SOMA - One Year Later


It is now one year since we released SOMA which means it is time for an update on the current state of things.

As always let's start with the thing that is of most interest to people: How much has the game sold? This is always a bit of a tricky figure to nail down as it depends a bit on how you want to count. For instance, we were part of the Humble Monthly Bundle this September which caused a lot of people to get the game, but none of these were "direct sales". Instead, we got one big payment for taking part in the deal. For the sake of simplicity, I will simply lump all of these figures together as a whole, which brings us to a total of a bit over 450 000. Or to phrase it differently: almost half a million units sold!

This is quite good, in fact it is so good that we have now broken even and then some! I think it is worth to stress just how great this is. We spent over five years making our, by far, most ambitious game ever. We also spent quite a lot of money on various outsourcing such as voice acting, 3d models and animations. For instance, to make sure we got it right, we actually recorded a lot of the game's dialog three times. In the past we have just recorded voices at the end of the project and hoped for the best. With SOMA we knew that nailing the voice acting would be crucial, and spent money accordingly. In the end, it meant that around half of our voice recordings were never used. The same thing was true for things like models and animations. We ordered a ton of these and as design changed many of them didn't make it into the final game. On top of that we also spent a lot on making live action clips for PR purposes. Taken together with salaries and all other kinds of expenses, SOMA cost quite a bit to make - well over 10 times what Amnesia: The Dark Descent cost us.

It is important to understand that SOMA was far from a safe bet. While we had the luxury of having already made a successful horror game, SOMA was not an easy sell. The game relies heavily on getting certain themes across to the player, and communicating this proved to be a hard task indeed. When showcasing Amnesia we could just show how you blocked a door with some rubble and hid in a closet and the game's core experience was neatly summarized. But with SOMA things were way harder. First of all, weaponless horror games are no longer anything special and by no means a stand-out feature. In fact, the "chased by monsters"-gameplay was not even a core part of the SOMA-experience. The whole idea with the game was to give the player a first person perspective on a variety of disturbing philosophical musings. To make matters worse any concrete gameplay example of this would be riddled with spoilers, so all discussion had to be made in an obscure "you'll understand when you play it"-fashion.

We were also constantly worried about a backlash based on faulty expectations. Early on we realized that SOMA was never gonna be the scare-fest that Amnesia: TDD was. But because we felt other aspects of what made the game special were so fuzzy, making "from the creators of Amnesia" a big part of the PR campaign felt crucial. The problem with this was of course that this might set up expectations for SOMA being a direct follow-up from Amnesia - with everything that that would imply. We tried to tone it down and make it clear what sort of game SOMA was, but there was still a noticeable negative effect. For instance, many reviews start by saying "Well, it's not as scary as Amnesia" or similar.

Despite a bloated budget and tough sell, here we are a year later having earned back every single dime spent. And not only that; we earned well past the break-even point! The project was a big success and we are able to keep doing games with scope and quality comparable to SOMA. In fact, our goal is to aim higher still.

It is also interesting to compare SOMA to Amnesia. As can be read here Amnesia: TDD sold about 390 000 units a year after release, but worth noting that that was for PC only. SOMA's 450 000 units come from PC and PS4 combined. However, many of the Amnesia units were sold during 75% off sales, a discount rate we have not really had with SOMA yet. On top of this, SOMA also costs 30 dollars compared to Amnesia TDD's 20 dollars. So even just counting the PC sales the total income is higher for SOMA the first year compared to those of Amnesia. And when you add the PS4 sales on top of that, it is clear that, in actual earnings, SOMA has far outsold what Amnesia: TDD did during the same period.

Another thing worth bringing up are the user reactions. Our current MetaCritic score is at 84 and will probably stay like that. While this is a really nice score, what has really blown us away is the user reviews. You hear a lot of people complaining about the Steam reviews and how they get sad when they read them. But for us it is the other way around. Whenever I feel a bit down, I actually go and read some steam reviews and instantly feel better. I mean, even user reviews that have given the game a thumbs down contain stuff like this:
"Amazing game, [...] This game literally changed how i view games. it had an amazing story, the atmosphere was spot on, there wasn't a moment where i thought i was safe and the pacing of the game was magnificent."
And it is really hard to not feel good when even the refund notes contain nuggets like this:
"I love horror. Soma is distressing. There is a scene where I have to hurt an innocent robot to progress and I don't know why. It made me cry."
Currently our Steam reviews have 98% positive calculated short term and 95% counting the total. This makes SOMA the most well-liked game we have ever made. And when people say they didn't like it, it is almost always because of the monster encounters - a non-core part of the experience. When it came to the narrative bits very few people disliked it, which is a wonderful surprise to me as this was by far the most uncertain element. My fear was always that a lot of people would think there were not enough horror and monsters, and the opposite turned out to be true.

