23 Feb

Bit.ly is not in Lybia

When deploying (mobile) apps for verticals such as Healthcare or Banking, you typically have to get the app approved or blessed by the customer’s IT security team.

Some tips or info:

  • Only deploy, even for Proof of Concepts (POCs), properly signed apps
  • Do not use or store personal identifiable information that can track users
  • Use device IDs (Advertising ID, IDFA and IDFV) that doesn’t identify individual users
  • Sensitive information shall be encrypted
  • Sensitive information shall live behind the firewall
  • Cache TTL values for sensitive data is not “infinite”
  • Show Analytics at the user aggregation level
  • Beacons do not track users. Beacons only emit the signals used for proximity and/or triangulation
  • And last but no least, if using bit.ly for whatever reason, be prepared to prove that this particular .ly domain and related servers are not at or traffic goes through Lybia — a simple traceroute will help show this point.



18 Feb

Improving The Patient Experience (early 2015)

Disclaimer: The French Hospital Medical Center app is powered by Phunware’s Vertical Solutions platform, one of the products that I manage at Phunware.

As the mobile lifestyle, advanced smartphones and advanced networks continue its path to convergence powering the pervasive, actionable Mobile Context, we are starting to see its impact on people’s daily lives. One such example is the impact and benefits that this brings on the user experience and the Healthcare space.

Improving the Patient Experience

Recently, the French Hospital Medical Center launched its first mobile app.

The FrenchWay
(Click link to see video via KSBY News)

“From the time that you leave your house, you’ll get a reminder and it’ll take you actually into the hospital door to the actual department you’re going to, and then after your appointment, you can continue to navigate to the pharmacy, so this really helps people have a lot less stress as they’re going through the entire healthcare journey… It’s also great for visitors as well because sometimes you may have a loved one in the hospital and trying to find them can be pretty stressful.”

This is a prime example of how the young and the old can leverage their mobile devices with its advanced features and sensors, and access to fast networks, to improve the patient experience. The key is to bring the right information at the right time, from hospital and doctor information, to information about related places, using dynamic content and notifications and location-based services such as mapping, wayfinding and navigation. Location marketing with geofences and Beacons for outdoor and/to indoor navigation and outdoor and proximity notifications brings enable for very interesting use cases and are of particular interest to Hospitals (and other verticals), as it helps patients deliver information in real-time as well as helping patients reach their destinations, all via their smartphones, improving the patient experience with the added benefit of helping reduce the costs associated with deploying such a solution as well as costs related to late or missed appointments.

Related see Dignity Health Mobile App Helps Patients Navigate Hospitals.


11 Sep

Let’s not forget…

Let’s not forget. 13 years ago, it was morning. It was the year 2001. The attack came in the form of airplanes and souls; let’s not forget those who perished and what was at the center of that horrible act.

Societies in general are quick to forget — within a couple of generations, of even the worst kind of events. The result: history repeats itself. Let’s not forget.

05 Aug

Three Generations of Mobile Apps (Aug 2014)

We currently are at the third generation of native Mobile apps (2014), with each generation building upon the previous one.

The first generation was introduced to the “masses” circa 2000. This generation of mobile apps were Operator-centric and built for the first generation of mobile handheld devices such as PalmOS, J2ME, WinCE, BlackBerry OS, Nokia devices, Psion and other.

The second generation came with the iPhone and Android (2007–2008), essentially giving (re)birth to a new generation of mobile apps where rich content was king. These were apps based on advanced Smartphones and higher-speed networks that pretty much made the previous generation obsolete. During this time period the Ecosystem took center stage away from the Operator. Many of the companies behind the first generation such as Nokia, BlackBerry and Microsoft were impacted during this time period in major ways — some are gone while others and are still trying to recover.

More recently, we have entered the third generation of mobile apps where the user and user context is king, with sensors on the device and core services and infrastructure residing on the cloud.

The following table summarizes the three generations of mobile apps (2014).

mobile app generations


18 Apr

On Android and Fragmentation (early 2014)

Due to its origins and philosophy with respect to openness, Android is a fragmented mobile platform. This is illustrated next:


There are different kinds of fragmentation to keep in mind.

