Profile

Cover photo
Eric Cochran
Works at IFTTT
Attended Georgia Institute of Technology
604 followers|1,755,436 views
AboutPostsPhotosVideos+1'sReviews

Stream

Eric Cochran

Shared publicly  - 
 
I released a ViewStatePagerAdapter class that saves and restores View states in ViewPagers. #androiddev
ViewStatePagerAdapter - Saves and restores View states in ViewPagers.
1
1
Add a comment...

Eric Cochran

Shared publicly  - 
 
 
Some thoughts on an accidental legal back door currently in the iOS and Android system updates.

Signed updates can be installed on either operating system via iTunes/Recovery, without the user unlocking their device. This means, a government can force an OEM to sign a compromised version of their operating system, to get access to a user's device.

The fix here is to ONLY preserve user data between updates if the user agreed to the update. Android's recovery will need to be passed the pin/pass to verify that it was a user initiated update, otherwise all updates wipe userspace.
61 comments on original post
1
Add a comment...

Eric Cochran

Shared publicly  - 
 
 
Available for purchasing now
Featuring artwork, collectibles, books and more from artist Andrew Bell and Dead Zebra, Inc.
View original post
1
Add a comment...

Eric Cochran

Shared publicly  - 
 
 
#pixelpushing

Listening to +Xavier Ducrohet and +Tor Norbye talking about the internal flow of the new Instant Run functionality is Android Studio be all like...
View original post
3
1
Add a comment...

Eric Cochran

Shared publicly  - 
Featuring artwork, collectibles, books and more from artist Andrew Bell and Dead Zebra, Inc.
1
Add a comment...

Eric Cochran

Shared publicly  - 
 
 
This is a pretty good overview in Ars on Marshmallow.  While looking through it, I saw some things that could use more explanation so thought I'd share my comments.

Extended Voice Actions:
http://arstechnica.com/gadgets/2015/10/android-6-0-marshmallow-thoroughly-reviewed/4/

The discussion about how applications work with the new voice interaction service may be a little misleading.  As with Now on Tap, applications here don't directly interact with Google; rather they go through a platform API (https://developer.android.com/reference/android/app/VoiceInteractor.html for those who care) which interacts with the back-end speech recognition service.  So I wouldn't describe this as developers plugging in to the Google App -- they are using the platform API, which has a back-end plugged in to it (by default via the Google App) that does the recognition.

This is very much how Now on Tap is integrated into the platform, as described in the previous section.  In fact, it isn't very much like, it is it!  Now on Tap and the new voice interaction are all part of the currently enabled VoiceInteractionService, which is what you are selecting when you select which assistant you want.  (This is also why voice actions can now use the context of what you are currently looking at to help with the recognition, because it is also the assistant so it that can do that.)

So, it wouldn't make sense for this to move to a Google Play Services API, because it is a very well-defined platform API.  This also isn't really the first time this pattern has appeared: it is basically how input methods work, where platform APIs arbitrate interaction between the application and the current back-end input method.  More closely, speech-to-text and the old simple speech recognizer are both pluggable components, which applications interact with through a (simple) platform API to whatever back-end implementation the user has selected.

Permissions:
http://arstechnica.com/gadgets/2015/10/android-6-0-marshmallow-thoroughly-reviewed/5/

On the topic of organization of "permissions," while I would agree there is some further cleanup that can happen in the UI, in many cases things are deliberately not simple runtime permissions.  For example, the new "Draw over apps" and "Modify system settings" controls actually correspond to existing permissions, which we explicitly didn't want to turn into simple runtime permissions.  We want to discourage apps from using them unless they have a really good reason, and they don't have anything to do directly with specific personal data access so are really hard to explain to users.

You'll note there is a warning dialog that appears when enabling an app's access to one of these, giving more information about what is happening.  This is also a pattern followed by other existing dangerous access controls like accessibility services and usage access.

Speaking of accessibility, if anything we'd like to see that made less easy for apps to get to.  This feature really is intended for accessibility services, and you should be skeptical about any other kind of app asking for access to it -- it gives that app almost complete control over your device and the ability to see everything you do on it!

Also fwiw, the new runtime permissions implementation makes use of app ops for applying permissions restrictions to pre-M applications.  You can basically see this as the long desired UI for app ops, and app ops' basic behavior remains the same where turning off access means the app simply sees no data (no location, zero contacts, etc).  We never create fake data.

Doze:
http://arstechnica.com/gadgets/2015/10/android-6-0-marshmallow-thoroughly-reviewed/9/

Abuse of high priority messages have a special difference from other things like notifications: they must go through Google servers, so Google can monitor and modify what is being sent to devices.  If apps abuse these for other things besides their intended use, we will be able to stop that abuse without touching any software on the device.  (Also "abuse" here is much less subjective than for notifications, where there is a large gray area of things some users care about and some don't.  For high priority messages, if it isn't something that is time critical to go to the user immediately, it is not appropriate.)