While talking about user reactions it is worthwhile mentioning all the great discourse around the game. For instance, the SOMA subreddit is still fairly active, and new, interesting subjects pop up all the time, like this discussion on the future of the Ark. These youtube videos that deep dives into the story are also great, and it is fantastic to see people giving so much thought on our work. There is a load of other user content like this and it's honestly quite overwhelming.

Finally, I want to briefly go over where Frictional is currently at. As I said last time, our goal now is to be a two-project studio and so far it is going really well. One project, which most of the team is working on, is going to start production at end of the year and the other project is mid-way through the R&D stage. Unfortunately I cannot divulge any specific information on these two, and it will be a little while before there will be a proper announcement. However, we do have some smaller, cool stuff in store, one of each we will announced later this year. If all goes well, we should also have another thing for early next year.

So exciting things happen both in the short and long term, and I am really excited for the future of the company.
Read More

Extending Web Technology with Android


Developer guest post by Active Theory



Paper Planes started as a simple thought - “What if you could throw a
paper plane from one screen to another?”



The heart of our concept was to bring people together from all over the world,
using the power of the web - an instant connection to one another. Modern web
technology, specifically JavaScript and WebGL, powered the experience on every
screen.



href="https://play.google.com/store/apps/details?id=net.activetheory.paperplanes">Paper
Planes
was initially featured at Google I/O 2016, connecting attendees
and outside viewers for 30 minutes preceding the keynote. For the public launch
on International Peace Day 2016, we created an href="https://www.androidexperiments.com/experiment/paper-planes">Android
Experiment, which is also featured on href="https://play.google.com/store/apps/details?id=net.activetheory.paperplanes">Google
Play, to augment the existing web technology with native Android Nougat
features such as rich notifications when a plane is caught elsewhere in the
world.



Introduction



Users create and fold their own plane while adding a stamp that is pre-filled
with their location. A simple throwing gesture launches the plane into the
virtual world. Users visiting the desktop website would see their planes flying
into the screen.






Later, users can check back and see where their planes have been caught around
the world. Each stamp on the plane reads like a passport, and a 3D Earth
highlights flightpath and distance travelled.



In addition to making their own planes, users can gesture their phone like a net
to catch a plane that has been thrown from elsewhere and pinch to open it,
revealing where it has visited. Then they can add their own stamp, and throw it
back into the flock.



WebView



We developed Paper Planes to work across devices ranging from the 50-foot screen
on stage at Google I/O to desktop and mobile using the latest in web technology.



WebGL



From the stylized low-poly Earth to the flocking planes, WebGL is used to render
the 3D elements that power the experience. We wrote custom GLSL shaders to light
the Earth and morph targets to animate the paper as the user pinches to open or
close.






WebSockets



When a user “throws” a plane a message is sent over websockets to the back-end
servers where it is relayed to all desktop computers to visualize the plane
taking off.






WebWorkers



The plane flocking simulation is calculated across multiple threads using
WebWorkers that calculate the position of each plane and relay that information
back to the main thread to be rendered by WebGL.






To create an experience that works great across platforms, we extended the web
with native Android code. This enabled us to utilize the deep integration of
Chromium within Android to make the view layer of the application with the web
code that already existed, while adding deeper integration with the OS such as
rich notifications and background services.



If you’re interested in learning more about how to bridge WebView and Java code,
check
out this GitHub repo for a tutorial
.



Notifications



Firebase Cloud Messaging (FCM) was used to send push notifications to the
Android app. When a user’s plane has been caught and thrown by someone else, a
notification showing how many cities and miles it has travelled is sent to the
device of the plane’s creator via FCM. Outgoing notifications are managed to
ensure they are not sent too frequently to a device.



