Profile

Cover photo
Jeff Sharkey
Works at Google
Lived in Mountain View, CA
3,619 followers|1,270,678 views
AboutPostsPhotosYouTube

Stream

Jeff Sharkey

Shared publicly  - 
 
Secure those bits!

The Android security team has been hard at work building new tools to help developers protect user data in transit.  :)  Yesterday Alex posted about two great features that shipped last year in M:

https://security.googleblog.com/2016/04/protecting-against-unintentional.html

I'm particularly proud of the strategy I came up with to help detect any plaintext traffic leaving an app using a complex pile of iptables rules.  It's super easy to enable detection in your app with just one method call to this new StrictMode API:

https://developer.android.com/reference/android/os/StrictMode.VmPolicy.Builder.html#detectCleartextNetwork()

And here's the guts of where the iptables rules are generated using the powerful u32 module to do "shallow" packet inspection, both IPv4/v6 and TCP/UDP are supported:

https://android.googlesource.com/platform/system/netd/+/master/server/StrictController.cpp

Since it does bit banging to sniff out the explicit SSL 3.1 (TLS 1.0) signature, I don't recommend shipping it enabled in production, as that version number might increment in the future.
82
39
Christopher Tate's profile photoThomas Keller's profile photoJosh Guilfoyle's profile photoJeff Sharkey's profile photo
6 comments
 
Heh, I wrote it back around Cupcake: http://jsharkey.org/blog/2009/04/22/modifying-the-android-logcat-stream-for-full-color-debugging/

Latest version here: https://github.com/jsharkey/android-tools/blob/master/coloredlogcat.py

+Josh Guilfoyle There isn't a way to exempt specific sockets/traffic; the whole point is that all traffic from a process should be secure.  For example, consider the case where just one WebView instance inside your app could be tricked into loading malicious content; a vulnerability could then open up all of your private app data through just that one narrow hole.

That's also why StrictMode is only a developer tool: you could enable it to log during development work, and then ignore the known instances where you're okay doing plaintext traffic.
Add a comment...

Jeff Sharkey

Shared publicly  - 
 
This is a pretty cool example of how Android devices can come in all shapes and sizes, and yet work together to make something beautiful.  :)  #io15 #android

https://www.youtube.com/watch?t=145&v=U7lKihNI-K4
 ·  Translate
11
3
Arther 桜's profile photo
 
おお、いいですね。
Good
 ·  Translate
Add a comment...

Jeff Sharkey

Shared publicly  - 
 
The long wait for Broadwell finally paid off, and I just upgraded from an old T61 to a shiny new X250.   #thinkpad   #gentoo  

It's pretty much the perfect size/weight, and they fixed that funky touchpad from the last generation.  UEFI wasn't much trouble, but the documentation around grub2 and luks needs some love.  Overall I'm happy.  :)
24
Alessio Grumiro's profile photoBrian Swetland's profile photoJeff Sharkey's profile photoMartin Wong's profile photo
16 comments
 
I'm tempted to stay with the slim battery, but was a little worried about run time, also it costs very little money to upgrade to the 6-cell so I'm still on the fence about it atm. Do you feel that the slim battery is good enough to last a day before charging?
Add a comment...

Jeff Sharkey

Shared publicly  - 
 
+Chad Brubaker and team just released a neat tool to help developers catch poor/broken usage of SSL in Android apps.  If you're protecting user data flowing over the network, this is definitely worth a look.

"The Android Security Team has built a tool, called nogotofail, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. Nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy."

http://googleonlinesecurity.blogspot.com/2014/11/introducing-nogotofaila-network-traffic.html

#android   #ssl   #security  
10
4
Add a comment...

Jeff Sharkey

Shared publicly  - 
 
When hiking the Lost Coast Trail, we tried timing to avoid high-tides but we still had three places where we had to scramble around large rock formations to move forward.

On the final day we had 15' ocean swells, which made this one pretty intimidating!  #lostcoast #backpacking

Jeff Sharkey

Shared publicly  - 
 
40TB ought to be enough for anybody, right? #nas #sas #rackable
17
1
Jeff Sharkey's profile photoJake Weisz's profile photoMike Wallace (MikeWallaceDev)'s profile photo
4 comments
 
Nobody will ever need more than 640kb
Add a comment...
Have him in circles
3,619 people
Clay Caviness's profile photo
Helmuth Breitenfellner's profile photo
Wibisono AK's profile photo
Andy Long's profile photo
Aleksandr Tainyuk's profile photo
Samuel Norton's profile photo
Geoffrey Reyes's profile photo
Jason Hudgins's profile photo
Olivia Orona (Orona Grafix & Marketing)'s profile photo

Jeff Sharkey

Shared publicly  - 
207
112
Lexix Farai's profile photoKris Wolf's profile photoH vinayak's profile photoJ. Alexander's profile photo
46 comments
 
Mummy or Mommy
Add a comment...

