LightBlog

vendredi 2 juillet 2021

TikTok will let you record longer videos soon

TikTok started testing a longer video format with select creators in December last year. The new format allowed users to create up to 3-minute long videos on the mobile and desktop apps. After testing the new format over the last few months, the company is now ready to roll it out to all users.

In a recent blog post, TikTok’s Product Manager, Drew Kirchhoff, wrote: “Creators are already well-versed in weaving multi-part stories together on TikTok (we all know the phrase, ‘like and follow for part 3’) but we often hear from creators that they’d love just a little more time to bring their cooking demos, elaborate beauty tutorials, educational lesson plans, and comedic sketches to life with TikTok’s creative tools. With longer videos, creators will have the canvas to create new or expanded types of content on TikTok, with the flexibility of a bit more space.”

The company also shared a couple of examples of how creators have been using the new 3-minute format on the platform:

@danieljmertzlufft

Grocery Store: A New Musical #grocerystore #fyp #musicaltheatre #musical #singing #musicaltheater #acting #newmusicals

♬ Grocery Store Musical New York Summer MT parody – danieljmertzlufft

@nathanevanss

The Wellerman. #seashanty #sea #shanty #viral #singing #acoustic #pirate #new #original #fyp #foryou #foryoupage #singer #scottishsinger #scottish

♬ Wellerman – Sea Shanty – Nathan Evans

@feelgoodfoodie

Baked feta pasta with cherry tomatoes!! Recipe on blog • Inspired by @grilledcheesesocial 😘 #tiktokpartner #LearnOnTikTok #fetapasta #recipes

♬ original sound – Feel Good Foodie

The new 3-minute format will start rolling out to users worldwide over the next few weeks. Once the format rolls out to your device, you’ll receive a notification highlighting that “longer videos are now part of your creative toolbox.”

TikTok’s expansion to 3-minute videos will help the platform compete with other major video-sharing platforms, like YouTube. It will also give the platform an edge over other short video-sharing platforms like Instagram Reels and YouTube Shorts, which have surged in popularity over the last couple of months.

Note: The attached previews may not load for you if TikTok is not available in your region.

The post TikTok will let you record longer videos soon appeared first on xda-developers.



from xda-developers https://ift.tt/3dDzd9w
via IFTTT

jeudi 1 juillet 2021

These are the Best Video Editor Apps for Android: InShot, Power Director, Kinemaster, and more!

If you’re getting into the world of content creation and wish to regularly upload videos to YouTube, TikTok, or even Instagram Reels for that matter, it’s very important to make sure you edit your videos to make them nice and presentable. Even if you shoot the best quality videos from the best smartphones around, you still need to edit them to make them more interesting and to retain viewership for an extended duration. While there are several video editors you can use on a computer, it’s often more convenient to use a video editor app on your smartphone if the clips are not too big or if you’re editing a short video for TikTok or a similar platform.

We’ve identified ten of the best video editor apps for Android that offer a good set of features and can help you take your video production to the next level. From merging clips to adding effects and overlays, these video editor apps can surprise you with the amount of functionality they offer.

The Best Video Editor Apps for Android

Navigate this article:

The Google Play Store is flooded with various video editing apps with all of them claiming to be the best. To save you the time and trouble of downloading them all and figuring out which one’s actually good and best suited for you, we’ve tested the majority of video editor apps for Android and shortlisted ten that you should consider.

All of these apps offer basic functionality like cropping, trimming, etc, and some have special features and effects as well which we’ll talk about when we mention the app.

InShot

InShot video editor app

InShot is one of the most popular video editor apps on the Play Store and for good reason. Apart from the ability to trim clips and join multiple videos from your library, you can add background music of your choice or choose a track that’s included in the default options. You can change the aspect ratio of videos, rotate clips, add stickers or overlays, text with animations, or even create a picture-in-picture effect if you have two clips. This is a good app for starters with probably the only annoyance being ads that are constantly displayed at the top of the screen.

Video Editor & Video Maker - InShot (Free+, Google Play) →

Splice

Splice Video Editor

Splice is a video editor app that’s similar to InShot in a lot of ways, in terms of the editing tools and the interface that it offers. You can add multiple clips to the timeline to merge them and even add crossfades in between them. Pinching in and out on the timeline will help you zoom in to make more precise cuts and edits.

While Splice doesn’t have as many advanced features as InShot, the UI is cleaner and you don’t see ads which is a big plus. You still get basic features like changing the duration of a clip, adding background music, text overlays, etc.

Splice - Free Video Editor & Maker (Free, Google Play) →

Kinemaster

Kinemaster

Just like InShot, Kinemaster is also one of the most popular video editor apps for Android. It’s also one of the more advanced apps for video editing and offers a host of features that’s even comparable to some entry-level video editors for computers. Apart from the usual features of adding multiple clips and trimming them, you can add effects, transitions, change speed, rotate or mirror clips, add music, change aspect ratio and resolution, etc.

While it’s feature-rich, as you can see in the screenshot, it shows ads on the timeline itself which you’ll need to pay to get rid of. If you’re going to be editing videos frequently, it might be worth it.