Background Service



We implemented a background service to run once a day which checks against local
storage to determine when a user last visited the app. If the user hasn’t
visited in over two weeks, the app sends a notification to invite the user back
into the app to create a new plane.



The Communication Network



Our application runs on a network of servers on Google Cloud Platform. We used
built-in geocoding headers to get approximate geographic locations for stamps
and Socket.IO to connect all devices over WebSockets.



Users connect to the server nearest them, which relays messages to a single main
server as well as to any desktop computers viewing the experience in that
region.



Moving forward



This approach worked extremely well for us, enabling an experience that was
smooth and captivating across platforms and form factors, connecting people from
all over the world. Extending the web with native capabilities has proven to be
a valuable avenue to deliver high quality experiences going forward. You can
learn even more on the href="https://www.androidexperiments.com/experiment/paper-planes">Android
Experiments website.

Read More

Android Studio 2.2


By Jamal Eason, Product
Manager, Android



Android Studio 2.2 is available to href="https://developer.android.com/studio/index.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">download today.
Previewed at Google I/O 2016, Android Studio 2.2 is the latest release of our
IDE used by millions of Android developers around the world.



Packed with enhancements, this release has three major themes: speed, smarts,
and Android platform support. Develop faster with features such as the new
Layout Editor, which makes creating an app user interface quick and intuitive.
Develop smarter with our new APK analyzer, enhanced Layout Inspector, expanded
code analysis, IntelliJ’s 2016.1.3 features and much more. Lastly, as the
official IDE for Android app development, Android Studio 2.2 includes support
for all the latest developer features in Android 7.0 Nougat, like href="https://developer.android.com/studio/intro/index.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog#code_completion">code
completion to help you add Android platform features like href="https://developer.android.com/about/versions/nougat/android-7.0.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog#multi-window_support">Multi-Window
support, href="https://developer.android.com/about/versions/nougat/android-7.0.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog#tile_api">Quick
Settings API, or the redesigned href="https://developer.android.com/about/versions/nougat/android-7.0.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog#notification_enhancements">Notifications,
and of course, the built-in href="https://developer.android.com/studio/run/emulator.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Android
Emulator to test them all out.



In this release, we evolved the Android Frameworks and the IDE together to
create the Constraint Layout. This powerful new layout manager helps you design
large and complex layouts in a flat and streamlined hierarchy. The
ConstraintLayout integrates into your app like a standard Android
support library, and was built in parallel with the new Layout Editor.





Android Studio 2.2 includes 20+ new features across every major phase of the
development process: design, develop, build, & test. From designing UIs with
the new ConstraintLayout, to developing C++ code with the Android
NDK, to building with the latest Jack compliers, to creating Espresso test cases
for your app, Android Studio 2.2 is the update you do not want to miss. Here’s
more detail on some of the top highlights:



Design


  • Layout Editor: Creating Android app user interfaces is now
    easier with the new user interface designer. Quickly construct the structure of
    your app UI with the new blueprint mode and adjust the visual attributes of each
    widget with new properties panel. href="https://developer.android.com/studio/write/layout-editor.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Learn
    more.



Layout Editor



  • Constraint Layout: This new layout is a flexible layout
    manager for your app that allows you to create dynamic user interfaces without
    nesting multiple layouts. It is backwards compatible all the way back to Android
    API level 9 (Gingerbread). ConstraintLayout works best with the new Layout
    Editor in Android Studio 2.2. href="https://developer.android.com/training/constraint-layout/index.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Learn
    more.



ConstraintLayout




Develop


  • Improved C++ Support: You can now use href="https://developer.android.com/studio/projects/add-native-code.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">CMake
    or ndk-build to compile your C++ projects from Gradle. Migrating projects
    from CMake build systems to Android Studio is now seamless. You will also find
    C++ support in the new project wizard in Android Studio, plus a number of bug
    fixes to the C++ edit and debug experience. href="https://developer.android.com/studio/projects/add-native-code.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Learn
    more.



C++ Code Editing & CMake Support



  • Samples Browser: Referencing href="http://developer.android.com/samples/index.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Android sample code
    is now even easier with Android Studio 2.2. Within the code editor window, find
    occurrences of your app code in Google Android sample code to help jump start
    your app development. Learn more.



