might be interested in, and I download it. What happens next?
Marcelle Lee: [00:03:23] When you install the app, it goes to a sort of interesting series of – it will launch and put the icon on your desktop or your mobile app screen. And then it basically goes through this self-deletion process or what appears to be a self-deletion process. So, the app icon goes away – you won’t find the app listed in your list of apps anymore, but it is actually still there. It just makes it so it’s almost impossible for the average user to remove it. So, why does it do this is kind of a good question, right? And really, the main thing that this app seems to be doing is delivering ad content, and also redirecting users to what appears to be, in our estimation, a malicious website.
Marcelle Lee: [00:04:10] And so, with White Ops, that’s something that we’re particularly focused on, is looking for ad fraud. We work within that advertising ecosystem. And there’s actually – I don’t know, like the actual dollars involved – but there’s lots and lots of money that’s lost to ad fraud. So when I say ad fraud, I mean, like, an advertiser will pay for human clicks on a link or things like that, and then people like the developer of this app will cause ads to appear in ways that are sort of not proper, if you will, in terms of how they are displayed and how they appear to the user.
Marcelle Lee: [00:04:47] So, there’s many different flavors of ad fraud. And at White Ops we go by – there’s actually a taxonomy from a group called TAG. It’s the Trustworthy Accountability Group. And to sort of put it in context of cybersecurity, it’s almost like an ISAC for advertising industry. So, it’s like the same kind of things, but not exactly the same industry, if you get what I’m saying.
Dave Bittner: [00:05:12] Yeah.
Marcelle Lee: [00:05:12] TAG puts out this invalid traffic taxonomy, and it has a variety of different categories of what’s considered invalid traffic. And you have general invalid traffic, and then sophisticated invalid traffic. So that’s the kind of things that we’re looking for, that fall into these categories. And then similarly, from more of a true cybersecurity perspective, we also use the MITRE Mobile ATT&CK framework to categorize that sort of malicious activity. So, we combine both when we’re doing the analysis of these apps.
Dave Bittner: [00:05:45] This app installs itself, it hides itself, and then it’s using – do I have the pronunciation right? – the Tushu Software Development Kit is what’s running under the hood?
Marcelle Lee: [00:05:56] Yes, that is what’s running under the hood and your guess on pronunciation is as good as mine. We call it Tushu also.
Dave Bittner: [00:06:02] Okay. Right.
Marcelle Lee: [00:06:02] But yeah. So, the Tushu SDK is really the brains behind the whole thing. There are other SDKs within the app, but this was the one that was really creating most of the malicious activity – things like the ad behavior. And then the other piece is where the app launches this game center thing that looks like an app, and it appears on the screen as an app icon, but it literally is just a browser shortcut, not an actual app. And the Tushu behind all this activity as well. And this is the part where the user is, if they click on that, directed to the website that we discovered that was associated with all this.
Dave Bittner: [00:06:42] Yeah. It’s interesting to me that in your research you found that the ads are triggered by a bunch of different activities with a mobile device – things like connecting or disconnecting from a WiFi network. What are the things that it’s being triggered by? And why do you suppose it’s interested in those changes of state?
Marcelle Lee: [00:07:01] Basically, it’s interested in those changes of state because it means that the user is actively on the device and is therefore going to probably see an ad that pops up. So it does these full screen ads that are completely out of context from the app. Like, the ad pops up, you have absolutely no idea, as a user, where it came from. And you wouldn’t necessarily be able to tie it back to the Crazy Brainstorming app, because as far as you knew, on your phone, that was not even on there anymore, right? It looks like it disappeared.
Dave Bittner: [00:07:28] So they’re not trying to hide the ads behind things. They are actually displaying the ads?
Marcelle Lee: [00:07:33] Absolutely, displaying the ads. Which is – the hiding of the ads is another type of ad fraud, where you basically are showing a bunch of ads that nobody ever sees. But these ones are seen, and they’re very invasive, too, because they’re popping up full-screen, as I said, and it’s hard for the user to get around them. Like, pretty much, the average user is going to probably click on the ad just trying to get rid of it. And that’s going to often take them to the other website.
Dave Bittner: [00:08:00] And that’s when they make their money, I suppose.