KineMaster - Video Editor (Free+, Google Play) →

YouCut

YouCut Video Editor

The moniker may suggest that this app is specifically meant to edit videos for YouTube, and the features it offers are quite good if that’s what you actually want to do. YouCut is another app that has a vertical UI so it’s best-suited for vertical videos but can be used for horizontal clips as well, like in the screenshot above.

The usual set of features is what you get here too, along with some neat additions like the ability to mute the audio in a video clip, something you would probably do for B-roll shots. You can vary the audio levels manually, and crop into a frame in order to zoom in. This is a decent app to start with.

YouCut - Video Editor & Video Maker, No Watermark (Free+, Google Play) →

VlogNow

VlogNow

VlogNow, as you would think, is a good video editor app to edit your vlogs. It’s not just for that, of course. You can edit any form of content on this app and it’s one of the better video editor apps we found on the Play Store especially in terms of simplicity and how things are laid out.

As you can see from the screenshot, there are multiple layers on the timeline itself where you can add different elements like music, subtitles, stickers, etc. You can even see the decibel levels for audio right beneath the video clip and you can adjust audio levels from there. You get pre-defined templates, filters, speed adjustment, and some effects to choose from. This app is highly recommended.

VN Video Editor Maker VlogNow (Free, Google Play) →

Adobe Premiere Rush

Adobe Premiere Rush

Adobe doesn’t need any introduction when it comes to video editor apps and software. Premiere Pro is one of the most popular video editing software out there used by professionals but that’s only for when you’re working on a computer. Adobe has introduced a version of the software called Adobe Premiere Rush for Android smartphones and it syncs to the Adobe Creative Cloud just like all other apps and services from Adobe.

You get a good set of features like custom effects, color grading — which isn’t present on most other video editor apps on Android — transformations, etc. If you’re serious about editing videos on your phone, it might be worth subscribing to the full version too.

Adobe Premiere Rush — Video Editor (Free+, Google Play) →

Video Guru

Video Guru Video Editor app

This is another of those apps that market themselves as a video editor specially tailored to edit YouTube videos. Video Guru has some good features that are generally used to make videos look appealing on social media platforms. Filters, effects, transitions…it’s all there. You can even add a background to your videos which is quite neat. There are 100+ music tracks built into the app which you can use for free in your videos. Video Guru can also be used to make slideshows with photos and you can even add animated text.

Video Maker (Free+, Google Play) →

Viva Video

Viva Video Editor

Viva Video is a video editor for Android that has been around for a long time. You can of course do the usual things like cropping and merging clips along with varying the speed of your videos. You can change the aspect ratio of videos as well and even the orientation if you want to change a horizontal video to a vertical one. There are a few preset themes to choose from and a selection of music tracks that can be added to the background.

Viva Video also offers key-framing which is a pro tool and can help produce different effects. One gripe though is that there’s a prominent watermark at the bottom right of the video when you export and you’ll have to pay to get rid of it.

Viva Video Editor - Snack Video Maker with Music (To be announced, Google Play) →

Filmora Go

Filmora Go

Filmora Go is made by Wondershare, a company that makes software for computers and smartphones. It’s the mobile version of Filmora which is a popular video editing software. The timeline interface looks neat on Filmora Go and you can add a music track directly using an option displayed right below the timeline. You can crop videos, add text and emojis, effects, transitions, and even animations to improve the look of your video.

There are filters and even presets and templates you can choose from to change the overall look of your video. Filmora Go also has a watermark that can be removed by buying the paid version.

FilmoraGo - Video Editor, Video Maker For YouTube (Free+, Google Play) →

Power Director

Power Director video editor app

If you want the best all-around video editor for Android and are willing to pay a subscription fee, you can’t go wrong with Power Director. It’s the most feature-rich video editing app there is on Android, hands down, and also has the most polished effects and transitions. You get granular control over what you create and the edits you make.

There are templates for titles and effects, transitions, an audio mixer, filters, color grading, stabilizer, skin smoother, the ability to pan footage, and a host of other features that emulate a full-fledged video editor. If you’re serious about creating content, paying for Power Director might as well be worth it.

PowerDirector - Video Editor, Video Maker (Free+, Google Play) →


These are ten of the best video editor apps you can find on the Play Store on Android. From basic video editing to professional key-framing and audio mixing, these apps can help you take your content to the next level. Based on what exactly you’ll be editing your videos for, you can choose the app that’s best suited for you.

VlogNow is a good app for beginners and so is InShot. Kinemaster has slightly more advanced features, but if you want to go all-in and want the best features, Power Director should be your primary option.

Once you’ve edited your video, it’s also important to have a nice thumbnail that can attract more viewers to click on your video. For that, we have a list of the best photo editor apps for Android or if you’re curious, even a list of the best Android apps across various categories.

The post These are the Best Video Editor Apps for Android: InShot, Power Director, Kinemaster, and more! appeared first on xda-developers.



from xda-developers https://ift.tt/36aAJeW
via IFTTT

Windows Server Insider Previews pulled as Windows 11 pushes forward

Microsoft has announced the Windows Server Insider Preview builds are currently on hold. That means that there won’t be anything new for a little while while the team “gears up for the next development cycle”. Not only that, but the current Windows Server Insider Preview, build 20344, has been pulled from the download page.

