Merge "docs: adt 15.0.1 rel notes" into ics-mr0
diff --git a/core/java/android/bluetooth/BluetoothAdapter.java b/core/java/android/bluetooth/BluetoothAdapter.java
index ea5c3db..d971652 100644
--- a/core/java/android/bluetooth/BluetoothAdapter.java
+++ b/core/java/android/bluetooth/BluetoothAdapter.java
@@ -533,6 +533,7 @@
* @hide
*/
public ParcelUuid[] getUuids() {
+ if (getState() != STATE_ON) return null;
try {
return mService.getUuids();
} catch (RemoteException e) {Log.e(TAG, "", e);}
diff --git a/core/java/android/server/BluetoothService.java b/core/java/android/server/BluetoothService.java
index 9ca5847..5ea8e2a 100755
--- a/core/java/android/server/BluetoothService.java
+++ b/core/java/android/server/BluetoothService.java
@@ -809,7 +809,7 @@
}
}
- /*package*/ synchronized String getProperty(String name, boolean checkState) {
+ /*package*/ String getProperty(String name, boolean checkState) {
// If checkState is false, check if the event loop is running.
// before making the call to Bluez
if (checkState) {
@@ -853,14 +853,14 @@
return getProperty("Name", false);
}
- public synchronized ParcelUuid[] getUuids() {
+ public ParcelUuid[] getUuids() {
mContext.enforceCallingOrSelfPermission(BLUETOOTH_PERM, "Need BLUETOOTH permission");
String value = getProperty("UUIDs", true);
if (value == null) return null;
return convertStringToParcelUuid(value);
}
- private synchronized ParcelUuid[] convertStringToParcelUuid(String value) {
+ private ParcelUuid[] convertStringToParcelUuid(String value) {
String[] uuidStrings = null;
// The UUIDs are stored as a "," separated string.
uuidStrings = value.split(",");
@@ -933,7 +933,7 @@
* @return The discoverability window of the device, in seconds. A negative
* value indicates an error.
*/
- public synchronized int getDiscoverableTimeout() {
+ public int getDiscoverableTimeout() {
mContext.enforceCallingOrSelfPermission(BLUETOOTH_PERM, "Need BLUETOOTH permission");
String timeout = getProperty("DiscoverableTimeout", true);
if (timeout != null)
@@ -942,7 +942,7 @@
return -1;
}
- public synchronized int getScanMode() {
+ public int getScanMode() {
mContext.enforceCallingOrSelfPermission(BLUETOOTH_PERM, "Need BLUETOOTH permission");
if (!isEnabledInternal())
return BluetoothAdapter.SCAN_MODE_NONE;
@@ -968,7 +968,7 @@
return stopDiscoveryNative();
}
- public synchronized boolean isDiscovering() {
+ public boolean isDiscovering() {
mContext.enforceCallingOrSelfPermission(BLUETOOTH_PERM, "Need BLUETOOTH permission");
String discoveringProperty = getProperty("Discovering", false);
@@ -2384,7 +2384,7 @@
mDeviceProfileState.remove(address);
}
- synchronized String[] getKnownDevices() {
+ String[] getKnownDevices() {
String[] bonds = null;
String val = getProperty("Devices", true);
if (val != null) {
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index d5450e4..17b8acf 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -439,17 +439,6 @@
}
/**
- * Calls back SetupFaceLock to save the temporary gallery file if this is the backup lock.
- * This doesn't have to verify that biometric is enabled because it's only called in that case
- */
- void moveTempGallery() {
- Intent intent = new Intent().setClassName("com.android.facelock",
- "com.android.facelock.SetupFaceLock");
- intent.putExtra("moveTempGallery", true);
- mContext.startActivity(intent);
- }
-
- /**
* Calls back SetupFaceLock to delete the temporary gallery file
*/
public void deleteTempGallery() {
@@ -501,8 +490,7 @@
setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK);
setLong(PASSWORD_TYPE_ALTERNATE_KEY,
DevicePolicyManager.PASSWORD_QUALITY_SOMETHING);
- setBoolean(BIOMETRIC_WEAK_EVER_CHOSEN_KEY, true);
- moveTempGallery();
+ finishBiometricWeak();
}
dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_SOMETHING, pattern
.size(), 0, 0, 0, 0, 0, 0);
@@ -619,8 +607,7 @@
} else {
setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK);
setLong(PASSWORD_TYPE_ALTERNATE_KEY, Math.max(quality, computedQuality));
- setBoolean(BIOMETRIC_WEAK_EVER_CHOSEN_KEY, true);
- moveTempGallery();
+ finishBiometricWeak();
}
if (computedQuality != DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
int letters = 0;
@@ -1087,4 +1074,16 @@
}
return false;
}
+
+ private void finishBiometricWeak() {
+ setBoolean(BIOMETRIC_WEAK_EVER_CHOSEN_KEY, true);
+
+ // Launch intent to show final screen, this also
+ // moves the temporary gallery to the actual gallery
+ Intent intent = new Intent();
+ intent.setClassName("com.android.facelock",
+ "com.android.facelock.SetupEndScreen");
+ mContext.startActivity(intent);
+ }
+
}
diff --git a/core/res/res/values-af/strings.xml b/core/res/res/values-af/strings.xml
index 3ad01a5..f08d105 100644
--- a/core/res/res/values-af/strings.xml
+++ b/core/res/res/values-af/strings.xml
@@ -171,7 +171,7 @@
<string name="permgroupdesc_accounts" msgid="4948732641827091312">"Kry toegang tot beskikbare rekeninge."</string>
<string name="permgrouplab_hardwareControls" msgid="7998214968791599326">"Hardewarekontroles"</string>
<string name="permgroupdesc_hardwareControls" msgid="4357057861225462702">"Direkte toegang tot hardeware op die selfoon."</string>
- <string name="permgrouplab_phoneCalls" msgid="9067173988325865923">"foonoproepe"</string>
+ <string name="permgrouplab_phoneCalls" msgid="9067173988325865923">"Foonoproepe"</string>
<string name="permgroupdesc_phoneCalls" msgid="7489701620446183770">"Monitor, neem op, en verwerk foonoproepe."</string>
<string name="permgrouplab_systemTools" msgid="4652191644082714048">"Stelselhulpmiddels"</string>
<string name="permgroupdesc_systemTools" msgid="8162102602190734305">"Laervlak-toegang en -beheer van die stelsel."</string>
@@ -991,8 +991,8 @@
<string name="usb_storage_error_message" product="default" msgid="120810397713773275">"Kon nie jou SD-kaart vir USB-massaberging gebruik nie."</string>
<string name="usb_storage_notification_title" msgid="8175892554757216525">"USB gekoppel"</string>
<string name="usb_storage_notification_message" msgid="7380082404288219341">"Kies om lêers na/van jou rekenaar te kopieer."</string>
- <string name="usb_storage_stop_notification_title" msgid="2336058396663516017">"Skakel USB-geheue af"</string>
- <string name="usb_storage_stop_notification_message" msgid="2591813490269841539">"Kies om USB-geheue af te skakel."</string>
+ <string name="usb_storage_stop_notification_title" msgid="2336058396663516017">"Skakel USB-berging af"</string>
+ <string name="usb_storage_stop_notification_message" msgid="2591813490269841539">"Kies om USB-berging af te skakel."</string>
<string name="usb_storage_stop_title" msgid="660129851708775853">"USB-berging in gebruik"</string>
<string name="usb_storage_stop_message" product="nosdcard" msgid="1368842269463745067">"Voordat jy USB-berging afskakel, maak seker dat jy jou Android se USB-berging van jou rekenaar ontheg (\"uitgestoot\") het."</string>
<string name="usb_storage_stop_message" product="default" msgid="3613713396426604104">"Voordat jy die USB-berging afskakel, maak seker dat jy jou Android se SD-kaart uit die rekenaar ontheg (uitgeskiet) het."</string>
diff --git a/core/res/res/values-da/strings.xml b/core/res/res/values-da/strings.xml
index 56b24bb..24f44b2 100644
--- a/core/res/res/values-da/strings.xml
+++ b/core/res/res/values-da/strings.xml
@@ -159,7 +159,7 @@
<string name="permgrouplab_costMoney" msgid="5429808217861460401">"Tjenester, der koster dig penge"</string>
<string name="permgroupdesc_costMoney" msgid="8193824940620517189">"Tillader, at en applikation kan gøre ting, som kan koste penge."</string>
<string name="permgrouplab_messages" msgid="7521249148445456662">"Dine beskeder"</string>
- <string name="permgroupdesc_messages" msgid="7045736972019211994">"Læs og skriv dine sms-, e-mail- og andre beskeder."</string>
+ <string name="permgroupdesc_messages" msgid="7045736972019211994">"Læs og skriv dine sms-, e-mail og andre beskeder."</string>
<string name="permgrouplab_personalInfo" msgid="3519163141070533474">"Dine personlige oplysninger"</string>
<string name="permgroupdesc_personalInfo" product="tablet" msgid="6975389054186265786">"Få direkte adgang til dine kontakter og din kalender, der er gemt på tabletcomputeren."</string>
<string name="permgroupdesc_personalInfo" product="default" msgid="5488050357388806068">"Få direkte adgang til dine kontakter og din kalender, der er gemt på telefonen."</string>
diff --git a/core/res/res/values-es-rUS/strings.xml b/core/res/res/values-es-rUS/strings.xml
index 9609c1a..0187413 100644
--- a/core/res/res/values-es-rUS/strings.xml
+++ b/core/res/res/values-es-rUS/strings.xml
@@ -1024,7 +1024,7 @@
<string name="ext_media_checking_notification_message" msgid="8287319882926737053">"Verificando errores"</string>
<string name="ext_media_nofs_notification_title" product="nosdcard" msgid="7788040745686229307">"Almacenamiento USB en blanco"</string>
<string name="ext_media_nofs_notification_title" product="default" msgid="780477838241212997">"Tarjeta SD vacía"</string>
- <string name="ext_media_nofs_notification_message" product="nosdcard" msgid="8623130522556087311">"Almacenamiento USB en blanco o sistema de archivos no compatible."</string>
+ <string name="ext_media_nofs_notification_message" product="nosdcard" msgid="8623130522556087311">"Almacenamiento USB vacío o sistema de archivos no compatible"</string>