Jeff Sharkey

Shared publicly  - 
 
Adoptable Storage Devices!

The M Preview released earlier today has a powerful new feature that allows you to "adopt" an external storage device (like an SD card or USB drive), enabling users to move both app code (APKs) and private app data to that device.  When a storage device is adopted, the platform wraps it in a layer of encryption and formats it similar to internal storage.  (In contrast, the original Apps-on-SD feature launched back in Froyo could only move app code, not private app data.)

Also, to help users free up internal storage space, they can choose to migrate their "primary shared storage" (living at /sdcard) to any adopted device.

If you flash the preview build onto a phone/tablet, you can enable the adoption feature for testing with USB OTG devices by using the command described here:

http://developer.android.com/preview/behavior-changes.html#behavior-adoptable-storage

Normally only storage devices in long-term stable locations (like an internal SD card slot inside a phone/tablet, or a USB drive attached to a TV) are supported for adoption.

Along with all of this work, the platform now has much better support for USB OTG storage devices (think USB flash drives).  When a new device is inserted, a notification appears offering to "browse" that device along with simple options to manage/copy contents.

Please kick the tires and file bugs!  :)  #io15 #android
108
84
Andrew Sauls's profile photoDavid Sanders's profile photoRalf Bergs's profile photo
60 comments
 
+Jeff Sharkey, just stumbled across this post of yours. Could you kindly have a look at my below post and comment? Seems like you would be exactly the right kind of guy to make some educated comments about this topic... ;-)
https://groups.google.com/forum/#!topic/android-platform/GFf9UAscGXM
Add a comment...

Jeff Sharkey

Shared publicly  - 
 
MST3K Turkey Day Marathon!
12
1
Add a comment...

Jeff Sharkey

Shared publicly  - 
 
Richer access to secondary shared storage devices

In KitKat we introduced APIs that let apps read/write file in app-specific directories on secondary storage devices, such as SD cards.

We heard loud and clear that developers wanted richer access beyond these directories, so in Lollipop we added the new ACTION_OPEN_DOCUMENT_TREE intent.  Apps can launch this intent to pick and return a directory from any supported DocumentProvider, including any of the shared storage supported by the device.  Apps can then create, update, and delete files and directories anywhere under the picked tree without any additional user interaction.  Just like the other document intents, apps can persist this access across reboots.

This gives apps broad, powerful access to manage files while still involving the user in the initial selection process.  Users may choose to give your app access to a narrow directory like “My Vacation Photos,” or they could pick the top-level of an entire SD card; the choice is theirs.

To make it easy for developers to transition to these new APIs, there’s a new DocumentFile support library class.  It looks and feels just like a traditional java.lang.File object, which makes it easy to adapt existing code:

http://developer.android.com/reference/android/support/v4/provider/DocumentFile.html

These new APIs aren’t just limited to shared storage; they can be used with any DocumentsProvider that adds support for Root.FLAG_SUPPORTS_IS_CHILD, such as the advanced Vault example:

https://android.googlesource.com/platform/development/+/android-5.0.0_r2/samples/Vault/src/com/example/android/vault/VaultProvider.java#258

#android   #sdcard   #psa  
96
63
Vladimir Shabanov's profile photoAchwaq Khalid's profile photoLiran Barsisa's profile photo
68 comments
 
+Vladimir Shabanov I'm pretty sure it is this way. However, I'm not sure if the API allows this : 
"ask user to access file X". 
It's more like "ask user to grant access", and then the user choose which file/folder to grant, if at all.
Correct me people if I'm wrong. There aren't many devices out there with SD-card AND Lollipop. 
Not even Nexus, which is supposed to be considered a developer-oriented device...
Add a comment...

Jeff Sharkey

Shared publicly  - 
 
I recently backpacked the Lost Coast Trail with a few friends.  It's a treacherous 26 mile stretch of wilderness along the Pacific Ocean, but when the weather cooperates it can be stunningly beautiful.  #lostcoast #backpacking
27
Kenny Root's profile photoJeff Sharkey's profile photo
2 comments
 
+Kenny Root you weren't at your desk when I walked by  :P
Add a comment...

Jeff Sharkey

Shared publicly  - 
 
Tycho is a great local band, so it's sweet to hear them playing at #io14 #ambient #trippyjellyfish
16
1
Add a comment...
People
Have him in circles
3,619 people
Clay Caviness's profile photo
Helmuth Breitenfellner's profile photo
Wibisono AK's profile photo
Andy Long's profile photo
Aleksandr Tainyuk's profile photo
Samuel Norton's profile photo
Geoffrey Reyes's profile photo
Jason Hudgins's profile photo
Olivia Orona (Orona Grafix & Marketing)'s profile photo
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Previously
Mountain View, CA
Work
Employment
  • Google
    Software Engineer, present
Basic Information
Gender
Male