The next development cycle, of course, is Windows 11. Here’s how this goes. Microsoft is still working on Windows Server 2022. Just because the preview builds are gone doesn’t mean that the thing they were working on is gone. There’s also still going to be a Semi-Annual Channel release later on this year. But now that Windows Insiders are testing out a client version of Windows 11, some of that is going to translate into the Server end of things.

We’ve seen it before, where Windows Server 2016 was built around Windows 10, and Windows Server 2012 was built around Windows 8. They even share a lot of the same UX. While Microsoft hasn’t confirmed or denied this, it’s entirely possible that Windows Server 2022 will have the Windows 11 UX.

Another thing that’s possible, even likely, is that the Semi-Annual Channel is going to go away. Windows 11 client is going to be updated annually, instead of biannually like Windows 10 is. The reason is because it allows for more stable updates for businesses. Doing two updates a year simply didn’t work. Since client is making this change, it would be surprising if Server didn’t do the same.

You can expect to hear more about Windows Server Insider Previews soon, but Microsoft has a lot to talk about first. It has to unveil the new version, talk about how it’s going to do updates moving forward, and so on. After it does all of that, then you can expect to see new preview builds.

Once they are available, you’ll be able to download them here. As of right now, the dropdown menu only has one item that says, “Preview builds are temporarily on hold”.

The post Windows Server Insider Previews pulled as Windows 11 pushes forward appeared first on xda-developers.



from xda-developers https://ift.tt/3hfJgUx
via IFTTT

Why Google Play’s APK replacement is scaring some security experts

Last November, Google announced that developers will be required to publish new apps on the Play Store using the Android App Bundle (AAB) format instead of an APK. Just the other day, Google reminded developers of this upcoming requirement, setting off a firestorm of controversy from users who believe that Google is killing APKs, eliminating sideloading, hindering third-party app stores, and whatnot.

It’s true that Android App Bundles are a pretty big departure from the classic APK format you might be used to, both as a user and as a developer. While there are quite a few benefits to using App Bundles, there’s one key aspect to making them that has some developers and security experts rightly concerned.

In this article, we’ll cover the criticisms we’ve seen of the switch to Android App Bundles as well as some proposed solutions, and we’ll also talk about Google’s proposed solution to these problems.

Background

Before that happens though, we need to talk a bit about how app distribution works on Android in general. If you already know how app signing and App Bundles work, you can skip this part.

APKs

For the most part, apps on Android are distributed inside of APK files. An APK contains all of an app’s code and resources, along with some security features like a signing manifest. When an APK is installed, it’s basically just copied to a specific folder and added to an internal database of installed apps.

Opening an APK file with 7zip

The contents of an APK file can be explored just like archive file formats like .zip.

Signatures

During installation, that app’s signature is also verified to make sure it’s valid. If the app is already installed, Android checks the new app’s signature against the one that’s already installed. If the signature isn’t valid or doesn’t match, Android will refuse to install the app.

That signature checking is an important part of security in Android. It makes sure the app you’re installing is valid and at least from the same source as the one you already had installed. For example, if you install, say, my Lockscreen Widgets app from the Play Store, you can be reasonably sure that I’m the one who signed it and that it’s authentic. If you then try to install an update to Lockscreen Widgets from some shady third-party site and it fails, you’ll know that someone tampered with that APK, possibly to add malware.

The key used to sign an app is (ideally) never publicly released. This is known as the private key. The private key is then used to generate the key shown in the app’s signature, known as the public key. This is what Android and app stores use to verify an app’s validity. I won’t get into how exactly you can generate a public key without exposing the private key, since it involves a lot of encryption math. If you want more details, check out Google’s documentation on signing APKs or do some research on one-way math functions.

Signing an app with your own key

Signing an app when you manage your own app signing key. Source: Google.

Another feature of app signatures is the ability to restrict permissions only to apps with matching signatures. Android does this internally for a lot of functions, where only apps signed with the same key as the framework can access certain features.

App Bundles

So now that we’ve given a quick overview of APKs and signatures, let’s talk about App Bundles. This is where APK resources come in. Resources are things like layouts, images, audio, etc. Basically, they’re anything that isn’t code. To better support different display configurations and different languages, developers can make multiple versions of the same resource that are used depending on the device and language.

But in an APK, all of those resources exist, no matter which you use. And they take up space. Depending on the complexity of your app, there could be a lot of unused resources for a lot of devices. This is what App Bundles are made to solve. Developers can generate an App Bundle just like an APK, and that App Bundle can then be uploaded to the Play Store, just like an APK can.

Contents of an Android App Bundle

The contents of a sample Android App Bundle showing one base module, two dynamic feature modules, and two asset packs. Source: Google.

Google then uses that App Bundle to generate a whole bunch of different APKs for different device configurations. Each App Bundle only contains the resources needed for that configuration. When a user goes to download that app, they’re served the generated APK that matches their configuration. This helps to reduce both app download and install sizes, saving bandwidth and storage space.

Legacy APK versus Dynamic Delivery

A graphic that shows how dynamic delivery can result in fewer resources being installed on a device. Source: Google.

Of course, installing an APK specific to your device means it’s harder for you to just copy it to another device and install it without issue. Depending on your perspective, this can be a good or a bad thing. On the one hand, it makes piracy more difficult, since users don’t have the whole app anymore. On the other hand, it makes legitimately archiving apps more difficult, for the same reason.