<string name="ext_media_nofs_notification_message" product="default" msgid="3817704088027829380">"Tarjeta SD en blanco o el sistema de archivos no es compatible."</string>
<string name="ext_media_unmountable_notification_title" product="nosdcard" msgid="2090046769532713563">"Almacenamiento USB dañado"</string>
<string name="ext_media_unmountable_notification_title" product="default" msgid="6410723906019100189">"Tarjeta SD dañada"</string>
@@ -1032,7 +1032,7 @@
<string name="ext_media_unmountable_notification_message" product="default" msgid="6902531775948238989">"Tarjeta SD dañada. Es posible que debas reformatearla."</string>
<string name="ext_media_badremoval_notification_title" product="nosdcard" msgid="1661683031330951073">"Almacenamiento USB extraído inesperadamente"</string>
<string name="ext_media_badremoval_notification_title" product="default" msgid="6872152882604407837">"Almacenamiento USB extraído de forma imprevista"</string>
- <string name="ext_media_badremoval_notification_message" product="nosdcard" msgid="4329848819865594241">"Desmontar el almacenamiento USB antes de extraerlo para evitar la pérdida de datos."</string>
+ <string name="ext_media_badremoval_notification_message" product="nosdcard" msgid="4329848819865594241">"Desactivar el almacenamiento USB antes de extraerlo para evitar la pérdida de datos."</string>
<string name="ext_media_badremoval_notification_message" product="default" msgid="7260183293747448241">"Desmontar la tarjeta SD antes de extraerla para evitar la pérdida de datos."</string>
<string name="ext_media_safe_unmount_notification_title" product="nosdcard" msgid="3967973893270360230">"Es seguro extraer el almacenamiento USB"</string>
<string name="ext_media_safe_unmount_notification_title" product="default" msgid="6729801130790616200">"Es seguro extraer la tarjeta SD"</string>
diff --git a/core/res/res/values-iw/strings.xml b/core/res/res/values-iw/strings.xml
index eb93132..d956531 100644
--- a/core/res/res/values-iw/strings.xml
+++ b/core/res/res/values-iw/strings.xml
@@ -137,7 +137,7 @@
<string name="turn_off_radio" msgid="8198784949987062346">"כבה אלחוטי"</string>
<string name="screen_lock" msgid="799094655496098153">"נעילת מסך"</string>
<string name="power_off" msgid="4266614107412865048">"כיבוי"</string>
- <string name="shutdown_progress" msgid="2281079257329981203">"מבצע כיבוי..."</string>
+ <string name="shutdown_progress" msgid="2281079257329981203">"מכבה..."</string>
<string name="shutdown_confirm" product="tablet" msgid="3385745179555731470">"הטבלט שלך יכבה."</string>
<string name="shutdown_confirm" product="default" msgid="649792175242821353">"הטלפון שלך יכובה."</string>
<string name="shutdown_confirm_question" msgid="6656441286856415014">"האם ברצונך לבצע כיבוי?"</string>
@@ -740,7 +740,7 @@
<string name="permlab_writeHistoryBookmarks" msgid="9009434109836280374">"כתוב את ההיסטוריה והסימניות של הדפדפן"</string>
<string name="permdesc_writeHistoryBookmarks" product="tablet" msgid="7193514090469945307">"מאפשר ליישום לשנות את ההיסטוריה או את הסימניות של הדפדפן המאוחסנות בטבלט. יישומים זדוניים עלולים להשתמש ביכולת זו כדי למחוק או לשנות את הנתונים בדפדפן."</string>
<string name="permdesc_writeHistoryBookmarks" product="default" msgid="945571990357114950">"מאפשר ליישום לשנות את ההיסטוריה או הסימניות של הדפדפן המאוחסנות בטלפון. יישומים זדוניים עלולים להשתמש ביכולת זו כדי למחוק או לשנות את נתוני הדפדפן."</string>
- <string name="permlab_setAlarm" msgid="5924401328803615165">"הגדר התראה בשעון המעורר"</string>
+ <string name="permlab_setAlarm" msgid="5924401328803615165">"הגדר צלצול בשעון המעורר"</string>
<string name="permdesc_setAlarm" msgid="5966966598149875082">"מאפשר ליישום להגדיר התראה ביישום מותקן של שעון מעורר. ייתכן שיישומי שעון מעורר מסוימים לא יישמו תכונה זו."</string>
<string name="permlab_addVoicemail" msgid="5525660026090959044">"הוסף דואר קולי"</string>
<string name="permdesc_addVoicemail" msgid="4828507394878206682">"מאפשר ליישום להוסיף הודעות לתיבת הדואר הנכנס של הדואר הקולי."</string>
@@ -895,8 +895,8 @@
<string name="chooseUsbActivity" msgid="7892597146032121735">"בחר יישום עבור מכשיר ה-USB"</string>
<string name="noApplications" msgid="1691104391758345586">"אין יישומים שיכולים לבצע פעולה זו."</string>
<string name="aerr_title" msgid="1905800560317137752"></string>
- <string name="aerr_application" msgid="932628488013092776">"למרבה הצער, <xliff:g id="APPLICATION">%1$s</xliff:g> הפסיק לפעול."</string>
- <string name="aerr_process" msgid="4507058997035697579">"למרבה הצער, התהליך <xliff:g id="PROCESS">%1$s</xliff:g> הופסק."</string>
+ <string name="aerr_application" msgid="932628488013092776">"לצערנו ה<xliff:g id="APPLICATION">%1$s</xliff:g> הפסיק לפעול."</string>
+ <string name="aerr_process" msgid="4507058997035697579">"לצערנו, התהליך <xliff:g id="PROCESS">%1$s</xliff:g> הופסק."</string>
<string name="anr_title" msgid="4351948481459135709"></string>
<string name="anr_activity_application" msgid="8339738283149696827">"<xliff:g id="APPLICATION">%2$s</xliff:g> אינו מגיב."\n\n" האם ברצונך לסגור אותו?"</string>
<string name="anr_activity_process" msgid="7018289416670457797">"פעילות <xliff:g id="ACTIVITY">%1$s</xliff:g> אינה מגיבה."\n\n"האם ברצונך לסגור אותה?"</string>
@@ -940,8 +940,8 @@
<string name="volume_icon_description_incall" msgid="8890073218154543397">"עוצמת קול של שיחות"</string>
<string name="volume_icon_description_media" msgid="4217311719665194215">"עוצמת קול של מדיה"</string>
<string name="volume_icon_description_notification" msgid="7044986546477282274">"עוצמת קול של התראות"</string>
- <string name="ringtone_default" msgid="3789758980357696936">"רינגטון המוגדר כברירת מחדל"</string>
- <string name="ringtone_default_with_actual" msgid="8129563480895990372">"רינגטון המוגדר כברירת מחדל (<xliff:g id="ACTUAL_RINGTONE">%1$s</xliff:g>)"</string>
+ <string name="ringtone_default" msgid="3789758980357696936">"רינגטון ברירת מחדל"</string>
+ <string name="ringtone_default_with_actual" msgid="8129563480895990372">"רינגטון ברירת מחדל (<xliff:g id="ACTUAL_RINGTONE">%1$s</xliff:g>)"</string>
<string name="ringtone_silent" msgid="4440324407807468713">"שקט"</string>
<string name="ringtone_picker_title" msgid="3515143939175119094">"רינגטונים"</string>
<string name="ringtone_unknown" msgid="5477919988701784788">"רינגטון לא ידוע"</string>
diff --git a/core/res/res/values-ko/strings.xml b/core/res/res/values-ko/strings.xml
index ea4c6cc..26236d7 100644
--- a/core/res/res/values-ko/strings.xml
+++ b/core/res/res/values-ko/strings.xml
@@ -223,7 +223,7 @@
<string name="permlab_forceStopPackages" msgid="1447830113260156236">"다른 애플리케이션 강제 종료"</string>
<string name="permdesc_forceStopPackages" msgid="7263036616161367402">"애플리케이션이 다른 애플리케이션을 강제로 종료할 수 있도록 합니다."</string>
<string name="permlab_forceBack" msgid="1804196839880393631">"강제로 애플리케이션 닫기"</string>
- <string name="permdesc_forceBack" msgid="6534109744159919013">"애플리케이션이 포그라운드에 있는 활동을 강제로 닫고 되돌아갈 수 있도록 합니다. 일반 애플리케이션에는 절대로 필요하지 않습니다."</string>
+ <string name="permdesc_forceBack" msgid="6534109744159919013">"애플리케이션이 포그라운드에 있는 작업을 강제로 닫고 되돌아갈 수 있도록 합니다. 일반 애플리케이션에는 절대로 필요하지 않습니다."</string>
<string name="permlab_dump" msgid="1681799862438954752">"시스템 내부 상태 검색"</string>
<string name="permdesc_dump" msgid="2198776174276275220">"애플리케이션이 시스템의 내부 상태를 검색할 수 있도록 합니다. 단, 악성 애플리케이션이 이 기능을 이용하여 일반적으로 필요하지 않은 다양한 개인정보와 보안정보를 검색할 수 있습니다."</string>
<string name="permlab_retrieve_window_content" msgid="8022588608994589938">"화면 콘텐츠 검색"</string>
@@ -446,7 +446,7 @@
<string name="permdesc_useCredentials" msgid="7416570544619546974">"애플리케이션이 인증 토큰을 요청하도록 합니다."</string>
<string name="permlab_accessNetworkState" msgid="6865575199464405769">"네트워크 상태 보기"</string>
<string name="permdesc_accessNetworkState" msgid="558721128707712766">"애플리케이션이 모든 네트워크의 상태를 볼 수 있도록 합니다."</string>
- <string name="permlab_createNetworkSockets" msgid="9121633680349549585">"인터넷에 최대한 액세스"</string>
+ <string name="permlab_createNetworkSockets" msgid="9121633680349549585">"인터넷 액세스"</string>
<string name="permdesc_createNetworkSockets" msgid="4593339106921772192">"애플리케이션이 네트워크 소켓을 만들 수 있도록 합니다."</string>
<string name="permlab_writeApnSettings" msgid="505660159675751896">"네트워크 설정 및 트래픽 차단/변경"</string>
<string name="permdesc_writeApnSettings" msgid="2369786339323021771">"애플리케이션이 모든 네트워크 트래픽을 가로채고 검사하거나 네트워크 설정을 변경하도록 허용합니다. 예를 들어 프록시나 APN의 포트를 변경할 수 있습니다. 악성 애플리케이션이 사용자 모르게 네트워크 패킷을 모니터링하고 리디렉션하며 수정할 수도 있습니다."</string>
@@ -899,7 +899,7 @@
<string name="aerr_process" msgid="4507058997035697579">"<xliff:g id="PROCESS">%1$s</xliff:g> 프로세스가 중지되었습니다."</string>
<string name="anr_title" msgid="4351948481459135709"></string>
<string name="anr_activity_application" msgid="8339738283149696827">"<xliff:g id="APPLICATION">%2$s</xliff:g>이(가) 응답하지 않습니다."\n\n"닫으시겠습니까?"</string>
- <string name="anr_activity_process" msgid="7018289416670457797">"<xliff:g id="ACTIVITY">%1$s</xliff:g> 활동이 응답하지 않습니다."\n\n"닫으시겠습니까?"</string>
+ <string name="anr_activity_process" msgid="7018289416670457797">"<xliff:g id="ACTIVITY">%1$s</xliff:g>이(가) 응답하지 않습니다."\n\n"닫으시겠습니까?"</string>
<string name="anr_application_process" msgid="7208175830253210526">"<xliff:g id="APPLICATION">%1$s</xliff:g>이(가) 응답하지 않습니다. 닫으시겠습니까?"</string>
<string name="anr_process" msgid="306819947562555821">"<xliff:g id="PROCESS">%1$s</xliff:g> 프로세스가 응답하지 않습니다."\n\n"닫으시겠습니까?"</string>
