Android for work


Google уже не остановить: компания показала Android for Work

В прошлом году на ежегодной конференции разработчиков I/O 2014 компания Google рассказала о многих интересных вещах. Несколько минут было уделено и некому набору инструментов под названием Android for Work. Информации было мало, но уже тогда стало понятно, что Корпорация Добра хочет завоевать все рынки. И бизнес-сегмент – не исключение. Спустя восемь месяцев после этого компания все-таки показала свои наработки, сделав ещё один шаг к мировому господству. Давайте разбираться, что к чему!

Что же вообще такое Android for Work? Если кратко, то это набор инструментов (приложений) для вашего смартфона или планшета под управлением Android, который позволяет отделять рабочую информацию от личных данных. Акцент сделан не только на удобство использования, но и на безопасность. Google поставила перед собой цель доказать как крупным компаниям, так и начинающим стартаперам, что Android (самая популярная операционная система в мире, если что) может выступать отличной рабочей средой и смысла бояться каких-то утечек попросту нет.

Компания Google имеет в своём распоряжении минимальный набор (которого обычно хватает для 90% компаний) приложений, необходимых для работы: почта, календарь, контакты, Google Docs (текстовые документы, электронные таблицы, презентации), приложение для работы с заметками и так далее. Но благодаря магазину Google Play даже сторонние разработчики могут создавать свои программы для проекта Android for Work. Вскоре обещают представить специальную версию Store для этого проекта. Лично я, когда пользовался Android-смартфоном, решал все рабочие вопросы средствами Google. Да и после перехода на Windows Phone ничего кардинально не изменилось.

Как я писал выше, немалый акцент сделан именно на безопасность. Android for Work отделяет приложения для работы от ваших личных. Поэтому беспокоиться о том, что начальник увидит ваши прекрасные фотографии с отдыха, не стоит. Это касается и почты, и другой информации. Игры тоже никто не заставит удалять. Это же все-таки ваш личный смартфон! Вообще система Android for Work достаточно сложная, но обычным пользователям должно быть все равно – по мнению Google, контролем за этим инструментом будут заниматься в IT-отделах компаний. Перепутать программы будет сложно – приложения для работы получат специальные пометки (как на скриншоте).

Учитывая то, что в Android 5.0 Lollipop появилась поддержка нескольких пользователей, для Android for Work можно вообще выделить отдельный аккаунт. Собственно, об этом и говорится в официальном блоге Google. В случае с Android 4.4 KitKat можно будет использоваться все те же отдельные приложения. Представители компании несколько раз упомянули о том, что Android for Work – это не просто детище Google. Набор инструментов был создан благодаря совместным усилиям еще нескольких компаний: Sony, HTC, Box, LG, VMware, Citrix и других.

В данный момент можно подписаться на специальную рассылку (делается это здесь в конце страницы). Пока не известно, будет ли взыматься какая-то плата за пользование Android for Work, но есть большая вероятность, что набор инструментов будет доступен абсолютно бесплатно. Хотя появление каких-то премиальных функций исключать нельзя. Но уже точно известно, что в планах разработчиков на ближайшее будущее стоит задача добавить поддержку более ранних версий Android.

Лично мне кажется, что такое решение Google (набор специальных программ) и вообще сама структура будет пользоваться популярностью. За последние несколько лет Корпорация Добра знатно поработала над безопасностью Android, поэтому у Android for Work есть все шансы стать настоящим мастхэвом для бизнеса. Возвращаясь к теме захвата мира, позволю себе напомнить, что у нас на сайте была хорошая статья, которая объясняет, почему именно перед Google должна склониться вся планета – ссылка. Кстати, вполне возможно, что более подробно о своих планах на Android for Work (а также ценах или их отсутствии) компания расскажет нам на ближайшем Google I/O. Конференция запланирована 28-29 мая и пройдет в Сан-Франциско.

Если вы нашли ошибку, пожалуйста, выделите фрагмент текста и нажмите Ctrl+Enter.

keddr.com

рекомендации по безопасности / Блог компании Intel / Хабрахабр

Android – одна из самых популярных мобильных операционных систем в мире. Ей пользуются около полутора миллиардов человек. Но, несмотря на подобную распространённость, до некоторых пор в корпоративной среде эту ОС старательно избегали, опасаясь угроз безопасности.

Такая ситуация сложилась не случайно. В Android, до 5 версии, было множество уязвимостей. Теперь же Google всерьёз взялась за безопасность. Вдобавок к поддержке шифрования данных и автоматической блокировке экрана, в устройствах, работающих под управлением свежих версий Android, приложения ограничены в правах. Это способствует повышению уровня защищённости платформы. Ещё одно важное улучшение в данной области представлено новой инициативой Google для организаций – Android for Work. В рамках Android for Work предлагается, во-первых – безопасность корпоративного уровня, во-вторых – возможность контейнеризации рабочих пространств, разделения рабочих и личных данных пользователей.

Эти улучшения серьёзно меняют дело, позволяя смело использовать Android-устройства в бизнес-среде. Естественно, при условии, что организации будут прилагать усилия к устранению проблем с безопасностью, присущих, в силу её особенностей, платформе Android. В этом материале мы рассмотрим четыре рекомендации по управлению Android-устройствами. А именно:

  • Предотвращение получения пользователями повышенных привилегий на устройствах.
  • Защита от мобильных вредоносных программ.
  • Обязательное применение надёжных методов защиты информации.
  • Реализация политик управления устройствами.

Предотвращение получения повышенных привилегий

В Android-среде взлом устройств с целью получения повышенных привилегий называют «рутованием». Это жаргонное, но весьма распространённое слово – русский вариант английского «rooting». Означает оно «получение прав суперпользователя», который в среде Unix-подобных ОС называется «root». Фактически это – снятие ограничений, накладываемых производителем на устройство, и получение полного доступа к нему. Пользователи взламывают телефоны и планшеты самостоятельно. Всё дело в том, что на рутованное Android-устройство можно устанавливать любые приложения, в том числе – потенциально опасные. Можно настраивать, на любом уровне, операционную систему, менять прошивку аппарата. Приложение для получения прав суперпользователя на Lenovo Yoga Tablet

Рутованные устройства представляют серьёзную проблему безопасности для организаций. Эти устройства находятся в группе повышенного риска заражения вредоносным ПО. Работая в корпоративной сети, они могут быть причиной «утечек данных», могут сделать сеть уязвимой к хакерским атакам.

Проблема, связанная с получением пользователем повышенных привилегий, характерна не только для платформы Android. Так, например, в среде мобильных устройств от Apple существует термин «джейлбрейкинг». Он произошёл от англоязычного «jailbreak», что в дословном переводе означает «побег из тюрьмы». Джейлбрейкинг – это снятие стандартных ограничений на устройствах от Apple, работающих на iOS. В частности, таких, как iPhone, iPod touch, iPad, второе поколение Apple TV. Снятие ограничений заключается в программной или аппаратной модификации устройств, благодаря которому пользователь получает полный доступ к файловой системе iOS. Ему открываются новые возможности по настройке устройства, по установке приложений, расширений и тем, которые недоступны в Apple App Store. Однако в результате страдает безопасность и теряется гарантия на аппарат.

Для борьбы с рутованием рекомендовано запрещать подключение взломанных Android-устройств к корпоративной сети. Кроме того, полезно проводить с сотрудниками занятия по информационной безопасности. В частности, на таких занятиях стоит поднять тему того, какую угрозу рутованные устройства представляют для организации, и того, к каким последствиям могут привести утечка данных или их безвозвратная потеря.