App Signing

Since Android App Bundles aren’t APKs, you can’t just open an AAB file and install it directly onto a device. When you upload one to the Play Store, Google uses the bundle to generate different (unsigned) APK files. Those APKs have to then be signed before they can be installed.

Instead of asking the developer to sign and reupload those generated APKs, Google instead manages the signing itself. The Play Store either uses a new key it creates or asks the developer for the key they use to sign APKs. With either option, Google handles the public signing for the developer and provides an upload key. Google uses the upload key for internal verification and makes sure the App Bundle (or APK in some cases) the developer is uploading is the right one.

How App Bundles are signed by Google

Signing an app with Play App Signing. Source: Google

If an upload key is compromised or lost, developers can request a new one, and the signing key used to distribute the app remains unchanged.

There’s a lot more to App Signing, but this is what’s relevant to this article. If you want, you can read more about App Bundles and App Signing on this Medium article by Wojtek Kaliciński.

Criticism

In theory and in practice, App Bundles are pretty great. They reduce data usage and install size, all without the user having to do anything. But because of how it’s implemented, some developers and security researchers in the past few months have raised concerns. Before I sum up these concerns, I want to take a moment to say that most of what’s written below is directly based on a series of articles by developer Mark Murphy of CommonsWare. You should absolutely check his articles out, since they provide more details and criticisms from the perspective of a developer.

Security

In the classic distribution model, a developer keeps the key they use to sign an APK private. It’s never shared to the public and only authorized people should have access to it. This ensures that only those people can generate a valid APK.

But if you use App Bundles on the Play Store, Google is the one managing the key that signs the APKs users receive. The default behavior for new apps uploaded to Google Play starting August 2021 is for Google to create its own distribution key which it keeps private from the developer.

Recap of what’s changing for Google Play developers starting August 2021. Source: Google

Developers submitting new apps will have Google manage their private key for them by default, though developers submitting updates to existing apps can continue using APKs while generating a new key for Google to use for new users. Existing apps aren’t required to switch from APK distribution to Android App Bundles, though that option is available to them should they choose. After some pushback, Google will even make it possible to upload your own private key for Google to sign with, for both new and existing apps. None of these situations are ideal, as no matter what, Google will have access to your private key if you want to use Android App Bundles (and developers have no choice in the matter if they want to submit a new app after August 2021!)

While we’re confident that Google takes security very seriously, there’s no company on Earth that’s immune from data breaches. If the key Google uses to sign your app for distribution is in one of those breaches, then anyone can sign a version of your app and make it look like it was signed by you. And some developers and security experts aren’t happy about this possibility. It’s a very, very slim possibility, yes, but the fact it’s a possibility at all scares some in the infosec community.

Having developers sign Android APKs means anyone can verify APKs from Google Play, blind trust is not required. It is an elegant design that provides verifiable security. App Bundles turn that on its head, and seem structured to promote vendor lock-in. There are many alternate technical approaches that would provide small APKs still signed by developers, but these would not preference Play. For example, all of the APK variants could be generated and signed by the developer, then uploaded to any app store.

Hans-Christoph Steiner, member of the Guardian Project

There are certainly arguments to be made about whether it’s better to leave the secure storage of private keys in the hands of Google or individual developers. But those developers (probably) aren’t usually using a central repository for their keys. By forcing developers to use Play App Signing, a malicious attacker only needs to breach Google’s security once to retrieve thousands or millions of keys.

For what it’s worth, here’s what Google says about how it protects your signing key on its infrastructure:

When you use Play App Signing, your keys are stored on the same infrastructure that Google uses to store its own keys.

Key access is governed by strict ACLs and tamper-evident audit trails for all operations.

All artifacts generated and signed with the developer’s key are made available to you in the Google Play Console for inspection/attestation.

Furthermore, to prevent key loss, we make very frequent backups of our primary storage. These backups are strongly encrypted and we regularly test restoring from these backups.

If you want to learn about Google’s technical infrastructure, read the Google Cloud Security Whitepapers.

Wojtek Kaliciński, Android Developer Advocate at Google

As great as that all sounds, loss and theft are still possible. And audit trails only help prevent future attacks; they won’t get breached keys back.

Potential for Unauthorized Modifications

One big issue with the way Google has set up App Bundles is the potential for unauthorized modifications to be added to an app. The process of extracting APKs from an App Bundle inherently involves modifications, since Google has to manually build each APK. While Google has promised that it does not and will not inject or modify code, the problem with the App Bundle process is that it has the power to do so.

Here are a couple examples of what a company in Google’s position has the power to do:

Say there’s a secure messaging app that people use to communicate without the risk of government surveillance. This could be an incredibly useful tool for people protesting an authoritarian government, or even people who just want to maintain their privacy. That government, wanting the ability to see what app users are saying, could try to coerce Google into adding a surveillance backdoor into the app’s code.

This example is a bit more innocuous, but it’s also something that concerns some people. Say there’s an app that gets millions of downloads a day, but it doesn’t have any ads or analytics in it. That’s a huge data source with no way to access that data. Google, being an advertising company, might want to access that data.

In the classic APK model of app distribution, Google can’t modify the apps without changing the signature. If Google changes the signature, especially on a popular app, people are going to notice because the update won’t install. But with App Bundles and App Signing, Google could silently inject its own code into apps before distributing them. The signature wouldn’t change because Google would own the signing key.

