LightBlog

jeudi 27 octobre 2016

Google Announces New Tools for Creating Material Design Apps

In a new article this week, Google tells us that design is never done, because it's the art of continuous problem solving. Even if you optimize a user interface element for today's world, something will change that will require you to go back and work on it at a later date. To support this, Google has just announced some new tools for designers who want to collaborate with other's who practice the Material Design philosophy.

The first new tool that Google tells us about is called Gallery, and it works similar to how GitHub is currently set up, but specifically for designers. So those who are creating Material Design interfaces for applications can upload their designs, share a design that's currently on the website, and comment on them as well. The system is said to have version control as well so that you can upload new versions of the project you're currently working on.

The next Material Design tool that Google announced this week is called Stage. The goal of this tool is to help designers speed up the prototyping process. With Stage, application developers can test various elements of their project. This will also give developers a way to demonstrate how movement and animations work in applications much earlier. The quicker you can get a demo out to show your vision, the easier it is to communicate the idea to your team.

Last up, we have a new Material Design tool that Google is calling Remixer. This tool also helps with the prototyping process, but this one will actually get you a demo in your hand that you can interact with directly. Remixer will allow you to demonstrate the design of your application and even make changes to the app right on the smartphone/tablet, or even on a website.

Learn more about these new collaborative tools, and other Material Design articles on Google's Material.io website.

Source: Google Design



from xda-developers http://ift.tt/2e0sLuG
via IFTTT

mercredi 26 octobre 2016

Google Confirms Fix for Huawei Phone/Android Auto Incompatibility is on the Way

Android Auto has remained one of Google's more low-key products these past two years since its initial announcement in 2014, but the project has slowly been expanding each year. During this year's Google I/O, the company announced that it would be working with Qualcomm to deliver a customized Snapdragon SoC aimed at car kits as well as allowing car manufacturers the ability to customize the user interface and even develop their own apps. (By the way, we're still waiting on that promised standalone Android Auto app for smartphones, Google!)

For now it seems that the only way to truly experience Android Auto is if you have one of the vehicles listed on the Android Auto website. But even then, it seems that some users are having issues connecting their Huawei device to their Android Auto-enabled vehicle. The issue, as reported multiple times on our forums, seems to be affecting the Huawei P9, P9 Lite, and P9 Plus. The apparent "incompatibility" bug could be affecting other Huawei devices, but we haven't seen reports from users on other Huawei devices as of yet. Fortunately, we now have confirmation that Google is aware of the issue and that they are working with Huawei to deliver a fix.

In the recently launched "Android Auto User Community" Google Group, one of the Android Auto Community Managers states that they've discovered an issue with some Huawei devices that marks them incompatible with Android Auto. How or why this issue occurs is not mentioned in any sort of detail, but at least they've acknowledged the issue and have promised to resolve it as soon as possible. If you've ever used Android Auto before, let us know your experience below!



from xda-developers http://ift.tt/2eI0Eiq
via IFTTT

Google Allo Updated to 2.0 With Split-Screen and Quick Reply Support

Google Allo did not quite have the start that Google had hoped for the app. In the saturated market of Instant Messaging platforms, Allo has offered very little to the average consumer that could keep the user, and his contact circles, hooked. Decouple the Assistant from Allo, and you're left with an IM app bereft of key messaging features found on other popular platforms such as Whatsapp.

Nevertheless, Google still has hope for Allo. The company has just pushed a new update to Allo which bumps up its version by a full number. Allo's Play Store listing does not yet display the change-log as the app is still rolling out, but the Google Nexus Twitter account has announced that the latest update brings Nougat split-screen support and quick-reply from notifications. However, a couple of community members have posted an unofficial change-log Allo 2.0's APKMirror page, which we've reproduced below.


What's new in Allo 2.0?

Allo 2.0 adds the following changes, in addition to presumed bug fixes and performance enhancements:

  • Support for toggling chats to monochrome
  • Direct Voice Recognition in Assistant
  • Splash Screen
  • Quick Reply Support
  • Split-screen Support
  • GIF Support in keyboard for 7.1+
  • App Shortcuts for 7.1+
  • Direct share
Monochrome Toggle Normal Chat Monochrome Chat

While the update might not seem significant enough for a full version number jump, the update does add a few useful features to the app. The addition of quick reply and split-screen support was necessary to take proper advantage of Android 7.0 Nougat's feature set. With the Pixel devices shipping with Allo pre-installed, it was important for Google to provide the same set of features and experiences that we've grown accustomed to from other apps on Nougat. The splash screen might seem like a trivial addition, but it does give users on older devices with longer loading times something pleasant to look at instead of just a blank screen while the app is loading.

