3 TIPS FOR SECURING YOUR ANDROID DEVICE

Recently, we asked you, our valued readers, to tell us which topics you would like to see on AndroidPIT in the future. The results showed that about 90% of you were interested in learning more about security and privacy. With that in mind, here are three things you can do today to make your Android device more secure.

• Our review of the Telegram messenger
• Is antivirus software really necessary for Android? 

1. Encrypting your device

Encryption is a process which encodes your private data on a device, so that it can't be read by anyone unauthorized. Once you encrypt your Android smartphone, any new data becomes encrypted automatically. Decrypting takes place automatically for you as well.

Android has two methods for encrypting your device:

Full disk encryption on Android (5.0 and up)

According to Google, "full-disk encryption uses a single key—protected with the user’s device password—to protect the whole of a device’s userdata partition. Upon boot, the user must provide their credentials before any part of the disk is accessible." This is secure, but when you reboot your phone, your data isn't accessible until your credentials are entered. Which means, things like alarm notifications and phone calls can't take place.

File-based encryption on Android (7.0 and up)

For those who have Nougat already, Android's file-based encryption "allows different files to be encrypted with different keys that can be unlocked independently." With the Direct Boot function, devices can "boot straight to the lock screen, thus enabling quick access to important device features like accessibility services and alarms."

2. Secure messaging on Android

The Secure Messaging Scorecard by the Electronic Frontier Foundation (EFF) is a great resource for evaluating all the complex ways a messaging service can be secured or unsecured. There are a lot of factors to take into account, and if you're not a security expert, you may not have considered something like whether or not your messages were encrypted during transit. Nevertheless, these details are still very important. 

Their scorecard evaluates messengers based on the following criteria:

• Encrypted in transit?    
• Encrypted so the provider can’t read it?    
• Can you verify contacts’ identities?    
• Are past comms secure if your keys are stolen?    
• Is the code open to independent review?    
• Is security design properly documented?    
• Has there been any recent code audit?

With these factors in mind, there are many apps which meet all the criteria on the scorecard. Since security and usability are often at odds with each other, some apps which meet these criteria aren't the most user-friendly or widely adopted.

For both security and usability, I recommend the average person to try Signal for secure communications. It's user-friendly and popular among the security-conscious crowd.

3. Enable Two-factor Authentication on everything

Two-factor authentication, also called two-step verification, requires two authentication methods, like passwords, PIN numbers, fingerprints or physical access to your cell phone. This method of securing your accounts works on many services, and you may already have used it with your online banking platform. 2FA, as it is sometimes known, even works with various social media platforms to prevent other people from hijacking your online identity. Facebook, Twitter and LinkedIn all have the feature. Major payment platforms like PayPal and cloud storage services like Dropbox also usually support 2FA. And, very importantly, you should enable it on your Google Account as well.

What other security topics are you interested in? Have you tried any of the above methods before?

'Over 1 million Google accounts breached by Android malware Gooligan'

A new variant of an Android malware called "Gooligan" is believed to have breached the security of over one million Google accounts.

According to security firm Check Point Software Technologies, the malware roots Android devices and steals email addresses and authentication tokens stored on them.

This can give attackers access to users' sensitive data from Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite, it said.

"This theft of over a million Google account details is very alarming and represents the next stage of cyber- attacks. We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them," Check Point's head of mobile products Michael Shaulov said.

No immediate comment could be received from Google on the matter.

Check Point's report said the malware campaign infects 13,000 devices each day and that Gooligan targets devices on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which represent nearly 74 per cent of Android devices in use today.

About 40 per cent of these devices are located in Asia and about 12 per cent are in Europe.

After attackers gain control over the device, they generate revenue by fraudulently installing apps from Google Play and rating them on behalf of the victim, the report said.

"Every day Gooligan installs at least 30,000 apps on breached devices, or over 2 million apps since the campaign began," it added.

The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device, or by clicking on malicious links in phishing attack text messages.

Check Point said it has reached out to the Google security team immediately with information on this campaign.

"We appreciate Check Point's partnership as we've worked together to understand and take action on these issues. As part of our ongoing efforts to protect users from the Ghost Push family of malware, we've taken numerous steps to protect our users and improve the security of the Android ecosystem overall," Google's director of Android security Adrian Ludwig was quoted as saying.

