.net programming, computers and assorted technology rants

Posts tagged “Android

.NET to iOS/Android? Microsoft Buying Xamarin?

Courtesy Keith Ward, VisualStudioMagazine.com

Mary Jo Foley’s reporting that Microsoft may be either buying tool-maker Xamarin outright, or making a big investment in the company. It’s all speculative at this point, but this is an idea that just makes too much sense.

Xamarin makes it possible for .NET/C#-focused developers to create apps for the two most popular mobile platforms — iOS and Android — without leaving the comfort of their favorite language  and IDE (that would be Visual Studio, of course). Xamarin has been making these products for a number of years now; they used to be called MonoTouch and Mono for Android, and have morphed into Xamarin.iOS and Xamarin.Android. Xamarin has been churning out frequent updates, and furtherintegrating the products with Visual Studio. I’ve felt for some time that Xamarin would be absorbed into Visual Studio, eventually becoming a transparent part of the IDE.

Note that these reports are only substantial rumors at this point. But the rumors have credibility, at least in part, based on the natural fit of these parts. It’s not the type of head-scratcher that some other deals were. Xamarin and its founders, Miguel de Icaza and Nat Friedman, are serious software developers, and make a serious product that many developers think is the best way to write cross-platform code for the mobile platform (you may have noticed that we think it’s serious enough to have a column dedicated to the topic).

It would also be a forward-looking move for Microsoft. It needs to get iOS and Android developers to use both Visual Studio and Windows Azure, and integrating Xamarin into its core IDE would do that. It would also encourage more development in C# among the non-C# crowd, who may like what the language offers, but are wary of any Microsoft-branded stuff.

It’s hard to think of any downsides for developers of such a deal. One fear could be that the pace of innovation that Xamarin now shows could be slowed, once it’s absorbed in the Redmond behemoth. But, at least in the dev area, Microsoft has truly adopted a speedy release cycle of upgrades and fixes. After all, Visual Studio 2013 came just a year after the previous major version, and is now approaching Update 2. It’s hard to imagine that Xamarin wouldn’t be similarly upgraded, especially since it’ll be baked in.

Worth noting, too, is that new CEO Satya Nadella is a techie, so the potential acquisition might appeal to his geeky nature. He understands development in a way ex-CEO Steve Ballmer couldn’t hope to, and may be quicker to understand the benefits involved.

This is all speculation, of course, but it’s something I think should happen. What do you think?


Microsoft Releases SignalR SDK for Android, Java

Courtesy Keith ward, VisualStudioMagazine.com

SignalR is a popular ASP.NET library for server-client communications. .NET developers use it often for apps that need frequent server updates; chat is the classic example. Now, SignalR has been made available to Android and Java developers via an SDK from Microsoft Open Technologies.

A blog posting from Microsoft’s Olivier Bloch announced the SDK, which is available through the GitHub source repository. "As a result, Android and Java Web application developers can now build Android applications like JaBBR, a simple chat application, or Java desktop applications like this sample stock ticker application, with an ASP.Net back end," Bloch wrote. SignalR provides real-time Web functionality, which has always been difficult with traditional development tools.

SignalR also supports WebSockets, and is backwards-compatible for older browsers (it uses older transports where necessary, i.e. for browsers that don’t support HTML5). It has APIs for connection management like connect and disconnect events, grouping connections and authorization. Microsoft’s SignalR documentation notes that  "Any time a user refreshes a web page to see new data, or the page implements long polling to retrieve new data, it is a candidate for using SignalR. Examples include dashboards and monitoring applications, collaborative applications (such as simultaneous editing of documents), job progress updates, and real-time forms."

Various tutorials on building apps with SignalR are available on Visual Studio Magazine, including a two-part series on building Web apps, and using SignalR in an iOS app.

Microsoft Open Technologies is a Microsoft subsidiary that specializes in interoperability with other platforms by open sourcing Microsoft technologies. It was unveiled in 2012.

Holy sh*t! Someone Hacked my Toilet?

Courtesy Sean Gallagher, ArsTechnica

Information security firm Trustwave has reported a potential cyber-attack vector to a device you may have never expected the phrase "security vulnerability" would be applied (other than in reference to the end of a toilet paper roll, that is). In an advisory issued August 1, Trustwave warned of a Bluetooth security vulnerability in Inax’s Satis automatic toilet.

Functions of the Satis—including the raising and lowering of its lid and operation of its bidet and flushing nozzles—can be remotely controlled from an Android application called "My Satis" over a Bluetooth connection. But the Bluetooth PIN to pair with the toilet—"0000"—is hard-coded into the app. "As such, any person using the ‘My Satis’ application can control any Satis toilet," the security advisory noted. "An attacker could simply download the ‘My Satis’ application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner. Attackers could cause the unit to unexpectedly open/close the lid, [or] activate bidet or air-dry functions, causing discomfort or distress to user."