In the classic APK distribution scheme, an updated APK file must be signed with the same key used to sign the original APK. This key is ideally held only by the individual developer. Source: Zachary Wander.

To be clear, these examples are incredibly unlikely to happen. Google tends to simply pull out of troublesome markets altogether, rather than adapt. But even though it’s unlikely, it’s still possible. Just because a company promises something won’t happen, it doesn’t guarantee it.

Code Transparency

Google, hearing these concerns, this week introduced a new feature called Code Transparency for App Bundles. Code Transparency allows a developer to essentially create a second signature that’s shipped with the app to users. This extra signature should be created from a separate private key that only the developer has access to. However, there are some limitations to this method.

Code transparency diagram

How code transparency for Android App Bundles works. Source: Google

Code Transparency only covers code. That might seem obvious given the name, but it also means it doesn’t let users verify resources, the manifest, or anything else that isn’t a DEX file or a native library. While malicious modifications to non-code files usually have much less impact, it’s still a hole in the security of the app.

Another issue with Code Transparency is that there’s no inherent verification. For one, it’s an optional feature, so developers have to remember to include it for every new APK they upload. At the moment, it has to be done from the command line and with a version of bundletool that doesn’t come with Android Studio. Even when a developer includes it, Android doesn’t have any sort of verification built in to check that the Code Transparency manifest matches the code in the app.

It’s up to an end user to check for themselves by comparing the manifest against a public key the developer can provide, or by sending the APK to the developer for verification.

While Code Transparency allows for confirmation that no code in an app is modified, it doesn’t include any sort of verification for other parts of an app. There’s also no inherent trust in the process. You could argue that if you don’t trust Google, you’re probably up to the task of verifying independently, but why should you have to?

There are other issues with the Code Transparency feature, as pointed out by Mark Murphy from CommonsWare. I recommend reading his article for a more in-depth analysis of the feature.

Developer Convenience and Choice

A third (and final for this article) reason some developers take issue with App Bundles is reduced convenience and choice.

If a developer makes a new app on the Play Store after Google begins requiring App Bundles and they choose the default option of letting Google managing the signing key, they won’t ever have access to that signing key. If that same developer then wants to distribute that app on another app store, they’ll have to use their own key, which won’t match Google’s.

That means that users will have to either install and update from Google Play or from third-party sources. If they want to change the source, they have to completely uninstall the app, potentially losing data, and reinstall. APK aggregators like APKMirror will then also have to deal with multiple official signatures for the same app. (Technically, they already have to do this because App Signing lets you create a new, more secure key, for new users, but it’ll be worse for them and other sites when everyone has to do it.)

Google’s response to this issue is to use the App Bundle explorer or Artifact explorer in the Play Console to download the resulting APKs from the uploaded bundle. Similarly to Code Transparency, this isn’t a complete solution. The APKs downloaded from the Play Console will be split for different device profiles. While the Play Console does support uploading multiple APKs for one version of one app, many other distribution channels don’t.

Thus, a lot of the benefits of using App Bundles go away when developers are managing multiple stores, making distribution more difficult. With news that Windows 11 is gaining Android app support thanks to the Amazon Appstore, some believe that the App Bundles requirement will disincentivize developers from distributing on Amazon. Of course, Google’s primary concern is with its own app store, but that’s exactly what landed them in hot water with competitors leading them to make small, conciliatory changes to how third-party app stores work on Android.

A couple related issues to multiple stores are app interconnectivity and rapid-fire testing.

Let’s start off with app interconnectivity. Have you ever downloaded an app that locks features behind a paywall? Almost definitely. Some developers put the features behind an in-app purchase, but others may choose to make a separate, paid, app. When that add-on app gets installed, the main app’s features are unlocked.

But what prevents someone from just installing the add-on from a pirate source? Well, there are a lot of options for developers, but at least one involves using signature-protected permissions. Say the main app declares a signature-protected permission. The add-on app then declares that it wants to use that permission. Ideally, the add-on app will also have some sort of license verification functionality in it, that connects to the internet to make sure the user is legitimate.

If both apps have the same signature, Android will grant the permission to the add-on app and piracy protection checks will pass.  If the add-on app doesn’t have the right signature, the permission won’t be granted, and verification will fail.

With the classic APK distribution model, a user can get either app from any legitimate source and be done with it. With current default App Bundle model, the signatures on the main and add-on apps won’t match. Google’s going to make a unique key for each app. The developer could always do away with the signature-protected permission and use direct signature hash verification, but that’s a lot less secure.

And then there’s rapid-fire testing. Users email developers all the time about issues in their apps. Sometimes those issues are simple fixes: reproduce the issue, find the problem, fix it, and upload a new version. But sometimes they aren’t. Sometimes developers can’t reproduce an issue. They can fix what they think is the problem, but then the user has to test it. Now assume that user installed the app through Google Play.

With the APK model, a developer can change some code, build and sign a new APK, and send it off to the user for testing. Since the signature of the test APK matches the one the user has installed, it’s a simple process to update, test, and report back. With App Bundles, this falls apart. Since Google signs the APK the user originally installed, it won’t match the signature of the APK the developer sends. If this app is published after the App Bundles deadline, the developer won’t even have access to the key Google uses. In order to test, the user would have to uninstall the current app before installing the test version.