Marcelle Lee: [00:08:02] Yeah, they make the money from the ads. And then, also, there’s even more crazy ad stuff happening on the website as well. But yeah, so things like network connectivity changes, the home key being pressed, unlocking the phone – these are all user probably initiated activities and would all give rise to an ad appearing.
Dave Bittner: [00:08:24] This Crazy Brainstorming app – it downloaded another app? It was sort of functioning as a dropper?
Marcelle Lee: [00:08:30] So, it wasn’t actually another app, it just had the appearance of an app.
Dave Bittner: [00:08:35] Hmm.
Marcelle Lee: [00:08:35] So, it looked like something was installed called “Game Center” on the screen of the device, but in actuality it was just a browser shortcut. So, just imagine it was a hyperlink hidden behind an icon. And so, as soon as you click that, you didn’t actually launch an app, you just opened a website.
Dave Bittner: [00:08:57] And what was at that website?
Marcelle Lee: [00:08:59] So, that was the H5 Games website. And there were various different sort of iterations, but h5games[.]top was the one that we did most of our research on. Now, we’re talking about a traditional website, and it’s called Game Center. It appears to be a website that just has games for you to play, and lots of advertising too, of course. And some of the advertising was legit, but a lot of it was somewhat less than legit, I guess I’ll say.
Dave Bittner: [00:09:28] Mm-hmm.
Marcelle Lee: [00:09:27] And then the games themselves, when you tried to actually play a game on this website, it didn’t really work. Like, it was really laggy or, you know, you would click on things and nothing actually happened. So, the game aspect of it didn’t really seem to be legit at all.
Dave Bittner: [00:09:46] Were they trying to download malware onto your system as well?
Marcelle Lee: [00:09:51] Yeah, so, this was actually pretty crazy. I don’t think I’ve ever seen a website quite this busy with trying to install things on your computer. There was just a lot of pop-up ads, and some of the ones that we saw were – it was this thing called Doc2PDF, which was ostensibly an application that would allow you to convert, like, say, a Word doc to a PDF. And that one – I think we have a screenshot in the blog about it – the permissions that this particular file requested were kind of crazy, right? Just accessing all kinds of information, and reading and modifying bookmarks, storing client data.
Marcelle Lee: [00:10:25] So that was one example, but there were many, many different ads that kept popping up. And it was kind of funny, Dave, because, like, almost all of these, they were either like an executable that you would download, or they were a browser extension. And the browser extensions were often bundled with their own little search engine or whatever. So, if you started to download all these, you’d basically have, like, all these different browser extensions that were kind of tripping over each other trying to be the search engine of choice.
Dave Bittner: [00:10:54] (Laughs) Trying to push each other out to get to the head of the line.
Marcelle Lee: [00:10:57] Yeah. (Laughs) Exactly. So it was kind of funny.
Dave Bittner: [00:10:59] When you say these are trying to download executables, I mean, we’re on a mobile device – are these desktop executables, or are these things designed to run on the mobile device?
Marcelle Lee: [00:11:10] So, these are actually desktop executables, which is sort of interesting…
Dave Bittner: [00:11:13] Huh.
Marcelle Lee: [00:11:12] …Because you would think it’s not really going to work on a mobile device. So, the only think I can think with that, really, is I did see some suggestions, when the site was still up, that you could use this app in emulated device on your Windows desktop computer. So, say you’re running some kind of Android emulator to play games, which apparently is a thing that people do. It’s not a thing that I do (Laughs). But yeah, so, if you were doing this on a Windows desktop, then absolutely these executables would impact you. But, I mean, overall, it didn’t seem like terribly well-thought-out for that aspect of it.
Marcelle Lee: [00:11:51] And another thing that kind of pointed to being kind of, I don’t know, low-level player or noobish, was the advertisements, when you clicked on them in the website, they would just launch like within that same tab in the window. And like, if you actually wanted to go back to the website, you had to do that – you had to hit back. And websites don’t render ads that way, right?
Dave Bittner: [00:12:14] Mm-hmm.
Marcelle Lee: [00:12:13] They don’t want you to go off to another site and then lose your attention. So that was a bit of an anomaly, in terms of just sort of normal behavior.
Dave Bittner: [00:12:23] Now, in terms of the actual Crazy Brainstorming app, you all dug in there and you found that it was likely borrowing code from a legit app?