And you thought the only thing you had to worry about was dropping your phone into the toilet.

Massive Android flaw allows hackers to ‘take over’ and ‘control’ 99% of Android devices

Courtesy John Koetsier,VentrueBeat

Massive Android flaw allows hackers to ‘take over’ and ‘control’ 99% of Android devices (updated)

Mobile security company Bluebox said today that it recently discovered a vulnerability in Android that makes any Android device released in the last four years vulnerable to hackers who can read your data, get your passwords, and control any function of your phone, including sending texts, making phone calls, or turning on the camera.

That’s almost 900 million Android devices globally.

“A Trojan application … has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords,” Bluebox CTO Jeff Forristal posted. “It can essentially take over the normal functioning of the phone and control any function.”

android exploit


Bluebox modifed an Android device manufacturer’s application to obtain access to all permissions on the device.

The vulnerability is due to “discrepancies” in how Android apps are approved and verified, Bluebox says, allowing hackers to tamper with application code without changing the app’s cryptographic signatures. That means that an app — any app — which looks perfectly safe and legitimate to an app store, a device, an engineer, or a user actually could actually have malicious code embedded within it.

Forristal said that the details of the bug have already been disclosed to Google back in February, and that Google has “notified their device partners.”

The problem, however, is that because of Android’s fragmented nature and the fact that device manufacturers and mobile carriers release Android updates sporadically if at all, many Android devices are not running the latest software, and cannot be user-updated.

Forristal puts it diplomatically:

“The availability of these updates will widely vary depending upon the manufacturer and model in question.”

If an attacker successfully gains control of an Android device — and Bluebox will be revealing technical details of the vulnerability at hacker conference Black Hat USA 2013 in late July — the hacker essentially gains control of all permissions on the phone or tablet.

That’s a disaster for users, particularly because many Android users, particularly those in Asian and Eastern countries, use the 500+ independent Android app stores that have little or no authentication or verification procedures to ensure that apps that pass through their services are legit, forming a perfect opportunity for unscrupulous and technically-inclined thieves and spies to gain control of your phone.

I’ve asked Google for a comment, and received a very simple, terse response from a Google representative:

We aren’t commenting.

I’m not sure exactly how to interpret that, but I suspect that Google wants this to get as little press as possible while the company scrambles to get as many Android devices updated as possible before the end of July. A source who cannot be identified, however, did say that Google fixed the vulnerability in February and sent the patch to its partners in the beginning of March.

10-android-is-openThat’s a challenge, because many carriers have installed franken-versions of Android on devices sold two or three years ago with custom user interfaces and crapware pre-installed apps, and may not be able to turn out new, updated versions of their customized Android version quickly … or have a way to distribute them economically.

Users who are unsure of their phone’s update status or who are unable to update should be extremely cautious when installing apps, Bluebox says, and be sure to identify the publisher of the app before installing it. In addition, it’s a good idea to only install apps from Google Play, where Google has at least some ability to verify and validate apps — although that does not provide for perfect safety, Forristal said.

“People should look to upgrade their Android devices and inquire with their device manufacturer to see if they are tackling this issue,” Forristal told me via email. “Enterprises need to invest in comprehensive mobile security solutions that protect the integrity of their data against these kind of vulnerabilities.”

Read more at http://venturebeat.com/2013/07/03/massive-android-flaw-allows-hackers-to-take-over-and-control-99-of-android-devices/#1Roq464P1KbYv0sF.99

$99 OUYA Gets Its Official Retail Release

Courtesy Darrell Etherington, TechCrunch


The Android-powered OUYA gaming console is celebrating its official first day of general retail availability today, a major milestone to be sure for the Kickstarter-funded piece of hardware. Many thought it would never make it this far, and that it would be vaporware before anyone actually got a chance to go and purchase one, but founder Julie Uhrman and her team have made good on making sure it hit store shelves in the U.S., U.K. and Canada, listed right alongside the marquee consoles by Sony, Xbox and Nintendo.

The $99 device offers over 170 games, all of which must have some kind of free-to-try component, along with media apps like Plex and TuneIn. OUYA also touts its large committed developer base, which has over 17,000 studios and game creators signed on to deliver content for the console, including Double Fine Productions. The console ships with one controller, and you can add another for $49.99. As of this writing, the launch seems to be going decently well, as Amazon.com is already showing the console as out of stock.