There are a bunch of problems here. First, there’s inconvenience, both on the developer and user side. Having to uninstall the app just to test a fix isn’t fun. And what if the problem goes away? Was it the changes the developer made, or was it because the user effectively cleared the app’s data? The Play Store does have Internal Testing, which is supposed to let developers do rapid-fire builds and distribution, but it requires the user to uninstall the release version first. It doesn’t really fix anything.

In case this all sounds like a bunch of hypothetical nonsense, here’s a very real example of a developer who will have these problems if they let Google generate a private key for them: João Dias. He’s the developer of Tasker, along with a whole bunch of plugin apps, including the AutoApps suite. With the new App Bundles requirement, João’s development cycle may get a lot trickier, at least for new apps. Sending testing versions directly will be less convenient. Verifying licenses will be less effective.

AutoApps suite by Joao Dias

João Dias maintains a lot of apps that all rely on a shared license. If there are two signing keys involved, things could get really complicated for him.

This may sound like a bit of an edge-case, but it’s not like João is some small developer, and it’s likely he’s not alone. There are many apps on the Play Store that rely on signature verification to detect illegitimate users.

Of course, with the new option for developers to upload their own signing keys to Google, these issues are at least somewhat alleviated. But developers have to opt-in to enable the option for each app. If they don’t, interconnects will fail and rapid-fire support will require uploading a Bundle to Google and waiting for APKs to be generated, before sending the correct one to the user. Plus, it still means they have to share their private key, which brings us back to the concerns we discussed earlier.

Solutions

This is an old issue given the App Bundle requirements were publicized months ago, so there have been quite a few solutions proposed in the interim.

One solution is to avoid the need for Play App Signing. Instead of generating an App Bundle that Google then processes into APKs and signs, that processing could be done by Android Studio. Then, developers can just upload a ZIP full of locally-signed APKs for each configuration that Google would have generated.

With that solution, Google wouldn’t need access to developers’ keys at all. The process would be very similar to the classic APK distribution model, but would involve multiple, smaller, APKs instead of just one.

Signing your app in Android Studio with your own upload key. Source: Google

Another solution is to just not require the use of App Bundles and continue to allow developers to upload locally-signed APKs. While App Bundles may be a better experience for the user in many cases, some apps don’t actually benefit from being split up per-configuration, with minimal size reduction.

If Google implemented both of these solutions, then a developer who wants to use App Bundles won’t have to hand over signing to Google, and a developer whose app won’t benefit much from the format won’t have to use it at all.

Google’s Responses

Self-Signing

When they were first asked about allowing developers to handle the signing for App Bundles, Google’s response was very noncommittal:

So, I talked briefly about the requirement next year for new apps to use app bundles, and one thing that comes with that is that by extension we will require Play App Signing. So developers will need to either generate the App Signing key on Play or upload their own key to Play… because that’s a prerequisite for app bundles. We’ve heard from developers that some of them just don’t want to do it. They don’t want to have keys managed by Play. And currently that’s not possible if you want to use app bundles.

But, we’ve heard that feedback, and… I can’t talk about anything right now, we don’t have anything to announce, but we are looking into how we could alleviate some of these concerns. It doesn’t necessarily have to be allowing to keep your own key while uploading bundles. We’re looking into different options. We just don’t have a solution to announce right now. But, we still have around a year until the requirement, so I’m really hopeful that we’ll have an answer for developers for this.

That was in late November last year, and nothing seems to have happened. With only a few months left before the App Bundles requirement goes into effect, there still isn’t a way for developers to handle signing their own apps. While Google has now made it possible to upload your own key for both new and existing apps, this still takes the signing part out of the hands of the developer.

Code Changes

While Google has specifically promised that the Play Store isn’t going to modify app code, a promise isn’t a guarantee. With App Bundles and App Signing, there’s no technical limitation that we know of preventing Google from modifying uploaded apps before distribution.

Google has introduced Code Transparency as an optional feature, and while this helps somewhat, it has its fair share of problems, as we discussed earlier.

Self-Made Bundles

When Google was asked about allowing developers to make their own app “bundles” (ZIPs containing split APKs), the response was basically “we’re not going to do that”:

Probably not as it’s described in the question, as this would make the publishing process even more difficult for developers, and we actually want to make it simpler and safer. However, again, we’ve heard this feedback, and we will be looking into options how to make this possible, however probably not in the way that was described here.

Interestingly, Google’s justification seems to be that it would make publishing more complicated. However, Google could still make the process automated as part of the APK generation dialog in Android Studio. Furthermore, if the app in question is being distributed on multiple stores, it would actually make the publishing process simpler, since developers wouldn’t have to manage multiple signing keys and complaints from users.

And with the introduction of Code Transparency, it seems that complication isn’t exactly an issue after all. Code Transparency, for now at least, requires the developer to use a command-line tool and for users to explicitly verify the validity of the app they’re served. This is more complicated than a process to self-make bundles, and it’s unclear why this is the solution Google prefers.

