This document provides an overview of the key updates and new features between Android KK and Android L, including new APIs, security enhancements like verified boot, improved performance with ART and the new garbage collector, and support for interacting with other devices like Android Auto and Android Wear. It also discusses maintainability improvements like splitting monolithic APKs and using dynamic resource overlays. Finally, it outlines some features that may be included in Android M like modularity, enhanced security through dynamic permission checking, and multi-SIM card support.
1. 1
Update from Android KK to Android L
Kaisa <kaisazju@gmail.com>
2. 2
Overview
API and services overview
Security
PnP
Interaction with other devices
Maintainability.
Java 7 support
What maybe be available in Android M?
3. 3
API and service overview
New API overview
System service overview
4. 4
New API overview
6000+ API is added
Annotation @SystemAPI tag is added.
5. 5
System service overview
60
10
15
5
80
70
60
50
40
30
20
10
0
Count of System service
JAVA Native
Modify New
7. 7
Android work
• Total solution to make android awesome at work for
employees and businesses.
• Support BYOD and COPE
• Based on the multi-user mechanism.
• Unified view of personal and work apps.
• Data isolation and security.
• No modification for existing apps.
• It means that Apks or services belong to
different users can be running at the
same time.
8. 8
Android work architecture
Google backend
services/Google
apps for work
Device policy client
Work profile
Google play
service s for
work
APK for work
APK for work
APK for work
APK for work
ManagerProvisio APK for work
n APK
Enterprise server proxy/Device
Management Gateway
AOSP
Enterprise services
Google play for work
MDM architecure
Enterprise server
AFW agent
9. 9
Android work architecture(2)
APKS
Frameworks
Laucher Recent Notification
ManagerProvisin
g
UserManagerServi
c
AMS
DevicePolicyManagerS
ervice
PMS
Settings
MDM
NFC
App
Modified
New
10. 10
Update in Selinux
• “No new root processes without a policy.”
• many of the domains will be moved to enforcing
11. 11
Verified boot
• Boot starts with the bootloader
• Bootloader verifies the keystore
• The keystore is used to verify the boot image
• The boot image verifies the system image.
17. 17
New GC – Reduce pause
Instead of two pauses totaling about 10ms for each GC,
Only one GC(usually under 2ms) can be founded.
18. 18
New GC – Reduce fragmentation
Maintains larger primitives (like bitmaps) in a
separate pool
19. 19
New GC – Be aware of app states
Parallelized portions of the GC runs and
optimized collection strategies to be aware of
device states.
For example, a full GC will run only when the
phone is locked and user interaction
responsiveness is no longer important.
20. 20
New memory allocator
For Bionic, Dlmalloc or Jemalloc can be configured
at build time.
For Java, rosmalloc is instead of
Dlmalloc.
21. 21
Job scheduler
New Job Scheduler API that lets you optimize
battery life by defining jobs for the system to
run asynchronously at a later time or under
specified conditions
24. 24
Interaction with other devices
Android auto
Android wear
Android cast
25. 25
Android auto
Auto.APK
Phone_auto.apk
GMSClient
Carservice.apk
USB
Phone
Auto IVI
Carservice.apk is a GMS.apk which implement the protocols and
services to communicate with Auto.apk in IVI system.
Auto.apk is an android implementation to support android Auto
in IVI system.
Phone_auto.APK implements the UI which is be displayed in IVI.
26. 26
Android auto(2)
The implementation of Carservice and HeadUnit can be divided
into five layers.
27. 27
Android wear
27
Host android
Phone/Tablet
Android
wear
BlueTooth
Android
Wear.apk
Bluetooth 4.0: GATT and RFCOMM over ERD profiles
28. 28
Android cast – media projection
Media content is prepared by capturing the
screen continually and is projected to a
connected secondary device for playback, the
secondary device only outputs the content in its
final form.
30. 30
Split "monolithic" APK
A single "monolithic" APK can be implemented as
multiple "split" APKs to:
• Improve maintainability.
• Convenient to the update of APK.
• Support maximum of the method in Dex file
to beyond 65k.
31. 31
Split "monolithic" APK(2)
Apps packaged as multiple split APKs always
consist of a single "base" APK and zero or more
"split" APKs. Any subset of these APKs can be
installed together, as long as the following
constraints are met:
• All APKs must have the exact same package
name, version code, and signing certificates.
• All APKs must have unique split names.
• All installations must contain a single base
APK.