Sample Code Menu




Build


  • Instant Run Improvements: Introduced in Android Studio 2.0,
    href="https://developer.android.com/studio/run/index.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog#instant-run">Instant
    Run is our major, long-term investment to make Android development as fast
    and lightweight. Since launch, it has significantly improved the edit, build,
    run iteration cycles for many developers. In this release, we have made many
    stability and reliability improvements to Instant Run. If you have previously
    disabled Instant Run, we encourage you to re-enable it and let us know if you
    come across further issues. (Settings → Build, Execution, Deployment → Instant
    Run [Windows/Linux] , Preferences → Build, Execution, Deployment → Instant Run
    [OS X]). For details on the fixes that we have made, see the href="https://developer.android.com/studio/releases/index.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Android Studio
    2.2 release notes.



Enable Instant Run



  • APK Analyzer: Easily inspect the contents of your APKs to
    understand the size contribution of each component. This feature can be helpful
    when debugging href="https://developer.android.com/studio/build/multidex.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">multi-dex
    issues. Plus, with the APK Analyzer you can compare two versions of an APK. href="https://developer.android.com/studio/build/apk-analyzer.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Learn
    more.



APK Analyzer



  • Build cache (Experimental): We are continuing our
    investments to improve build speeds with the introduction of a new experimental
    build cache that will help reduce both full and incremental build times. Just
    add android.enableBuildCache=true to your
    gradle.properties file. href="http://tools.android.com/tech-docs/build-cache">Learn more.





Build Cache Setting




Test


  • Virtual Sensors in the Android Emulator: The Android
    Emulator now includes a new set of virtual sensors controls. With the new UI
    controls, you can now test href="https://developer.android.com/guide/topics/sensors/sensors_overview.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Android
    Sensors such as Accelerometer, Ambient Temperature, Magnetometer and more.
    Learn
    more
    .



Android Emulator Virtual Sensors



  • Espresso Test Recorder (Beta): The Espresso Test Recorder
    lets you easily create UI tests by recording interactions with your app; it then
    outputs the href="https://developer.android.com/topic/libraries/testing-support-library/index.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog#Espresso">UI
    test code for you. You record your interactions with a device and add
    assertions to verify UI elements in particular snapshots of your app. Espresso
    Test Recorder then takes the saved recording and automatically generates a
    corresponding UI test. You can run the test locally, on your continuous
    integration server, or using href="https://developer.android.com/training/testing/unit-testing/instrumented-unit-tests.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog#run-ctl">Firebase
    Test Lab for Android. href="https://developer.android.com/studio/test/espresso-test-recorder.html">Learn
    more.


Espresso Test Recorder


  • GPU Debugger (Beta): The GPU Debugger is now in Beta. You
    can now capture a stream of OpenGL ES commands on your Android device and then
    replay it from inside Android Studio for analysis. You can also fully inspect
    the GPU state of any given OpenGL ES command to better understand and debug your
    graphical output. href="https://developer.android.com/studio/debug/am-gpu-debugger.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Lean
    more.



GPU Debugger


To recap, Android Studio 2.2 includes these major features and more:







Design

  • href="https://developer.android.com/studio/write/layout-editor.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Layout
    Editor
  • href="https://developer.android.com/training/constraint-layout/index.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Constraint
    Layout
  • Layout
    Inspector
    (Experimental)
  • href="https://developer.android.com/studio/write/vector-asset-studio.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">PSD
    File Support in Vector Asset Studio


Develop


  • href="https://developer.android.com/studio/write/firebase.html">Firebase
    Plugin
  • Updated Code
    Analysis & Lint checks

  • href="https://developer.android.com/studio/intro/accessibility.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Enhanced
    accessibility support
  • Improved C++
    Support Edit & Debugging

  • href="https://confluence.jetbrains.com/display/IDEADEV/IntelliJ+IDEA+2016.1.3+Release+Notes">IntelliJ
    2016.1.3 platform update
  • Samples Browser
  • Improved Font Rendering

Build

  • href="https://developer.android.com/guide/platform/j8-jack.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog#configuration">Jack
    Compiler Improvements
  • Java 8
    Language Support