Going Forward

App Bundles will be the required distribution format for new apps submitted to Google Play starting August 1st. While Google has at least somewhat addressed most of the issues raised by developers and security experts, the responses leave a lot to be desired. There are many obvious benefits to App Bundles as the next-generation distribution format, but there will always be lingering concerns with giving partial or total control of app signing to Google.

Google’s responses and efforts are certainly appreciated, but some, like Mark Murphy, feel they haven’t gone far enough. With solutions like self-made bundles not being implemented and the deadline for Android App Bundles being required fast approaching, it doesn’t look like developers on Google Play will be able to retain full control of their apps for much longer.


We’ll be talking about the implications of the Android App Bundle requirement in a Twitter Space later this afternoon, so join us!

The post Why Google Play’s APK replacement is scaring some security experts appeared first on xda-developers.



from xda-developers https://ift.tt/3dBlmk1
via IFTTT

Best cheap HP laptops: Gaming, Chromebook, and more!

Finding a good laptop in the sea of options out there today can sometimes prove to be a bit complicated. It’s even more challenging when you’re trying to spend as little money as possible. HP makes some really great laptops, but when the budget is tight, it can be hard to find one you can actually afford. We’ve already rounded up some of the best laptops you can buy for under $600, and HP makes an appearance a couple of times. But if you’re absolutely keen on the brand, these are the best HP laptops you can get on a budget.

For this list, we’re mostly trying to stick to a budget of around $600, but we made one notable exception, which we’ll get to later. At this price point, you won’t find anything that blows you away, but there are a few options that nail the basics and offer a great overall experience. We’ve included laptops of different sizes, operating systems, and form factors. This should help you find something that fits your needs.

Navigate this article:

Best overall: HP Pavilion x360 14

HP Pavilion x360 14 2021

Already making an appearance on our budget laptop list, the HP Pavilion x360 14 is a fantastic option on a budget. Starting with an 11th-generation Intel Core i3 and 8GB of dual-channel memory, it’s already a great option for your everyday tasks. If you can stretch your budget, you can upgrade to an Intel Core i5 with Iris Xe Graphics, double the RAM, with a couple more upgrades available. It also comes with a good supply of ports, including USB Type-C with DisplayPort and Power Delivery, HDMI 2.0, and more.

The one you might want the most is actually the display. Out of the box, it comes with a 14-inch touchscreen at 1366 x 768 resolution. This is still quite common among cheaper laptops, but the upgrade to Full HD can make a world of difference. Everything will look sharper and you’ll be able to see a bit more content on the screen. Regardless, it’s a fantastic entry-level convertible for its price.

    HP Pavilion x360 14
    The HP Pavilion x360 14 is a great all-rounder budget laptop with new Intel processors and solid connectivity options.

Best gaming laptop: HP Pavilion Gaming 15

HP Pavilion Gaming 15 laptop

We’ve quickly arrived at our exception to the $600 price point, but there’s a good reason for it. The HP Pavilion Gaming is an exceptional machine for its $699.99 asking price. Packing an AMD Ryzen 5 5600H, it has six CPU cores and 12 threads, making it a very fast laptop right out of the gate. Couple that with the Nvidia GeForce GTX 1650, and you’ll be able to use this to play most modern games at decent settings. Sure, you won’t be using ray-tracing, and the most demanding games may require you to lower some settings, but almost everything should at least be playable.

The base configuration only includes a 256GB SSD, but if you can spare an extra $70, you can double that to 512GB so you can store more games. This can be essential with some titles taking almost 200GB by themselves (we’re looking at you, Call of Duty: Warzone). You can also upgrade to a 144Hz display for $20, so you can stay under $800 and still have a great gaming experience. It’s cheaper than most laptops on our budget gaming laptops list, but you may want to check that out if you have a bit more money to spend.

    HP Pavilion Gaming 15
    The HP Pavilion Gaming 15 is a great starting point for on-the-go gaming, featuring Ryzen 5000 series CPUs and a GeForce GTX 1650 GPU.

Best 15-inch laptop: HP Pavilion 15

HP Pavilion 15 laptop

If you’re looking for a classy-looking 15-inch laptop that still gets the job done, the new HP Pavilion 15 is a pretty great choice. It’s packing AMD’s latest Ryzen processors, starting at a Ryzen 3 5300U. That’s still a quad-core, eight-thread CPU clocked at 2.6GHz, and it has six GPU cares to help with graphics tasks. You’re not going to be running intensive games on it, but older 2D titles are manageable, and day-to-day tasks won’t be a problem for this CPU. You also get 8GB of dual-channel memory as the base configuration, which is a great start.

Once again, one of the upgrades we’d recommend here is going for the Full HD display, instead of the 1366×768 panel in the base configuration. That will set you back $40, but if you can make it fit your budget, it’s a major step up. There are actually plenty of upgrades you can make here to improve your experience, including the CPU, RAM, and storage. Even at the base level though, you’re getting a solid experience here.

    HP Pavilion 15
    The HP Pavilion 15 is a premium-feeling laptop with great entry-level features, including Ryzen 5000 CPUs and a good selection of ports.

