"android" entries

Batten down the hatches

Four core questions that every security team must ask itself to develop its strategy in dealing with attacks.

Massive software vulnerabilities have been surfacing with increasingly high visibility, and the world’s computer administrators are repeatedly thrust into the cycle of confusion, anxiety, patching and waiting for the Next Big One. The list of high profile vulnerabilities in widely used software packages and platforms continues to rise. A recent phenomenon has researchers borrowing from the National Hurricane Center’s tradition, to introduce a vulnerability with a formal name. Similar to hurricanes and weather scientists, security researchers, analysts, and practitioners observe and track vulnerabilities as more details unfold and the true extent of the risk (and subsequent damage) is known.

Take for example the Android vulnerability released at the beginning of August, 20151. This vulnerability, named “Stagefright” after its eponymous application, can lead to remote code execution (RCE) through several vectors including MMS, Email, HTTP, Media applications, Bluetooth, and more. These factors coupled with the fact that at its release there were no approved patches available for upwards of 95% of the world’s mobile Android footprint means the vulnerability is serious — especially to any organization with a significant Android population.

Read more…

Comment

Battery performance in Android M

Exploring the new Android M battery performance features.

batteries

It has been a long held personal belief that most battery drain issues on smartphone devices are due to applications that are improperly tuned. I work very closely with mobile developers to help optimize mobile apps for speed and battery life with AT&T’s own Application Resource Optimizer. I am also in the process of finishing up a book on High Performance Android Apps that will be published later this summer. So I am always excited to see mobile application performance hit the center stage.

Last month, Google held its annual Google I/O conference, where they announce new products, tools and features. This year, with the release of the Android M developer preview, performance of mobile devices/battery life and app performance were on the center stage (and unveiled at the keynote!). Lets look at the new features and tools available to users and developers to make Android’s battery life better.
Read more…

Comment
Four short links: 16 June 2014

Four short links: 16 June 2014

Decision Trees, Decision Modifications, Mobile Patents, Web Client

  1. Quick DT — open source (Java) decision tree learner.
  2. Revealing Hidden Changes to Supreme Court OpinionsWHEREAS, It is now well-documented that the Supreme Court of the United States makes changes to its opinions after the opinion is published; and WHEREAS, Only “Four legal publishers are granted access to “change pages” that show all revisions. Those documents are not made public, and the court refused to provide copies to The New York Times”; and WHEREAS, git makes it easy to identify when changes have been made; RESOLVED, I shall apply a cron job to at least identify when the actual PDF has changed so everyone can see which documents have changed.
  3. Microsoft’s “Killer” Android Patents Revealed (Ars Technica) — Chinese Government required them disclosed as part of MSFT-Nokia merger. The patent lists are strategically significant, because Microsoft has managed to build a huge patent-licensing business by taxing Android phones without revealing what kind of legal leverage they really have over those phones.
  4. HTTPiea command line HTTP client, a user-friendly HTTP client.
Comment
Four short links: 9 May 2014

Four short links: 9 May 2014

Hardening Android, Samsung Connivery, Scalable WebSockets, and Hardware Machine Learning

  1. Hardening Android for Security and Privacy — a brilliant project! prototype of a secure, full-featured, Android telecommunications device with full Tor support, individual application firewalling, true cell network baseband isolation, and optional ZRTP encrypted voice and video support. ZRTP does run over UDP which is not yet possible to send over Tor, but we are able to send SIP account login and call setup over Tor independently.
  2. The Great Smartphone War (Vanity Fair) — “I represented [the Swedish telecommunications company] Ericsson, and they couldn’t lie if their lives depended on it, and I represented Samsung and they couldn’t tell the truth if their lives depended on it.” That’s the most catching quote, but interesting to see Samsung’s patent strategy described as copying others, delaying the lawsuits, settling before judgement, and in the meanwhile ramping up their own innovation. Perhaps the other glory part is the description of Samsung employee shredding and eating incriminating documents while stalling lawyers out front. An excellent read.
  3. socketclusterhighly scalable realtime WebSockets based on Engine.io. They have screenshots of 100k messages/second on an 8-core EC2 m3.2xlarge instance.
  4. Machine Learning on a Board — everything good becomes hardware, whether in GPUs or specialist CPUs. This one has a “Machine Learning Co-Processor”. Interesting idea, to package up inputs and outputs with specialist CPU, but I wonder whether it’s a solution in search of a problem. (via Pete Warden)
Comment: 1
Four short links: 5 March 2014

Four short links: 5 March 2014

Cheap Gesture Sensor, Ignorance as Strength, Android Malware Resistance, and Security Talks

  1. $1 Gesture-Recognizing Device (GigaOm) — the AllSee is the size of a quarter, harvests RF for power, and detects the variations in signal strength caused by gestures.
  2. A Conversation with Sydney BrennerThe thing is to have no discipline at all. Biology got its main success by the importation of physicists that came into the field not knowing any biology and I think today that’s very important. I strongly believe that the only way to encourage innovation is to give it to the young. The young have a great advantage in that they are ignorant. Because I think ignorance in science is very important. If you’re like me and you know too much you can’t try new things. I always work in fields of which I’m totally ignorant.
  3. Android Almost Impenetrable to Malware — multiple layers of defence, including signatures of known-bad systems found in the wild, necessary to retain an “open” marketplace vs Apple’s lock-down.
  4. TrustyCon (YouTube) — video of the speakers at the conference that was set up by speakers who withdrew from the RSA conference. (via BoingBoing)
Comment
Four short links: 24 February 2014