  • href="https://developer.android.com/studio/projects/add-native-code.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">C++
    ndk-build or CMake
  • href="http://android-developers.blogspot.com/2016/05/android-studio-22-preview-new-ui.html">Merged
    Manifest Viewer
  • Build cache
    (Experimental)
  • OpenJDK Support
  • Instant Run Improvements


Test


  • href="https://developer.android.com/studio/test/espresso-test-recorder.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">Espresso
    Test Recorder (Beta)
  • APK
    Analyzer

  • href="https://developer.android.com/studio/debug/am-gpu-debugger.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">GPU
    Debugger (Beta)
  • href="https://developer.android.com/studio/run/emulator.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog#extended">Virtual
    Sensors in the Android Emulator



Learn more about Android Studio 2.2 by reviewing the href="https://developer.android.com/studio/releases/index.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">release notes
and the href="http://android-developers.blogspot.com/2016/05/android-studio-22-preview-new-ui.html">preview
blog post.



Getting Started



Download



If you are using a previous version of Android Studio, you can check for updates
on the Stable channel from the navigation menu (Help → Check for Update
[Windows/Linux] , Android Studio → Check for Updates [OS X]). You can also
download Android Studio 2.2 from the official href="https://developer.android.com/studio/index.html?utm_campaign=android studio_launch_2.2_091916&utm_source=anddev&utm_medium=blog">download page. To
take advantage of all the new features and improvements in Android Studio, you
should also update to the Android Gradle plugin version to 2.2.0 in your current
app project.



Next Release



We would like to thank all of you in the Android Developer community for your
work on this release. We are grateful for your contributions, your ongoing
feedback which inspired the new features in this release, and your highly active
use on canary and beta builds filing bugs. We all wanted to make Android Studio
2.2 our best release yet, with many stability and performance fixes in addition
to the many new features. For our next release, look for even more; we want to
work hard to address feedback and keep driving up quality and stability on
existing features to make you productive.



We appreciate any feedback on things you like, issues or features you would like
to see. Connect with us -- the Android Studio development team -- on our href="https://plus.google.com/103342515830390186255">Google+ page or on href="http://www.twitter.com/androidstudio">Twitter.






What's New in Android Studio 2.2
Read More

PC Review #150: Flat Heroes

Title: Flat Heroes
Developer: Parallel Circles
Platforms: PC, Mac, Linux
Price: $14.99
---
The wave of local multiplayer games have been washing onto the PC and consoles shores for quite some time now. From Nidhogg and Samurai Gunn to Push Me Pull You and Overcooked, there's no shortage of titles in that vein. A few offer modes and gameplay for the solo player - Towerfall Ascension and Inversus to name a few - but Flat Heroes offers the best of both worlds, a finely-tuned evasive platformer featuring a sizable amount of modes for both single and multiplayer.


Flat Heroes is one of those games where its polish and style is evident straight from the menu, as its clean minimalist screens smoothly shift between menus and level selections. The set-up is simple: an acrobatic square, in ever-shifting single-screen gauntlets, don't get hit. Of course, that last part often isn't so easy. For solo player, you start in Waves mode, distinct stages and boss fights that wrings smartly-designed challenges from the game's varied hazards. From screen-filling rectangles that threaten to crush you against the walls, to swarms of homing rockets and bubbles, to ricocheting triangles that streak across the screen in a frenetic hailstorm of color, each hazard is a new test of your platforming prowess. 

Thankfully, your square's agility is more than enough to handle Flat Heroes' dangerous onslaught. With simple hops, wall clinging, and air dashes, you can leap and tumble through levels with ease and precision. The controls are perfectly balanced to always make you feel in control, but with enough fluidity to feel reckless and tense as you just barely dodge over incoming swarms or outrun a laser grid.
Flat Heroes rewards your progress through Waves with new color palettes and more importantly new game modes that cleverly twist the core foundations precise evasion and agile movement. Battle is a geometric take on deathmatch where you dash through enemies, while Runner and Catch are Flat Heroes' versions of capture the flag (with a slight dual stick shooter angle as Runner lets you shoot projectiles). Each is a hectic rush of close calls and exploding squares, and can all be played against the AI if friends aren't around.