Among other actions, Google has contacted affected users and revoked their tokens, removed apps associated with the Ghost Push family from Google Play, and added new protections to its Verify Apps technology.

Check Point?s Mobile Research Team first encountered Gooligan's code last year and in August this year, the malware reappeared with a new variant and has since infected at least 13,000 devices per day.

Check Point is offering a free online tool that allows users to check if their account has been breached.

"If your account has been breached, a clean installation of an operating system on your mobile device is required. For further assistance, you should contact your phone manufacturer or mobile service provider," Shaulov said.

New Google phone comes with suite of 'smart' technology

Google has unveiled its new smartphone along with a suite of new hardware products that work together and make use of the company's personal assistant software.

At a product launch in San Francisco on Tuesday, the company officially announced the Pixel phone, the Daydream View virtual reality headset, the Chromecast Ultra streaming device and the Google Home smart speaker.

None of these devices are unique to Google, and the tech giant faces stiff competition from established companies like Apple and Sony.

But Google is gambling that the deep well of data it has accumulated about people through its search engine and online software puts it in the best position to leverage emerging technologies for individual consumers.

"Our goal is to build a personal Google for each and every user," CEO Sundar Pichai said. "We want to build a Google for each user."

Pixel phones

The Pixel phone marks the company's most aggressive challenge yet to Apple and Samsung.


Google has released a series of its own phones, dubbed Nexus, since 2010. Those phones had limited distribution and were typically embraced by Google purists. Now, the company is casting aside the Nexus name as it aims to become an even more prominent player in the mobile market.

Described as "the first phone made by Google inside and out," it comes with a voice-activated, built-in personal assistant.

Assistant, Google's answer to Apple's Siri, listens to voice commands and performs tasks, such as playing music or making restaurant reservations. It links directly to a user's Google account so it can access things like email and calendars to provide a personalized experience. 

Pixel is available for preorder in Canada for $899 or $1,149 for the larger version.

Google Home

Google is ready to start selling its echo of Amazon's Echo.

Googe Home is an internet-connected speaker that uses Assistant to transform your abode into a smart home.

It will be able to perform many of the same tasks as Echo, including playing music and fielding questions about everything from the weather to what's playing at the local theatre.

But Google is betting that the knowledge that it has gained while running the world's dominant search engine will make the computer-powered assistant in Home smarter than Echo's Alexa, which has been on the market since 2014.

Amazon Echo challenges Toronto's Ubi voice assistant

Home will also be able to control lights, appliances and other devices around the house, assuming you've installed "smart" versions of them.

And like most of Google's new hardware, Home will work closely with other Google devices. For example, if you have a Chromecast streaming device, you can use Home to control video on your TV.

Home will cost $129 US ($170 Cdn).

Daydream View

The company also gave us a look at its virtual reality headset Daydream View, which comes with a small remote and slate of exclusive content.

The new wireless motion controller for Daydream can function like a fishing rod, a steering wheel or a pointer to permit more sophisticated VR experiences.

The headset is paired with any Daydream-ready phone. For the time being, that exclusively means Pixel, but Google says more compatible phones will roll out. 

Daydream is a challenge to more sophisticated systems from Facebook's Oculus business, HTC and Sony.

Google says 50 partners are bringing apps and games to Daydream, with more on the way. Google services such as photos, YouTube and Street View maps will also come to Daydream.

The Daydream View will hit shelves in November for $79 US ($104 Cdn).

Chromecast Ultra

Google is updating its Chromecast video-streaming device for watching Netflix and other online video on big screens.

The new device, Chromecast Ultra, will support a higher-resolution format called 4K and work in concert with Google Home. 

Google is facing competition with low-end devices. Roku just announced a $30 Express model that's about the size of a finger, while Amazon just updated its $40 Fire TV Stick. Both of those devices come with a remote, making them suitable stand-alone gadgets. But neither streams in 4K.

What you need to know about 4K TV

Wi-Fi router

The new Google Wi-Fi system will be modular — just add new components based on how your home and rooms are shaped. Software will help manage the various access points for you as you move around.