Защита от мобильных вредоносных программ

Пользователи Android-устройств могут устанавливать приложения не только из Google Play, но и из других источников. Среди программ, установленных из ненадёжных источников, немало таких, которые несут в себе вредоносную составляющую. Риск установки вредоносного приложения, хотя и очень небольшой, благодаря политике безопасности Google, существует и при работе исключительно с Google Play. Это способно повлиять на организации, в которых работают пользователи, так как вредоносные программы могут красть логины и пароли для доступа к критически важным ресурсам, открывать доступ в корпоративные сети посторонним лицам, могут быть причиной потери важных данных.

Лучший способ защиты корпоративных ресурсов от мобильного вредоносного ПО заключается в установке защитных приложений на тех устройствах, которые подключаются к сети организации. Вот небольшой список решений, который стоит рассмотреть при выборе защиты от вредоносных программ:

  • Dr.Web Antivirus
  • Antivirus and Mobile Security (Avast)
  • Mobile Security and Antivirus by ESET
  • Armor for Android
  • AntiVirus Security Free by AVG
  • Mobile Security and AntiVirus by Avast
  • Zoner AntiVirus Free
  • BitDefender AntiVirus Free
  • Hornet AntiVirus Free
  • Norton Security Antivirus
Кроме того, нужно учесть, что защитному приложению должны быть доступны все приложения, установленные на устройстве пользователя. Оно должно обладать функцией обнаружения вредоносных программ в реальном времени, возможностью вести «чёрные списки» потенциально опасных приложений. В идеале, для распространения и обновления разрешённых в организации приложений, нужно, чтобы защитное ПО поддерживало использование безопасного корпоративного каталога или хранилища таких приложений.

Применение надёжных методов защиты информации

Если к корпоративной сети могут подключаться мобильные устройства – для защиты информации нужны надёжные меры безопасности. Конкретные подходы к обеспечению безопасности в разных организациях могут различаться, они зависят от специфики деятельности. Мы хотим предложить набор базовых рекомендаций, которые стоит включить в корпоративную политику управления мобильными устройствами.
  • Пароли для доступа к ресурсам обязательно должны быть сложными.
  • Нужно везде, где возможно, применять шифрование данных.
  • Требуется контролировать использование приложений, основываясь на информации о подключении устройства к Wi-Fi-сетям предприятия, и, на основании политик доступа и сведений о примерном местоположении устройства, блокировать некоторые функции. В частности, к таким функциям относятся копирование и вставка данных, службы определения местоположения, электронная почта и приложения для обмена сообщениями, использование камеры и микрофона.

Обзор возможностей Google for Work

В дополнение к вышесказанному, здесь мы хотели бы сделать обзор возможностей Google for Work, которые основаны на передовых подходах к организации удобной и безопасной работы мобильных корпоративных пользователей.

Безопасность и разделение данных. При развёртывании Android for Work используется аппаратное шифрование и политики безопасности, управляемые администратором. Это позволяет разделить бизнес-данные и данные пользователя. Данные организации оказываются в безопасности, они защищены от вредоносного ПО. Информация пользователя при этом недоступна никому, кроме него.

Поддержка корпоративных устройств и личных устройств сотрудников. Пользователи Android for Work могут безопасно применять одно и то же устройство и для рабочих, и для личных целей. Компании могут предоставлять предварительно подготовленные корпоративные устройства работникам, а так же – настраивать рабочие профили на устройствах, которые принадлежат сотрудникам.

Удалённое управление. Администраторы могут удалённо управлять политиками безопасности, связанными с работой организации, приложениями и данными. Критически важные данные можно удалить с устройства дистанционно, при этом не затронув личных данных пользователя.

Удобная работа с личными и корпоративными приложениями. Android for Work позволяет создать однородную рабочую среду на всех устройствах. Личные и рабочие приложения находятся в одних и тех же списках установленных и недавно использованных приложений. Переключаться между разными видами приложений очень просто. К тому же, иконки для запуска рабочих приложений выделены особыми значками, которые чётко отличают их от личных приложений.

Упрощённая установка приложений. Администраторы могут использовать Google Play для поиска разрешённых в организации приложений, добавления их в белый список и для установки бизнес-приложений на устройства, работающие в системе Android for Work. Кроме того, Google Play можно использовать и для развёртывания собственных приложений компаний, предназначенных только для внутреннего использования. Подробнее об этом можно узнать в справочном центре Google Play for Work.

Отдельный набор приложений для работы. Пользователи, у которых нет Google Apps for Work, могут пользоваться полным набором безопасных рабочих приложений, специально созданных для применения в рамках Android for Work, но работающих и самостоятельно. В набор входят почтовая программа, календарь, записная книжка, список задач и менеджер загрузок.

Google предлагает систему Android for Work вместе с набором приложений Google Apps for Work. Всё это подходит для немедленного развёртывания. Система позволяет администраторам приложений пакета Google Apps for Work пользоваться функционалом корпоративного управления мобильными устройствами с помощью административной консоли. Это расширяет возможности по управлению устройствами.

Реализация политик управления устройствами

ИТ-служба компании должна иметь возможность централизованного управления Android-устройствами и их настройки. Рекомендовано выполнять дистанционную очистку потерянных или украденных устройств. Кроме того, очистку нужно проводить после некоторого количества неудачных попыток разблокировки смартфона или планшета. Весьма полезно организовать систему применения политик безопасности, основанную на местоположении устройства.

О безопасности в экосистеме Android

Google, работая над ОС Android и площадкой Google Play, стремится сделать экосистему Android безопаснее. Этой целью руководствуется команда Android Security, которая делает всё возможное для того, чтобы Android-устройства были как можно меньше подвержены угрозам. Google применяет многоуровневый подход к безопасности. Первый уровень – это предотвращения самой возможности возникновения угрозы. Далее – это выявление вредоносных приложений и быстрая реакция при возникновении каких-либо проблем. А именно, вот что в Google делается ради повышения безопасности:
  • Компания стремится предотвратить возникновение проблем с безопасностью. Делается это с помощью анализа архитектуры решений, тестирования систем на проникновение, аудита кода.
  • До выпуска новых версий Android и Google Play проводится анализ безопасности.
  • Исходный код Android открыт, доступен всем желающим. Как результат, его может анализировать большое сообщество разработчиков, выявляя проблемы и помогая сделать Android самой безопасной мобильной платформой в мире.
  • Делается всё возможное для того, чтобы свести к минимуму последствия проблем с безопасностью. В частности, с помощью таких решений, как изолированная среда исполнения приложений.
  • Приложения в Google Play проходят регулярную проверку на уязвимости и проблемы с безопасностью. Если приложение может представлять угрозу для устройств или данных, его удаляют с площадки.
  • Ведётся плотная работа с партнёрами, направленная на как можно более быстрое устранение обнаруженных проблем с безопасностью и выпуск обновлений.
Команда разработки Android тесно сотрудничает с сообществом экспертов в области безопасности, обсуждая идеи, применяя в работе передовые решения, совершенствуя систему. Android является частью Google Patch Reward Program. Программа предусматривает вознаграждение для разработчиков, которые вносят вклад в повышение безопасности популярных проектов с открытым исходным кодом, многие из которых являются основой для Android Open Source Project (AOSP). Кроме того, Google является членом Forum of Incident Response and Security Teams (FIRST).