Chrome Custom Tabs:
http://arstechnica.com/gadgets/2015/10/android-6-0-marshmallow-thoroughly-reviewed/10/

This isn't really tying an app to Chrome.  It is defining an extended API with the browser than an app can use to get the behavior.  The standard implementation used by apps should work with any browser as long as it supports the API, regardless of what the default browser is.  So Firefox and others should be able to implement the same API as Chrome and get the same behavior from the same apps.
Marshmallow brings a lot of user-requested features but still has no update solution.
30 comments on original post
1
Add a comment...

Eric Cochran

Shared publicly  - 
 
 
"How should I design my Android application? What kind of MVC pattern should I use? What should I use for an event bus?"

We often see questions from developers that are asking from the Android platform engineers about the kinds of design patterns and architectures they use in their apps. But the answer, maybe surprisingly, is we often don't have a strong opinion or really an opinion at all.

Should you use MVC? Or MVP? Or MVVM? I have no idea. Heck, I only know about MVC from school and had to do a Google search to find other options to put here.

This may be surprising, because Android could feel like it has strong opinions on how apps should be written. With its Java language APIs and fairly high-level concepts, it can look like a typical application framework that is there to say how applications should be doing their work. But for the most part, it is not.

It is probably better to call the core Android APIs a "system framework." For the most part, the platform APIs we provide are there to define how an application interacts with the operating system; but for anything going on purely within the app, these APIs are often just not relevant.

That said, the Android APIs can often look different (or higher level) from what one typically expects in an operating system, which may easily lead to confusion about how they should be used.

For an example of this, let's consider how an operating system defines "how to run an app." In a classic system, this is basically the contract it has with an application about when it should run:

int main(...) {
// My app goes here!
}

So the operating system starts the app, calls its main() function, and the app goes off and runs and does what it wants until it decides it is done. And clearly it is not saying anything here about what the app should be doing or how it should be designed within that main function -- it's a pretty pure blank slate.

In Android, however, we explicitly decided we were not going to have a main() function, because we needed to give the platform more control over how an app runs. In particular, we wanted to build a system where the user never needed to think about starting and stopping apps, but rather the system took care of this for them... so the system had to have some more information about what is going on inside of each app, and be able to launch apps in various well-defined ways whenever it is needed even if it currently isn't running.

To accomplish this, we decomposed the typical main entry point of an app into a few different types of interactions the system can have with it. And these are the Activity, BroadcastReceiver, Service, and ContentProvider APIs that Android developers quickly become familiar with.

These classes may look like they are telling you how the internals of your app should work, but they are not! In fact, they are all about how your app needs to interact with the system (and how the system can coordinate its interaction with other apps). As long as that interaction with the system happens, we don't really care what goes on inside of the app.

To illustrate, let's briefly look at these different APIs and what they really mean to the Android system.

Activity

This is the entry into an application for interacting with the user. From the system's perspective, the key interactions it provides with the app are:

• Keep track of what the user currently cares about (what is on screen) to ensure the process hosting that is kept running.
• Know that previously used processes contain things the user may return to (stopped activities), and thus more highly prioritize keeping those processes around.
• Help the application deal with the situation where its process is killed so the user can return to activities with their previous state restored.
• Provide a way for applications to implement user flows between each other, coordinated by the system. (The most classic example here being share.)

What we don't care about:

Once we have gotten in to this entry-point to your UI, we really don't care how you organize the flow inside. Make it all one activity with manual changes to its views, use fragments (a convenience framework we provide) or some other framework, or split it into additional internal activities. Or do all three as needed. As long as you are following the high-level contact of activity (it launches in the proper state, and saves/restores in the current state), it doesn't matter to the system.

BroadcastReceiver

This is a mechanism for the system to deliver events to the application that may be outside of a regular user flow. Most importantly, because this is another well-defined entry into the app, the system can deliver broadcasts to apps even if they aren't currently running. So, for example, an app can schedule an alarm to post a notification to tell the user about an upcoming event... and by delivering that alarm to a BroadcastReceiver of the app, there is no need for the app to remain running until the alarm goes off.

What we don't care about:

Dispatching events within an app is an entirely different thing. Whether you use some event bus framework, implement your own callback system, whatever... there is no reason to use the system's broadcasting mechanism, since you aren't dispatching events across apps. (In fact there is good reason not to -- there is a lot of unnecessary overhead and many potential security issues if using a global broadcast mechanism for the internal implementation of an app.) We do provide the LocalBroadcastManager convenience class that implements a purely in-process intent dispatching system with a similar API to the system's APIs, if you happen to like them. But again, there is no reason to use that over something else for things going on purely within your app.

