Profile cover photo
Profile photo
Jeff Sharkey
3,604 followers
3,604 followers
About
Jeff's posts

Post has attachment
Secure those bits!

The Android security team has been hard at work building new tools to help developers protect user data in transit.  :)  Yesterday Alex posted about two great features that shipped last year in M:

https://security.googleblog.com/2016/04/protecting-against-unintentional.html

I'm particularly proud of the strategy I came up with to help detect any plaintext traffic leaving an app using a complex pile of iptables rules.  It's super easy to enable detection in your app with just one method call to this new StrictMode API:

https://developer.android.com/reference/android/os/StrictMode.VmPolicy.Builder.html#detectCleartextNetwork()

And here's the guts of where the iptables rules are generated using the powerful u32 module to do "shallow" packet inspection, both IPv4/v6 and TCP/UDP are supported:

https://android.googlesource.com/platform/system/netd/+/master/server/StrictController.cpp

Since it does bit banging to sniff out the explicit SSL 3.1 (TLS 1.0) signature, I don't recommend shipping it enabled in production, as that version number might increment in the future.
Photo

Post has attachment
Mmmmmmmmmmmmmmmmmmm?
Photo

Post has attachment
This is a pretty cool example of how Android devices can come in all shapes and sizes, and yet work together to make something beautiful.  :)  #io15 #android

https://www.youtube.com/watch?t=145&v=U7lKihNI-K4

Post has attachment
Adoptable Storage Devices!

The M Preview released earlier today has a powerful new feature that allows you to "adopt" an external storage device (like an SD card or USB drive), enabling users to move both app code (APKs) and private app data to that device.  When a storage device is adopted, the platform wraps it in a layer of encryption and formats it similar to internal storage.  (In contrast, the original Apps-on-SD feature launched back in Froyo could only move app code, not private app data.)

Also, to help users free up internal storage space, they can choose to migrate their "primary shared storage" (living at /sdcard) to any adopted device.

If you flash the preview build onto a phone/tablet, you can enable the adoption feature for testing with USB OTG devices by using the command described here:

http://developer.android.com/preview/behavior-changes.html#behavior-adoptable-storage

Normally only storage devices in long-term stable locations (like an internal SD card slot inside a phone/tablet, or a USB drive attached to a TV) are supported for adoption.

Along with all of this work, the platform now has much better support for USB OTG storage devices (think USB flash drives).  When a new device is inserted, a notification appears offering to "browse" that device along with simple options to manage/copy contents.

Please kick the tires and file bugs!  :)  #io15 #android
Photo

Post has attachment
The long wait for Broadwell finally paid off, and I just upgraded from an old T61 to a shiny new X250.   #thinkpad   #gentoo  

It's pretty much the perfect size/weight, and they fixed that funky touchpad from the last generation.  UEFI wasn't much trouble, but the documentation around grub2 and luks needs some love.  Overall I'm happy.  :)
Photo

Post has attachment
MST3K Turkey Day Marathon!

Post has attachment
+Chad Brubaker and team just released a neat tool to help developers catch poor/broken usage of SSL in Android apps.  If you're protecting user data flowing over the network, this is definitely worth a look.

"The Android Security Team has built a tool, called nogotofail, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. Nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy."

http://googleonlinesecurity.blogspot.com/2014/11/introducing-nogotofaila-network-traffic.html

#android   #ssl   #security  

Post has attachment
Richer access to secondary shared storage devices

In KitKat we introduced APIs that let apps read/write file in app-specific directories on secondary storage devices, such as SD cards.

We heard loud and clear that developers wanted richer access beyond these directories, so in Lollipop we added the new ACTION_OPEN_DOCUMENT_TREE intent.  Apps can launch this intent to pick and return a directory from any supported DocumentProvider, including any of the shared storage supported by the device.  Apps can then create, update, and delete files and directories anywhere under the picked tree without any additional user interaction.  Just like the other document intents, apps can persist this access across reboots.

This gives apps broad, powerful access to manage files while still involving the user in the initial selection process.  Users may choose to give your app access to a narrow directory like “My Vacation Photos,” or they could pick the top-level of an entire SD card; the choice is theirs.

To make it easy for developers to transition to these new APIs, there’s a new DocumentFile support library class.  It looks and feels just like a traditional java.lang.File object, which makes it easy to adapt existing code:

http://developer.android.com/reference/android/support/v4/provider/DocumentFile.html

These new APIs aren’t just limited to shared storage; they can be used with any DocumentsProvider that adds support for Root.FLAG_SUPPORTS_IS_CHILD, such as the advanced Vault example:

https://android.googlesource.com/platform/development/+/android-5.0.0_r2/samples/Vault/src/com/example/android/vault/VaultProvider.java#258

#android   #sdcard   #psa  
Photo

Post has attachment
I recently backpacked the Lost Coast Trail with a few friends.  It's a treacherous 26 mile stretch of wilderness along the Pacific Ocean, but when the weather cooperates it can be stunningly beautiful.  #lostcoast #backpacking
Photo
Wait while more posts are being loaded