Заключение

Усилия Google сделали Android безопаснее, Android for Work позволяет взять под контроль мобильные устройства, которыми сотрудники пользуются для решения бизнес-задач. Однако не стоит забывать о том, что не существует абсолютно защищённых компьютерных систем. На базе решений Google можно наладить безопасную работу Android-устройств в организации, но только в том случае, если будут учтены особенности такой работы, в том числе – человеческий фактор. Надеемся, этот материал поможет вам в построении безопасной мобильной рабочей среды.

habrahabr.ru

Назначение приложений устройствам Android for Work

Область применения: Intune на портале AzureApplies to: Intune in the Azure portal
Ищете документацию по Intune на классическом портале?Looking for documentation about Intune in the classic portal? Щелкните здесь.Go here.

Приложения назначаются устройствам Android for Work иначе, чем обычным устройствам Android.You assign apps to Android for Work devices in a different way than you assign them to standard Android devices. Все приложения для устройств Android for Work устанавливаются из магазина Google Play for Work.All apps you install for Android for Work come from the Google Play for Work store. Для этого нужно войти в магазин, найти нужное приложение и подтвердить его установку.You log on to the store, browse for the apps you want, and approve them. Приложение появится в узле Лицензированные приложения на портале Azure.The app then appears in the Licensed apps node of the Azure portal. Здесь можно управлять назначением приложения так же, как назначением любого другого приложения.From here, you can manage assignment of the app in the same way you would assign any other app.

Кроме того, здесь можно назначать собственные бизнес-приложения, если они у вас есть, следующим образом:Additionally, if you have created your own line of business (LOB) apps, you can assign them as follows:

  • Зарегистрируйте учетную запись разработчика Google, которая позволит публиковать приложения в закрытой области магазина Google Play.Sign up for a Google Developer account that lets you publish apps to a private area in the Google Play store.
  • Синхронизируйте приложения с помощью Intune.Synchronize the apps with Intune.

Перед началом работыBefore you start

Настройте взаимодействие Intune и Android for Work в рабочей нагрузке Регистрация устройств на портале Azure.Make sure you have configured Intune and Android for Work to work together in the Device enrollment workload of the Azure portal.

Синхронизация приложения из магазина Google Play for WorkSynchronize an app from the Google Play for Work store

  1. Перейдите в магазин Google Play for Work.Go to the Google Play for Work store. Войдите с использованием той же учетной записи, которая использовалась для настройки подключения между Intune и Android for Work.Sign in with the same account you used to configure the connection between Intune and Android for Work.
  2. Найдите в магазине приложение, которое нужно назначить с помощью Intune.Search the store for the app you want to assign using Intune.
  3. На странице выбранного приложения выберите Утвердить.On the page for the app you chose, choose Approve. В этом примере выбрано приложение Microsoft Excel.In this example, you have chosen the Microsoft Excel app.
  4. Откроется окно приложения с запросом о предоставлении ему разрешений на выполнение различных операций.A window for the app opens asking you to give permissions for the app to perform various operations. Чтобы продолжить, выберите Утвердить.Choose Approve to continue.
  5. Приложение утверждается и отображается в консоли ИТ-администратора.The app is approved and displays in your IT admin console.

Публикация и последующая синхронизация бизнес-приложения из магазина Google Play for WorkPublish, then synchronize, a line-of-business app from the Google Play for Work store

  1. Перейдите в консоль разработчика Google Play play.google.com/apps/publish.Go to the Google Play Developer Console, play.google.com/apps/publish.
  2. Войдите с использованием той же учетной записи, которая использовалась для настройки подключения между Intune и Android for Work.Sign in with the same account you used to configure the connection between Intune and Android for Work. При входе в систему первый раз необходимо зарегистрироваться и заплатить взнос, чтобы стать участником программы Google для разработчиков.If you are signing in for the first time, you must register, and pay a fee to become a member of the Google Developer program.
  3. В консоли выберите Добавить новое приложение.In the console, choose Add new application.
  4. Предоставление и отправка данных о приложении осуществляются так же, как при публикации любого другого приложения в магазине Google Play.You upload and provide information about your app in the same way as you publish any app to the Google Play store. Тем не менее необходимо выбрать параметр Сделать приложение доступным только для моей организации (<название организации>):However, you must select the setting Only make this application available to my organization (<organization name>): Это гарантирует, что приложение будет доступно только для вашей организации и недоступно в общедоступном магазине Google Play.This operation ensures that the app is only available to your organization, and is not available in the public Google Play store. Дополнительные сведения о загрузке и публикации приложений Android см. в Справке по консоли разработчика Google.For more information about how to upload and publish Android apps, see the Google Developer Console Help.
  5. После публикации приложения перейдите в магазин Google Play for Work.Once you have published your app, go to the Google Play for Work store. Войдите с использованием той же учетной записи, которая использовалась для настройки подключения между Intune и Android for Work.Sign in with the same account you used to configure the connection between Intune and Android for Work.
  6. Убедитесь, что опубликованное приложение имеется в узле Приложения.In the Apps node of the store, verify you can see the app you have published. Для приложения автоматически разрешается синхронизация с Intune.The app is automatically approved to be synchronized with Intune.

Назначение приложения Android for WorkAssign an Android for Work app

Если вы утвердили приложение из магазина, но оно отсутствует в узле Лицензированные приложения в рабочей нагрузке Мобильные приложения, можно провести немедленную принудительную синхронизацию следующим образом:If you have approved an app from the store and don't see it in the Licensed apps node of the Mobile apps workload, force an immediate sync as follows:

  1. Зарегистрируйтесь на портале Azure.Sign into the Azure portal.
  2. В колонке Intune выберите Мобильные приложения.On the Intune blade, choose Mobile apps.
  3. В рабочей нагрузке Мобильные приложения выберите Установка > Android for Work.In the Mobile apps workload, choose Setup > Android for Work.
  4. В колонке Android for Work выберите Синхронизировать сейчас.On the Android for Work blade, choose Sync Now.
  5. На странице также отображается время и состояние последней синхронизации.The page also displays the time and status of the last sync.

Если приложение отображается в узле Лицензированные приложения рабочей нагрузки Мобильные приложения, его можно назначить так же, как и любое другое приложение.When the app is displayed in the Licensed apps node of the Mobile apps workload, you can assign it just like you would assign any other app. Приложение можно назначить только группам пользователей.You can assign the app to groups of users only.

После назначения приложение будет установлено на целевых устройствах.After you assign the app, it will be installed on the devices you targeted. Разрешение на установку у пользователя не запрашивается.The user of the device is not asked to approve the installation.

Управление разрешениями для устройств Android for WorkManage Android for Work app permissions

Для Android for Work необходимо утверждать приложения в управляемой веб-консоли Google Play перед их синхронизацией с Intune и назначением пользователям.Android for Work requires you approve apps in Google's managed Play web console before syncing them to Intune and assigning them to your users. Так как Android for Work разрешает автоматически отправлять эти приложения на устройства пользователей, необходимо принять разрешения приложения от имени всех пользователей.Because Android for Work allows you to silently and automatically push these apps to users' devices, you must accept the app's permissions on behalf of all your users. При установке для пользователей не отображаются разрешения приложения, поэтому важно прочитать эти разрешения и иметь правильное представление о них.End users do not see any app permissions when they install, so it's important that you read and understand these permissions.