Android platform versions. To minimize fragmentation-related headaches, decide early on what versions of Android to support. As you can see above, Gingerbread (introduced in 2011) still commands close to 20% of the Android device distribution (data above is gathered from the new Google Play Store app). It is important to keep in mind is that the more versions you support, the more testing and maintenance and related costs that you will have.

Multiple screen sizes. When creating an Android app, you will have to decide the kinds of devices to support, for example Smartphones, vs. Tablets, each with different sizes and resolutions, and provide the appropriate assets, fonts and layouts that ensures the best possible experience across such different screen characteristics. See Design Apps for Tablets (Android Developers Blog).

Hardware support. Another kind of fragmentation is related to hardware support, for example, the supported sensors and/or UI facilities. Not all devices are created equal and different device manufacturers decide what to include. A couple of examples: not all devices may support the same kind of camera, or may or not provide support for Bluetooth or for that matter, Bluetooth Low Energy (introduced with Android 4.3 (API Level 18). NFC may or not be there. Another example is the Kindle, which is based on Android 2.3 but it doesn’t provide support for many of the hardware sensors or UI facilities found on other Android devices.

Consistent UX Design. Maintaining a consistent design is not necessarily easy and can lead to a fragmentation user experience. Learn and follow the Android Design Guidelines. Google has done a great job documenting the best design guidelines for Android apps. From design principles, to styles and patterns, to building blocks, you should spend time going over these great developer resources by Google.

The good news is that as you can see on the pie-chart above, the market is consolidating on 4.x and newer and devices are getting more consistent. The whole Android reminds me of the Java Micro Edition and Sun Microsystems back then, which wanted to be open with great intentions, but that caused a lot of fragmentation and problems. The answer to this is to enforce consistency across. Google is attempting to do so by “Forcing OEMs To Certify Android Devices With A Recent OS Version If They Want Google Apps“. Let’s keep in mind that the main reason the iPhone and iOS have been so consistent with respect to platforms version, functionality and distribution, is because Apple owns the whole stack (hardware and software). But in an open platform, consistency is very hard to achieve, especially when there is competition within the ecosystem.


Related to this see: 5 Tips to Get Started with Android Development.

06 Mar

Mobile Monday Austin @ SXSWi 2014 (Unofficial)

The Mobile Monday Austin (unofficial) SXSW party is back. Join us at Fogo de Chao on Monday, March 10 at 5:30pm for some free drinks and food, as well as demos from leading mobile startups from Austin and around the world.

We packed Fogo de Chao last year with a room full of great conversation, brilliant ideas and interesting people — and you can expect the same this year, so come grab a drink with us at the end of another day of SXSW before you head out to the night’s parties.

Many thanks to our Sponsors!!!

Gold Sponsors

Silver Sponsors

16 Jan

Using Android’s Advertising ID

My most recent piece is about Using Android’s Advertising ID (Safari Online Books blog).

The ability to identify users is important for advertising, analytics and other purposes. Android developers typically rely on the Android Device ID or Telephony IDs such as the International Mobile Equipment Identity (IMEI) to uniquely identify users, but these approaches also introduce privacy concerns. Android 4.4 Kitkat introduces a new anonymous identifier for advertising purposes. Referred to as Advertising ID, it provides a user-resettable identifier that helps protect the user’s personal identity.

Read the rest of the blog Using Android’s Advertising ID


31 Dec

2013 Review

As the year 2013 ends, it is time to reflect and write down some thoughts and highlights for the year.

This year I spent most of my time working on Telco stuff, specifically on a supply chain orchestration SaaS platform and private marketplace, and Intellectual Property, that helps Telcos manage, buy and sell IP services — all around the Telephone Number. During this time I learned quite a bit about all the gory details, role and life-cycle of telephone numbers, and how to help bring Telcos to the new world of Cloud Computing and Services (OTT); see The Evolving Role of the Telephone Number in the Growth of Mobile (Cloud Computing Magazine). It also was interesting to see something that many of us have been talking about for a long time – the state of “voice services and apps” — all moving to IP and the Cloud. Technologies such as WebRTC made a lot of noise in 2013 and will continue throughout 2014.