It will cost almost $130 ($171 Cdn) for the main device. A three-pack for larger homes will cost about $386 Cdn.

New devices could help Google keep its services front and centre in the battle for consumers' attention, said analyst Julie Ask at Forrester Research.

Unlike a new mobile app or other software, she noted, it can be an expensive gamble to build and ship new hardware products. "But if you're Google, you can't afford to stop placing bets."​

Everything you need to know about Google Allo

The very best by Google is here! If you have been jostling to find one resource that provides consolidated information about the newly launched Google Allo, Artificial Intelligence (AI) powered messaging app that was announced alongside Duo, during its annual I/O event in May, this year, here we are.

There are several apps connecting people to their contacts – ranging from the most popular, WhatsApp and Facebook Messenger, to Hike, Hangouts and Viber, to name a few, Google decided to enter the market with its revolutionary and more personalized new messaging app that boasts artificial intelligence system, as well as other new features such as end-to-end encryption, voice messages, and sticker packs.
So, what is the app all about and how it is different from existing messenger applications that you have on your smart devices? Let’s find out:

Google Allo signup and account creation

Just like our very own Whatsapp, the process to sign up on Allo is pretty simple. It uses your mobile number, so you can use it to send instant messages to anyone in your phonebook, along with other Allo users. You can also sync your Gmail account with the app, and keep track of mails and important meetings with built-in AL powered by Google Assistant, the assistive technology. This feature makes it unique.

App interface and design

Google is known to keep the interface of all their products user-friendly. Regular Google users would not take long to figure out app’s interface, settings and features. The overall interface is pretty basic and seamless for any user to get acquainted to.
"Allo is a smarter messaging app, with machine intelligence and our natural language processing advances from search," explains Fulay. "Smart reply – which we first built for Inbox gives real time suggestions to quickly reply to a message based on your responses, and it learns over time."

Security

You can also use Allo in incognito mode, where your text messages will not be logged and the chat gets fully encrypted. However, this also restricts some smart features. To combat this problem, Allo plans to keep only temporary message logs, in order to improve the Google Assistant and Smart reply features. Allo offers an Incognito Mode, which means you get to access not only end-to-end encrypted messages but also value added features like expiring chats and private notifications. Benefit? You can keep all yours messages safe, as well as control how and when to permanently delete them from your device. Basically, you get additional controls over the privacy of your chats.

Smart Reply

One of the well-noted, distinctive features of Allo is its ability to send smart replies. "I actually miss this when I'm not using Allo," adds Fulay. "If I use any other messaging app I miss this because it really keeps the conversation going."
However, smart replies can take a week of training for someone to make the most of this feature. Fulay also demonstrated smart replies to show how they work effectively. He shows us how it responds to a picture and a number of common messages by offering a suitable and quick response.

Google Assistant

Finally, Siri like experience for Android users! If you have used chat bots like Slack, it won’t take you much time to get acquainted with the in-built virtual assistant that Allo has to offer.  You can call on Google Assistant at any time just by typing "@google" in Allo. For example, if you and your friend are making plans to visit a Chinese restaurant in your area, you can simply type in your query in the chat window to bring up these results. Google Assistant will proactively suggest options to your queries at the bottom of the app's messaging window. That means you no longer have to leave your messaging app to do a quick Google search for your favourite restaurants, Coldplay concert details, movie time and so on. You can simply copy the information from the bottom window to your chat window and share it with your friends. Allo's Google Assistant can get everything done in the app itself. During the launch of the app in May, Sundar Pichai, Google CEO said, “Think of the assistant, we think of it as a conversational assistant, we want users to have an ongoing two-way dialogue.”

Why would you use Google Allo?

You might want to give it a try for the amazing set of new and powerful features that this messaging app has to offer. Most distinctive features have been described above…and all of it is available totally free of cost.

Google Glass 2.0 is real, and here are photos to prove it

The next generation of Google Glass, Google's head-mounted wearable display, is the real deal.

A filing to the Federal Communications Commission, the U.S. government body that must review and approve personal electronics like phones and wearables, reveals photos of the device's external design, along with internal circuitry (see below) and also a basic user manual. The filing also includes a statement on company letterhead authorizing a third party to help get Google through the FCC's authorization process.