Когда разработчик приложения публикует новую версию приложения с обновленными разрешениями, они не принимаются автоматически, даже если вы утвердили предыдущие разрешения.When an app developer publishes a new version of the app with updated permissions, those permissions are not automatically accepted, even if you've approved the previous permissions. Устройства, на которых выполняется прежняя версия приложения, по-прежнему могут использовать ее.Devices that run the old version of the app can still use it. Тем не менее приложение не будет обновлено до тех пор, пока не будут утверждены новые разрешения.However, the app is not upgraded until the new permissions are approved. Устройства, на которых не установлено приложение, не смогут установить его, пока не будут утверждены новые разрешения.Devices without the app installed do not install the app until you approve the app's new permissions.

Как обновить разрешения приложенияHow to update app permissions

Время от времени заходите в управляемую консоль Google Play, чтобы проверить, не появились ли новые разрешения.Periodically visit the managed Google Play console to check for new permissions. Вы можете настроить Google Play для отправки вам или другим пользователям сообщений электронной почты в тот момент, когда для утвержденного приложения потребуются новые разрешения.You can configure Google Play to send you or others an e-mail when new permissions are required for an approved app. Если после назначения приложение не устанавливается на устройствах, проверьте наличие новых разрешений, выполнив следующие действия.If you assign an app and observe it isn't installed on devices, check for new permissions with the following steps:

  1. Перейдите по адресу http://play.google.com/work.Visit http://play.google.com/work
  2. Войдите с помощью учетной записи Google, использованной для публикации и утверждения приложений.Sign in with the Google account you used to publish and approve the apps.
  3. Откройте вкладкуОбновления, чтобы узнать, нужно ли обновить какие-либо приложения.Visit the Updates tab to see if any apps require an update. Для всех указанных приложений требуются новые разрешения. Вы можете назначать эти приложения только после применения новых разрешений.Any listed apps require new permissions and are not assigned until they are applied.

Кроме того, можно настроить Google Play для автоматического повторного утверждения разрешений для отдельных приложений.Alternatively, you can configure Google Play to automatically reapprove app permissions on a per app basis.

docs.microsoft.com

Android for Work: Features, Information and Apps

It seems like the larger tech companies are expanding constantly, as they attempt to get their fingers into every pie they possibly can. Security concerns have long been the reason that Android phones has been left by the wayside in the working world, but Google has finally taken steps to combat this with their release of Android for Work last year.

Android for Work is a viable alternative to carrying both a work and personal device (or even a dual-SIM phone), This article will help you find out more information about the service and see if it’s right for your needs.

What is Android for Work?

Just what is the Android for Work program, and what can it do for you?

Essentially, it’s a set of services that provide business profiles for personal Android devices, and you can expect stronger security features and native work apps to help to keep sensitive nature encrypted and secure. It should make it easier for businesses to adopt Android, and it allows users to bring their own devices to work.

If you’re used to using the Android UI, Android for Work should be handy, because it doesn’t really change the experience, and it’s easy enough to separate your work and personal apps and data.

Android for Work was made with a large number of partners, in a bid to make the platform more attractive, as well as in terms of helping with the functionality in a number of ways.

It will also be offered on payment kiosks for retail usage, and it’s likely that there will be further developments in the future if it turns out to be successful.

How Android for Work Works:

Android for Work is simple enough to use, as long as you have a compatible Android device. It’s being made for Android 5.0+ devices in mind, but you can also find support on the older 4.0 – 4.4 firmware with the downloadable app. Basically, devices running Lollipop natively can use dedicated separate profiles, while older devices should still be able to use AFW with a dedicated app. (Of course, there are bound to be exceptions, and unfortunately not every device will be able to use AFW.)

To add a work account to your current phone, download the Google Apps Device Policy app, sign in, and you should be good to go with the installation process.

Enterprise Mobility Management (EMM) providers integrate with standardized management APIs to allow for management of multiple devices. EMM providers are companies that offer advanced IT solutions for mobile device management (MDM), application management, expense management, and more. It will integrate with existing Google systems, such as Notes, Exchange and Google Apps.

Thankfully, your data will be fully secure on both ends, and while that means that business content can’t be accessed normally, it also means the IT guys (and other colleagues) won’t have access to the personal files on your Android device. They won’t be able to view, edit, or erase any photos, emails, or any other personal data, so any 1984-esque concerns aren’t really valid in this context.

If you leave the company or you lose your device, they can erase the work apps manually, while they won’t be able to touch your personal files, so the device will continue to be usable, which wasn’t always the case in the past.

Apps and Updating:

As you might expect, there are a number of familiar apps, such as a browser, camera, calendar, and the ability to open and edit different files. However, they look slightly different, as they have a badge showing that they’re secured by Android for Work. You can also find more business apps on the Play Store, while AFW comes pre-installed with a set of productivity apps, which are reasonably useful. The new apps will be found on the Google Play for Work version of the store.

Here’s what they will look like on your device.

There is a decent range of protected services, but there still aren’t as many as you might expect. (Although this should be remedied with future updates, and potentially by partners too, as they will offer their own special apps.)

If your company has enrolled with Android for Work, you can also download the separate app found on the Play Store. You can also set separate work notifications to keep focused while you’re working.

However, if you remotely remove your profile, it’ll leave behind the deactivated app info and icons on your screen, and they’re impossible to delete remotely, which is pretty annoying. (Hopefully, this will also be sorted in a future update, as it’s a major oversight.)

You can always contact your workplace to get the icons removed completely. There are work versions of Chrome and Docs, (among others) and it’ll work with MS Office file types, so there isn’t much it can’t do in the workplace.

Pros and Cons of Android for Work:

Now that you have a better idea of what’s on offer, it’s easy to see the perks, although there are a few cons. It’s a shame that it won’t work for every device, but it’s a welcome alternative to lugging around a secondary device, and it should only get better with time. You can use the Divide function to easily separate work from your personal data, and it’s intuitive to use.

Companies are free to add work versions of their apps to the Store, so more will be added in future. They also have control over which apps you can download to the work section of your device; whether this is a pro or con is up to you.

Making it easier to separate work and personal apps is a decent feature, and one that could be handy in the world of business. It will make it faster to switch from separate accounts on the same device, which is handy for emails and other services. The apps are also well optimized for Android devices, which is a nice touch. (This includes a built-in camera app and a download app specifically for work, as well as the usual calendar and mail offerings.)

Is Android for Work Worth It?

It honestly depends on which device you have, but it shouldn’t be too difficult to implement the technology if you’re interested.

In the future, it has been reported that handset makers, (such as the ones that helped in partnership) will offer phones preloaded with the software, and that is sure to make it more viable for companies, so there is a decent chance that Google can make some headway in a market that was traditionally held by Apple and Blackberry.

More importantly, it’s safe, and it has the backing of a lot of the major telecommunication players, as well as a few major customers. (Google is hoping to secure over 1+ billion BYOD devices eventually.) Is there enough to make it worth switching over? It depends on the amount of infrastructure you already have in place, but it could definitely give the established names a run for their money.

Conclusion

Android for Work is a decent alternative to dishing out business devices for everybody.It’s a reasonably secure way to create a clear division between work and personal profiles on your Android device. In essence, it’s a pretty good idea, and it has been implemented well thanks in part to the big names involved.

It’s worrying that there can be issues if you want to uninstall the management tools. It’s still a big step forward for Android devices, despite restrictions in terms of the hardware that can actually put it to use. Sometimes it’s just easier to leave security concerns to your company, but would they even trust Android in the first place, given their past issues?

If you can get by with what you have already, there’s no real pressing reason to change, but it does offer a good alternative. If you want to find out how to get an alternative number on your Android device, here’s a list with six methods.