All the above triggered a number of thoughts including the ones captured on a piece that I wrote titled On Voice Apps (2013). Another related piece of interest is Enabling Voice Communication on Android Apps, which was the focus of a presentation I gave at Google I/O Austin. Related to the above I recommend that you read my friend Chetan Sharma’s book Mobile Future Forward Mobile 4th Wave.

On the prediction side of things, a number of things have materialized in 2013:

  • As predicted back in 2011, Microsoft acquired Nokia. Nokia should have gone the Android way back in 2011 but ego got in the way; enough said;
  • As predicted in 2010, Visors! as exemplified by Google Glass, Meta and companies like Austin’s Pristine.io;
  • Predicted in 2010 (and earlier), Mobile devices as the personal sensor gateway to the Internet – this has been exemplified by many; mentioning some Austin companies: MapMyFitness, Atlas Wristband;
  • The role of the Mobile Context – this has been exemplified with Google Now, and my friend’s Raj company TempoAI;
  • One thing that I have been telling folks in 2013, is that Mobile has peaked. And coincidentally today, I saw a blog from Furry titled “Christmas Continues To Set App Download Records In Spite Of Slowing Growth and Globalization of App Market” with data that shows what I have been saying. This doesn’t mean Mobile is really going down, but that we have entered a new phase of Mobile. This also means that if you are in the (crowded) space of mobile development services/consulting, you need to start thinking “Products”.
  • Being an NFC aficionado and proponent, I must include something on such topic for 2013. OK, my predictions around NFC have not fully materialized yet. NFC still has not taken off. Yes, ISIS (and Google Wallet) happened, but NFC has not really taken off, not yet. But its support on Android means that it is not totally dead in the global market — its adoption has taken forever and I am starting to lose faith it will ever happen. But let’s not forget that NFC is not only about payments but also about interactions. I do believe that once (if) Apple decides to pick it up, then it will bring new life to NFC (in the USA);
  • And being a Space aficionado (and an ex-Space Shuttle coder), it is great to see my prediction from 2008 materialize — The future of the USA space program is the private sector, as exemplified by SpaceX.

On the publishing side of things, it was cool to see my Android in Action 3rd edition book translated to Portuguese, and I recently contributed to Rudy De Waele’s shift 2020 book, together with many other like-minded global technologists. I also contributed blog content to Safari Online Books on the topic of Android. And of course, I continued writing on my/this About Mobility blog.

On my spare time, I continued my Mobile-related endeavors: Mobile Monday Austin and Android Dev Austin, and the Texas Wireless Summit. While Mobile Monday Austin was a bit slow in 2013, the plan for 2014 is to make it very active again with socials and events. I also gave advice to a number of ventures or startups, including my friend’s Ajit and his UK-based Feynlabs educational venture.

Something very cool I helped with on my spare time was Kloc Developers. Kloc Developers is a new, very cool visual-and social way for Developers to promote themselves, and discover and connect to/with like-minded people and content. Kloc answers the need for better ways for developers to tell their coding experience and story. The evolution of Kloc.me has been pretty cool, and as the year ends, the Kloc team is happy to release a new version of Kloc Developers Beta — sign up, use it, let the Kloc team know what you think.

Last but not least, 2013 reunited me with my favorite sport of all time (and with old friends): Frisbee Freestyle. After watching a local announcement on TV about the Austin Freestyle Disc Club tournament (the first one after a decade), I joined the group, which is home to a couple of world champions, made new friends and re-united with old ones, and have been enjoying jamming a whole lot, and hope to continue doing so. In 2014, we are bringing to Austin the American Freestyle Open, which will bring players from all over the world – stay tuned.

I am thankful for everything: my wife and family, my friends, Austin, what the year 2013 brought, and everyone and everything else that I left out from this blog. Love you all.