A new edition of Google Glass signals a possible new direction for the company's stalled and stagnant wearable, especially if it winds up in use as a business tool rather than as product for everyday buyers, as blog 9-to-5 Google reports.

Named as model GG1 on the FCC documents, the device appears to hew closely to the original Google Glass Explorer Edition. In other words, it will look like a set of eyeglass frames with a screen floating above your eye.

A previous patent from November depicts a version of Glass that looks like a squiggle of a device that would hug only half your head. Google apparently isn't ready for that future of Glass yet.

Unconfirmed rumors from 9-to-5 Google and The Wall Street Journal suggest that the new edition of Google Glass will have a larger prism, a sturdier design and include an Intel Atom processor. It could sell directly to businesses.

Google Glass has had a rough ride so far. Launched in 2012 for developers and then in 2013 for buyers, Google Glass was widely received as expensive and invasive, the latter because people feared they were being photographed or recorded without knowledge or permission. Google stopped selling its first Glass edition in January 2015.

Android N Developer Preview 2 Includes New Vulkan 3D Rendering API

Among the top new features of the recently released Android N Developer Preview 2 is Vulkan, a new 3D rendering API which Google helped to create as a member of the Khronos Group.  

Vulkan is a new generation graphics and compute API that provides high-efficiency, cross-platform access to modern GPUs used in a wide variety of devices from PCs and consoles to mobile phones and embedded platforms. 

For developers, it offers a significant boost in performance for draw-call heavy applications. Vulkan’s reduction of CPU overhead allows some synthetic benchmarks to see as much as 10 times the draw-call throughput on a single core as compared to OpenGL ES. 

Combined with a threading-friendly API design, which allows multiple cores to be used in parallel with high efficiency, this offers a significant boost in performance for draw-call heavy applications.

Vulkan support is available now via the Android N Preview on devices which support it, including Nexus 5X and Nexus 6P.  According to a recent blog post, the Android team reports there are many similarities between OpenGL ES and Vulkan, but Vulkan offers these new features for developers:

- Application control of memory allocation: Vulkan provides mechanisms for fine-grained control of how and when memory is allocated on the GPU. This allows developers to use their own allocation and recycling policies to fit their application, ultimately reducing execution and memory overhead and allowing applications to control when expensive allocations occur.

- Asynchronous command generation: In OpenGL ES, draw calls are issued to the GPU as soon as the application calls them. In Vulkan, the application instead submits draw calls to command buffers, which allows the work of forming and recording the draw call to be separated from the act of issuing it to the GPU. By spreading command generation across several threads, applications can more effectively make use of multiple CPU cores. These command buffers can also be reused, reducing the overhead involved in command creation and issuance.

- No hidden work: One OpenGL ES pitfall is that some commands may trigger work at points which are not explicitly spelled out in the API specification or made obvious to the developer. Vulkan makes performance more predictable and consistent by specifying which commands will explicitly trigger work and which will not.

- Multithreaded design, from the ground up: All OpenGL ES applications must issue commands for a context only from a single thread in order to render predictably and correctly. By contrast, Vulkan doesn’t have this requirement, allowing applications to do work like command buffer generation in parallel -  but at the same time, it doesn’t make implicit guarantees about the safety of modifying and reading data from multiple threads at the same time. The power and responsibility of managing thread synchronization is in the hands of the application.

Mobile-friendly features: Vulkan includes features particularly helpful for achieving high performance on tiling GPUs, used by many mobile devices. Applications can provide information about the interaction between separate rendering passes, allowing tiling GPUs to make effective use of limited memory bandwidth, and avoid performing off-chip reads.

Offline shader compilation: Vulkan mandates support for SPIR-V, an intermediate language for shaders. This allows developers to compile shaders ahead of time, and ship SPIR-V binaries with their applications. These binaries are simpler to parse than high-level languages like GLSL, which means less variance in how drivers perform this parsing. SPIR-V also opens the door for third parties to provide compilers for specialized or cross-platform shading languages.