If we’ve missed a great feature, or you have questions about AFW, let us know in the comments below, or you can contact us via Facebook or Twitter and we’ll get back to you ASAP.

Featured Image credit

joyofandroid.com

Best practices for Android for Work in the enterprise

Android might have 80% of the global smartphone market, but when it comes to the enterprise, iOS is the clear leader. Companies have been slow to embrace Android due to security concerns, device management problems, and (let's face it) Android not being a status symbol.

Google's new Android for Work finally addresses two of these thee problems with major improvements to business security and management. And newer phones are making Android a compelling option for many corporate users. But be warned; there are still major challenges to using Android in the workplace.

Get ReportForrester's top mobile APM tools and solutions

Why enterprises should support Android

Before we look at that, though, why bother supporting Android? Apple would certainly have you believe that the iPhone is the only phone suitable for the enterprise, but there are good reasons to include Android in your BYOD programs:

  • Price: Android phones range in price from $80 to $800. An $80 phone is obviously unsuitable for many enterprise users, but a $200 Android is a great phone. Compare that to an unlocked iPhone costing more than $700.
  • Global availability: It is easier to buy Android phones in countries like South Korea. Just check out the list of countries that support Google Play services (which is pivotal to Android for Work).
  • Choice: The whole point of BYOD is letting employees choose the phone they use at work!

Price is clearly the dominant reason why companies are looking to use Android. Companies can reduce the investment in mobile hardware by one fourth by simply switching to Android. At these price points, technology is now disposable.

How Android for Work helps enterprises

Android for Work provides a consistent platform for managing, securing, and getting more out of Android devices. Google has built data separation, security controls, and standardized management tools on top of the Android framework so companies can more easily deploy a variety of Android devices knowing their business data is protected. End users also get peace of mind knowing their personal data remains private.

There are several benefits Android for Work provides:

  • Privacy: With BYOD or subsidized devices, employees sometimes are concerned that IT administrators can see what is on their devices. But only apps and data in the work profile on the Android device can be controlled. The IT administrator does not have access to view personal data or apps.
  • Management: Android for Work integrates with leading mobile management solutions such as MobileIron, AirWatch, MaaS360, and Citrix.
  • Pushed apps: Many companies still offer only standard PIM (personal information manager) tools like email and calendar. Android for Work now offers the option to add productivity tools such as Concur, Office 365, and custom apps. The administrator can choose to push specific apps down to the device.

How to set up Android for Work

Setting up Android for Work is different from running iOS in the enterprise. The primary difference is that you must involve Google. You will need the following to set up Android for Work:

  • An enterprise mobility management (EMM) or mobile device management (MDM) solution
  • Android phones that support Android for Work
  • A contact at Google that can verify your business and set up Google Play 4 Business to work with your MDM or EMM provider

Google will work with EMM providers to manage and deploy Android for Work to your company. Businesses can contact their EMM of choice to get the process started. (Google has a handy cheat sheet that steps you through what you need to do to run Android for Work.)

Google created Google Play for Work, which allows businesses to deploy securely any app in the Play catalog or internally developed applications. This is all accomplished through Google's partnership with leading management providers, ISVs, OEMs, and carriers to provide a broad selection of choices for companies that want to get the most out of Android.

Problems we encountered deploying Android for Work

Google is investing heavily in Android for Work, but early adopters should be warned. My team adopted Android for Work because we see significant value in adding Android to our mobile ecosystem, but being an early adopter comes at a price. Here are issues we have managed:

  • EMM support: Leading mobile management services are still adjusting to supporting Google's requirement of connecting with Google Play for Work as the app delivery model. Most of the MDM providers should have adequate support by early 2016.
  • Devices: Each phone manufacturer can deploy its own version of Android. Entry-level devices have the minimum level of support and seldom have any support post-release. The first round of Android 5 devices did not have the correct hardware to fully support the Android for Work profile and could not upgrade to later releases. Below is a current list of supported devices (and there will be a lot more in 2016).
  • Google is still learning: Google's ecosystem is a delicate balance of open source software (Android), Google Services, hardware manufactures, and phone carriers. Have you herded cats? The speed at which issues are eliminated is not fast.

The bottom line is that the current release of Android for Work is still evolving. It can be rolled out successfully if you do your homework. You should be OK if you use MobileIron as your MDM, if you use the phones listed in the next section. and if you ensure that your carrier will support the default phone without modifications. If you want to use different phones, a different EMM, or have specific requirements, then you will want to wait until 2016.

Not all versions of Android 5 and 6 are the same

A word of caution that will affect early adopters of Android for Work: Android 5.0 shipped without clear specifications for the Android for Work hardware requirements. Google addressed this issue with Android 5.1.1. Unlike the iOS ecosystem, which has a small selection of devices, the Android ecosystem spans thousands of devices. Many device manufacturers will ship and forget a device with very little support post launch.

Fortunately, Google is keeping an up-to-date list of devices with full Android for Work support. These currently include:

  • HP Slate Pro 8
  • Motorola Moto E
  • Nexus 5, 6 and 7
  • Samsung Galaxy S6 and S6 Edge

At a price of just $130, the Motorola Moto E is a particularly interesting option. While it is not as fast as an iPhone 6s, it is still a capable phone and a serious option for many use cases.

The cost/benefit analysis will get even better in the near future. Android One devices that range from $60 to $80 will soon support Android for Work.

The big question: How secure is Android for Work?

The media like to write stories that expose weaknesses in Android's security. The issues are, for the most part, related to earlier releases of Android, before 4.0. Google is addressing the issue of security on enterprise Android devices head-on with the following:

  • Device-wide encryption: The first step in activating Android for Work is to encrypt the device. The process is similar to encrypting a PC.
  • Complete isolation of personal and professional data: The biggest strength for Android for Work is separating the data profiles for work and personal content. For instance, content for email is managed through two different profiles that cannot interact.
  • Work profile: The work profile places a badge icon in the top right-hand corner of an app to indicate that it is a company app. The EMM can install, remove, or wipe the data from a badged app but cannot see or interact with any personal app that does not have a badge.

The result is a tight, secure environment that gives enterprises the level of control they need to ensure that company data is ensured.

What is the future for Android in the enterprise?

Andrew Toy, Google's director of product management for Android for Work, sees Android as essential to companies. Toy said, "Android for Work will continue to expand to provide all manner of mobility solutions for businesses on an increasing number of screens. We're looking not only at serving traditional knowledge workers and executives, but we want to transform and improve many more work scenarios with Android. You can see that in the latest release of Android Marshmallow, which expands the capabilities of Android as a single-use or kiosk solution, for example a hotel lobby kiosk, a customized medical device, a menu tablet on restaurant tables, or a dedicated entertainment device for airlines. This is part of Google's larger commitment to provide the most innovative, secure technology for businesses with Google for Work."

The goal of Android for Work is to help companies achieve the same type of transformation and impact that consumers have gotten out of mobile devices. Google believes companies that use mobile to the fullest can be more competitive, innovative, and responsive to their customers. With Android for Work, Google wants to enable businesses to do more with mobility, beyond email and basic productivity. There is a clear desire to push past the idea of "mobile first" into an era where businesses have mobility woven into the fabric of what they do.

Google is also putting its checkbook where its mouth is. Toy stated that thousands of people at Google are now working on future releases of Google for Work. Finally, Google is taking the enterprise seriously.