Service

A general-purpose entry point for keeping an app running in the background for all kinds of reasons. There are actually two very distinct semantics services tell the system about how to manage an app:

Started services are simply telling the system to, for some reason, "keep me running until I say I am done." This could be to sync some data in the background or play music even after the user leaves the app. Those also represent two different types of started services that modify how the system handles them:

• Music playback is something the user is directly aware of, so the app tells the system this by saying it wants to be foreground with a notification to tell the user about it; in this case the system knows that it should try really hard to keep that service's process running, because the user will be unhappy if it goes away.

• A regular background service is not something the user is directly aware as running, so the system has more freedom in managing its process. It may allow it to be killed (and then restarting the service sometime later) if it needs RAM for things that are of more immediate concern to the user.

Bound services are running because some other app (or the system) has said that it wants to make use of the service. This is basically the service providing an API to another process. The system thus knows there is a dependency between these processes, so if process A is bound to a service in process B, it knows that it needs to keep process B (and its service) running for A. Further, if process A is something the user cares about, than it also knows to treat process B as something the user also cares about.

Because of their flexibility (for better or worse), services have turned out to be a really useful building block for all kinds of higher-level system concepts. Live wallpapers, notification listeners, screen savers, input methods, accessibility services, and many other core system features are all built as services that applications implement and the system binds to when they should be running.

What we don't care about:

Android doesn't care about things going on within your app that don't have any impact on how it should manage your process, so there is no reason to use services in these cases. For example, if you want to start some background operation to download data for your UI, you should not use a service for this -- it is actually important to not be telling the system to keep your process running while doing this, because it really doesn't need to be and the system would be better off having more freedom in managing it with other things the user is doing.

If you just make a simple background thread (or whatever non-service mechanism you want) to do the downloading, you will get the semantics you want: while the user is in your UI, the system will keep your process running for that, so the download will never be interrupted. When they leave your UI, your process will still be kept around (cached) and able to continue downloading, as long as its RAM isn't needed elsewhere.

Likewise for connecting different parts of your app together, there is no reason to bind to a service that is running in the same process as the one binding to it. Doing so is not actively harmful -- the system just sees a dependency from the process to itself so doesn't try to keep it around any more than usual -- but it is a bunch of unnecessary work for both you and the system. Instead, you can just use singletons or other normal in-process patterns for connecting pieces of your app together.

ContentProvider

Finally, the ContentProvider is a fairly specialized facility for publishing data from an app to other places. People generally think of them as an abstraction on a database, because there is a lot of API and support built in to them for that common case... but from the system design perspective, that isn't their point.

What these are to the system is an entry-point into an app for publishing named data items, identified by a URI scheme. Thus an app can decide how it wants to map the data it contains to a URI namespace, handing out those URIs to other entities which can in turn use them to access the data. There are a few particular things this allows the system to do in managing an app:

• Handing out a URI doesn't require the app remain running, so these can go all over the place with the owning app being dead. Only at the point where someone tells the system, "hey give me the data for this URI" does it need to make sure the app owning that data is running, so it can ask the app to retrieve and return the data.

• These URIs also provide an important fine-grained security model. For example, an application can place the URI for an image it has on the clipboard, but leave its content provider locked up so nobody can freely access it. When another app pulls that URI off the clipboard, the system can give it a temporary "URI permission grant" so that it is allowed to access the data only behind that URI, but nothing else in the app.

What we don't care about:

It doesn't really matter how you implement the data management behind a content provider; if you don't need structured data in a SQLite database, don't use SQLite. For example, the FileProvider helper class is an easy way to make raw files in your app available through a content provider.

Also, if you are not publishing data from your app for others to use, there is no need to use a content provider at all. It is true, because of the various helpers built around content providers, this can be an easy way to put data in a SQLite database and use it to populate UI elements like a ListView. But if any of this stuff makes what you are trying to do more difficult, then feel free to not use it and instead use a more appropriate data model for your app.
69 comments on original post
1
Add a comment...

Eric Cochran

Shared publicly  - 
 
Very excited to give the first ever IFTTT TALK at IFTTT HQ on March 8!
"What's New with Android Permissions?"

Register now:
https://www.eventbrite.com/e/whats-new-with-android-runtime-permissions-tickets-21461815869
What's New With Android Runtime Permissions with Eric Cochran Android 6.0 Marshmallow brings runtime permissions to users. What changes affect developers? Learn about the basics as well as the edge cases of requesting permissions. The new permission model has opened up a great opportunity for developers, as users do not have to agree to all permissions up front. See how runtime permissions can build trust with your users! Evening Schedule 6:30 ...
2
Add a comment...