Four short links: 24 February 2014

Your Brain on Code, Internet of Compromised Things, Waiting for Wearables, and A/B Illusions

  1. Understanding Understanding Source Code with Functional Magnetic Resonance Imaging (PDF) — we observed 17 participants inside an fMRI scanner while they were comprehending short source-code snippets, which we contrasted with locating syntax error. We found a clear, distinct activation pattern of five brain regions, which are related to working memory, attention, and language processing. I’m wary of fMRI studies but welcome more studies that try to identify what we do when we code. (Or, in this case, identify syntax errors—if they wanted to observe real programming, they’d watch subjects creating syntax errors) (via Slashdot)
  2. Oobleck Security (O’Reilly Radar) — if you missed or skimmed this, go back and reread it. The future will be defined by the objects that turn on us. 50s scifi was so close but instead of human-shaped positronic robots, it’ll be our cars, HVAC systems, light bulbs, and TVs. Reminds me of the excellent Old Paint by Megan Lindholm.
  3. Google Readying Android Watch — just as Samsung moves away from Android for smart watches and I buy me and my wife a Pebble watch each for our anniversary. Watches are in the same space as Goggles and other wearables: solutions hunting for a problem, a use case, a killer tap. “OK Google, show me offers from brands I love near me” isn’t it (and is a low-lying operating system function anyway, not a userland command).
  4. Most Winning A/B Test Results are Illusory (PDF) — Statisticians have known for almost a hundred years how to ensure that experimenters don’t get misled by their experiments […] I’ll show how these methods ensure equally robust results when applied to A/B testing.
Comment: 1
Four short links: 10 February 2014

Four short links: 10 February 2014

Sterling Zings, Android Swings, Data Blings, and Visualized Things.

  1. Bruce Sterling at transmediale 2014 (YouTube) — “if it works, it’s already obsolete.” Sterling does a great job of capturing the current time: spies in your Internet, lost trust with the BigCos, the impermanence of status quo, the need to create. (via BoingBoing)
  2. No-one Should Fork Android (Ars Technica) — this article is bang on. Google Mobile Services (the Play functionality) is closed-source, what makes Android more than a bare-metal OS, and is where G is focusing its development. Google’s Android team treats openness like a bug and routes around it.
  3. Data Pipelines (Hakkalabs) — interesting overview of the data pipelines of Stripe, Tapad, Etsy, and Square.
  4. Visualising Salesforce Data in Minecraft — would almost make me look forward to using Salesforce. Almost.
Comment: 1
Four short links: 7 February 2014

Four short links: 7 February 2014

Future of Programming, Android Conceal, Software Dependency, and IoT OS

  1. 12 Predictions About the Future of Programming (Infoworld) — not a bad set of predictions, except for the inane “squeezing” view of open source.
  2. Conceal (Github) — Facebook Android tool for apps to encrypt data and large files stored in public locations, for example SD cards.
  3. Dreamliner Softwareall three of the jet’s navigation computers failed at the same time. “The cockpit software system went blank,” IBN Live, an Indian television station, reported. The Internet of Rebooting Things.
  4. Contiki — open source connective OS for IoT.
Comment

Upward mobility: TVs are the new mobile

Mobile developers to gain a new set of platforms for their apps

photo: EricaJoy http://en.wikipedia.org/wiki/File:Chromecast_dongle.jpg One of the perennial technologies that regularly appears at the Consumer Electronics Show is the smart TV set, but they never seem to gain the kind of traction that the manufacturers hope that they will. This may finally be coming to a end, however, as a new generation of smart TVs are poised to enter the market. Even Apple is finally supposed to release their own products in this space this year. And when these hyper-aware TV sets enter the Internet of Things, they are likely to do it running mobile operating systems.

The reasons for this are several. From a purely economic standpoint, the margins on televisions don’t really afford room to pay for a full-blown desktop operating system license, nor the hardware required to support a rich desktop environment. It’s also unclear that anyone would want to run Microsoft Word or other general types of software on their TV. While a free operating system such as a desktop Linux OS might fit the bill, especially since it is famous for being able to run on a meager amount of hardware, it is equally unclear if it will be able to run the software that manufacturers and users are going to want to see on a TV.

Read more…

Comment

Upward Mobility: Predictions for 2014

All predictions are for entertainment purposes only!

It is a generally accepted requirement that all technology pundits attempt a yearly prognostication of the coming 12 months. Having consulted my crystal ball, scryed the entrails of a falcon, and completed a 3 day fasting ritual in a sweat lodge set up inside a Best Buy, I will now tempt the Gods of Hubris and make my guesses for the year in mobile.

Read more…

Comment