You can download Allo 2.0 from the Google Play Store, however, the new update may take some time to roll out to all users. Alternatively, you can also download the update from APKMirror.

Have you tried out the new update? Let us know in the comments below!


Source: Twitter: Google Nexus



from xda-developers http://ift.tt/2eHc8CD
via IFTTT

Google Pixel XL costs $285.75 to Manufacture – in line with Rival Smartphones

When Google finally unveiled the Pixel and Pixel XL on October 4th, many people were put off by the price tag of the two phones. While Google is no stranger to sticking a premium price tag on their products, many users hoped that the two Pixel phones would continue bucking the trend of expensive off-contract prices. Alas, this was not the case, but at least most users appear to be very satisfied with their purchase judging by early user reviews of the devices on our forums. Although many technology journalists have drawn similarities between the Pixel and iPhone in terms of price, just how true is this similarity? According to an IHS Markit teardown of the device, it appears that the cost to manufacture the Pixel XL is $285.75. At an unsubsidized price of $769 before taxes, this means that the cost-to-sales price ratio for the Pixel XL is similar to the iPhone 7 Plus and Samsung Galaxy S7 Edge.

google_pixel_xl_chart_exploded_version_two_revised


Pixel XL Price Teardown

In its press release, IHS Markit detailed how it determined the cost to manufacture the Pixel XL. The company deconstructed the Pixel XL to its base parts and then determined the approximate price point of each component, while adjusting for bulk purchasing costs. After assessing the cost of each component, IHS Markit determined that the bill of materials for the base Pixel XL model with 32GB of internal storage costs $278. Add to that a $7.75 cost to manufacture the phone in an HTC factory, and you get the $285.75 price figure.

googlepixelteardown

The company directly compares the manufacturing cost and design decisions of the Pixel XL to that of the iPhone and Samsung Galaxy S7 series, stating that the "total BOM costs for the Google Pixel XL are, not surprisingly, in line with those of other competitors, because the supply base and specs are very similar from phone to phone—whether it's an iPhone, a Galaxy-series phone or the Google Pixel XL" – Andrew Rassweiler, senior director of cost benchmarking services for IHS Markit. While Samsung is facing a tumultuous time with its Note 7 disaster, Google's Pixel XL arrives at the perfect time to challenge Samsung's dominance in the high-end Android smartphone market. It's clear that the Pixel XL was designed to compete with the upper echelon of premium flagship phones, and IHS Markit's price teardown only solidifies that point.


Source: IHS Markit



from xda-developers http://ift.tt/2eH4Kac
via IFTTT

Android Wear 2.0 will Require Installing Apps from new Wear-based Play Store

Ian Lake is an Android Developer Advocate who has been responding to some Android Wear 2.0 questions over in the Android Wear Developers Google+ community. In one particular Google+ thread, a user inquired about the current distribution numbers for the various Android Wear platform versions. For now, Mr. Lake says that all watches are capable of running the latest version of Android Wear, so developers targeting minSdkVersion 23 in their app's manifests is fine. But then things started to get interesting as the discussion pivoted towards the upcoming Android Wear 2.0 update.

A developer asks if Android Wear 2.0 devices will support embedded APKs rather than the current method which requires installing the main application on the linked smartphone and beaming the Wear component to the smartwatch. In response to this question, Mr. Lake reveals an interesting change to Android Wear 2.0: with the upcoming wearable update, all users will need to visit the Play Store from their smartwatch in order to install an application on it. With the new update, users will no longer automatically load their smartwatch with apps from their smartphone, and will instead need to interact with their smartwatch to install new apps. In preparation for this change, Android Wear 2.0 applications will be allowed full network access and can be installed completely separately from the smartphone app.

Mr. Lake continues and tells us that Google is expanding the PlayStoreAvailability APIs for the developers who have apps that still utilize the companion app model, but he reminds developers that users will be able to download their apps independent of what's on the user's smartphone. The Play Store application for Android Wear 2.0 will show apps that you have currently installed on your phone at the top of the list for convenience, but the user will have the ability to choose whether or not they want to install it to their smartwatch.

This move is a significant departure from the original Android Wear user experience. Mr. Lake states that internal user studies show that users are not happy with the way the platform currently automatically installed apps to the smartwatch without the user's permission. This route should simplify things when the smartphone and smartwatch application are not required to be linked together. So for the Android Wear developers out there, be sure you're ready to provide support for Android Wear 2.0 as there are many changes included in the next big update for the wearable platform.