<string name="force_close" msgid="8346072094521265605">"확인"</string>
@@ -1207,7 +1207,7 @@
<string name="sha256_fingerprint" msgid="4391271286477279263">"SHA-256 지문:"</string>
<string name="sha1_fingerprint" msgid="7930330235269404581">"SHA-1 지문:"</string>
<string name="activity_chooser_view_see_all" msgid="180268188117163072">"전체 보기..."</string>
- <string name="activity_chooser_view_dialog_title_default" msgid="3325054276356556835">"활동 선택"</string>
+ <string name="activity_chooser_view_dialog_title_default" msgid="3325054276356556835">"작업 선택"</string>
<string name="share_action_provider_share_with" msgid="1791316789651185229">"공유 대상..."</string>
<string name="status_bar_device_locked" msgid="3092703448690669768">"기기가 잠겼습니다."</string>
<string name="list_delimeter" msgid="3975117572185494152">", "</string>
diff --git a/core/res/res/values-ru/strings.xml b/core/res/res/values-ru/strings.xml
index 9fd9955..99506c2 100644
--- a/core/res/res/values-ru/strings.xml
+++ b/core/res/res/values-ru/strings.xml
@@ -348,7 +348,7 @@
<string name="permlab_accessFineLocation" msgid="8116127007541369477">"точное местоположение (GPS)"</string>
<string name="permdesc_accessFineLocation" product="tablet" msgid="243973693233359681">"Получать доступ к источникам точного местоположения, таким как GPS, когда это возможно. Вредоносные приложения могут использовать это разрешение для определения вашего местоположения и расходовать ресурс батареи."</string>
<string name="permdesc_accessFineLocation" product="default" msgid="7411213317434337331">"Получать доступ к источникам точного местоположения, таким как GPS, если возможно. Вредоносные приложения могут использовать это разрешение для определения вашего местоположения и расходовать ресурс батареи."</string>
- <string name="permlab_accessCoarseLocation" msgid="4642255009181975828">"отслеживать местоположение по сигналам сети"</string>
+ <string name="permlab_accessCoarseLocation" msgid="4642255009181975828">"примерное местоположение по координатам сети"</string>
<string name="permdesc_accessCoarseLocation" product="tablet" msgid="3704633168985466045">"Получать доступ к источникам данных о местоположении, таким как база данных сотовой сети, для определения приблизительного местоположения планшетного ПК, когда это возможно. Вредоносные приложения могут использовать это разрешение для определения вашего приблизительного местоположения."</string>
<string name="permdesc_accessCoarseLocation" product="default" msgid="8235655958070862293">"Получать доступ к источникам данных о местоположении, таким как база данных сотовой сети, для определения приблизительного местоположения телефона, если возможно. Вредоносные приложения могут использовать эту возможность для определения вашего приблизительного местоположения."</string>
<string name="permlab_accessSurfaceFlinger" msgid="2363969641792388947">"получать доступ к SurfaceFlinger"</string>
diff --git a/core/res/res/values-zu/strings.xml b/core/res/res/values-zu/strings.xml
index a61416f..2ddf0f1 100644
--- a/core/res/res/values-zu/strings.xml
+++ b/core/res/res/values-zu/strings.xml
@@ -136,7 +136,7 @@
<string name="turn_on_radio" msgid="3912793092339962371">"Vula okungenantambo"</string>
<string name="turn_off_radio" msgid="8198784949987062346">"Vala okungenantambo"</string>
<string name="screen_lock" msgid="799094655496098153">"Ukuvala isikrini"</string>
- <string name="power_off" msgid="4266614107412865048">"Amandla avaliwe"</string>
+ <string name="power_off" msgid="4266614107412865048">"Vala amandla"</string>
<string name="shutdown_progress" msgid="2281079257329981203">"Ivala shaqa..."</string>
<string name="shutdown_confirm" product="tablet" msgid="3385745179555731470">"Ithebhulethi yakho izocima."</string>
<string name="shutdown_confirm" product="default" msgid="649792175242821353">"Ifoni yakho izocima."</string>
@@ -146,7 +146,7 @@
<string name="global_actions" product="tablet" msgid="408477140088053665">"Okukhethwa konke kwethebhulethi"</string>
<string name="global_actions" product="default" msgid="2406416831541615258">"Okukhethwa kukho kwefoni"</string>
<string name="global_action_lock" msgid="2844945191792119712">"Ukuvala isikrini"</string>
- <string name="global_action_power_off" msgid="4471879440839879722">"Amandla avaliwe"</string>
+ <string name="global_action_power_off" msgid="4471879440839879722">"Vala amandla"</string>
<string name="global_action_toggle_silent_mode" msgid="8219525344246810925">"Imodi ethulile"</string>
<string name="global_action_silent_mode_on_status" msgid="3289841937003758806">"Umsindo UVALIWE"</string>
<string name="global_action_silent_mode_off_status" msgid="1506046579177066419">"Umsindo UVULIWE"</string>
@@ -838,7 +838,7 @@
<item quantity="one" msgid="2178576254385739855">"Kusasa"</item>
<item quantity="other" msgid="2973062968038355991">"ezinsukwini ezing-<xliff:g id="COUNT">%d</xliff:g>"</item>
</plurals>
- <string name="preposition_for_date" msgid="9093949757757445117">"Ngomhla ka <xliff:g id="DATE">%s</xliff:g>"</string>
+ <string name="preposition_for_date" msgid="9093949757757445117">"ngo-<xliff:g id="DATE">%s</xliff:g>"</string>
<string name="preposition_for_time" msgid="5506831244263083793">"e-<xliff:g id="TIME">%s</xliff:g>"</string>
<string name="preposition_for_year" msgid="5040395640711867177">"phakathi- <xliff:g id="YEAR">%s</xliff:g>"</string>
<string name="day" msgid="8144195776058119424">"usuku"</string>
@@ -886,7 +886,7 @@
<string name="no" msgid="5141531044935541497">"Khansela"</string>
<string name="dialog_alert_title" msgid="2049658708609043103">"Ukunaka"</string>
<string name="loading" msgid="1760724998928255250">"Iyalayisha..."</string>
- <string name="capital_on" msgid="1544682755514494298">"Ngomhla ka"</string>
+ <string name="capital_on" msgid="1544682755514494298">"VULIWE"</string>
<string name="capital_off" msgid="6815870386972805832">"VALIWE"</string>
<string name="whichApplication" msgid="4533185947064773386">"Qedela isenzo usebenzisa"</string>
<string name="alwaysUse" msgid="4583018368000610438">"Sebenzisa ngokuzenzakalelayo kulesenzo."</string>
@@ -1146,7 +1146,7 @@
<string name="checkbox_not_checked" msgid="5174639551134444056">"akuhloliwe"</string>
<string name="radiobutton_selected" msgid="8603599808486581511">"Okukhethiwe"</string>
<string name="radiobutton_not_selected" msgid="2908760184307722393">"akukhethiwe"</string>
- <string name="switch_on" msgid="551417728476977311">"Ngomhla ka-"</string>
+ <string name="switch_on" msgid="551417728476977311">"vuliwe"</string>
<string name="switch_off" msgid="7249798614327155088">"valiwe"</string>
<string name="togglebutton_pressed" msgid="4180411746647422233">"kucindezelwe."</string>
<string name="togglebutton_not_pressed" msgid="4495147725636134425">"akucindezelwe."</string>
diff --git a/core/tests/bandwidthtests/src/com/android/bandwidthtest/BandwidthTest.java b/core/tests/bandwidthtests/src/com/android/bandwidthtest/BandwidthTest.java
index 9eee2f0..a781472 100644
--- a/core/tests/bandwidthtests/src/com/android/bandwidthtest/BandwidthTest.java
+++ b/core/tests/bandwidthtests/src/com/android/bandwidthtest/BandwidthTest.java
@@ -89,8 +89,27 @@
* Ensure that downloading on wifi reports reasonable stats.
*/
@LargeTest
- public void testWifiDownload() {
- assertTrue(setDeviceWifiAndAirplaneMode(mSsid));
+ public void testWifiDownload() throws Exception {
+ assertTrue("Could not connect to wifi!", setDeviceWifiAndAirplaneMode(mSsid));
+ downloadFile();
+ }
+
+ /**
+ * Ensure that downloading on mobile reports reasonable stats.
+ */
+ @LargeTest
+ public void testMobileDownload() throws Exception {
+ // As part of the setup we disconnected from wifi; make sure we are connected to mobile and
+ // that we have data.
+ assertTrue("Do not have mobile data!", hasMobileData());
+ downloadFile();
+ }
+
+ /**
+ * Helper method that downloads a file using http connection from a test server and reports the
+ * data usage stats to instrumentation out.
+ */
+ protected void downloadFile() throws Exception {
NetworkStats pre_test_stats = fetchDataFromProc(mUid);
String ts = Long.toString(System.currentTimeMillis());
@@ -120,11 +139,28 @@
}
/**
- * Ensure that downloading on wifi reports reasonable stats.
+ * Ensure that uploading on wifi reports reasonable stats.
*/
@LargeTest
- public void testWifiUpload() {
+ public void testWifiUpload() throws Exception {
assertTrue(setDeviceWifiAndAirplaneMode(mSsid));
+ uploadFile();
+ }
+
+ /**
+ * Ensure that uploading on wifi reports reasonable stats.
+ */
+ @LargeTest
+ public void testMobileUpload() throws Exception {
+ assertTrue(hasMobileData());
+ uploadFile();
+ }
+
+ /**
+ * Helper method that downloads a test file to upload. The stats reported to instrumentation out
+ * only include upload stats.
+ */
+ protected void uploadFile() throws Exception {
// Download a file from the server.
String ts = Long.toString(System.currentTimeMillis());
String targetUrl = BandwidthTestUtil.buildDownloadUrl(
@@ -156,12 +192,30 @@
}
/**
- * We want to make sure that if we use the Download Manager to download stuff,
+ * We want to make sure that if we use wifi and the Download Manager to download stuff,
* accounting still goes to the app making the call and that the numbers still make sense.