32. 32
Dynamic resource overlay
The resource in overlay APK will be loaded in
running time to instead of the existing resource
in original APK
33. 33
Java 7 Support
Type Inference for Generic Instance Creation
Strings in switch Statements
The try-with-resources Statement
Binary Literals
Underscores in Numeric Literals
Catching Multiple Exception Types and Re-throwing
Exceptions with Improved Type
Checking
34. 34
Type Inference for Generic Instance Creation
Before Java7
Map<String, List<String>> myMap = new
HashMap<String, List<String>>();
After Java7, you can substitute the
parameterized type of the constructor with an
empty set of type parameters (<>):
Map<String, List<String>> myMap = new
HashMap<>();
35. 35
Strings in switch Statements
public String getTypeOfDayWithSwitchStatement(String dayOfWeekArg) {
String typeOfDay;
switch (dayOfWeekArg) {
case "Monday":
typeOfDay = "Start of work week";
break;
case "Tuesday":
typeOfDay = "Midweek";
break;
default:
throw new IllegalArgumentException("Invalid day of the week: " +
dayOfWeekArg);
}
return typeOfDay;
}
36. 36
The try-with-resources Statement
Before Java7
String readFirstLine (String path) throws IOException {
BufferedReader br = new BufferedReader(new FileReader(path));
try {
return br.readLine();
} finally {
if (br != null) br.close();
}
}
FromJava7, The try-with-resources statement
ensures that each resource (implements
java.lang.AutoCloseable/java.io.Closeable) is
closed at the end of the statement.
String readFirstLine (String path) throws IOException {
try (BufferedReader br = new BufferedReader(new FileReader(path))) {
return br.readLine();
}
}
37. 37
Binary Literals
In Java SE 7, the integral types (byte, short, int,
and long) can also be expressed using the binary
number system.
// An 8-bit 'byte' value:
byte aByte = (byte)0b00100001;
// A 16-bit 'short' value:
short aShort = (short)0b1010000101000101;
// Some 32-bit 'int' values:
int anInt1 = 0b10100001010001011010000101000101;
int anInt2 = 0b101;
int anInt3 = 0B101; // The B can be upper or lower case.
38. 38
Underscores in Numeric Literals
To improve the readability of your code.
long creditCardNumber = 1234_5678_9012_3456L;
long socialSecurityNumber = 999_99_9999L;
40. 40
What maybe be available in Android M?
Modularity
Security
Dynamic permission checking will be
enabled.
All domain will be enforcing in Selinux.
Others
Multi-Sim card support.
41. 41
Modularity - One codebase to support different
devices on demand
43. 43
Dynamic permission check
Client
AppOpsManager.java
AppOpsManager.cpp
Settings.apk
Server
AppOpsService
3rdPartyApp
Binder
Check permission by
Android Service
LocationManagerService
NotificationManagerService
GeofenceManager
GpsLocationProvider
IccSmsInterfaceManager
PhoneInterfaceManger
WifiService
ContentProvider
WindowManagerService
…...
using
AppOpsManager
Read/write the permission of
one apk Binder
appops.xml
Notes de l'éditeur
Interested parties
Indicates an API is exposed for use by bundled system applications
This annotation should only appear on API that is already marked @hide.
What is AFWagent? What is its function?
Interested parties
While problems with applications may allow the limited compromise of individual programs and daemons, they do not pose a threat to the security of other programs and daemons or to the security of the system as a whole.
While problems with applications may allow the limited compromise of individual programs and daemons, they do not pose a threat to the security of other programs and daemons or to the security of the system as a whole.
While problems with applications may allow the limited compromise of individual programs and daemons, they do not pose a threat to the security of other programs and daemons or to the security of the system as a whole.
While problems with applications may allow the limited compromise of individual programs and daemons, they do not pose a threat to the security of other programs and daemons or to the security of the system as a whole.
While problems with applications may allow the limited compromise of individual programs and daemons, they do not pose a threat to the security of other programs and daemons or to the security of the system as a whole.
While problems with applications may allow the limited compromise of individual programs and daemons, they do not pose a threat to the security of other programs and daemons or to the security of the system as a whole.
While problems with applications may allow the limited compromise of individual programs and daemons, they do not pose a threat to the security of other programs and daemons or to the security of the system as a whole.
While problems with applications may allow the limited compromise of individual programs and daemons, they do not pose a threat to the security of other programs and daemons or to the security of the system as a whole.
A typical Finger Print Sensor module is connected on the SPI or USB host interface with two GPIOs – one for data ready and the other for sleep/reset.
Interested parties
Interested parties
Interested parties
Interested parties
Generic Attribute Profile (GATT) is built on top of the Attribute Protocol (ATT) and establishes common operations and a framework for the data transported and stored by the Attribute Protocol. GATT defines two roles: Server and Client.
Radio Frequency Communications (RFCOMM) is a cable replacement protocol used to generate a virtual serial data stream. RFCOMM provides for binary data transport and emulates EIA-232 (formerly RS-232) control signals over the Bluetooth baseband layer, i.e. it is a serial port emulation.
RFCOMM provides a simple reliable data stream to the user, similar to TCP. It is used directly by many telephony related profiles as a carrier for AT commands, as well as being a transport layer for OBEX over Bluetooth.
Any apk can be projected to secondary device.
Interested parties
Interested parties
Interested parties
Interested parties
Interested parties
Interested parties
Interested parties
Interested parties
Interested parties
Interested parties
Interested parties
While problems with applications may allow the limited compromise of individual programs and daemons, they do not pose a threat to the security of other programs and daemons or to the security of the system as a whole.