Source: Android Wear Developers

Via: 9to5Google



from xda-developers http://ift.tt/2ebv0Jp
via IFTTT

XDA Forums Live for the Xiaomi Mi Note 2 and Xiaomi Mi MIX

Xiaomi's latest flagship, the Mi Note 2, and its "concept" phone, the Mi MIX are the latest devices that can call XDA their home! Head on over to the forums to interact with other users!



from xda-developers http://ift.tt/2dXgjMa
via IFTTT

9 Year Old Linux Kernel bug dubbed ‘Dirty Cow’ can Root every version of Android

Despite the fact that tens of thousands of users actively pore over the Linux kernel source code actively looking for security flaws, it's not unheard of for serious bugs to go unnoticed. After all, though the chances of missing something incredibly serious are lowered by having more eyes auditing the code, we're all still human and are bound to make a mistake. The mistake this time seems to be quite serious, unfortunately. A privilege-escalation exploit was recently discovered last week, and although it has already been patched in the mainline Linux kernel, the bug could potentially be exploited on nearly every Android phone on the market until each device receives the appropriate kernel patch.


Enter Dirty Cow

screenshot-dirtycow-ninja-2016-10-26-11-23-31

The privilege-escalation bug is known colloquially as the Dirty Cow exploit, though it is cataloged in the Linux kernel's bug tracker system as CVE-2016-5195. Though only discovered last week, the bug has existed within the Linux kernel's code for 9 years. Furthermore, the exploitable code is found in a section of the Linux kernel that is shipped on virtually every modern operating system built on top of the Linux kernel – that includes Android, by the way. What's worse is that the researchers who uncovered the exploit have found evidence that the exploit is being used maliciously in the real-world, so they are advising any and all vendors shipping software built on the Linux kernel to immediately patch the exploit.

Dirty Cow is itself not an exploit, but rather a vulnerability. However, this vulnerability allows for escalating the privilege of a user space process, granting it super user privileges. By exploiting this vulnerability, a malicious user space process can have unfettered root access on a victim's device. In more technical terms, the bug involves a race condition of the Linux memory duplication technique known as copy on write. By exploiting this race condition, users can gain write-access to memory mappings that are normally set to read-only. More details of the vulnerability can be gleaned from here, here, and here.

The security vulnerability is said to be rather trivial to exploit, and indeed within mere days of the vulnerability being made public a proof-of-concept privilege-escalation exploit has been demonstrated for all Android devices. Any Android device running a Linux kernel version greater than 2.6.22 (read: every single Android distribution in existence) can potentially fall victim to this proof-of-concept exploit. Though the proof-of-concept exploit does not actually attain root access, attacking the system using this vulnerability makes that quite simple. In an e-mail sent to ArsTechnica, Phil Oester, a Linux kernel developer who is cataloging known real-world exploits of Dirty Cow on his website had this to say about the bug:

Any user can become root in < 5 seconds in my testing, very reliably. Scary stuff.

The vulnerability is easiest exploited with local access to a system such as shell accounts. Less trivially, any web server/application vulnerability which allows the attacker to upload a file to the impacted system and execute it also works.

The particular exploit which was uploaded to my system was compiled with GCC 4.8.5 released 20150623, though this should not imply that the vulnerability was not available earlier than that date given its longevity. As to who is being targeted, anyone running Linux on a web facing server is vulnerable.

For the past few years, I have been capturing all inbound traffic to my webservers for forensic analysis. This practice has proved invaluable on numerous occasions, and I would recommend it to all admins. In this case, I was able to extract the uploaded binary from those captures to analyze its behavior, and escalate to the appropriate Linux kernel maintainers.

After further work by developers on demonstrating the effectiveness of exploiting Dirty Cow on Android, one developer was able to successfully root his HTC device within seconds by exploiting the vulnerability. We at XDA generally welcome the ability for users to acquire root access, but we do not celebrate the existence of root exploits such as this, especially one which is so widespread and potentially incredibly dangerous to end users. To give you an idea of how dangerous Dirty Cow can be in the wild, YouTuber Computerphile put together a quick video demonstrating the potential malicious attack vectors that hackers can use to quietly attain root access on your device.


Source: ArsTechnica [1]

Source: ArsTechnica [2]



from xda-developers http://ift.tt/2dKT7xv
via IFTTT