Google releases second Android 14 developer preview

selective focus photography of person holding turned on smartphone

From Dave Burke, over on the Android Developers blog announcing the second Android 14 developer preview:

Today, we’re releasing the second Developer Preview of Android 14, building on the work of the first developer preview of Android 14 from last month with additional enhancements to privacy, security, performance, developer productivity, and user customization while continuing to refine the large-screen device experience on tablets, foldables, and more.

Android delivers enhancements and new features year-round, and your feedback on the Android 14 developer preview and Quarterly Platform Release (QPR) beta program plays a key role in helping Android continuously improve. The Android 14 developer site has lots more information about the preview, including downloads for Pixel and the release timeline. We’re looking forward to hearing what you think, and thank you in advance for your continued help in making Android a platform that works for everyone.

The second developer preview of Android 14 brings a number of changes from the first preview, including a new permission dialog when an app tries to access a user’s photo library, improvements in the UI and API interface for the new credentials manager, optimisations to Android’s memory management system when an app is running in the background:

Several seconds after an app goes into the cached state, background work is disallowed outside of conventional Android app lifecycle APIs such as foreground services, JobScheduler, or WorkManager. Background work is disallowed an order of magnitude faster than on Android 13.

There are also a number of changes to the APIs the alternate app marketplaces can use, as well as new Android settings menus for regional settings.

As noted on Twitter, Google also released a swathe of library updates including Lifecycle 2.6.0, RecyclerView 1.3.0 and a number of release candidates for other libraries.

Google continues to target platform stability for June, and is likely to announce more consumer-oriented changes in Android in May at Google I/O. For now the beta program remains unavailable, so the only way to install Android 14 is to flash it onto selected devices. Google warns that this preview build is not ready for daily use yet.

First Android 14 developer preview released

selective focus photography of person holding turned on smartphone

Google has today rolled out the first Android 14 developer preview, making it available for download immediately.

In a similar fashion to the path taken with Android 13, Android 14 will go through a series of developer previews before reaching beta in April, platform stability in early June and reaching production-ready status sometime in late July or early August.

While Google is no doubt keeping some features up its sleeve for Google I/O or announcement later this year, for developers there’s a number of important changes that you need to be aware of. They include:

  • Changes to the declaration of services, including limiting the types of services that can be permitted
  • Context-registered broadcasts have some minor changes when an app is cached
  • A new SCHEDULE_EXACT_ALARM permission for setting exact alarms
  • Requirement to declare if receivers are exported or unexported
  • Changes for apps using dynamic code loading
  • Apps with a targetSdkVersion lower than 23 can no longer be installed to protect against malware
  • Credential manager and passkeys support
  • OpenJDK 17 support

In addition, users will be able to increase their font size up to 200%. Currently Pixel devices allow customers to enlarge their fonts by 130% – so developers will want to test to ensure screens are still functional at the larger font size.

“Android 14 continues our work to improve your productivity as developers, along with enhancements to performance, privacy, security, and user customization,” Dave Burke, VP of Engineering wrote. “This preview is just the beginning, and we’ll have lots more to share as we move through the release cycle.”

The Android 14 SDK can now be installed in preview builds of Android Studio Giraffe. You can also flash Pixel devices with Android 14, but keep in mind you may need to use developer support images to downgrade.

Google announces Play Console tweaks to make it easier to send changes for review

black android smartphone

Google is today announcing an upcoming change for the Play Console that’s designed to make it easier to know what modifications need to be reviewed when publishing.

From the Android Developer blog:

One challenge you’ve shared with us is a lack of predictability and control over the app review process. Previously, it was hard to predict which changes would be sent to Google for review, and which changes would be published immediately. There was also no way to send multiple changes for review together, for example, if you wanted to update your app at the same time as one of your store listing screenshots.

As a result of your feedback, we’re making some changes to give you more flexibility and control over the app review process.

When publishing app changes today, it’s often difficult to know what changes need to be reviewed by Google’s Play team and which ones can be published immediately.

It’s also not possible to update screenshots and an app update together at present. But Google plans to address this soon with a new update to the Play Console.

Firstly, all app metadata including screenshots, Store listing and Data safety form information will show in the publishing overview if you have managed publishing turned on (it’s off by default). This allows you to publish the changes only when you need to – they will no longer publish immediately when you click save.

In addition, you’ll also soon be able to remove items that have already been sent for review or that are ready for publishing. Once removed, they’ll be moved back to a new “Changes ready to send for review” section on the publishing overview screen.

Android Studio Electric Eel released

Android Developers Blog:

Today, we are ⚡️electrified⚡️ to announce the latest stable release of the official IDE for building Android applications: Android Studio Electric Eel (2022.1.1)!

This release includes updates and new features that cover across design, build & dependencies, emulators & devices, and IntelliJ.

Design

  • Compose Preview updates automatically
  • Compose Preview device spec
  • Layout Inspector recomposition rendering highlights
  • Visual Linting
  • Universal Problems panel

Build & dependencies

  • Improved Sync performance with parallel project imports
  • Download impact in Build Analyzer
  • Upgrade Assistant post-upgrade report and rollback support
  • SDK Index integration
  • Baseline Profile fix for App Bundles

Emulators & devices

  • New “Desktop” category & Desktop AVD
  • Resizable Emulator (Experimental)
  • Physical Devices Mirroring (Experimental, Opt-in)

IntelliJ

  • IntelliJ Platform 2022.1 Update

It’s a new year, and now a new stable version of Android Studio. First announced in May last year at Google I/O 2022, Electric Eel brings a number of highly-anticipated changes for Android Developers working with Jetpack Compose such as automatic updates, and the new Layout Inspector that helps show where recompositions are being triggered. It has been in preview since I/O.