- Optional validation: OpenGL ES validates every command you call, checking that arguments are within expected ranges, and objects are in the correct state to be operated upon. Vulkan doesn’t perform any of this validation itself. Instead, developers can use optional debug tools to ensure their calls are correct, incurring no run-time overhead in the final product.

Other new functionality with the Android N Preview 2 include:

- Launcher shortcuts: Now, apps can define shortcuts which users can expose in the launcher to help them perform actions quicker. These shortcuts contain an Intent into specific points within your app (like sending a message to your best friend, navigating home in a mapping app, or playing the next episode of a TV show in a media app).

An application can publish shortcuts and launchers can be expected to show 3-5 shortcuts for a given app.

- Emoji Unicode 9 support: Google is introducing a new emoji design for people emoji that moves away from a generic look in favor of a more human-looking design. If you’re a keyboard or messaging app developer, you should start incorporating these emoji into your apps. The update also introduces support for skin tone variations and Unicode 9 glyphs, like the bacon, selfie and face palm.

API changes: This update includes API changes as Google continue to refine features such as multi-window support (you can now specify a separate minimum height and minimum width for an activity), notifications, and others.

Stable Release of Android Studio 2.1 Supports Android N Developer Preview

The stable release of Android Studio 2.1 is now available and includes updates to the platform’s IDE wizards, build system and Android Emulator. The Android Studio development team says that the latest release provides access to new features and APIs of the developer preview including the new Jack compiler and Java 8 language support. Android Studio 2.1 includes performance improvements to Instant Run which provides faster edit and deploy build speeds.

Highlights of the new features to Android Studio 2.1:



N Developer Preview Support

For developers who want test and validate an app with the Android N Developer Preview, Android Studio 2.1 is the suggested IDE to do so. Developers can access the latest versions of the preview SDK, learn the functionality of new Java 8 support, and utilize the official Android Emulator able to run N Developer Preview Emulator System Images to help in with testing.


The Android Studio 2.1 release includes support for the new Jack compiler and support for Java 8. With the Jack compiler, lambdas, method references, compile-time type annotations, intersection types and type inference are available on all versions of the Android platform. Default and static methods and repeatable annotations are available on Android N and higher. To use Java 8 language features when developing with the N Developer Preview, developers need to use the Jack compiler.

Instant Run

Developers can access fast edits, builds and deploy cycles with Android Studio 2.0 as Instant Run now can now update incremental changes to app code much faster. Instant Run and general build speed are now faster due to two new features - incremental Java compilation and in-process dex.

In previous versions of Android Studio, a single line of Java code change will cause all the Java sources in the module to be recompiled. Now in Android Studio 2.1, incremental Java compilation is enabled by default to reduce compilation time by compiling only what is needed.


Build times are now faster by using in-process dex, which converts class files to dex files within the Gradle daemon process. This avoids the processing operation of creating separate dex processes. To use this feature, developers will need to increase the amount of memory available to the Gradle daemon to at least 2GB (1 GB is the default). This feature will help speed up both incremental and full builds.

Read More: https://developer.android.com/studio/intro/index.html

Google launches certification program for development agencies

Google has made good on a pledge the company made last December of launching a certification program for software development agencies; with the program now live in a number of countries.

The initial announcement came via a blog post last year where the company shared its plans to offer a 'unique' program for software development agencies working on mobile apps. Few updates regarding the progress of the program were provided until today, but Google says it drew interest from "hundreds" of agencies.

Uttam Kumar Tripathi, Global Lead of the Developer Agency Program at Google, made the announcement today of a successful launch in countries including the UK, India, Russia, Indonesia, USA, and Canada.

Google makes it clear that it does “not endorse, or offer any warranty, regarding the certified agencies,” but rather it aims to highlight some of the agencies that Google considers among the best. Of course, the program focuses on agencies which build Android software but will also support those who create web applications.

“The Agency Program is an effort by Google’s Developer Relations team to work closely with development agencies around the world and help them build high-quality user experiences,” Tripathi says.

Certified agencies receive personalised training through local events and hangouts, dedicated content, priority support from product and developer relations teams, and early access to upcoming developer products. Google plans to review and include more agencies in their program over the year along with expanding the program to other countries.

You can find out more information about the Agency Program here.

What are your thoughts on Google's certification program? Let us know in the comments.