*/
@LargeTest
- public void testWifiDownloadWithDownloadManager() {
+ public void testWifiDownloadWithDownloadManager() throws Exception {
assertTrue(setDeviceWifiAndAirplaneMode(mSsid));
+ downloadFileUsingDownloadManager();
+ }
+
+ /**
+ * We want to make sure that if we use mobile data and the Download Manager to download stuff,
+ * accounting still goes to the app making the call and that the numbers still make sense.
+ */
+ @LargeTest
+ public void testMobileDownloadWithDownloadManager() throws Exception {
+ assertTrue(hasMobileData());
+ downloadFileUsingDownloadManager();
+ }
+
+ /**
+ * Helper method that downloads a file from a test server using the download manager and reports
+ * the stats to instrumentation out.
+ */
+ protected void downloadFileUsingDownloadManager() throws Exception {
// If we are using the download manager, then the data that is written to /proc/uid_stat/
// is accounted against download manager's uid, since it uses pre-ICS API.
int downloadManagerUid = mConnectionUtil.downloadManagerUid();
@@ -195,6 +249,7 @@
/**
* Fetch network data from /proc/uid_stat/uid
+ *
* @return populated {@link NetworkStats}
*/
public NetworkStats fetchDataFromProc(int uid) {
@@ -210,7 +265,8 @@
}
/**
- * Turn on Airplane mode and connect to the wifi
+ * Turn on Airplane mode and connect to the wifi.
+ *
* @param ssid of the wifi to connect to
* @return true if we successfully connected to a given network.
*/
@@ -219,12 +275,25 @@
assertTrue(mConnectionUtil.connectToWifi(ssid));
assertTrue(mConnectionUtil.waitForWifiState(WifiManager.WIFI_STATE_ENABLED,
ConnectionUtil.LONG_TIMEOUT));
- return mConnectionUtil.waitForNetworkState(ConnectivityManager.TYPE_WIFI, State.CONNECTED,
- ConnectionUtil.LONG_TIMEOUT);
+ assertTrue(mConnectionUtil.waitForNetworkState(ConnectivityManager.TYPE_WIFI,
+ State.CONNECTED, ConnectionUtil.LONG_TIMEOUT));
+ return mConnectionUtil.hasData();
+ }
+
+ /**
+ * Helper method to make sure we are connected to mobile data.
+ *
+ * @return true if we successfully connect to mobile data.
+ */
+ public boolean hasMobileData() {
+ assertTrue("Not connected to mobile", mConnectionUtil.isConnectedToMobile());
+ assertFalse("Still connected to wifi.", mConnectionUtil.isConnectedToWifi());
+ return mConnectionUtil.hasData();
}
/**
* Output the {@link NetworkStats} to Instrumentation out.
+ *
* @param label to attach to this given stats.
* @param stats {@link NetworkStats} to add.
* @param results {@link Bundle} to be added to.
@@ -281,4 +350,4 @@
}
return true;
}
-}
\ No newline at end of file
+}
diff --git a/core/tests/bandwidthtests/src/com/android/bandwidthtest/util/ConnectionUtil.java b/core/tests/bandwidthtests/src/com/android/bandwidthtest/util/ConnectionUtil.java
index d663aad..a5e5ab0e 100644
--- a/core/tests/bandwidthtests/src/com/android/bandwidthtest/util/ConnectionUtil.java
+++ b/core/tests/bandwidthtests/src/com/android/bandwidthtest/util/ConnectionUtil.java
@@ -44,6 +44,8 @@
import com.android.bandwidthtest.NetworkState.StateTransitionDirection;
import com.android.internal.util.AsyncChannel;
+import java.io.IOException;
+import java.net.UnknownHostException;
import java.util.List;
/*
@@ -257,14 +259,14 @@
mConnectivityState[networkType].recordState(networkState);
}
- /**
- * Set the state transition criteria
- *
- * @param networkType
- * @param initState
- * @param transitionDir
- * @param targetState
- */
+ /**
+ * Set the state transition criteria
+ *
+ * @param networkType
+ * @param initState
+ * @param transitionDir
+ * @param targetState
+ */
public void setStateTransitionCriteria(int networkType, State initState,
StateTransitionDirection transitionDir, State targetState) {
mConnectivityState[networkType].setStateTransitionCriteria(
@@ -495,7 +497,8 @@
* @return true if connected to a mobile network, false otherwise.
*/
public boolean isConnectedToMobile() {
- return (mNetworkInfo.getType() == ConnectivityManager.TYPE_MOBILE);
+ NetworkInfo networkInfo = mCM.getNetworkInfo(ConnectivityManager.TYPE_MOBILE);
+ return networkInfo.isConnected();
}
/**
@@ -503,10 +506,10 @@
* @return true if connected to wifi, false otherwise.
*/
public boolean isConnectedToWifi() {
- return (mNetworkInfo.getType() == ConnectivityManager.TYPE_WIFI);
+ NetworkInfo networkInfo = mCM.getNetworkInfo(ConnectivityManager.TYPE_WIFI);
+ return networkInfo.isConnected();
}
-
/**
* Associate the device to given SSID
* If the device is already associated with a WiFi, disconnect and forget it,
@@ -681,4 +684,30 @@
}
Log.v(LOG_TAG, "onDestroy, inst=" + Integer.toHexString(hashCode()));
}
+
+ /**
+ * Helper method used to test data connectivity by pinging a series of popular sites.
+ * @return true if device has data connectivity, false otherwise.
+ */
+ public boolean hasData() {
+ String[] hostList = {"www.google.com", "www.yahoo.com",
+ "www.bing.com", "www.facebook.com", "www.ask.com"};
+ try {
+ for (int i = 0; i < hostList.length; ++i) {
+ String host = hostList[i];
+ Process p = Runtime.getRuntime().exec("ping -c 10 -w 100 " + host);
+ int status = p.waitFor();
+ if (status == 0) {
+ return true;
+ }
+ }
+ } catch (UnknownHostException e) {
+ Log.e(LOG_TAG, "Ping test Failed: Unknown Host");
+ } catch (IOException e) {
+ Log.e(LOG_TAG, "Ping test Failed: IOException");
+ } catch (InterruptedException e) {
+ Log.e(LOG_TAG, "Ping test Failed: InterruptedException");
+ }
+ return false;
+ }
}
\ No newline at end of file
diff --git a/docs/html/guide/guide_toc.cs b/docs/html/guide/guide_toc.cs
index 0338685..af379de 100644
--- a/docs/html/guide/guide_toc.cs
+++ b/docs/html/guide/guide_toc.cs
@@ -797,6 +797,10 @@
<li><a href="<?cs var:toroot ?>guide/practices/design/seamlessness.html">
<span class="en">Designing for Seamlessness</span>
</a></li>
+ <li><a href="<?cs var:toroot ?>guide/practices/security.html">
+ <span class="en">Designing for Security</span></a>
+ <span class="new">new!</span><!-- 11/7/10 -->
+ </li>
</ul>
</li>
diff --git a/docs/html/guide/market/billing/billing_integrate.jd b/docs/html/guide/market/billing/billing_integrate.jd
index 3eebd59..6017583 100755
--- a/docs/html/guide/market/billing/billing_integrate.jd
+++ b/docs/html/guide/market/billing/billing_integrate.jd
@@ -476,7 +476,7 @@
<ul>
<li><code>CHECK_BILLING_SUPPORTED</code>—verifies that the Android Market application
supports in-app billing.</li>
- <li><code>REQUEST_PURCHASE</code>—sends a purchase request for an in-app item.</li>
+ <li><code>REQUEST_PURCHASE</code>—sends a purchase request for an in-app item.</li>
<li><code>GET_PURCHASE_INFORMATION</code>—retrieves transaction information for a purchase
or refund.</li>
<li><code>CONFIRM_NOTIFICATIONS</code>—acknowledges that you received the transaction
@@ -584,9 +584,9 @@
// Note that the developer payload is optional.
if (mDeveloperPayload != null) {
request.putString(DEVELOPER_PAYLOAD, mDeveloperPayload);
+ }
Bundle response = mService.sendBillingRequest(request);
// Do something with this response.
- }
</pre>
<p>The <code>makeRequestBundle()</code> method constructs an initial Bundle, which contains the
three keys that are required for all requests: <code>BILLING_REQUEST</code>,
@@ -930,9 +930,9 @@
<pre>
public class BillingReceiver extends BroadcastReceiver {
-
+
private static final String TAG = "BillingReceiver";
-
+
// Intent actions that we receive in the BillingReceiver from Android Market.
// These are defined by Android Market and cannot be changed.
// The sample application defines these in the Consts.java file.
@@ -940,7 +940,7 @@
public static final String ACTION_RESPONSE_CODE = "com.android.vending.billing.RESPONSE_CODE";
public static final String ACTION_PURCHASE_STATE_CHANGED =
"com.android.vending.billing.PURCHASE_STATE_CHANGED";
-
+
// The intent extras that are passed in an intent from Android Market.
// These are defined by Android Market and cannot be changed.
// The sample application defines these in the Consts.java file.