I wish you an awesome and prosperous 2014 year…


23 Dec

On Location (and Other Sensitive) Data

Installing apps, Android in this case, is at times a bit of WTF. It shouldn’t have to, but it is. The amount of personal information that some apps gather can be extreme. This concern is especially true after Google removed the very necessary App Ops (permission manager) app.

Let me provide an example. An app that I recently installed asked for the following (and other) permissions:

Your location
precise location (GPS and network-based)

Your personal information
read your own contact card

Phone calls
read phone status and identity

Your social information
read your contacts

Your accounts
find accounts on the device

Not all apps need such amount of personal information. It is so important to gather just the information that is really needed, and nothing else. It is also very important to be responsible with things such as geo-fencing as well as having in place good privacy guidelines that are really in taken seriously.

A number of years ago I wrote a set of Guidelines for Location (and Other Sensitive) Data that that are still quite relevant. Check them out; I hope you find them useful.


16 Dec

Android App Ops *WAS* a Step Forward

Android App Ops is no more…

Two weeks after I wrote Android App Ops is a Step Forward, Google has disabled/removed the permission manager. After the Android 4.4.2 update, invoking the App Ops app results in a RuntimeException.

The R.I.P. permission manager, a very important capability for end-users, WAS a step forward; we are going backwards here.

Google’s response for why they removed this capability (via ReadWrite) is as follows:

Since Google never supplied documentation for the accidental release of the permissions manager, Android developers had no opportunity to prepare for the possibility that users might be withholding individual permissions, or to warn users about the possibility that an app might break if they did so.

OK. I do understand the rationale — I covered similar concerns when I wrote my original blog on App Ops:

This will require that developers be aware and properly test for scenarios related to restricted features/APIs not being available, and perhaps new documentation related to permissions guidelines for developers.

Seems the whole thing was not given proper thought.

It is of extreme importance to end-users to re-add this winning capability as soon as possible.

Here is EFF’s response to this debacle:

The disappearance of App Ops is alarming news for Android users. The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.

This debacle should be temporary. Google, please re-enable this ASAP.


Related to this:

* Android App Ops is a Step Forward

* Google Kills A Cool Privacy Feature In Android That It Didn’t Intend To Release (ReadWrite)

LogCat when invoking the App Ops permission manager (Android 4.2.2):

12-15 11:32:41.004: E/AndroidRuntime(12663): FATAL EXCEPTION: main
12-15 11:32:41.004: E/AndroidRuntime(12663): Process: com.android.settings, PID: 12663
12-15 11:32:41.004: E/AndroidRuntime(12663): java.lang.RuntimeException: Unable to start activity ComponentInfo{com.android.settings/com.android.settings.Settings}: java.lang.IllegalArgumentException: Invalid fragment for this activity: com.android.settings.applications.AppOpsSummary
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2195)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2245)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.app.ActivityThread.access$800(ActivityThread.java:135)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1196)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.os.Handler.dispatchMessage(Handler.java:102)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.os.Looper.loop(Looper.java:136)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.app.ActivityThread.main(ActivityThread.java:5017)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at java.lang.reflect.Method.invokeNative(Native Method)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at java.lang.reflect.Method.invoke(Method.java:515)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at dalvik.system.NativeStart.main(Native Method)
12-15 11:32:41.004: E/AndroidRuntime(12663): Caused by: java.lang.IllegalArgumentException: Invalid fragment for this activity: com.android.settings.applications.AppOpsSummary
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.preference.PreferenceActivity.switchToHeaderInner(PreferenceActivity.java:1180)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.preference.PreferenceActivity.switchToHeader(PreferenceActivity.java:1199)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.preference.PreferenceActivity.onCreate(PreferenceActivity.java:545)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at com.android.settings.Settings.onCreate(Settings.java:207)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.app.Activity.performCreate(Activity.java:5231)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1087)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2159)
12-15 11:32:41.004: E/AndroidRuntime(12663): 	... 11 more
12-15 11:32:41.014: W/ActivityManager(611):   Force finishing activity com.android.settings/.Settings
15 Dec

BlackBerry’s Little Gem

Has BlackBerry hit rock bottom? Look at the following chart for BlackBerry’s stock price and value.


