Extended Voice Actions:
The discussion about how applications work with the new voice interaction service may be a little misleading. As with Now on Tap, applications here don't directly interact with Google; rather they go through a platform API (https://developer.android.com/reference/android/app/VoiceInteractor.html for those who care) which interacts with the back-end speech recognition service. So I wouldn't describe this as developers plugging in to the Google App -- they are using the platform API, which has a back-end plugged in to it (by default via the Google App) that does the recognition.
This is very much how Now on Tap is integrated into the platform, as described in the previous section. In fact, it isn't very much like, it is it! Now on Tap and the new voice interaction are all part of the currently enabled VoiceInteractionService, which is what you are selecting when you select which assistant you want. (This is also why voice actions can now use the context of what you are currently looking at to help with the recognition, because it is also the assistant so it that can do that.)
So, it wouldn't make sense for this to move to a Google Play Services API, because it is a very well-defined platform API. This also isn't really the first time this pattern has appeared: it is basically how input methods work, where platform APIs arbitrate interaction between the application and the current back-end input method. More closely, speech-to-text and the old simple speech recognizer are both pluggable components, which applications interact with through a (simple) platform API to whatever back-end implementation the user has selected.
On the topic of organization of "permissions," while I would agree there is some further cleanup that can happen in the UI, in many cases things are deliberately not simple runtime permissions. For example, the new "Draw over apps" and "Modify system settings" controls actually correspond to existing permissions, which we explicitly didn't want to turn into simple runtime permissions. We want to discourage apps from using them unless they have a really good reason, and they don't have anything to do directly with specific personal data access so are really hard to explain to users.
You'll note there is a warning dialog that appears when enabling an app's access to one of these, giving more information about what is happening. This is also a pattern followed by other existing dangerous access controls like accessibility services and usage access.
Speaking of accessibility, if anything we'd like to see that made less easy for apps to get to. This feature really is intended for accessibility services, and you should be skeptical about any other kind of app asking for access to it -- it gives that app almost complete control over your device and the ability to see everything you do on it!
Also fwiw, the new runtime permissions implementation makes use of app ops for applying permissions restrictions to pre-M applications. You can basically see this as the long desired UI for app ops, and app ops' basic behavior remains the same where turning off access means the app simply sees no data (no location, zero contacts, etc). We never create fake data.
Abuse of high priority messages have a special difference from other things like notifications: they must go through Google servers, so Google can monitor and modify what is being sent to devices. If apps abuse these for other things besides their intended use, we will be able to stop that abuse without touching any software on the device. (Also "abuse" here is much less subjective than for notifications, where there is a large gray area of things some users care about and some don't. For high priority messages, if it isn't something that is time critical to go to the user immediately, it is not appropriate.)
Chrome Custom Tabs:
This isn't really tying an app to Chrome. It is defining an extended API with the browser than an app can use to get the behavior. The standard implementation used by apps should work with any browser as long as it supports the API, regardless of what the default browser is. So Firefox and others should be able to implement the same API as Chrome and get the same behavior from the same apps.
> China is launching a comprehensive “credit score” system [...] If that and the little other reporting I’ve seen is accurate, the basics are this:
> * Everybody is measured by a score between 350 and 950, which is linked to their national identity card. While currently supposedly voluntary, the government has announced that it will be mandatory by 2020.
> * The system is run by two companies, Alibaba and Tencent, which run all the social networks in China and therefore have access to a vast amount of data about people’s social ties and activities and what they say.
> * In addition to measuring your ability to pay, as in the United States, the scores serve as a measure of political compliance. Among the things that will hurt a citizen’s score are posting political opinions without prior permission, or posting information that the regime does not like, such as about the Tienanmen Square massacre that the government carried out to hold on to power, or the Shanghai stock market collapse.
> * It will hurt your score not only if you do these things, but if any of your friends do them. Imagine the social pressure against disobedience or dissent that this will create.
> * Anybody can check anyone else’s score online. Among other things, this lets people find out which of their friends may be hurting their scores.
> * Also used to calculate scores is information about hobbies, lifestyle, and shopping. Buying certain goods will improve your score, while others (such as video games) will lower it.
> * Those with higher scores are rewarded with concrete benefits. Those who reach 700, for example, get easy access to a Singapore travel permit, while those who hit 750 get an even more valued visa.
> * Sadly, many Chinese appear to be embracing the score as a measure of social worth, with almost 100,000 people bragging about their scores on the Chinese equivalent of Twitter.
A simple Chrome App on your Chromebook will now be able to broadcast any URL you want in Kiosk Mode³.
For development purposes, you may want to enable the experimental flag named "BLE Advertising in Chrome Apps" at chrome://flags/#enable-ble-advertising-in-apps to let your app advertise without being in Kiosk Mode.
Check out this Chrome App demo⁴ that advertises a different URL depending on the image that is shown to learn more about this library.
I love this part: "Two reasonable people can have different interpretations of the problem, and can each reason flawlessly to reach different conclusions"
It's rare to see probability taught with how different interpretations of the problem can yield different possible outcomes and different answers. Here, Peter uses concise code to enumerate the possibilities along with visualizations showing why different interpretations make sense. Well worth a read.
- Clash of Clans
One font vulnerability to rule them all #1: Introducing the BLEND vulner...
Posted by Mateusz Jurczyk of Google Project Zero Last month, I presented parts of my PostScript font security research at the REcon security
Lauren Weinstein's Blog: Windows 10's New Feature Steals Your Internet B...
A couple of days ago I discussed a number of privacy and other concerns with Microsoft's new Windows 10, made available as a free upgrade fo
The Netflix Tech Blog: Introducing Vector: Netflix's On-Host Performance...
Vector is an open source host-level performance monitoring framework, which exposes hand-picked, high-resolution system and application metr
Lord of the Rings: The Fellowship of the Ring - Movies & TV on Googl...
In the first part of J.R.R. Tolkien's epic masterpiece, The Lord of the Rings, a shy young hobbit, Frodo Baggins (Elijah Wood), inherits a s
The Netflix Tech Blog: Nicobar: Dynamic Scripting Library for Java
The Netflix API is the front door to the streaming service, handling billions of requests per day from more than 1000 different device types
The Pro Dumpster Diver Who's Making Thousands Off America's Biggest Reta...
Matt Malone doesn’t mind being called a professional dumpster diver. He tells me this a little after 2 am on the morning of July 7 as we cru