diff --git a/docs/html/guide/practices/security.jd b/docs/html/guide/practices/security.jd
new file mode 100644
index 0000000..5da7e98
--- /dev/null
+++ b/docs/html/guide/practices/security.jd
@@ -0,0 +1,772 @@
+page.title=Designing for Security
+@jd:body
+
+<div id="qv-wrapper">
+<div id="qv">
+<h2>In this document</h2>
+<ol>
+<li><a href="#Dalvik">Using Davlik Code</a></li>
+<li><a href="#Native">Using Native Code</a></li>
+<li><a href="#Data">Storing Data</a></li>
+<li><a href="#IPC">Using IPC</a></li>
+<li><a href="#Permissions">Using Permissions</a></li>
+<li><a href="#Networking">Using Networking</a></li>
+<li><a href="#DynamicCode">Dynamically Loading Code</a></li>
+<li><a href="#Input">Performing Input Validation</a></li>
+<li><a href="#UserData">Handling User Data</a></li>
+<li><a href="#Crypto">Using Cryptography</a></li>
+</ol>
+<h2>See also</h2>
+<ol>
+<li><a href="http://source.android.com/tech/security/index.html">Android
+Security Overview</a></li>
+<li><a href="{@docRoot}guide/topics/security/security.html">Android Security
+And Permissions</a></li>
+</ol>
+</div></div>
+<p>Android was designed so that most developers will be able to build
+applications using the default settings and not be confronted with difficult
+decisions about security. Android also has a number of security features built
+into the operating system that significantly reduce the frequency and impact of
+application security issues.</p>
+
+<p>Some of the security features that help developers build secure applications
+include:
+<ul>
+<li>The Android Application Sandbox that isolates data and code execution on a
+per-application basis.</li>
+<li>Android application framework with robust implementations of common
+security functionality such as cryptography, permissions, and secure IPC.</li>
+<li>Technologies like ASLR, NX, ProPolice, safe_iop, OpenBSD dlmalloc, OpenBSD
+calloc, and Linux mmap_min_addr to mitigate risks associated with common memory
+management errors</li>
+<li>An encrypted filesystem that can be enabled to protect data on lost or
+stolen devices.</li>
+</ul></p>
+
+<p>Nevertheless, it is important for developers to be familiar with Android
+security best practices to make sure they take advantage of these capabilities
+and to reduce the likelihood of inadvertently introducing security issues that
+can affect their applications.</p>
+
+<p>This document is organized around common APIs and development techniques
+that can have security implications for your application and its users. As
+these best practices are constantly evolving, we recommend you check back
+occasionally throughout your application development process.</p>
+
+<a name="Dalvik"></a>
+<h2>Using Dalvik Code</h2>
+<p>Writing secure code that runs in virtual machines is a well-studied topic
+and many of the issues are not specific to Android. Rather than attempting to
+rehash these topics, we’d recommend that you familiarize yourself with the
+existing literature. Two of the more popular resources are:
+<ul>
+<li><a href="http://www.securingjava.com/toc.html">
+http://www.securingjava.com/toc.html</a></li>
+<li><a
+href="https://www.owasp.org/index.php/Java_Security_Resources">
+https://www.owasp.org/index.php/Java_Security_Resources</a></li>
+</ul></p>
+
+<p>This document is focused on the areas which are Android specific and/or
+different from other environments. For developers experienced with VM
+programming in other environments, there are two broad issues that may be
+different about writing apps for Android:
+<ul>
+<li>Some virtual machines, such as the JVM or .net runtime, act as a security
+boundary, isolating code from the underlying operating system capabilities. On
+Android, the Dalvik VM is not a security boundary -- the application sandbox is
+implemented at the OS level, so Dalvik can interoperate with native code in the
+same application without any security constraints.</li>
+<li>Given the limited storage on mobile devices, it’s common for developers
+to want to build modular applications and use dynamic class loading. When
+doing this consider both the source where you retrieve your application logic
+and where you store it locally. Do not use dynamic class loading from sources
+that are not verified, such as unsecured network sources or external storage,
+since that code can be modified to include malicious behavior.</li>
+</ul></p>
+
+<a name="Native"></a>
+<h2>Using Native Code</h2>
+
+<p>In general, we encourage developers to use the Android SDK for most
+application development, rather than using native code. Applications built
+with native code are more complex, less portable, and more like to include
+common memory corruption errors such as buffer overflows.</p>
+
+<p>Android is built using the Linux kernel and being familiar with Linux
+development security best practices is especially useful if you are going to
+use native code. This document is too short to discuss all of those best
+practices, but one of the most popular resources is “Secure Programming for
+Linux and Unix HOWTO”, available at <a
+href="http://www.dwheeler.com/secure-programs">
+http://www.dwheeler.com/secure-programs</a>.</p>
+
+<p>An important difference between Android and most Linux environments is the
+Application Sandbox. On Android, all applications run in the Application
+Sandbox, including those written with native code. At the most basic level, a
+good way to think about it for developers familiar with Linux is to know that
+every application is given a unique UID with very limited permissions. This is
+discussed in more detail in the <a
+href="http://source.android.com/tech/security/index.html">Android Security
+Overview</a> and you should be familiar with application permissions even if
+you are using native code.</p>
+
+<a name="Data"></a>
+<h2>Storing Data</h2>
+
+<h3>Using internal files</h3>
+
+<p>By default, files created on <a
+href="{@docRoot}guide/topics/data/data-storage.html#filesInternal">internal
+storage</a> are only accessible to the application that created the file. This
+protection is implemented by Android and is sufficient for most
+applications.</p>
+
+<p>Use of <a
+href="{@docRoot}reference/android/content/Context.html#MODE_WORLD_WRITEABLE">
+world writable</a> or <a
+href="{@docRoot}reference/android/content/Context.html#MODE_WORLD_READABLE
+">world readable</a> files for IPC is discouraged because it does not provide
+the ability to limit data access to particular applications, nor does it
+provide any control on data format. As an alternative, you might consider using
+a ContentProvider which provides read and write permissions, and can make
+dynamic permission grants on a case-by-case basis.</p>
+
+<p>To provide additional protection for sensitive data, some applications
+choose to encrypt local files using a key that is not accessible to the
+application. (For example, a key can be placed in a <code><a
+href={@docRoot}reference/java/security/KeyStore.html">KeyStore</a></code> and
+protected with a user password that is not stored on the device). While this
+does not protect data from a root compromise that can monitor the user
+inputting the password, it can provide protection for a lost device without <a
+href="http://source.android.com/tech/encryption/index.html">file system
+encryption</a>.</p>
+
+<h3>Using external storage</h3>
+
+<p>Files created on <a
+href="{@docRoot}guide/topics/data/data-storage.html#filesExternal">external
+storage</a>, such as SD Cards, are globally readable and writable. Since
+external storage can be removed by the user and also modified by any
+application, applications should not store sensitive information using
+external storage.</p>
+
+<p>As with data from any untrusted source, applications should perform input
+validation when handling data from external storage (see Input Validation
+section). We strongly recommend that applications not store executables or
+class files on external storage prior to dynamic loading. If an application
+does retrieve executable files from external storage they should be signed and
+cryptographically verified prior to dynamic loading.</p>
+
+<h3>Using content providers</h3>
+
+<p>ContentProviders provide a structured storage mechanism that can be limited
+to your own application, or exported to allow access by other applications. By
+default, a <code>
+<a href="{@docRoot}reference/android/content/ContentProvider.html">
+ContentProvider</a></code> is
+<a href="{@docRoot}guide/topics/manifest/provider-element.html#exported">exported
+</a> for use by other applications. If you do not intend to provide other
+applications with access to your<code>
+<a href="{@docRoot}reference/android/content/ContentProvider.html">
+ContentProvider</a></code>, mark them as <code><a
+href="{@docRoot}guide/topics/manifest/provider-element.html#exported">
+android:exported=false</a></code> in the application manifest.</p>
+
+<p>When creating a <code>
+<a href="{@docRoot}reference/android/content/ContentProvider.html">ContentProvider
+</a></code> that will be exported for use by other applications, you can specify
+a single
+<a href="{@docRoot}guide/topics/manifest/provider-element.html#prmsn">permission
+</a> for reading and writing, or distinct permissions for reading and writing
+within the manifest. We recommend that you limit your permissions to those
+required to accomplish the task at hand. Keep in mind that it’s usually
+easier to add permissions later to expose new functionality than it is to take
+them away and break existing users.</p>
+
+<p>If you are using a <code>
+<a href="{@docRoot}reference/android/content/ContentProvider.html">
+ContentProvider</a></code> for sharing data between applications built by the
+same developer, it is preferable to use
+<a href="{@docRoot}guide/topics/manifest/permission-element.html#plevel">signature
+level permissions</a>. Signature permissions do not require user confirmation,
+so they provide a better user experience and more controlled access to the
+<code>
+<a href="{@docRoot}reference/android/content/ContentProvider.html">
+ContentProvider</a></code>.</p>
+
+<p>ContentProviders can also provide more granular access by declaring the <a
+href="{@docRoot}guide/topics/manifest/provider-element.html#gprmsn">
+grantUriPermissions</a> element and using the <code><a
+href="{@docRoot}reference/android/content/Intent.html#FLAG_GRANT_READ_URI_PERMIS
+SION">FLAG_GRANT_READ_URI_PERMISSION</a></code> and <code><a
+href="{@docRoot}reference/android/content/Intent.html#FLAG_GRANT_WRITE_URI_PERMI
+SSION">FLAG_GRANT_WRITE_URI_PERMISSION</a></code> flags in the Intent object
+that activates the component. The scope of these permissions can be further
+limited by the <code><a
+href="{@docRoot}guide/topics/manifest/grant-uri-permission-element.html">
+grant-uri-permission element</a></code>.</p>
+
+<p>When accessing a <code>
+<a href="{@docRoot}reference/android/content/ContentProvider.html">
+ContentProvider</a></code>, use parameterized query methods such as <code>
+<a href="{@docRoot}reference/android/content/ContentProvider.html#query(android.net
+.Uri,%20java.lang.String[],%20java.lang.String,%20java.lang.String[],%20java.lan
+g.String)">query()</a></code>, <code><a
+href="{@docRoot}reference/android/content/ContentProvider.html#update(android.ne
+t.Uri,%20android.content.ContentValues,%20java.lang.String,%20java.lang.String[]
+)">update()</a></code>, and <code><a
+href="{@docRoot}reference/android/content/ContentProvider.html#delete(android.ne
+t.Uri,%20java.lang.String,%20java.lang.String[])">delete()</a></code> to avoid
+potential <a href="http://en.wikipedia.org/wiki/SQL_injection">SQL
+Injection</a> from untrusted data. Note that using parameterized methods is not
+sufficient if the <code>selection</code> is built by concatenating user data
+prior to submitting it to the method.</p>
+
+<p>Do not have a false sense of security about the write permission. Consider
+that the write permission allows SQL statements which make it possible for some
+data to be confirmed using creative <code>WHERE</code> clauses and parsing the
+results. For example, an attacker might probe for presence of a specific phone
+number in a call-log by modifying a row only if that phone number already
+exists. If the content provider data has predictable structure, the write
+permission may be equivalent to providing both reading and writing.</p>
+
+<a name="IPC"></a>
+<h2>Using Interprocess Communication (IPC)</h2>
+
+<p>Some Android applications attempt to implement IPC using traditional Linux
+techniques such as network sockets and shared files. We strongly encourage the
+use of Android system functionality for IPC such as Intents, Binders, Services,
+and Receivers. The Android IPC mechanisms allow you to verify the identity of
+the application connecting to your IPC and set security policy for each IPC
+mechanism.</p>
+
+<p>Many of the security elements are shared across IPC mechanisms. <a
+href="{@docRoot}reference/android/content/BroadcastReceiver.html">
+Broadcast Receivers</a>, <a
+href="{@docRoot}reference/android/R.styleable.html#AndroidManifestActivity">
+Activities</a>, and <a
+href="{@docRoot}reference/android/R.styleable.html#AndroidManifestService">
+Services</a> are all declared in the application manifest. If your IPC mechanism is
+not intended for use by other applications, set the android:exported property
+to false. This is useful for applications that consist of multiple processes
+within the same UID, or if you decide late in development that you do not
+actually want to expose functionality as IPC but you don’t want to rewrite
+the code.</p>
+
+<p>If your IPC is intended to be accessible to other applications, you can
+apply a security policy by using the <a
+href="{@docRoot}reference/android/R.styleable.html#AndroidManifestPermission">
+Permission</a> tag. If IPC is between applications built by the same developer,
+it is preferable to use <a
+href="{@docRoot}guide/topics/manifest/permission-element.html#plevel">signature
+level permissions</a>. Signature permissions do not require user confirmation,
+so they provide a better user experience and more controlled access to the IPC
+mechanism.</p>
+
+<p>One area that can introduce confusion is the use of intent filters. Note
+that Intent filters should not be considered a security feature -- components
+can be invoked directly and may not have data that would conform to the intent
+filter. You should perform input validation within your intent receiver to
+confirm that it is properly formatted for the invoked receiver, service, or
+activity.</p>
+
+<h3>Using intents</h3>
+
+<p>Intents are the preferred mechanism for asynchronous IPC in Android.