BlackBerry’s stock right now is around $6.06, which is up from $5.89 (all time low?).

It is crazy. BlackBerry has millions of users, with a strong history in the global Enterprise/IT market, with secure software and infrastructure, and communication-and other kinds of apps for Mobile. For years, BlackBerry have had a little gem that not many people talk about. If you have been in Mobile for a while, you will remember a company called Certicom and their IP around Elliptic Curve Cryptography (ECC), which was acquired by BlackBerry around 2009 or so, and that (for better or worst) even the NSA uses and recommends.

ECC is a very strong encryption algorithm with great characteristics, especially when it comes to Mobile, which is even more important after the rumors around RSA-encryption and NSA backdoors. Some of ECC’s advantages include: (1) Shorter keys are as strong as long key for RSA, (2) Lower on CPU consumption, and (3) Lower memory usage, when compared to other algorithms.

BlackBerry should be maximizing/monetizing ECC in major ways. The following is from The Case for Elliptic Curve Cryptography (NSA):

Despite the many advantages of elliptic curves and despite the adoption of elliptic curves by many users, many vendors and academics view the intellectual property environment surrounding elliptic curves as a major roadblock to their implementation and use. Various aspects of elliptic curve cryptography have been patented by a variety of people and companies around the world. Notably the Canadian company, Certicom Inc. holds over 130 patents related to elliptic curves and public key cryptography in general.

BlackBerry should turn the above into an opportunity.

I think having Mr. Chen run the BlackBerry is a good thing — I’ve the feeling he will do better than any of the previous CEOs; there is hope for BlackBerry. He should focus on their core assets and skills: from Enterprise to mobile, mobile device management (MDM), and security (ECC). One thought is to exit the hardware space and focus on Software — as Mr. Andreessen well said: “software is easting the world”.


Related to this:

* BlackBerry: Not dead yet! Seriously

* BlackBerry’s Potential Biggest Patent Asset: Elliptic Curve Cryptography

13 Dec

shift 2020 – How Technology Will Impact Our Future

Check out Rudy De Waele’s new book project titled shift 2020 – How Technology Will Impact Our Future — a collaborative book including foresights on how technology will impact our future by some of the world’s leading experts.

See the related Kickstarter project.

The story

The idea of shift 2020 is based upon Mobile Trends 2020, a collaborative project I launched early 2010. It’s one of the highest viewed decks on Slideshare (in the Top 50 of All Time in Technology / +320k views). Reviewing the document a couple of weeks ago, I realised the future is catching up on us much faster than many of the predictions that were made. I thought it was time to ask the original contributors for an update on their original predictions and new foresights for the year 2020.

And here is Rudy!

(love that guy!)

I am honored to be one of the contributors to both Mobile Trends 2020 and the new shift 2020 project.

Visit the related Kickstarter project.

Final contributors include:

  • Neelie Kroes (VP of the European Commission)
  • Douglas Rushkoff
  • Salim Ismael (Singularity University)
  • Loic Le Meur (LeWeb)
  • Shannon Spanhake (Innovation Officer San Francisco)
  • Adeo Ressi (The Founder Institute)
  • Saul Klein (Index Ventures)
  • Aubrey de Grey
  • Sunny Bates (Kickstarter / Jawbone)
  • Carlos Domingo (Telefonica Digital)
  • David Rowan (Wired Magazine)
  • Laurent Haug (Lift)
  • Martin Recke (next)
  • Will Page (Spotify)
  • Scott Jenson (Google)
  • Gerd Leonhard (The Futures Agency)
  • Yuri Van Geest
  • Russell Buckley
  • Russ McGuire (Sprint)
  • Kwame Ferreira (Kwamecorp)
  • Delia Dumitrescu (Trendwatching.com)
  • Georgie Benardete (Shopbeam)
  • Hans-Holger Albrecht (CEO Millicom)
  • Tariq Krim (JoliCloud)
  • Dr. James Canton
  • Andrew Hessel (Autodesk)
  • Christian Lindholm (Korulab)
  • Eze Vidra (Google Campus)
  • Harald Neidhardt (MLOVE)
  • Raina Kumra (Juggernaut)
  • Robin Wauters (Tech.eu)
  • Nicolas Nova
  • Gianfranco Chicco
  • Shaherose Charania (Women 2.0)
  • Ken Banks
  • Marc Davis (Microsoft)
  • Felix Petersen
  • Kelly Goto
  • Erik Hersman (Savannah Fund)
  • Tom Coates
  • David Risher (Worldreader)
  • Glen Hiemstra (Futurist.com)
  • Jessica Colaço (iHub)
  • Mark Kanji (Apptivation)
  • Rohit Talwar (Fast Future)
  • Priya Prakash (Changify)
  • Andrew Berglund (Geometry Global)
  • Alan Moore
  • Martin Duval (Bluenove)
  • Maarten Lens-FitzGerald (Layar)
  • Andrew Bud (mBlox/MEF)
  • Andy Abramson
  • Fabien Girardin
  • C. Enrique Ortiz
  • Raj Singh (Tempo AI)
  • Inma Martinez
  • Robert Rice
  • Ajit Jaokar
  • Jonathan MacDonald
  • Tony Fish
  • Dan Appelquist
  • Redg Snodgrass (Stained Glass Labs)
  • David Wood
  • Mark A.M. Kramer (razorfish Healthware)
  • John Kieti (m:lab)
  • Aape Pohjavirta
  • Kosta Peric (Innotribe)
  • Blaise Aguera y Arcas (Microsoft)
  • Michael Breidenbruecker (Reality Jockey)
  • Tricia Wang
  • Louisa Heinrich (Superhuman)
  • Mike North (UC Berkeley)
  • Mac-Jordan D. Degadjor
  • Kate Darling
  • Simon White
  • Chris Luomanen (Thing Tank)
  • Ariane Van De Ven (Telefonica)
  • Ed Maklouf (Siine)
  • and others…


08 Dec

Google Ads are not really relevant anymore

Over time, I have seen the behavior of Google Ads on my weblog change behavior. Today, when I visit websites, including my own blog, I no longer see content-relevant Ads.

Digging around I found information on how ads are targeted to your site:

  • Contextual targeting, based on keywords
  • Placement targeting, based on your site URL
  • Interest-based advertising, targeting specific users on your site based on their cookie ID.

I am not sure which one above is the one getting triggered, but from my perspective, the Ads being served have NOTHING to do with my blog content! Instead they seem to be related to my “search history”.

As a publisher, that is NOT what I want for my blog — I want to control the kinds of Ads that are served on my blog. I want them to be content-relevant, the way they used to be.

Google provides a way to “opt-out” which I haven’t tried yet, that supposedly allows you to “opt out of ads shown to you based on factors such as your interests and demographic details on your computer’s browser.” — whatever that really means.

I am starting to look for Ads alternatives — as I said, as a blog owner I want to control the kind of Ads that are served on my blog — which in my case I want them to be *content-relevant Ads*.

Perhaps I have problems with the Google Crawlers?

Does anyone know how (as blog owner) I can control the kind of Ads that are served by Google?

Do you have an alternative to Google Ads or suggestions for me? Thanks in advance.

Related to this:

* How ads are targeted to your site.
* Factors that affect ad serving.
* About the AdSense crawler.


27 Nov

Android App Ops is a Step Forward

Update Dec/15/2013: Two weeks after I wrote this piece below, Google removed App Ops... See Android App Ops *WAS* a Step Forward, and stay tuned.

One of Android’s top limitations, one that totally drives me nuts, is its security model, in particular the app permissions model. This is a permission security model where developers (the app) requests permissions, and the user grants permissions during the installation process.

To get an idea of how the Android security model works in general, see an old article of mine titled Understanding security on Android (IBM developerWorks).