Get ReportForrester's top mobile APM tools and solutions

techbeacon.com

Android For Work

Earn Unlimited Money From Your Android Mobile | Easy & 100% Genuine Work | work from home (Urdu | HINDI ) To get more online earning method click on our official webisite http://www.dailyknowledgebank.com/ Registered with Refer Code : WZBFJE To get free 500 coins Free gift card Make money o make money from home how to make money from home work at home how to get rich how to make extra money get money money online how to get money get paid how to earn money from home ways to make money from home ways to make extra money make extra money make money online fast how to make money at home online earning how to make money on the internet make money at home ways to earn money earn online best way to make money online easiest way to make money ideas to make money how to earn money at home how to make a lot of money make more money earn, online money, urdu, top ten, job, easy money, earn money from internet, earning app, money online, earning, how to make money, how to,cash, online earn, how to make money online, money make money online,how to make money,how to make money online fast,make money,money,online,make money online fast,how to make money online 2017,how to earn money online,making money online,best way to make money online,earn money from home,how to make money fast,earn money,make,work from home,how to make legit money online,how to make money from home,how to make money on the internet,make money on the internet,how to earn money,how to make passive income online,online paise kamane ke tarike,work from home careers,earning from home,best ways to make money online,easy work from home,work from home jobs,best way of earning money online,how to make money online as a teenager,how to make money online 2018,make money online 2017,top 10 ways to make money,make money without investment,how to start a business,earn money online,how to make money online legit,how,online job,to,how to earn online in urdu,make money online from home,earn money online in india,how to make money on internet,affiliate,2017,earn online,easy money,make money online in hindi,working online from home,how to work from home,how to earn money online in hindi,how to earn money from home,make money on youtube,how to make money online in 2017,earn,how to make legit money online fast,make money with websites,earn money fast,make $100 a day,easy online money urdu,make money,urdu online earning,how to make money online quick,how to make money online quick and easy,how to earn money as a teenager,online jobs,wix websites,online business,urdu,dead beat affiliate,ways to succeed,how not to succeed,how to be successful,why people don't want you to succeed,don't make money online,tips to be successful,affiliate,what to do,create a website,make $1000 a week online,make money online for free,people don't want you to make money online,how to make online money,how to make money online for beginners,how to make money online as kid,how to make money online for free,make money online as a teenager,,how to make money onilne beginners guide,how to make online a beginners guide,make real money online,how to make money online for real,how to make real money online,how i made money online,how to make money online beginners guide,how to be successful in life,easiest ways to make money online,best ways to make mone,why you will never be successful,online business tips,growing a youtube channel,start a youtube channel,how to sell online,how to sell products online,how to make money online working form home,online selling products,how google makes money,way to make money online,make money with google adsense,starting a business,how to make money with google adsense,how to make money online as a teen,how to make money online from home,how you can make money online,how you can make money,dollar money earning,earn lots of dollar in india,how can i make money online,increase youtube earnings,how to make money online today,dr rann money making tips,make online money,make money online hack,how to make money on google,how to make money o,how to make money online without investment,how to make money online in hindi,how to make money online in india,how to make money online,my hindi support,how to earn money online with google,1000 per week online,make money online legit,fast and easy make money online fast,how to make money online fast and easy 2017,earn money online fast,how to make easy money online,make easy money online,fast way to make money online,easy way to make money online fast,easy make money online way,make money with internet,make money online without investment,start online busseness without investment,easy way to earn money online,how to earn 50000 rupees online,how to make money from google,selling on ebay,free paypal cash,online free money,sharecash unlimited money earning trick,7 ways to earn online,earn money with internet,unlimited money earning trick,how to earn money from sharecash,legit money online fast,how to earn money fro
  • published: 29 Jul 2016
  • views: 11867

wn.com

Android 7.0 Behavior Changes | Android Developers

Along with new features and capabilities, Android 7.0 includes a variety of system and API behavior changes. This document highlights some of the key changes that you should understand and account for in your apps.

If you have previously published an app for Android, be aware that your app might be affected by these changes in the platform.

Battery and Memory

Android 7.0 includes system behavior changes aimed at improving the battery life of devices and reducing RAM usage. These changes can affect your app’s access to system resources, along with the way your app interacts with other apps via certain implicit intents.

Doze

Introduced in Android 6.0 (API level 23), Doze improves battery life by deferring CPU and network activities when a user leaves a device unplugged, stationary, and with the screen turned off. Android 7.0 brings further enhancements to Doze by applying a subset of CPU and network restrictions while the device is unplugged with the screen turned off, but not necessarily stationary, for example, when a handset is traveling in a user’s pocket.

Figure 1. Illustration of how Doze applies a first level of system activity restrictions to improve battery life.

When a device is on battery power, and the screen has been off for a certain time, the device enters Doze and applies the first subset of restrictions: It shuts off app network access, and defers jobs and syncs. If the device is stationary for a certain time after entering Doze, the system applies the rest of the Doze restrictions to PowerManager.WakeLock, AlarmManager alarms, GPS, and Wi-Fi scans. Regardless of whether some or all Doze restrictions are being applied, the system wakes the device for brief maintenance windows, during which applications are allowed network access and can execute any deferred jobs/syncs.

Figure 2. Illustration of how Doze applies a second level of system activity restrictions after the device is stationary for a certain time.

Note that activating the screen on or plugging in the device exits Doze and removes these processing restrictions. The additional behavior does not affect recommendations and best practices in adapting your app to the prior version of Doze introduced in Android 6.0 (API level 23), as discussed in Optimizing for Doze and App Standby. You should still follow those recommendations, such as using Google Cloud Messaging (GCM) to send and receive messages, and start planning updates to accommodate the additional Doze behavior.

Project Svelte: Background Optimizations

Android 7.0 removes three implicit broadcasts in order to help optimize both memory use and power consumption. This change is necessary because implicit broadcasts frequently start apps that have registered to listen for them in the background. Removing these broadcasts can substantially benefit device performance and user experience.

Mobile devices experience frequent connectivity changes, such as when moving between Wi-Fi and mobile data. Currently, apps can monitor for changes in connectivity by registering a receiver for the implicit CONNECTIVITY_ACTION broadcast in their manifest. Since many apps register to receive this broadcast, a single network switch can cause them all to wake up and process the broadcast at once.

Similarly, in previous versions of Android, apps could register to receive implicit ACTION_NEW_PICTURE and ACTION_NEW_VIDEO broadcasts from other apps, such as Camera. When a user takes a picture with the Camera app, these apps wake up to process the broadcast.

To alleviate these issues, Android 7.0 applies the following optimizations:

If your app uses any of these intents, you should remove dependencies on them as soon as possible so that you can target Android 7.0 devices properly. The Android framework provides several solutions to mitigate the need for these implicit broadcasts. For example, the JobScheduler API provides a robust mechanism to schedule network operations when specified conditions, such as connection to an unmetered network, are met. You can even use JobScheduler to react to changes to content providers.

For more information about background optimizations in Android 7.0 (API level 24) and how to adapt your app, see Background Optimizations.

Permissions Changes

Android 7.0 includes changes to permissions that may affect your app.

File system permission changes

In order to improve the security of private files, the private directory of apps targeting Android 7.0 or higher has restricted access (0700). This setting prevents leakage of metadata of private files, such as their size or existence. This permission change has multiple side effects:

Sharing Files Between Apps

For apps targeting Android 7.0, the Android framework enforces the StrictMode API policy that prohibits exposing file:// URIs outside your app. If an intent containing a file URI leaves your app, the app fails with a FileUriExposedException exception.

To share files between applications, you should send a content:// URI and grant a temporary access permission on the URI. The easiest way to grant this permission is by using the FileProvider class. For more information on permissions and sharing files, see Sharing Files.