+Depending on your application requirements, you might use <code><a
+href="{@docRoot}reference/android/content/Context.html#sendBroadcast(android.con
+tent.Intent)">sendBroadcast()</a></code>, <code><a
+href="{@docRoot}reference/android/content/Context.html#sendOrderedBroadcast(andr
+oid.content.Intent,%20java.lang.String)">sendOrderedBroadcast()</a></code>, or
+direct an intent to a specific application component.</p>
+
+<p>Note that ordered broadcasts can be “consumed” by a recipient, so they
+may not be delivered to all applications. If you are sending an Intent where
+delivery to a specific receiver is required, the intent must be delivered
+directly to the receiver.</p>
+
+<p>Senders of an intent can verify that the recipient has a permission
+specifying a non-Null Permission upon sending. Only applications with that
+Permission will receive the intent. If data within a broadcast intent may be
+sensitive, you should consider applying a permission to make sure that
+malicious applications cannot register to receive those messages without
+appropriate permissions. In those circumstances, you may also consider
+invoking the receiver directly, rather than raising a broadcast.</p>
+
+<h3>Using binder and AIDL interfaces</h3>
+
+<p><a href="{@docRoot}reference/android/os/Binder.html">Binders</a> are the
+preferred mechanism for RPC-style IPC in Android. They provide a well-defined
+interface that enables mutual authentication of the endpoints, if required.</p>
+
+<p>We strongly encourage designing interfaces in a manner that does not require
+interface specific permission checks. Binders are not declared within the
+application manifest, and therefore you cannot apply declarative permissions
+directly to a Binder. Binders generally inherit permissions declared in the
+application manifest for the Service or Activity within which they are
+implemented. If you are creating an interface that requires authentication
+and/or access controls on a specific binder interface, those controls must be
+explicitly added as code in the interface.</p>
+
+<p>If providing an interface that does require access controls, use <code><a
+href="{@docRoot}reference/android/content/Context.html#checkCallingPermission(ja
+va.lang.String)">checkCallingPermission()</a></code> to verify whether the
+caller of the Binder has a required permission. This is especially important
+before accessing a Service on behalf of the caller, as the identify of your
+application is passed to other interfaces. If invoking an interface provided
+by a Service, the <code><a
+href="{@docRoot}reference/android/content/Context.html#bindService(android.conte
+nt.Intent,%20android.content.ServiceConnection,%20int)">bindService()</a></code>
+ invocation may fail if you do not have permission to access the given Service.
+ If calling an interface provided locally by your own application, it may be
+useful to use the <code><a
+href="{@docRoot}reference/android/os/Binder.html#clearCallingIdentity()">
+clearCallingIdentity()</a></code> to satisfy internal security checks.</p>
+
+<h3>Using broadcast receivers</h3>
+
+<p>Broadcast receivers are used to handle asynchronous requests initiated via
+an intent.</p>
+
+<p>By default, receivers are exported and can be invoked by any other
+application. If your <code><a
+href={@docRoot}reference/android/content/BroadcastReceiver.html">
+BroadcastReceivers</a></code> is intended for use by other applications, you
+may want to apply security permissions to receivers using the <code><a
+href="{@docRoot}reference/android/R.styleable.html#AndroidManifestReceiver">
+<receiver></a></code> element within the application manifest. This will
+prevent applications without appropriate permissions from sending an intent to
+the <code><a
+href={@docRoot}reference/android/content/BroadcastReceiver.html">
+BroadcastReceivers</a></code>.</p>
+
+<h3>Using Services</h3>
+
+<p>Services are often used to supply functionality for other applications to
+use. Each service class must have a corresponding <service> declaration in its
+package's AndroidManifest.xml.</p>
+
+<p>By default, Services are exported and can be invoked by any other
+application. Services can be protected using the android:permission attribute
+within the manifest’s <code><a
+href="{@docRoot}reference/android/R.styleable.html#AndroidManifestService">
+<service></a></code> tag. By doing so, other applications will need to declare
+a corresponding <code><a
+href="{@docRoot}reference/android/R.styleable.html#AndroidManifestService_permis
+sion"><uses-permission></a></code> element in their own manifest to be
+able to start, stop, or bind to the service.</p>
+
+<p>A Service can protect individual IPC calls into it with permissions, by
+calling <code><a
+href="{@docRoot}reference/android/content/Context.html#checkCallingPermission(ja
+va.lang.String)">checkCallingPermission()</a></code>before executing
+the implementation of that call. We generally recommend using the
+declarative permissions in the manifest, since those are less prone to
+oversight.</p>
+
+<h3>Using Activities</h3>
+
+<p>Activities are most often used for providing the core user-facing
+functionality of an application. By default, Activities are exported and
+invokable by other applications only if they have an intent filter or binder
+declared. In general, we recommend that you specifically declare a Receiver or
+Service to handle IPC, since this modular approach reduces the risk of exposing
+functionality that is not intended for use by other applications.</p>
+
+<p>If you do expose an Activity for purposes of IPC, the <code><a
+href="{@docRoot}reference/android/R.styleable.html#AndroidManifestActivity_permi
+ssion">android:permission</a></code> attribute in the <code><a
+href="{@docRoot}reference/android/R.styleable.html#AndroidManifestActivity">
+<activity></a></code> declaration in the application manifest can be used to
+restrict access to only those applications which have the stated
+permissions.</p>
+
+<a name="Permissions"></a>
+<h2>Using Permissions</h2>
+
+<h3>Requesting Permissions</h3>
+
+<p>We recommend minimizing the number of permissions requested by an
+application. Not having access to sensitive permissions reduces the risk of
+inadvertently misusing those permissions, can improve user adoption, and makes
+applications less attractive targets for attackers.</p>
+
+<p>If it is possible to design your application in a way that does not require
+a permission, that is preferable. For example, rather than requesting access
+to device information to create an identifier, create a <a
+href="{@docRoot}reference/java/util/UUID.html">GUID</a> for your application.
+(This specific example is also discussed in Handling User Data) Or, rather than
+using external storage, store data in your application directory.</p>
+
+<p>If a permission is not required, do not request it. This sounds simple, but
+there has been quite a bit of research into the frequency of over-requesting
+permissions. If you’re interested in the subject you might start with this
+research paper published by U.C. Berkeley: <a
+href="http://www.eecs.berkeley.edu/Pubs/TechRpts/2011/EECS-2011-48.pdf">
+http://www.eecs.berkeley.edu/Pubs/TechRpts/2011/EECS-2011-48.pdf</a></p>
+
+<p>In addition to requesting permissions, your application can use <a
+href="{@docRoot}guide/topics/manifest/permission-element.html">permissions</a>
+to protect IPC that is security sensitive and will be exposed to other
+applications -- such as a <code><a
+href="{@docRoot}reference/android/content/ContentProvider.html">
+ContentProvider</a></code>. In general, we recommend using access controls
+other than user confirmed permissions where possible since permissions can
+be confusing for users. For example, consider using the <a
+href="{@docRoot}guide/topics/manifest/permission-element.html#plevel">signature
+protection level</a> on permissions for IPC communication between applications
+provided by a single developer.</p>
+
+<p>Do not cause permission re-delegation. This occurs when an app exposes data
+over IPC that is only available because it has a specific permission, but does
+not require that permission of any clients of it’s IPC interface. More
+details on the potential impacts, and frequency of this type of problem is
+provided in this research paper published at USENIX: <a
+href="http://www.cs.berkeley.edu/~afelt/felt_usenixsec2011.pdf">http://www.cs.be
+rkeley.edu/~afelt/felt_usenixsec2011.pdf</a></p>
+
+<h3>Creating Permissions</h3>
+
+<p>Generally, you should strive to create as few permissions as possible while
+satisfying your security requirements. Creating a new permission is relatively
+uncommon for most applications, since <a
+href="{@docRoot}reference/android/Manifest.permission.html">
+system-defined permissions</a> cover many situations. Where appropriate,
+perform access checks using existing permissions.</p>
+
+<p>If you must create a new permission, consider whether you can accomplish
+your task with a Signature permission. Signature permissions are transparent
+to the user and only allow access by applications signed by the same developer
+as application performing the permission check. If you create a Dangerous
+permission, then the user needs to decide whether to install the application.
+This can be confusing for other developers, as well as for users.</p>
+
+<p>If you create a Dangerous permission, there are a number of complexities
+that you need to consider.
+<ul>
+<li>The permission must have a string that concisely expresses to a user the
+security decision they will be required to make.</li>
+<li>The permission string must be localized to many different languages.</li>
+<li>Uses may choose not to install an application because a permission is
+confusing or perceived as risky.</li>
+<li>Applications may request the permission when the creator of the permission
+has not been installed.</li>
+</ul></p>
+
+<p>Each of these poses a significant non-technical challenge for an application
+developer, which is why we discourage the use of Dangerous permission.</p>
+
+<a name="Networking"></a>
+<h2>Using Networking</h2>
+
+<h3>Using IP Networking</h3>
+
+<p>Networking on Android is not significantly different from Linux
+environments. The key consideration is making sure that appropriate protocols
+are used for sensitive data, such as <a
+href="{@docRoot}reference/javax/net/ssl/HttpsURLConnection.html">HTTPS</a> for
+web traffic. We prefer use of HTTPS over HTTP anywhere that HTTPS is
+supported on the server, since mobile devices frequently connect on networks
+that are not secured, such as public WiFi hotspots.</p>
+
+<p>Authenticated, encrypted socket-level communication can be easily
+implemented using the <code><a
+href="{@docRoot}reference/javax/net/ssl/SSLSocket.html">SSLSocket</a></code>
+class. Given the frequency with which Android devices connect to unsecured
+wireless networks using WiFi, the use of secure networking is strongly
+encouraged for all applications.</p>
+
+<p>We have seen some applications use <a
+href="http://en.wikipedia.org/wiki/Localhost">localhost</a> network ports for
+handling sensitive IPC. We discourage this approach since these interfaces are
+accessible by other applications on the device. Instead, use an Android IPC
+mechanism where authentication is possible such as a Service and Binder. (Even
+worse than using loopback is to bind to INADDR_ANY since then your application
+may receive requests from anywhere. We’ve seen that, too.)</p>
+
+<p>Also, one common issue that warrants repeating is to make sure that you do
+not trust data downloaded from HTTP or other insecure protocols. This includes
+validation of input in <code><a
+href="{@docRoot}reference/android/webkit/WebView.html">WebView</a></code> and
+any responses to intents issued against HTTP.</p>
+
+<h3>Using Telephony Networking</h3>
+
+<p>SMS is the telephony protocol most frequently used by Android developers.