Flat Heroes's minimalist platforming is currently on Early Access, with more modes and levels planned in future updates. But as is, the game already shines, through its responsive agile gameplay and slickly-designed aesthetic. You can purchase Flat Heroes on Steam
Read More

Keeping Android safe: Security enhancements in Nougat


Posted by Xiaowen Xin, Android Security Team



Over the course of the summer, we previewed a variety of security enhancements in
Android 7.0 Nougat: an increased focus on security with our href="http://android-developers.blogspot.com/2016/06/one-year-of-android-security-rewards.html">vulnerability
rewards program, a new href="http://android-developers.blogspot.com/2016/04/developing-for-direct-boot.html">Direct
Boot mode, re-architected mediaserver and href="http://android-developers.blogspot.com/2016/05/hardening-media-stack.html">hardened
media stack, apps that are protected from href="http://android-developers.blogspot.com/2016/04/protecting-against-unintentional.html">accidental
regressions to cleartext traffic, an update to the way Android handles href="http://android-developers.blogspot.com/2016/07/changes-to-trusted-certificate.html">trusted
certificate authorities, strict enforcement of href="http://android-developers.blogspot.com/2016/07/strictly-enforced-verified-boot-with.html">verified
boot with error correction, and href="http://android-developers.blogspot.com/2016/07/protecting-android-with-more-linux.html">updates
to the Linux kernel to reduce the attack surface and increase memory
protection. Phew!



Now that Nougat has begun to roll out, we wanted to recap these updates in a
single overview and highlight a few new improvements.


Direct Boot and encryption



In previous versions of Android, users with encrypted devices would have to
enter their PIN/pattern/password by default during the boot process to decrypt
their storage area and finish booting. With Android 7.0 Nougat, we’ve updated
the underlying encryption scheme and streamlined the boot process to speed up
rebooting your phone. Now your phone’s main features, like the phone app and
your alarm clock, are ready right away before you even type your PIN, so people
can call you and your alarm clock can wake you up. We call this feature href="http://android-developers.blogspot.com/2016/04/developing-for-direct-boot.html">Direct
Boot.



Under the hood, file-based encryption enables this improved user experience.
With this new encryption scheme, the system storage area, as well as each user
profile storage area, are all encrypted separately. Unlike with full-disk
encryption, where all data was encrypted as a single unit, per-profile-based
encryption enables the system to reboot normally into a functional state using
just device keys. Essential apps can opt-in to run in a limited state after
reboot, and when you enter your lock screen credential, these apps then get
access your user data to provide full functionality.



File-based encryption better isolates and protects individual users and profiles
on a device by encrypting data at a finer granularity. Each profile is encrypted
using a unique key that can only be unlocked by your PIN or password, so that
your data can only be decrypted by you.






Encryption support is getting stronger across the Android ecosystem as well.
Starting with Marshmallow, all capable devices were required to support
encryption. Many devices, like Nexus 5X and 6P also use unique keys that are
accessible only with trusted hardware, such as the ARM TrustZone. Now with 7.0
Nougat, all new capable Android devices must also have this kind of hardware
support for key storage and provide brute force protection while verifying your
lock screen credential before these keys can be used. This way, all of your data
can only be decrypted on that exact device and only by you.


The media stack and platform hardening



In Android Nougat, we’ve both hardened and href="http://android-developers.blogspot.com/2016/05/hardening-media-stack.html">re-architected
mediaserver, one of the main system services that processes untrusted input.
First, by incorporating integer overflow sanitization, part of Clang’s href="http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html">UndefinedBehaviorSanitizer,
we prevent an entire class of vulnerabilities, which comprise the majority of
reported libstagefright bugs. As soon as an integer overflow is detected, we
shut down the process so an attack is stopped. Second, we’ve modularized the
media stack to put different components into individual sandboxes and tightened
the privileges of each sandbox to have the minimum privileges required to
perform its job. With this containment technique, a compromise in many parts of
the stack grants the attacker access to significantly fewer permissions and
significantly reduced exposed kernel attack surface.