Accessibility Improvements

Android 7.0 includes changes intended to improve the usability of the platform for users with low or impaired vision. These changes should generally not require code changes in your app, however you should review these feature and test them with your app to assess potential impacts to user experience.

Screen Zoom

Android 7.0 enables users to set Display size which magnifies or shrinks all elements on the screen, thereby improving device accessibility for users with low vision. Users cannot zoom the screen past a minimum screen width of sw320dp, which is the width of a Nexus 4, a common medium-sized phone.

Figure 3. The screen on the right shows the effect of increasing the Display size of a device running an Android 7.0 system image.

When the device density changes, the system notifies running apps in the following ways:

  • If an app targets API level 23 or lower, the system automatically kills all its background processes. This means that if a user switches away from such an app to open the Settings screen and changes the Display size setting, the system kills the app in the same manner that it would in a low-memory situation. If the app has any foreground processes, the system notifies those processes of the configuration change as described in Handling Runtime Changes, just as if the device's orientation had changed.
  • If an app targets Android 7.0, all of its processes (foreground and background) are notified of the configuration change as described in Handling Runtime Changes.

Most apps do not need to make any changes to support this feature, provided the apps follow Android best practices. Specific things to check for:

  • Test your app on a device with screen width sw320dp and be sure it performs adequately.
  • When the device configuration changes, update any density-dependent cached information, such as cached bitmaps or resources loaded from the network. Check for configuration changes when the app resumes from the paused state.

    Note: If you cache configuration-dependent data, it's a good idea to include relevant metadata such as the appropriate screen size or pixel density for that data. Saving this metadata allows you to decide whether you need to refresh the cached data after a configuration change.

  • Avoid specifying dimensions with px units, since they do not scale with screen density. Instead, specify dimensions with density-independent pixel (dp) units.

Vision Settings in Setup Wizard

Android 7.0 includes Vision Settings on the Welcome screen, where users can set up the following accessibility settings on a new device: Magnification gesture, Font size, Display size and TalkBack. This change increases the visibility of bugs related to different screen settings. To assess the impact of this feature, you should test your apps with these settings enabled. You can find the settings under Settings > Accessibility.

NDK Apps Linking to Platform Libraries

Starting in Android 7.0, the system prevents apps from dynamically linking against non-NDK libraries, which may cause your app to crash. This change in behavior aims to create a consistent app experience across platform updates and different devices. Even though your code might not be linking against private libraries, it's possible that a third-party static library in your app could be doing so. Therefore, all developers should check to make sure that their apps do not crash on devices running Android 7.0. If your app uses native code, you should only be using public NDK APIs.

There are three ways your app might be trying to access private platform APIs:

  • Your app directly accesses private platform libraries. You should update your app to include its own copy of those libraries or use the public NDK APIs.
  • Your app uses a third-party library that accesses private platform libraries. Even if you are certain your app doesn't access private libraries directly, you should still test your app for this scenario.
  • Your app references a library that is not included in its APK. For example, this could happen if you tried to use your own copy of OpenSSL but forgot to bundle it with your app's APK. The app may run normally on versions of Android platform that includes libcrypto.so. However, the app could crash on later versions of Android that do not include this library (such as, Android 6.0 and later). To fix this, ensure that you bundle all your non-NDK libraries with your APK.

Apps should not use native libraries that are not included in the NDK because they may change or be removed between different versions of Android. The switch from OpenSSL to BoringSSL is an example of such a change. Also, because there are no compatibility requirements for platform libraries not included in the NDK, different devices may offer different levels of compatibility.

In order to reduce the impact that this restriction may have on currently released apps, a set of libraries that see significant use—such as libandroid_runtime.so, libcutils.so, libcrypto.so, and libssl.so—are temporarily accessible on Android 7.0 (API level 24) for apps targeting API level 23 or lower. If your app loads one of these libraries, logcat generates a warning and a toast appears on the target device to notify you. If you see these warnings, you should update your app to either include its own copy of those libraries or only use the public NDK APIs. Future releases of the Android platform may restrict the use of private libraries altogether and cause your app to crash.

All apps generate a runtime error when they call an API that is neither public nor temporarily accessible. The result is that System.loadLibrary and dlopen(3) both return NULL, and may cause your app to crash. You should review your app code to remove use of private platform APIs and thoroughly test your apps using a device or emulator running Android 7.0 (API level 24). If you are unsure whether your app uses private libraries, you can check logcat to identify the runtime error.

The following table describes the behavior you should expect to see from an app depending on its use of private native libraries and its target API level (android:targetSdkVersion).

Libraries Target API level Runtime access via dynamic linker Android 7.0 (API level 24) behavior Future Android platform behavior
NDK Public Any Accessible Works as expected Works as expected
Private (temporarily accessible private libraries) 23 or lower Temporarily accessible Works as expected, but you receive a logcat warning. Runtime error
Private (temporarily accessible private libraries) 24 or higher Restricted Runtime error Runtime error
Private (other) Any Restricted Runtime error Runtime error

Check if your app uses private libraries

To help you identify issues loading private libraries, logcat may generate a warning or runtime error. For example, if your app targets API level 23 or lower, and tries to access a private library on a device running Android 7.0, you may see a warning similar to the following:

03-21 17:07:51.502 31234 31234 W linker : library "libandroid_runtime.so" ("/system/lib/libandroid_runtime.so") needed or dlopened by "/data/app/com.popular-app.android-2/lib/arm/libapplib.so" is not accessible for the namespace "classloader-namespace" - the access is temporarily granted as a workaround for http://b/26394120

These logcat warnings tell you which which library is trying to access a private platform API, but will not cause your app to crash. If the app targets API level 24 or higher, however, logcat generates the following runtime error and your app may crash:

java.lang.UnsatisfiedLinkError: dlopen failed: library "libcutils.so" ("/system/lib/libcutils.so") needed or dlopened by "/system/lib/libnativeloader.so" is not accessible for the namespace "classloader-namespace" at java.lang.Runtime.loadLibrary0(Runtime.java:977) at java.lang.System.loadLibrary(System.java:1602)

You may also see these logcat outputs if your app uses third-party libraries that dynamically link to private platform APIs. The readelf tool in the Android 7.0DK allows you to generate a list of all dynamically linked shared libraries of a given .so file by running the following command:

aarch64-linux-android-readelf -dW libMyLibrary.so

Update your app

Here are some steps you can take to fix these types of errors and make sure your app doesn't crash on future platform updates:

  • If your app uses private platform libraries, you should update it to include its own copy of those libraries or use the public NDK APIs.
  • If your app uses a third-party library that accesses private symbols, contact the library author to update the library.
  • Make sure you package all your non-NDK libraries with your APK.
  • Use standard JNI functions instead of getJavaVM and getJNIEnv from libandroid_runtime.so: AndroidRuntime::getJavaVM -> GetJavaVM from <jni.h> AndroidRuntime::getJNIEnv -> JavaVM::GetEnv or JavaVM::AttachCurrentThread from <jni.h>.
  • Use __system_property_get instead of the private property_get symbol from libcutils.so. To do this, use __system_property_get with the following include: #include <sys/system_properties.h>

    Note: The availability and contents of system properties is not tested through CTS. A better fix would be to avoid using these properties altogether.

  • Use a local version of the SSL_ctrl symbol from libcrypto.so. For example, you should statically link libcyrpto.a in your .so file, or include a dynamically linked version of libcrypto.so from BoringSSL/OpenSSL and package it in your APK.