Marcelle Lee: [00:12:32] Yes. We discovered a bunch of references within the code to this other company, basically in their app. And when we dug into that, we discovered that it was a legitimate company, at least it appeared to be. And, you know, they had a number of games. And so we did this code comparison, and turned out that, like, at least 70 percent and probably more of the code was exactly the same in the Crazy Brainstorming game part as in this app from Rention. So, basically, they just lifted the code from another game. But it didn’t work very well, because it kept, like, the code was so copied that it was calling back to the legit company for information…
Dave Bittner: [00:13:12] Oh, wow.
Marcelle Lee: [00:13:12] …And it just didn’t work. (Laughs)
Dave Bittner: [00:13:15] Walk through this with me, my line of thinking here, because it sounds like the Crazy Brainstorming app never actually runs. You can actually play Crazy Brainstorming on your device because the first thing it does is it hides itself.
Marcelle Lee: [00:13:29] Yeah, basically.
Dave Bittner: [00:13:29] So, do we suppose that that code is in there to get it past code review?
Marcelle Lee: [00:13:35] It could be. I’m speculating here…
Dave Bittner: [00:13:38] Yeah.
Marcelle Lee: [00:13:38] …Because I don’t really know, but that would make sense. Trying to get past code review or just to at least have the appearance of a real game. Because, I mean, there is, before it deletes itself, it drops that Game Center shortcut…
Dave Bittner: [00:13:51] Right.
Marcelle Lee: [00:13:50] …And you could theoretically play it for a bit there. But like we said, it doesn’t really work. So, yeah, it’s a bit odd, because really the delivery seems to be of primarily the ads, which never really stop. And then the redirection to the website that we talked about. I don’t know, it didn’t seem terribly sophisticated, in terms of being able to see exactly, like, what the purpose was of this thing.
Dave Bittner: [00:14:17] Right. It also leaves me scratching my head that there were over a million downloads of this.
Marcelle Lee: [00:14:24] Yeah. In like a month.
Dave Bittner: [00:14:26] Yeah. Well, and are there no reviews? I don’t know about you, but before I download an app, I generally check the reviews, and I can’t imagine there would be positive reviews for an app like this. Any insights there?
Marcelle Lee: [00:14:39] Yeah. So, this is a bit of a mystery to our team as well. We haven’t quite worked out how an app like this can show that it has a million downloads. We doubt that it legitimately had a million downloads, so there must be some way to, like, spoof that. And that part we haven’t figured out yet.
Dave Bittner: [00:14:58] Oh.
Marcelle Lee: [00:14:58] But we’ve seen this with other apps. And it’s just – it makes no sense for an app of this nature to be on the Play Store for like a month and get a million downloads
Dave Bittner: [00:15:10] I see.
Marcelle Lee: [00:15:10] Unless – the other thing is, you know, do they have bots, like, driving the activity and it really was a million downloads? So, we’re not sure.
Dave Bittner: [00:15:18] Yeah, but they’re using that display of a million downloads as a misdirection for people to say, oh, well, if a million people downloaded this, it must be good.
Marcelle Lee: [00:15:26] Exactly.
Dave Bittner: [00:15:26] I see.
Marcelle Lee: [00:15:26] And we’ve seen that with other apps too. So, I don’t know how they do it, but I would definitely say it’s a spoofed figure – not real.
Dave Bittner: [00:15:32] Okay.
Marcelle Lee: [00:15:33] So, yeah, you bring up a good point, because I try to caution people all the time about being careful about what they are downloading on their phones, because I think the average person tends to think if it’s coming from the Play Store or, you know, the iTunes store, then it’s probably legit. And that just isn’t the case, right? So, like you said, looking at the reviews is a good way, and this app did not have good reviews at all. People were like, it doesn’t work, it’s nothing but ads.
Dave Bittner: [00:16:01] Mm-hmm.
Marcelle Lee: [00:16:01] You know, things that were true. And then if you look at the developer, that’s something that I’ll look at as well. And in this case, the developer was a Linda Wang, which is sort of weird – usually it’s like a company name, not a person’s name. Their contact information was just a rando Gmail address. All these are things that would be red flags to me. Like, I want to see a known developer and, like, an actual website that I could go to to check them out…
Dave Bittner: [00:16:32] Right.
Marcelle Lee: [00:16:32] …As opposed to, you know, this sort of thing.