In addition to hardening the mediaserver, we’ve added a large list of
protections for the platform, including:


  • Verified Boot: Verified Boot is now strictly enforced to
    prevent compromised devices from booting; it supports href="http://android-developers.blogspot.com/2016/07/strictly-enforced-verified-boot-with.html">error
    correction to improve reliability against non-malicious data corruption.
  • SELinux: Updated SELinux configuration and increased
    Seccomp coverage further locks down the application sandbox and reduces attack
    surface.
  • Library load order randomization and improved ASLR:
    Increased randomness makes some code-reuse attacks less reliable.
  • href="http://android-developers.blogspot.com/2016/07/protecting-android-with-more-linux.html">Kernel
    hardening
    : Added additional memory protection for newer kernels by
    href="https://android-review.googlesource.com/#/q/status:merged+project:kernel/common+branch:android-3.18+topic:arm64-ronx">marking
    portions of kernel memory as read-only, href="https://android-review.googlesource.com/#/q/status:merged+project:kernel/common+branch:android-4.1+topic:sw_PAN">restricting
    kernel access to userspace addresses, and further reducing the existing
    attack surface.
  • href="https://developer.android.com/preview/api-overview.html?utm_campaign=android_discussion_security_090616&utm_source=anddev&utm_medium=blog#apk_signature_v2">APK
    signature scheme v2
    : Introduced a whole-file signature scheme that
    improves href="https://source.android.com/security/apksigning/v2.html#verification">verification
    speed and strengthens integrity guarantees.

App security improvements



Android Nougat is the safest and easiest version of Android for application
developers to use.


  • Apps that want to share data with other apps now must explicitly opt-in by
    offering their files through a href="https://developer.android.com/guide/topics/providers/content-providers.html?utm_campaign=android_discussion_security_090616&utm_source=anddev&utm_medium=blog">Content
    Provider, like href="https://developer.android.com/reference/android/support/v4/content/FileProvider.html?utm_campaign=android_discussion_security_090616&utm_source=anddev&utm_medium=blog">FileProvider.
    The application private directory (usually /data/data/) is now set to
    Linux permission 0700 for apps targeting API Level 24+.
  • To make it easier for apps to control access to their secure network
    traffic, user-installed certificate authorities and those installed through
    Device Admin APIs are href="http://android-developers.blogspot.com/2016/07/changes-to-trusted-certificate.html">no
    longer trusted by default for apps targeting API Level 24+. Additionally,
    all new Android devices must ship with the href="https://source.android.com/security/overview/app-security.html#certificate-authorities">same
    trusted CA store.
  • With href="https://developer.android.com/preview/features/security-config.html?utm_campaign=android_discussion_security_090616&utm_source=anddev&utm_medium=blog">Network
    Security Config, developers can more easily configure network security
    policy through a declarative configuration file. This includes blocking
    cleartext traffic, configuring the set of trusted CAs and certificates, and
    setting up a separate debug configuration.


We’ve also continued to refine app permissions and capabilities to protect you
from potentially harmful apps.


  • To improve device privacy, we have further restricted and removed access to
    persistent device identifiers such as MAC addresses.
  • User interface overlays can no longer be displayed on top of permissions
    dialogs. This “clickjacking” technique was used by some apps to attempt to gain
    permissions improperly.
  • We’ve reduced the power of device admin applications so they can no longer
    change your lockscreen if you have a lockscreen set, and device admin will no
    longer be notified of impending disable via href="https://developer.android.com/reference/android/app/admin/DeviceAdminReceiver.html?utm_campaign=android_discussion_security_090616&utm_source=anddev&utm_medium=blog#onDisableRequested(android.content.Context,%20android.content.Intent)">onDisableRequested().
    These were tactics used by some ransomware to gain control of a
    device.

System Updates



Lastly, we've made significant enhancements to the OTA update system to keep
your device up-to-date much more easily with the latest system software and
security patches. We've made the install time for OTAs faster, and the OTA size
smaller for security updates. You no longer have to wait for the optimizing apps
step, which was one of the slowest parts of the update process, because the new
JIT compiler has been href="https://developer.android.com/about/versions/nougat/android-7.0.html?utm_campaign=android_discussion_security_090616&utm_source=anddev&utm_medium=blog#doze_on_the_go">optimized
to make installs and updates lightning fast.



The update experience is even faster for new Android devices running Nougat with
updated firmware. Like they do with Chromebooks, updates are applied in the
background while the device continues to run normally. These updates are applied
to a different system partition, and when you reboot, it will seamlessly switch
to that new partition running the new system software version.