+Developers should keep in mind that this protocol was primarily designed for
+user-to-user communication and is not well-suited for some application
+purposes. Due to the limitations of SMS, we strongly recommend the use of <a
+href="http://code.google.com/android/c2dm/">C2DM</a> and IP networking for
+sending data messages to devices.</p>
+
+<p>Many developers do not realize that SMS is not encrypted or strongly
+authenticated on the network or on the device. In particular, any SMS receiver
+should expect that a malicious user may have sent the SMS to your application
+-- do not rely on unauthenticated SMS data to perform sensitive commands.
+Also, you should be aware that SMS may be subject to spoofing and/or
+interception on the network. On the Android-powered device itself, SMS
+messages are transmitted as Broadcast intents, so they may be read or captured
+by other applications that have the READ_SMS permission.</p>
+
+<a name="DynamicCode"></a>
+<h2>Dynamically Loading Code</h2>
+
+<p>We strongly discourage loading code from outside of the application APK.
+Doing so significantly increases the likelihood of application compromise due
+to code injection or code tampering. It also adds complexity around version
+management and application testing. Finally, it can make it impossible to
+verify the behavior of an application, so it may be prohibited in some
+environments.</p>
+
+<p>If your application does dynamically load code, the most important thing to
+keep in mind about dynamically loaded code is that it runs with the same
+security permissions as the application APK. The user made a decision to
+install your application based on your identity, and they are expecting that
+you provide any code run within the application, including code that is
+dynamically loaded.</p>
+
+<p>The major security risk associated with dynamically loading code is that the
+code needs to come from a verifiable source. If the modules are included
+directly within your APK, then they cannot be modified by other applications.
+This is true whether the code is a native library or a class being loaded using
+<a href="{@docRoot}reference/dalvik/system/DexClassLoader.html">
+<code>DexClassLoader</code></a>. We have seen many instances of applications
+attempting to load code from insecure locations, such as downloaded from the
+network over unencrypted protocols or from world writable locations such as
+external storage. These locations could allow someone on the network to modify
+the content in transit, or another application on a users device to modify the
+content, respectively.</p>
+
+
+<h3>Using WebView</h3>
+
+<p>Since WebView consumes web content that can include HTML and JavaScript,
+improper use can introduce common web security issues such as <a
+href="http://en.wikipedia.org/wiki/Cross_site_scripting">cross-site-scripting</a
+> (JavaScript injection). Android includes a number of mechanisms to reduce
+the scope of these potential issues by limiting the capability of WebView to
+the minimum functionality required by your application.</p>
+
+<p>If your application does not directly use JavaScript within a <code><a
+href="{@docRoot}reference/android/webkit/WebView.html">WebView</a></code>, do
+not call
+<a href="{@docRoot}reference/android/webkit/WebSettings.html#setJavaScriptEnabled(boolean)
+<code>setJavaScriptEnabled()</code></a>. We have seen this method invoked
+in sample code that might be repurposed in production application -- so
+remove it if necessary. By default, <code><a
+href="{@docRoot}reference/android/webkit/WebView.html">WebView</a></code> does
+not execute JavaScript so cross-site-scripting is not possible.</p>
+
+<p>Use <code><a
+href="{@docRoot}reference/android/webkit/WebView.html#addJavascriptInterface(jav
+a.lang.Object,%20java.lang.String)">addJavaScriptInterface()</a></code> with
+particular care because it allows JavaScript to invoke operations that are
+normally reserved for Android applications. Only expose <code><a
+href="{@docRoot}reference/android/webkit/WebView.html#addJavascriptInterface(jav
+a.lang.Object,%20java.lang.String)">addJavaScriptInterface()</a></code> to
+sources from which all input is trustworthy. If untrusted input is allowed,
+untrusted JavaScript may be able to invoke Android methods. In general, we
+recommend only exposing <code><a
+href="{@docRoot}reference/android/webkit/WebView.html#addJavascriptInterface(jav
+a.lang.Object,%20java.lang.String)">addJavaScriptInterface()</a></code> to
+JavaScript that is contained within your application APK.</p>
+
+<p>Do not trust information downloaded over HTTP, use HTTPS instead. Even if
+you are connecting only to a single website that you trust or control, HTTP is
+subject to <a
+href="http://en.wikipedia.org/wiki/Man-in-the-middle_attack">MiTM</a> attacks
+and interception of data. Sensitive capabilities using <code><a
+href="{@docRoot}reference/android/webkit/WebView.html#addJavascriptInterface(jav
+a.lang.Object,%20java.lang.String)">addJavaScriptInterface()</a></code> should
+not ever be exposed to unverified script downloaded over HTTP. Note that even
+with the use of HTTPS,
+<code><a
+href="{@docRoot}reference/android/webkit/WebView.html#addJavascriptInterface(jav
+a.lang.Object,%20java.lang.String)">addJavaScriptInterface()</a></code>
+increases the attack surface of your application to include the server
+infrastructure and all CAs trusted by the Android-powered device.</p>
+
+<p>If your application accesses sensitive data with a <code><a
+href="{@docRoot}reference/android/webkit/WebView.html">WebView</a></code>, you
+may want to use the <code><a
+href="{@docRoot}reference/android/webkit/WebView.html#clearCache(boolean)">
+clearCache()</a></code> method to delete any files stored locally. Server side
+headers like no-cache can also be used to indicate that an application should
+not cache particular content.</p>
+
+<a name="Input"></a>
+<h2>Performing Input Validation</h2>
+
+<p>Insufficient input validation is one of the most common security problems
+affecting applications, regardless of what platform they run on. Android does
+have platform-level countermeasures that reduce the exposure of applications to
+input validation issues, you should use those features where possible. Also
+note that selection of type-safe languages tends to reduce the likelihood of
+input validation issues. We strongly recommend building your applications with
+the Android SDK.</p>
+
+<p>If you are using native code, then any data read from files, received over
+the network, or received from an IPC has the potential to introduce a security
+issue. The most common problems are <a
+href="http://en.wikipedia.org/wiki/Buffer_overflow">buffer overflows</a>, <a
+href="http://en.wikipedia.org/wiki/Double_free#Use_after_free">use after
+free</a>, and <a
+href="http://en.wikipedia.org/wiki/Off-by-one_error">off-by-one errors</a>.
+Android provides a number of technologies like ASLR and DEP that reduce the
+exploitability of these errors, but they do not solve the underlying problem.
+These can be prevented by careful handling of pointers and managing of
+buffers.</p>
+
+<p>Dynamic, string based languages such as JavaScript and SQL are also subject
+to input validation problems due to escape characters and <a
+href="http://en.wikipedia.org/wiki/Code_injection">script injection</a>.</p>
+
+<p>If you are using data within queries that are submitted to SQL Database or a
+Content Provider, SQL Injection may be an issue. The best defense is to use
+parameterized queries, as is discussed in the ContentProviders section.
+Limiting permissions to read-only or write-only can also reduce the potential
+for harm related to SQL Injection.</p>
+
+<p>If you are using <code><a
+href="{@docRoot}reference/android/webkit/WebView.html">WebView</a></code>, then
+you must consider the possibility of XSS. If your application does not
+directly use JavaScript within a <code><a
+href="{@docRoot}reference/android/webkit/WebView.html">WebView</a></code>, do
+not call setJavaScriptEnabled() and XSS is no longer possible. If you must
+enable JavaScript then the WebView section provides other security best
+practices.</p>
+
+<p>If you cannot use the security features above, we strongly recommend the use
+of well-structured data formats and verifying that the data conforms to the
+expected format. While blacklisting of characters or character-replacement can
+be an effective strategy, these techniques are error-prone in practice and
+should be avoided when possible.</p>
+
+<a name="UserData"></a>
+<h2>Handling User Data</h2>
+
+<p>In general, the best approach is to minimize use of APIs that access
+sensitive or personal user data. If you have access to data and can avoid
+storing or transmitting the information, do not store or transmit the data.
+Finally, consider if there is a way that your application logic can be
+implemented using a hash or non-reversible form of the data. For example, your
+application might use the hash of an an email address as a primary key, to
+avoid transmitting or storing the email address. This reduces the chances of
+inadvertently exposing data, and it also reduces the chance of attackers
+attempting to exploit your application.</p>
+
+<p>If your application accesses personal information such as passwords or
+usernames, keep in mind that some jurisdictions may require you to provide a
+privacy policy explaining your use and storage of that data. So following the
+security best practice of minimizing access to user data may also simplify
+compliance.</p>
+
+<p>You should also consider whether your application might be inadvertently
+exposing personal information to other parties such as third-party components
+for advertising or third-party services used by your application. If you don't
+know why a component or service requires a personal information, don’t
+provide it. In general, reducing the access to personal information by your
+application will reduce the potential for problems in this area.</p>
+
+<p>If access to sensitive data is required, evaluate whether that information
+must be transmitted to a server, or whether the operation can be performed on
+the client. Consider running any code using sensitive data on the client to
+avoid transmitting user data.</p>
+
+<p>Also, make sure that you do not inadvertently expose user data to other
+application on the device through overly permissive IPC, world writable files,
+or network sockets. This is a special case of permission redelegation,
+discussed in the Requesting Permissions section.</p>
+
+<p>If a GUID is required, create a large, unique number and store it. Do not
+use phone identifiers such as the phone number or IMEI which may be associated
+with personal information. This topic is discussed in more detail in the <a
+href="http://android-developers.blogspot.com/2011/03/identifying-app-installatio
+ns.html">Android Developer Blog</a>.</p>
+
+<h3>Handling Credentials</h3>
+
+<p>In general, we recommend minimizing the frequency of asking for user
+credentials -- to make phishing attacks more conspicuous, and less likely to be
+successful. Instead use an authorization token and refresh it.</p>
+
+<p>Where possible, username and password should not be stored on the device.