Dave Bittner: [00:16:35] Now, suppose somebody downloads this. It’s on their mobile device. Was there any hope of your average, you know, mere mortal removing it?
Marcelle Lee: [00:16:43] It would be really tricky for the average person to do it because, you know, like I said, the icon itself disappears, so you can’t do the little finger drag to uninstall, and it doesn’t show up in the list of apps either. So, you would basically have to go into settings somewhere, where apps were listed in another capacity, and remove it that way. But it wouldn’t be an easy thing to do.
Dave Bittner: [00:17:10] All right. Well, what are your recommendations, then, for folks to protect themselves against this? I mean, what are the red flags?
Marcelle Lee: [00:17:17] Well, some of the things I said, you know, before you even download it, but once you downloaded an app, you’re going to get a notification of what sort of permissions that app wants. This is another area to be cautious because, you know, if it’s like, say, a Crazy Brainstorming game app and it wants to know where you’re located, and you know, there’s different locations too, like general versus sort of like a very granular. Does it want access to all your contacts? So on and so forth. There’s a lot of sort of permission red flags for me.
Marcelle Lee: [00:17:47] I also recommend that everybody has antivirus or anti-malware installed on their mobile devices, because that’s saved me more than one time, in terms of not getting dinged by an app that was malicious, or a website, too. It’ll usually protect you from bad browsing stuff. So, I always recommend that. And it’s surprising, Dave. Like, hardly anybody I know ever has that on their phone.
Dave Bittner: [00:18:13] Yeah, it’s interesting. I think you folks have a little – a false sense of security. I think they think that these app stores are going to protect them, and that’s not always the case.
Marcelle Lee: [00:18:21] Yeah, it really is. It’s just, like I said before, whack-a-mole. There’s just too much out there to keep on top of. So, yeah, it’s pretty interesting. And I will say, as a general rule of thumb, like, I don’t recommend installing, like, apps that are flashlights. Flashlight apps are notorious for carrying malware with them. And most phones already have flashlights, so it’s a little redundant anyway. Also, a lot of apps that say that they’re antivirus are sometimes malware as well. So again, you have to be careful, like who is that publisher of that app? You know, is it coming from a known antivirus company or is it coming from Linda Wang? So, just things look out for.
Dave Bittner: [00:19:04] Our thanks to Marcelle Lee from White Ops for joining us. The research is titled,” Another Day Another Fraudulent App.” We’ll have a link in the show notes.
Dave Bittner: [00:19:14] Thanks to Juniper Networks for sponsoring our show. You can learn more at juniper.net/security, or connect with them on Twitter or Facebook.
Dave Bittner: [00:19:23] And thanks to Enveil for their sponsorship. You can find out how they’re closing the last gap in data security at enveil.com.
Dave Bittner: [00:19:31] The CyberWire Research Saturday is proudly produced in Maryland out of the startup studios of DataTribe, where they’re co-building the next generation of cybersecurity teams and technology. The coordinating producer is Jennifer Eiben. Our amazing CyberWire team is Stefan Vaziri, Tamika Smith, Kelsea Bond, Tim Nodar, Joe Carrigan, Carole Theriault, Nick Veliky, Bennett Moe, Chris Russell, John Petrik, Peter Kilpe, and I’m Dave Bittner. Thanks for listening.
Orange, Calif.-based UCI Health partnered with information technology company Connexient to add its indoor mapping and navigation software to the health system’s Epic MyChart mobile app.
Connexient’s software provides turn-by-turn indoor navigation with features such as “find my car” and “parking planner.” By adding it to the Epic MyChart app, patients can access their health information including lab results, appointment information and medications as well as directions to navigate around the hospital on a single platform.
“We are always looking for new and innovative ways to improve the patient experience,” said Sriram Bharadwaj, senior applications director at UCI Health Information Services. “Connexient’s wayfinding technology enables us to build upon our digital platform while creating a seamless integration with our EMR system.”
UCI Health is the clinical enterprise of the University of California, Irvine. It comprises the 417-bed, Orange, Calif.-based UCI Medical Center as well as primary and specialty care offices.
To receive the latest hospital and health system business and legal news and analysis from Becker’s Hospital Review, sign-up for the free Becker’s Hospital Review E-weekly by clicking here.