The problem with Android’s permission model today is that users are limited two options: 1) grant ALL requested permissions, or 2) not install the app at all.

…and that is a sucky permission model that needs revision.

For example, if I liked a new cool camera app, one that accesses the camera and my location, but I do not want the app to track my location, I have to compromise – either I grant all the permissions, including the ones I am not comfortable with granting, and if I don’t like that, even though I may like the app itself, the alternative is not to install the app at all.

Enter App Ops (Permission Manager)

It was with great excitement (yes, sounds geeky) when I learned about the native App Ops app.

I had totally missed the native App Ops app in Android 4.3 that allows users to grant individual permissions post-app installation. Then I learned the app was removed on Android 4.4. But the good news is that it was not removed, it was just hidden. App developers such as Color Tiger allows you to unhide the native App Ops app. With the native App Ops app I can now control and turn off specific permissions per app!

This of course means that apps must be robust and properly handle the unavailability of restricted, un-granted features — by properly testing for null values and handling security Exceptions — vs. just crashing when it cannot perform the (restricted) functions that have been turned off by the user. Perhaps this is the reason the native App Ops app was hidden by Google for now.

I did a quick test on my Nexus 4 (I finally got my Android 4.4 upgrade) – wrote a simple location-based app/activity and put some breakpoints to test/see this behavior while turning the location permission on/off via the native App Ops app.

Permission Test screenshot

In the case of the LocationManager.getLastKnownLocation(), turning off the Location permission, it returns a null value (which means that the provider is currently disabled). Note that I was expecting a SecurityException to be thrown instead! Hmm, need to think about that. Thus, I will continue researching this and in the meantime, for LocationManager.getLastKnownLocation() seems that all we have to do is to test for null, something you should be doing anyways.

Location loc = locMgr.getLastKnownLocation(LocationManager.GPS_PROVIDER);
if (loc == null)
    return; // Provider is not enabled

In summary, while the native App Ops app is a step forward (for end-users that is), the selection of permissions to grant for a given app, really should be part of the app installation process itself (an alternative is to prompt the user every time the app attempts to use a restricted API – I think I prefer the former). This will require that developers be aware and properly test for scenarios related to restricted features/APIs not being available, and perhaps new documentation related to permissions guidelines for developers. I am looking forward to see this happening.

Oh, and thank you, Color Tiger!!!


12 Nov

Enabling Voice Communication on Android Apps

Check out the new guest post that I wrote on Enabling Voice Communication on Android Apps, for the Safari Books Online blog. It covers how to enable voice communication using the Android SIP Stack/API.

Enabling voice communication on Android apps is possible via the Session Initiation Protocol (SIP) stack. This protocol originated in 2000 as a signaling protocol in support of Voice over IP (VoIP). With today’s move to IP wireless networks such as LTE, SIP is the core signaling protocol for voice over IP Multimedia Subsystems (IMS). In this post we will explore how to enable voice communication on Android apps by using the Android Session Initiation Protocol (SIP) stack. With the transformation of traditional networks as IP-networks, and the future of voice as a “data app,” expect media-rich and location-aware communication apps, where the smartphone plays a central role in personal communications. This means that developers can now create a new breed of voice communication apps like never before. This post assumes you are somewhat familiar with the Android platform and the Java language.

Read Enabling Voice Communication on Android Apps (source: Safari Books Online).


07 Nov

Congratulations to Filament Labs, Winner of the Mobile Monday Austin App/Startup Showcase at TWS 2013

“With such convergence happening with technology and healthcare, especially right here in Austin, and especially with mobile technology, it is great to see a company like Filament Labs be recognized,” said C. Enrique Ortiz, organizer of Mobile Monday Austin.

At the recently completed Texas Wireless Summit (TWS), eight Austin-area startups presented and competed in the fourth annual Mobile Monday Austin Startup Showcase. The 2013 winner was Filament Labs, http://www.filamentlabs.co, which focuses on turnkey solutions for patient engagement. Filament is building a consumer engagement platform for the healthcare industry that helps health plans & hospitals promote healthy lifestyle changes across their member bases.