We’re constantly working to improve Android security and Android Nougat brings
significant security improvements across all fronts. As always, we appreciate
feedback on our work and welcome suggestions for how we can improve Android.
Contact us at security@android.com.

Read More

The Power Of “Early Access”

By Karolis Balciunas, VC & Startups Business Development Manager, Google Play




If you have ever launched a mobile app, you know full well that launching your app
into the world successfully requires more than publishing it and hoping for the
best.



It’s the diligent testing, constant user feedback loop and incremental tweaks
leading up to that special launch moment that truly count.



The Google Play Developer Console gives developers robust tools to do beta tests
or experiment with how they market their apps to users through the Play store
listing. Getting this critical early feedback from users requires just that —
users. And as a developer working on a new product that isn’t fully launched
yet, how do you find people to try your new app and take the time to give you
feedback?



1 Million Tester Installs And Counting



At Google I/O in May, we href="http://android-developers.blogspot.com/2016/05/whats-new-in-google-play-at-io-2016.html">unveiled
a new destination on Google Play to address this dilemma head on. Together with
29 app and game partners, we launched an “Early Access” collection that made
select new Android titles that are running an open beta available for anyone to
try before they officially launch. It was an immediate hit. Early-adopter users
were eager and willing to send developers actionable, private feedback in
exchange for an opportunity to get their hands onto the latest exciting apps and
games. Most importantly, the feedback was objective and candid as it did not
come from their friends and family who are often afraid to hurt their feelings.
In just over a month since the collection became available to all users, open
beta titles have been installed over 1 million times and demand is only growing.



3 Powerful Stories



Our launch partners experienced the power of Early Access in various ways.
Peer-based language practice developer href="https://play.google.com/apps/testing/com.lingbe.app">Lingbe was eager
to validate the concept of their app connecting natives with language learners
via voice conversations, which meant they needed to connect with a critical mass
of possible users around the world from different language and cultural
backgrounds. In just a few weeks, "the surge in users in addition to our current
fan base meant that we've had Brazilians practicing with Spanish users and
talking about their hobby in photography, Mexicans making friends with people
from India, and Filipinos talking to Moroccans!"



href="https://play.google.com/store/apps/details?id=com.readfeedinc.readfeed&e=-EnableAppDetailsPageRedesign">Readfeed,
one of the first online book clubs on Android, relied on Early Access to solicit
feature requests, identify bugs, locate new and optimize existing target markets
as well as build a sizable reader community. They stated that "early access
confirmed that our target market exists and that we have something that they
need. I don't think we'd be in the same place right now without it. It enabled
us to validate and effectively iterate on our idea from day one."



Finally, href="https://play.google.com/store/apps/details?id=com.drippler.assistant">Drippler
participated in Early Access to test their new "Wiz" app and understand their
beta title's appeal to their target demographic. Their performance in the Early
Access collection as well as private feedback from thousands of newly acquired
beta testers allowed them to polish the app before the launch and gave them
confidence that their users will enjoy it."



These three developers’ stories show us just a few ways that Early Access can
help developers build great new apps and games, and it shows the value of
getting early feedback from beta testers before launching more broadly.



Get Involved



If you are a developer getting ready to launch on Google Play, you can nominate
your app or game to be part of Early Access. Learn more href="http://goo.gl/forms/p8ueXdGsuuVMdVED3">here.



New titles are added weekly and thousands of users are looking to experiment
with new and exciting ideas.

Read More

Android Developer Story: Hutch improves player engagement with A/B testing on Google Play

Posted by Lily Sheringham, Google Play team


Hutch is a London based mobile studio focusing entirely on racing games, with
more than 10 million players on Google Play. For their latest game, MMX Hill
Climb, they used A/B testing and game analytics to improve the game design and
experience resulting in more than 48 mins daily active usage per user.



Watch Shaun Rutland, CEO, and Robin Scannell, Games Analyst, explain how they
were able to deliver a more engaging user experience in this video.






Learn more
about A/B testing
and get the href="http://g.co/play/playbook-androiddevblogposts-evergreen">Playbook for
Developers app to stay up-to-date on new features and learn best practices
that will help you grow a successful business on Google Play.

Read More