So far, OUYA hasn’t received the best of early reviews. Most have found its user experience lacking, and the pre-release version was definitely a “beta” release. Virtually everyone who got their hands on a backer edition expressed hope that the console would receive more polish, along with hardware fixes when it actually shipped. And now that it has, critics are going to go back to the well for a second drink, in the hopes that the OUYA team has made some considerable advances in the ensuing two month period.

Yet not all backers could even form an early opinion about the console. OUYA employed a staggered shipping strategy to reach all of its backers, with a timeline that was supposed to ensure everyone got a console before they become generally available. OUYA’s Uhrman sent out an update to backers this morning apologizing for not getting the console in backer hands before the public release, and shifting blame to their distribution partner, to DHL, and to backers with located internationally.

Delays for backer reward shipments on Kickstarter are nothing new, but it is very rare to see a product hit general market availability before getting out to the project’s first supporters. OUYA appears to be stumbling out of the gate in more ways than one, but at least now the product is out there in non-beta form, and ready to prove itself as a real consumer product, or, alternatively, to fail in the court of public opinion.

80% of App Developers Don’t Make Enough Money

Courtesy Joseph Czikk, TechVibes

It’s a mobile-first world and businesses must ensure that they’re along for the ride. That was the resounding message from Gary Yentin, CEO and founder of App Promo. Yentin spoke during last week’s Dx3 2013 conference in Toronto.

Currently there’s an over-saturation effect on smartphone users, with over two million iOS and Android apps combined. Unfortunately about 80 per cent of people who make apps do not make enough money to cover their cost of development.

“A lot of people have very good applications but discovery is really the challenge,” said Yentin. “They do it for their creativity and they want to get noticed, but at the end of the day they have to make money.”

Yentin offered five key points that brands and startups need to know about mobile.

1. Changing Brand Dynamics: Companies need to follow where their customers are, and customers are on their phone. Yentin told the crowd about a recent trip to Barcelona, Spain where the majority of people access the Internet solely through mobile. Agencies and brands need to understand that a mobile strategy is as important as a digital strategy and consumers largely depend on their information through their phone.

“Mobile becomes a 24/7 part of your environment and if brands today want to reach that audience they’re going to find them on the phone,” he said.

2. Shift in Demand for Emerging Apps: Apps have an interesting life cycle, peaking for a short period of time and later forgotten. While tablet users like apps they’re actually more browser-oriented, likely because they have more time. But if the brand or the individual wants a rich experience it’s going to be through an application (which are both expensive to maintain and require consistent support).

“The demand for that content is rising and I think we’re going to see even more people use their phones for different retail and commerce purposes,” said Yentin. “It’s really going to affect us in day-today life from the morning to the evening.”

3. Mobile is Our Everything: If companies are preparing to go in the app space they must develop a strategy, have a plan and do some marketing. Content that was traditionally accessed over print, radio and television is available on mobile and companies need to be aware of that. Apps intersect every part of our lives, so there’s not much one can’t access via mobile. “The one thing that I saw in Barcelona is the single way people communicate is through their phone,” said Yentin. “That changes the whole pattern of how they value and use the phone.”

4. Mobile is Influencing Shopping in Canada: Those in retail must have a mobile strategy, as consumers demand the ability to do the research before they make the purchases. A real shift is occurring in consumers making purchases via mobile rather than the web. Several top retailers are reporting that they’re receiving 65% more mobile sales than online.

5. Wide Adoption is Impacting Use: Carriers are going to realize that they’ll be marginalized in this space. Yentin cited the change in SMS demand after wifi accessibility combined with game-changers like iMessenger, BBM and What’s App bypassed its business. Furthermore, the demand for consumption of content on mobile devices is increasing enormously and this will put pressure on bandwidth in the future.

OUYA available on June 4 for $99

Courtesy Engadget

OUYA available at retail on June 4 for TKTK DNP

The Android-powered $99 OUYA game console becomes available at retail on June 4th — a date which was revealed this week during the Game Developers Conference. OUYA’s calling June 4th its "official launch date," despite Kickstarter backers receiving units starting this month. Essentially, the two month waiting period between Kickstarter boxes and retail availability is being used as a consumer beta, giving OUYA time to adjust its software after getting feedback from early adopters.

It’s not clear if bundles will be available, but the game console itself and a controller (as well as power and HDMI cables, plus two AA batteries for the controller) are included in the $99 package. Major retailers like Amazon, Best Buy, and others are on board, so it shouldn’t be too hard locating one in June should your interest be piqued — and yes, pre-orders are available. Of course, it’s a pretty small game console, so it might be a bit tough locating the thing with your eyes.