“We are so honored to win the Mobile Monday Startup Showcase, especially to be in the same category as the winners over the past three years,” said Jason Bornhorst, CEO, Filament Labs. “We are building a platform that makes mobile health easy with reusable modules that solve the complicated stuff of mHealth, like compliance, data exchange and patient engagement.”

In the Showcase, competing companies were judged on five factors: idea, market and industry potential/impact, team composition, revenue model and company stage. This year’s Showcase judges included Carlo Longino of Wireless Industry Partnership (WIP), Dai Truong of Austin Ventures and David Gill of Nielsen.

“With such convergence happening with technology and healthcare, especially right here in Austin, and especially with mobile technology, it is great to see a company like Filament Labs be recognized,” said C. Enrique Ortiz, organizer of Mobile Monday Austin.

The Showcase runner up was Fosbury, http://fosbury.co, which provides tools to drive store traffic and customer engagement using mobile wallet campaigns.

Other Showcase competing companies included:
* Beyonic – http://www.beyonic.com
* eyeQ – http://www.eyeqinsights.com
* Futureware Inc – http://www.futureware.com
* Gizmoquip LLC – http://www.Gizmoquip.com
* Kloc – http://www.kloc.me
* SnakeHead Software – http://SnakeHeadSoftware.com

The Mobile Monday Austin Startup Showcase has been an important part of the Texas Wireless Summit (TWS) for four years now. TWS is co-hosted each year by the Austin Technology Incubator (ATI), in the IC2 Institute at The University of Texas at Austin (UT), and UT’s Wireless Networking and Communications Group (WNCG). TWS brings together wireless industry leaders and entrepreneurs, engineers, academics and students, to discuss research, brainstorm innovation, and collectively work to move the wireless space forward in Texas and beyond.

“Austin remains at the nexus of wireless technology, both in research and commerce. TWS topped itself this year in terms of topic quality, engagement, and diversity of attendees”, stated event co-host and Director of ATI’s IT/Wireless portfolio, Kyle Cox. With a theme of Disrupting Wireless with Big Data Analytics, the 2013 TWS featured keynotes from Aster Teradata and Stanford’s GPS Laboratory, as well as other speakers from Stanford GPS Laboratory, Deutsche Bank, Huawei, Phunware, Verizon, University of Illinois at Urbana-Champaign, University of Cambridge and UT.

About the Wireless Networking and Communications Group
The Wireless Networking & Communications Group (WNCG) is a world-leading center for research and education at the University of Texas at Austin. WNCG strives to be the most relevant academic wireless center, which is achieved in part through its vibrant industrial affiliates program. Many WNCG graduates now lead and contribute to R&D efforts at those companies as employees. WNCG is a National Science Foundation Industry/University Collaborative Research Center (I/UCRC) for Wireless Internet Communications and Advanced Technologies (WICAT). http://www.wncg.org
About the Austin Technology Incubator:

The Austin Technology Incubator harnesses business, government and academic resources to provide strategic counsel, operational guidance and infrastructural support for its member companies to help them transition into successful, high-growth technology businesses. The Austin Technology Incubator, in the IC2 Institute at The University of Texas at Austin, has a 25-year history of successful new venture support with a focus on getting startups funded. ATI has helped more than 250 companies raise over $1 billion of investor capital. More than 85% of ATI’s 2012 graduating class received funding totaling more than $200 million. ATI has a dual mission: promote economic development in Central Texas through entrepreneurial wealth and job creation, and provide a “teaching laboratory” in applied entrepreneurship for UT-Austin students and faculty.

About Mobile Monday Austin
Since 2005, the Austin chapter of Mobile Monday has been connecting via monthly meet-ups, technology and business professionals, researchers and enthusiasts who share a common interest: mobile software and technologies. Today Mobile Monday Austin has over 495 members. For more information see http://MobileMondayAustin.com. Mobile Monday Austin is possible thanks to its sponsors and the Austin tech community.

See the press-release – http://www.prweb.com/releases/2013/10/prweb11276133.htm.