Android for Work

Android 7.0 contains changes for apps that target Android for Work, including changes to certificate installation, password resetting, secondary user management, and access to device identifiers. If you are building apps for Android for Work environments, you should review these changes and modify your app accordingly.

  • You must install a delegated certificate installer before the DPC can set it. For both profile and device-owner apps targeting Android 7.0 (API level 24), you should install the delegated certificate installer before the device policy controller (DPC) calls DevicePolicyManager.setCertInstallerPackage(). If the installer is not already installed, the system throws an IllegalArgumentException.
  • Reset password restrictions for device admins now apply to profile owners. Device admins can no longer use DevicePolicyManager.resetPassword() to clear passwords or change ones that are already set. Device admins can still set a password, but only when the device has no password, PIN, or pattern.
  • Device and profile owners can manage accounts even if restrictions are set. Device owners and profile owners can call the Account Management APIs even if DISALLOW_MODIFY_ACCOUNTS user restrictions are in place.
  • Device owners can manage secondary users more easily. When a device is running in device owner mode, the DISALLOW_ADD_USER restriction is automatically set. This prevents users from creating unmanaged secondary users. In addition, the CreateUser() and createAndInitializeUser() methods are deprecated; the new DevicePolicyManager.createAndManageUser() method replaces them.
  • Device owners can access device identifiers. A Device owner can access the Wi-Fi MAC address of a device, using DevicePolicyManager.getWifiMacAddress(). If Wi-Fi has never been enabled on the device, this method returns a value of null.
  • The Work Mode setting controls access to work apps. When work mode is off the system launcher indicates work apps are unavailable by greying them out. Enabling work mode again restores normal behavior.
  • When installing a PKCS #12 file containing a client certificate chain and the corresponding private key from Settings UI, the CA certificate in the chain is no longer installed to the trusted credentials storage. This does not affect the result of KeyChain.getCertificateChain() when apps attempt to retrieve the client certificate chain later. If required, the CA certificate should be installed to the trusted credentials storage via Settings UI separately, with a DER-encoded format under a .crt or .cer file extension.
  • Starting in Android 7.0, fingerprint enrollment and storage are managed per user. If a profile owner’s Device Policy Client (DPC) targets API level 23 (or lower) on a device running Android 7.0 (API level 24), the user is still able to set fingerprint on the device, but work applications cannot access device fingerprint. When the DPC targets API level 24 and above, the user can set fingerprint specifically for work profile by going to Settings > Security > Work profile security.
  • A new encryption status ENCRYPTION_STATUS_ACTIVE_PER_USER is returned by DevicePolicyManager.getStorageEncryptionStatus(), to indicate that encryption is active and the encryption key is tied to the user. The new status is only returned if DPC targets API Level 24 and above. For apps targeting earlier API levels, ENCRYPTION_STATUS_ACTIVE is returned, even if the encryption key is specific to the user or profile.
  • In Android 7.0, several methods that would ordinarily affect the entire device behave differently if the device has a work profile installed with a separate work challenge. Rather than affecting the entire device, these methods apply only to the work profile. (The complete list of such methods is in the DevicePolicyManager.getParentProfileInstance() documentation.) For example, DevicePolicyManager.lockNow() locks just the work profile, instead of locking the entire device. For each of these methods, you can get the old behavior by calling the method on the parent instance of the DevicePolicyManager; you can get this parent by calling DevicePolicyManager.getParentProfileInstance(). So for example, if you call the parent instance's lockNow() method, the entire device is locked.

For more information about changes to Android for Work in Android 7.0, see Android for Work Updates.

Annotations Retention

Android 7.0 fixes a bug where the visibility of annotations was being ignored. This issue enabled the runtime to access annotations that it should not have been able to. These annotations included:

  • VISIBILITY_BUILD: Intended to be visible only at build time.
  • VISIBILITY_SYSTEM: Intended to be visible at runtime, but only to the underlying system.

If your app has relied on this behavior, please add a retention policy to annotations that must be available at runtime. You do so by using @Retention(RetentionPolicy.RUNTIME).

TLS/SSL Default Configuration Changes

Android 7.0 makes the following changes to the default TLS/SSL configuration used by apps for HTTPS and other TLS/SSL traffic:

  • RC4 cipher suites are now disabled.
  • CHACHA20-POLY1305 cipher suites are now enabled.

RC4 being disabled by default may lead to breakages in HTTPS or TLS/SSL connectivity when the server does not negotiate modern cipher suites. The preferred fix is to improve the server’s configuration to enable stronger and more modern cipher suites and protocols. Ideally, TLSv1.2 and AES-GCM should be enabled, and Forward Secrecy cipher suites (ECDHE) should be enabled and preferred.

An alternative is to modify the app to use a custom SSLSocketFactory to communicate with the server. The factory should be designed to create SSLSocket instances that have some of the cipher suites required by the server enabled in addition to default cipher suites.

Note: These changes do not pertain to WebView.

Other Important Points

  • When an app is running on Android 7.0, but targets a lower API level, and the user changes display size, the app process is killed. The app must be able to gracefully handle this scenario. Otherwise, it crashes when the user restores it from Recents.

    You should test your app to ensure that this behavior does not occur. You can do so by causing an identical crash when killing the app manually via DDMS.

    Apps targeting Android 7.0 (API level 24) and above are not automatically killed on density changes; however, they may still respond poorly to configuration changes.

  • Apps on Android 7.0 should be able to gracefully handle configuration changes, and should not crash on subsequent starts. You can verify app behavior by changing font size (Setting > Display > Font size), and then restoring the app from Recents.
  • Due to a bug in previous versions of Android, the system did not flag writing to a TCP socket on the main thread as a strict-mode violation. Android 7.0 fixes this bug. Apps that exhibit this behavior now throw an android.os.NetworkOnMainThreadException. Generally, performing network operations on the main thread is a bad idea because these operations usually have a high latency that causes ANRs and jank.
  • The Debug.startMethodTracing() family of methods now defaults to storing output in your package-specific directory on shared storage, instead of at the top level of the SD card. This means apps no longer need to request the WRITE_EXTERNAL_STORAGE permission to use these APIs.
  • Many platform APIs have now started checking for large payloads being sent across Binder transactions, and the system now rethrows TransactionTooLargeExceptions as RuntimeExceptions, instead of silently logging or suppressing them. One common example is storing too much data in Activity.onSaveInstanceState(), which causes ActivityThread.StopInfo to throw a RuntimeException when your app targets Android 7.0.
  • If an app posts Runnable tasks to a View, and the View is not attached to a window, the system queues the Runnable task with the View; the Runnable task does not execute until the View is attached to a window. This behavior fixes the following bugs:
    • If an app posted to a View from a thread other than the intended window’s UI thread, the Runnable may run on the wrong thread as a result.
    • If the Runnable task was posted from a thread other than a looper thread, the app could expose the Runnable task.
  • If an app on Android 7.0 with DELETE_PACKAGES permission tries to delete a package, but a different app had installed that package, the system requires user confirmation. In this scenario, apps should expect STATUS_PENDING_USER_ACTION as the return status when they invoke PackageInstaller.uninstall().
  • The JCA provider called Crypto is deprecated, because its only algorithm, SHA1PRNG, is cryptographically weak. Apps can no longer use SHA1PRNG to (insecurely) derive keys, because this provider is no longer available. For more information, see the blog post Security "Crypto" provider deprecated in Android N.

developer.android.com


Смотрите также