This will help developers – especially those learning Compose who might not yet understand its intricacies – when investigating problems related to excessive or unexpected recompositions occurring.

Google’s announcement today follows Apple’s own rollout of its next round of software betas for its products earlier in the week as teams come back from end of year holidays.

Android to get official RISC-V support

Ars Technica:

 Lars Bergstrom, Android’s director of engineering, wants RISC-V to be seen as a “tier-1 platform” in Android, which would put it on par with Arm. That’s a big change from just six months ago. Bergstrom says getting optimized Android builds on RISC-V will take “a lot of work” and outlined a roadmap that will take “a few years” to come to fruition, but AOSP started to land official RISC-V patches back in September.

As Ars mentions, this is a significant turn of events from Google who in mid-2022 at Google I/O were remaining coy about their interest in RISC-V. At present, Google has the build system for RISC-V up and running with initial emulator support expected in early 2023.

While support for RISC-V is very much still in its infancy, having it as a tier-1 supported platform for Android means manufacturers will eventually have a strong competitor to ARM. RISC-V is defining open standards and specifications, making it less likely that commercial or political interests will cause issues.

Facebook Android app to drop system web view

Engineering at Meta:

Over the past few years, we’ve observed that many Android users are updating their Facebook app but not updating their Chrome and WebView apps, which may result in security risks and a negative user experience.

For example, people with outdated versions of the Chrome and WebView apps may be more susceptible to zero day exploits and other security holes that might have been fixed in newer versions of Chromium. In addition, we also observed that, due to the way Android loads the System WebView, when users were updating the System WebView app, they were experiencing a Facebook app crash.

To help solve these issues – and following the precedent of browser vendors such as Microsoft Edge, Samsung Internet, and Mozilla Firefox who all ship custom browser engines on Android – we have been building and testing a separate Chromium-Based WebView for a few years.

In short, because of the way that Android updates the system web view Facebook have decided to drop the use of it altogether and build their own web view that’s updated at the same time the Facebook app is.

By building their own web view, Facebook is also able to improve performance by using a device’s GPU to render pages and games.

The fact that in Android 13 there’s still no way to detect when the system web view is being updated is damning, and made even worse given third party apps that use it will crash if they happen to use the API at the same time an update is occurring.

Google announces hardware event for October 6

With Apple’s ‘Far Out’ event looming tomorrow, Google has overnight announced the next ‘Made By Google’ event will be held on October 6, 2022.

No word yet on whether there will be an in-person component to this event, but given the amount of new hardware expected to be announced it’s likely the media will have access to a hands-on area afterwards.

As previewed by Google at I/O this year, we can expect to see more on the Pixel 7, Pixel Watch and more.

Google rolls out Android app modularisation guide

Android Developers Blog:

As your app grows in size and complexity, it becomes increasingly difficult to manage, build and scale. One way to address this challenge is a software technique called modular programming, or modularization in short. It’s a practice of organizing a codebase into loosely coupled and independent entities – modules.

Over 54% responders mentioned that it’s difficult to find good learning materials on this topic [app modularisation] and almost 95% claimed that currently available materials on developer.android.com are insufficient! In response to this popular demand, we’ve launched the guide to Android app modularization.

Great to see Google continue to invest in improving documentation and guidance for Android app developers – particularly in the app architecture space.

In this case, there’s a brief overview summarising what modularisation is and how it can best be applied. There’s also a deep dive into a number of common patterns and module types.

Of note, the theoretical elements of the guide are not only applicable to Android apps – some information like that contained on the overview page is also relevant for those developing on alternative platforms including iOS.

Google expands Play Store User Choice billing pilot

Google has announced an expansion of the Play Store User Choice billing pilot to additional countries, and is seeking additional feedback about the program from developers. Spotify was the initial partner for the program when it was announced in March.

Google Android Developer Support (via 9to5Google):

This pilot is designed to test offering an alternative billing option next to Google Play’s billing system and to help us explore offering this choice to users. We are looking to gain feedback in different

countries and ensure we can maintain a positive user experience.

Pilot eligibility
In order to be eligible for this pilot:

– Your app must be a non-gaming mobile or tablet app
– Developer must be a registered business

Developers can apply for the program now, with expanded country support including the European Economic Area (EEA) countries and a variety of Asia-Pacific countries including Australia, India, Indonesia and Japan.

Google is offering developers a 4% discount on regular Play Store payment fees, and still expects partners to “pay the applicable service fees”. There will also be “additional user experience” guidelines published in the coming weeks that those added to the pilot program will need to conform to.

TikTok & the dangers of JavaScript bridges

Microsoft 365 Defender Research Team:

Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click. The vulnerability, which would have required several issues to be chained together to exploit, has been fixed and we did not locate any evidence of in-the-wild exploitation.

The issue only appears to have impacted TikTok’s Android application, but it highlights the dangers of bridging JavaScript to Java code within Android applications using the WebView class.

In this particular instance, Microsoft was able to use TikTok’s deep link mechanism to load an arbitrary URL that in turn could be used to gain full access to the functionality implemented in the JavaScript bridge. Ultimately, this allowed Microsoft researchers to perform authenticated HTTP requests, through which a malicious actor could have compromised a TikTok account.