Eric Cochran

Shared publicly  - 
 
 
#pixelpushing #firstworldwins

When the build is broken, but it's not your CL that did it, it's all like...
View original post
1
Add a comment...

Eric Cochran

Shared publicly  - 
 
Take 7 minutes to watch this great overview of Dex and Dex merging by +Jesse Wilson​. #androiddev
1
Add a comment...

Eric Cochran

Shared publicly  - 
 
The replacement for the summer life guard on my desk is in. Will stand guard while I'm off to Droidcon London!
2
Add a comment...

Eric Cochran

Shared publicly  - 
 
 
#pixelpushing #soclose

"Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy" and I was all like...
16 comments on original post
2
Add a comment...
Story
Tagline
Education is important, but don't forget to feed the dog.
Introduction
I am studying Computer Science at Georgia Tech and am an independent Android developer.
Bragging rights
I am that guy that made that CyanogenMod Updater DashClock extension. Valedictorian; SAT: 800 Math, 690 Verbal, 720 Writing; AP Scholar; Running CM on my toro (Galaxy Nexus LTE); Finished with the Half-Life series, Drink whole milk
Education
  • Georgia Institute of Technology
    Computer Science, 2011 - 2014
Work
Occupation
Android Engineer, Student, Thinker, and Tinker
Skills
Java, Android and Glass Developer, Git, GIMP
Employment
  • IFTTT
    Android Engineer, 2015 - present
  • Eric Cochran
    Android Developer, 2012 - present
  • thredUp
    Android Engineer, 2014 - 2014
Basic Information
Gender
Male
Birthday
September 27
Other names
Nightly Nexus
Eric Cochran's +1's are the things they like, agree with, or want to recommend.
Quick Tabs
chrome.google.com

A keyboard centric most recently used (MRU) ordered tab list plugin with search and switch functionality inspired by IntelliJ IDEA

Allo by Google – Android Apps on Google Play
market.android.com

Allo is a messaging app that makes conversations easier, more productive, and more expressive.The Google assistant Get answers, find informa

Little Inferno - Android Apps on Google Play
market.android.com

"A beautiful masterpiece that everyone should try ... it might be the most compelling and beautiful indie game I’ve played all year." (Gam

Chrooma - Android Apps on Google Play
market.android.com

Join the circles with the same colors, but pay attention all the circles will follow your finger! The rules are really simple, use portals,

Chrooma Keyboard - Android Apps on Google Play
market.android.com

----- PLEASE LOGIN, WE WILL SOON ADD SYNC OF PREFERENCES BETWEEN DEVICES ---A lightweight, fast keyboard that adapts itself to the app you a

LittleBits - Android Apps on Google Play
market.android.com

The littleBits App is your personal guide to unleashing creativity. Discover thousands of inventions, get inspiration for new projects, conn

Kickstarter - Android Apps on Google Play
market.android.com

Explore thousands of creative projects all on the Kickstarter app! Kickstarter is home to a community of people working to bring creative pr

Amaze File Manager - Android Apps on Google Play
market.android.com

Overview: - Open Source, light and smooth - Based on Material Design guidelines - Basic features like cut, copy, delete, compress, extract e

Street Art watch face - Android Apps on Google Play
market.android.com

A collection of beautiful street art watch faces from Google Art Project featuring the work of Aitch, Andre Fernandes Trindade, Cheko, DRAW,

Squid (formerly Papyrus) - Android Apps on Google Play
market.android.com

Papyrus is now Squid! More info: http://goo.gl/PM3KA0 Take handwritten notes naturally on your Android tablet or phone! With Squid you can w

Cardboard Design Lab - Android Apps on Google Play
market.android.com

Enjoy an educational and immersive journey through principles for developing virtual reality experiences. Designing great user experiences i

This War of Mine - Android Apps on Google Play
market.android.com

"If you've not already played this brilliant, heart-wrenching game, then mobile is as good a place as any to let it completely destroy you."

Christmas Sweater Watch Face - Android Apps on Google Play
market.android.com

Christmas Sweater Watch Face for Android Wear !This Christmas watch shows the basics of what a watch should display : hour & day. Choose you

Physical Web - Android Apps on Google Play
market.android.com

The Physical Web is not shipping yet nor is it an official Google product. This is an early-stage experimental project we're developing out

Public - 9 months ago
reviewed 9 months ago
The Best Burritos Anywhere.
Public - a year ago
reviewed a year ago
59 reviews
Map
Map
Map
Fried chicken and waffles: The bacon in the waffle was pretty good. The chicken was just alright.
Public - a year ago
reviewed a year ago
Well lit and clean. Friendly staff, even in the early morning.
Public - a year ago
reviewed a year ago
mmmm, Resse's Peanut Butter donut
Public - a year ago
reviewed a year ago