+Instead, perform initial authentication using the username and password
+supplied by the user, and then use a short-lived, service-specific
+authorization token.</p>
+
+<p>Services that will be accessible to multiple applications should be accessed
+using <code>
+<a href="{@docRoot}reference/android/accounts/AccountManager.html">
+AccountManager</a></code>. If possible, use the <code><a
+href="{@docRoot}reference/android/accounts/AccountManager.html">
+AccountManager</a></code> class to invoke a cloud-based service and do not store
+passwords on the device.</p>
+
+<p>After using <code><a
+href="{@docRoot}reference/android/accounts/AccountManager.html">
+AccountManager</a></code> to retrieve an Account, check the <code><a
+href="{@docRoot}reference/android/accounts/Account.html#CREATOR">CREATOR</a>
+</code> before passing in any credentials, so that you do not inadvertently pass
+credentials to the wrong application.</p>
+
+<p>If credentials are to be used only by applications that you create, then you
+can verify the application which accesses the <code><a
+href="{@docRoot}reference/android/accounts/AccountManager.html">
+AccountManager</a></code> using <code><a href="<code><a
+href="{@docRoot}h/reference/android/content/pm/PackageManager.html#checkSignatur
+es(java.lang.String,%20java.lang.String)">checkSignature()</a></code>.
+Alternatively, if only one application will use the credential, you might use a
+<code><a
+href={@docRoot}reference/java/security/KeyStore.html">KeyStore</a></code> for
+storage.</p>
+
+<a name="Crypto"></a>
+<h2>Using Cryptography</h2>
+
+<p>In addition to providing data isolation, supporting full-filesystem
+encryption, and providing secure communications channels Android provides a
+wide array of algorithms for protecting data using cryptography.</p>
+
+<p>In general, try to use the highest level of pre-existing framework
+implementation that can support your use case. If you need to securely
+retrieve a file from a known location, a simple HTTPS URI may be adequate and
+require no knowledge of cryptography on your part. If you need a secure
+tunnel, consider using
+<a href="{@docRoot}reference/javax/net/ssl/HttpsURLConnection.html">
+<code>HttpsURLConnection</code></a> or <code><a
+href="{@docRoot}reference/javax/net/ssl/SSLSocket.html">SSLSocket</a></code>,
+rather than writing your own protocol.</p>
+
+<p>If you do find yourself needing to implement your own protocol, we strongly
+recommend that you not implement your own cryptographic algorithms. Use
+existing cryptographic algorithms such as those in the implementation of AES or
+RSA provided in the <code><a
+href="{@docRoot}reference/javax/crypto/Cipher.html">Cipher</a></code> class.</p>
+
+<p>Use a secure random number generator (
+<a href="http://developer.android.com/reference/java/security/SecureRandom.html">
+<code>SecureRandom</code></a>) to initialize any cryptographic keys (<a
+href="http://developer.android.com/reference/javax/crypto/KeyGenerator.html">
+<code>KeyGenerator</code></a>). Use of a key that is not generated with a secure random
+number generator significantly weakens the strength of the algorithm, and may
+allow offline attacks.</p>
+
+<p>If you need to store a key for repeated use, use a mechanism like <code><a
+href={@docRoot}reference/java/security/KeyStore.html">KeyStore</a></code> that
+provides a mechanism for long term storage and retrieval of cryptographic
+keys.</p>
+
+<h2>Conclusion</h2>
+
+<p>Android provides developers with the ability to design applications with a
+broad range of security requirements. These best practices will help you make
+sure that your application takes advantage of the security benefits provided by
+the platform.</p>
+
+<p>You can receive more information on these topics and discuss security best
+practices with other developers in the <a
+href="http://groups.google.com/group/android-security-discuss">Android Security
+Discuss</a> Google Group</p>
diff --git a/telephony/java/com/android/internal/telephony/SmsHeader.java b/telephony/java/com/android/internal/telephony/SmsHeader.java
index 9492e0e..c32388f 100644
--- a/telephony/java/com/android/internal/telephony/SmsHeader.java
+++ b/telephony/java/com/android/internal/telephony/SmsHeader.java
@@ -190,7 +190,9 @@
public static byte[] toByteArray(SmsHeader smsHeader) {
if ((smsHeader.portAddrs == null) &&
(smsHeader.concatRef == null) &&
- (smsHeader.miscEltList.size() == 0)) {
+ (smsHeader.miscEltList.isEmpty()) &&
+ (smsHeader.languageShiftTable == 0) &&
+ (smsHeader.languageTable == 0)) {
return null;
}
diff --git a/telephony/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java b/telephony/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java
index c1553d8..093c220 100644
--- a/telephony/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java
+++ b/telephony/java/com/android/internal/telephony/gsm/GsmSMSDispatcher.java
@@ -197,7 +197,11 @@
byte[] data, PendingIntent sentIntent, PendingIntent deliveryIntent) {
SmsMessage.SubmitPdu pdu = SmsMessage.getSubmitPdu(
scAddr, destAddr, destPort, data, (deliveryIntent != null));
- sendRawPdu(pdu.encodedScAddress, pdu.encodedMessage, sentIntent, deliveryIntent);
+ if (pdu != null) {
+ sendRawPdu(pdu.encodedScAddress, pdu.encodedMessage, sentIntent, deliveryIntent);
+ } else {
+ Log.e(TAG, "GsmSMSDispatcher.sendData(): getSubmitPdu() returned null");
+ }
}
/** {@inheritDoc} */
@@ -206,7 +210,11 @@
PendingIntent sentIntent, PendingIntent deliveryIntent) {
SmsMessage.SubmitPdu pdu = SmsMessage.getSubmitPdu(
scAddr, destAddr, text, (deliveryIntent != null));
- sendRawPdu(pdu.encodedScAddress, pdu.encodedMessage, sentIntent, deliveryIntent);
+ if (pdu != null) {
+ sendRawPdu(pdu.encodedScAddress, pdu.encodedMessage, sentIntent, deliveryIntent);
+ } else {
+ Log.e(TAG, "GsmSMSDispatcher.sendText(): getSubmitPdu() returned null");
+ }
}
/** {@inheritDoc} */
@@ -224,7 +232,11 @@
SmsMessage.SubmitPdu pdu = SmsMessage.getSubmitPdu(scAddress, destinationAddress,
message, deliveryIntent != null, SmsHeader.toByteArray(smsHeader),
encoding, smsHeader.languageTable, smsHeader.languageShiftTable);
- sendRawPdu(pdu.encodedScAddress, pdu.encodedMessage, sentIntent, deliveryIntent);
+ if (pdu != null) {
+ sendRawPdu(pdu.encodedScAddress, pdu.encodedMessage, sentIntent, deliveryIntent);
+ } else {
+ Log.e(TAG, "GsmSMSDispatcher.sendNewSubmitPdu(): getSubmitPdu() returned null");
+ }
}
/** {@inheritDoc} */
diff --git a/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java b/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java
index 2da9642..d9a5f5d 100644
--- a/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java
+++ b/telephony/java/com/android/internal/telephony/gsm/SmsMessage.java
@@ -16,22 +16,22 @@
package com.android.internal.telephony.gsm;
-import android.os.Parcel;
import android.telephony.PhoneNumberUtils;
import android.text.format.Time;
import android.util.Log;
-import com.android.internal.telephony.IccUtils;
+
import com.android.internal.telephony.EncodeException;
import com.android.internal.telephony.GsmAlphabet;
+import com.android.internal.telephony.IccUtils;
import com.android.internal.telephony.SmsHeader;
import com.android.internal.telephony.SmsMessageBase;
import java.io.ByteArrayOutputStream;
import java.io.UnsupportedEncodingException;
+import static android.telephony.SmsMessage.ENCODING_16BIT;
import static android.telephony.SmsMessage.ENCODING_7BIT;
import static android.telephony.SmsMessage.ENCODING_8BIT;
-import static android.telephony.SmsMessage.ENCODING_16BIT;
import static android.telephony.SmsMessage.ENCODING_KSC5601;
import static android.telephony.SmsMessage.ENCODING_UNKNOWN;
import static android.telephony.SmsMessage.MAX_USER_DATA_BYTES;
@@ -240,18 +240,43 @@
return null;
}
+ if (encoding == ENCODING_UNKNOWN) {
+ // Find the best encoding to use
+ TextEncodingDetails ted = calculateLength(message, false);
+ encoding = ted.codeUnitSize;
+ languageTable = ted.languageTable;
+ languageShiftTable = ted.languageShiftTable;
+
+ if (encoding == ENCODING_7BIT && (languageTable != 0 || languageShiftTable != 0)) {
+ if (header != null) {
+ SmsHeader smsHeader = SmsHeader.fromByteArray(header);
+ if (smsHeader.languageTable != languageTable
+ || smsHeader.languageShiftTable != languageShiftTable) {
+ Log.w(LOG_TAG, "Updating language table in SMS header: "
+ + smsHeader.languageTable + " -> " + languageTable + ", "
+ + smsHeader.languageShiftTable + " -> " + languageShiftTable);
+ smsHeader.languageTable = languageTable;
+ smsHeader.languageShiftTable = languageShiftTable;
+ header = SmsHeader.toByteArray(smsHeader);
+ }
+ } else {
+ SmsHeader smsHeader = new SmsHeader();
+ smsHeader.languageTable = languageTable;
+ smsHeader.languageShiftTable = languageShiftTable;
+ header = SmsHeader.toByteArray(smsHeader);
+ }
+ }
+ }
+
SubmitPdu ret = new SubmitPdu();
// MTI = SMS-SUBMIT, UDHI = header != null
byte mtiByte = (byte)(0x01 | (header != null ? 0x40 : 0x00));
ByteArrayOutputStream bo = getSubmitPduHead(
scAddress, destinationAddress, mtiByte,
statusReportRequested, ret);
+
// User Data (and length)
byte[] userData;
- if (encoding == ENCODING_UNKNOWN) {
- // First, try encoding it with the GSM alphabet
- encoding = ENCODING_7BIT;
- }
try {
if (encoding == ENCODING_7BIT) {
userData = GsmAlphabet.stringToGsm7BitPackedWithHeader(message, header,
@@ -283,6 +308,7 @@
if (encoding == ENCODING_7BIT) {
if ((0xff & userData[0]) > MAX_USER_DATA_SEPTETS) {
// Message too long
+ Log.e(LOG_TAG, "Message too long (" + (0xff & userData[0]) + " septets)");
return null;
}
// TP-Data-Coding-Scheme
@@ -297,6 +323,7 @@
} else { // assume UCS-2
if ((0xff & userData[0]) > MAX_USER_DATA_BYTES) {
// Message too long
+ Log.e(LOG_TAG, "Message too long (" + (0xff & userData[0]) + " bytes)");
return null;
}
// TP-Data-Coding-Scheme