Best Chromebook: HP Chromebook x360 14

HP Chromebook x360 14 laptpop

Chromebooks are great education machines, and they’re well-known for being affordable. However, the lowest-priced Chromebooks probably won’t give you the best experience. If you want something a little more capable with a premium touch, the HP Chromebook x360 14 is one of the best you can find. It comes with an Intel Core i3-1125G4, which is a solid CPU with four cores and eight threads. That also means it includes things like Wi-Fi 6 and Bluetooth 5, so it’s a future-proofed machine. What’s more, it has 8GB of RAM and 128GB of SSD storage, which is more than enough for a Chromebook. There aren’t a lot of upgrade options, but you’re getting a solid build from the get-go.

Another highlight of this one is the Full HD touchscreen in the base configuration. Most Windows laptops at this price offer lower-resolution panels, so this is already great if you’re just looking to browse the web or enjoy some media content. On top of that, the display is protected by Gorilla Glass 5, another rare sight on laptops at this price. This should make it a durable PC for the children taking it to school and tossing it in a backpack. Oh, and it even has a fingerprint reader to make logging in easier.

    HP Chromebook x360 14
    The HP Chromebook x360 14 is one of the best Chromebooks you can get, featuring an 11th-gen Intel Core i3, a fingerprint reader, and high-quality display.

Best 17-inch laptop: HP Laptop 17

HP 17 Laptop

Aside from winning the award for most generic laptop name, the HP Laptop 17 is a great option if you enjoy bigger displays. It’s packing Intel’s 11th-generation Core processors, and while it starts with a Core i3, you can go as high as the Core i7 if your budget allows for it. You can even pair it with GeForce MX450 graphics if you want to be able to do some light gaming. You get 8GB of 3200MHz dual-channel memory in the base configuration, and a 1TB HDD, which is this laptop’s Achilles heel. If you can spare an extra $70, the 256GB SSD will greatly improve your experience, even if it misses out on some capacity.

The 17-inch panel starts at 1600×900 resolution, but you can upgrade to Full HD for an extra $60. Either way, the base resolution is higher than on similar 15-inch laptops, which helps accommodate the larger screen size. There’s also a touch option, but it’s not available with the Full HD panel, which is a shame. Regardless, this is a great laptop with a lot of upgrade options that let you fine-tune it to your taste and budget.

    HP 17 Laptop
    The HP 17 Laptop is a great basic laptop with solid entry-level performance and connectivity for those who need a bigger display.

Best business laptop: HP 250 G8 Notebook

HP 250 G8 laptop

Finding a good business laptop in this price range is difficult, but the HP 250 G8 is a solid entry-level choice. What contributes to the higher price tag is that business laptops like this come with Windows 10 Pro instead of the Home edition. That means you get access to features like Remote Desktop, Hyper-V, BitLocker, and Windows Defender Device Guard. These are features meant for professionals, and if you need them, you have to be willing to make some trade-offs.

In terms of specs, you get an Intel Core i3-1005G1, which is no longer Intel’s newest, but it still offers two cores and four threads, with boost speeds of up to 3.4GHz. You get 8GB of single-channel RAM and a 256GB SSD, along with a healthy supply of ports including RJ45 Ethernet. The display is 15.6 inches and it comes in a 1366×768 resolution.

    HP 250 G8 Notebook
    The HP 250 G8 Notebook covers most of the business basics and comes with Windows 10 Pro, getting you access to professional features like Remote Desktop.

These are what we consider to be the best HP laptops you can get on a budget. There’s quite a bit of variety on this list, so whatever you’re looking for, we have something for you. If you’re still exploring other options, we have more budget laptops from other brands in our budget laptop roundup. There are quite a few options out there.

The post Best cheap HP laptops: Gaming, Chromebook, and more! appeared first on xda-developers.



from xda-developers https://ift.tt/3hoOnR5
via IFTTT

Cooler Master’s new gaming mice feature five different colors from NachoCustomz

Cooler Master, a Taiwanese peripheral and PC hardware maker, is launching its MM720 lightweight gaming mouse in five brand new colorways. Cooler Master has teamed up with NachoCustomz, a Miami-based mouse modder and designer, to design the new mice.

The limited-edition Cooler Master x NachoCustomz MM720 series is available for pre-order now at $99, with official sales set to kick off sometime in September. The new color options include Vivid Red, Electric Blue, Erika Pink, Beryl Green, and Light Yellow.

“As one of the world’s best mouse modders and custom artists, NachoCustomz has always been at the top of our list of potential collaborators. We’re excited to finally work with his incredible eye for detail to make new, strikingly sexy versions of the already-popular MM720,” said Bryant Nguyen, Peripheral General Manager, Cooler Master.

Cooler Master MM720 gaming mice shown in five colors

In case you’re not stoked by the new colors, the good news is that Cooler Master will be putting the existing Black and White MM720 models on a limited-time sale on July 4. The company hasn’t revealed the discounted prices, but you’ll be able to check out the deal at this link when it goes live.

    Cooler Master MM720 Gaming mouse
    The Cooler Master MM720 is a lightweight RGB gaming mouse with a unique honeycomb shell design.

Launched last year, the Cooler Master MM720 is a lightweight RGB mouse aimed at gamers. It features a unique honeycomb shell design and weighs just 49g. The mouse uses an optical sensor that is adjustable up to 32000 DPI and features durable switches graded for 20 million presses, according to the company. It also has an ultra-weave cable which the company says significantly reduces cable drag while swiping and improved PTFE feet that offers super-smooth gliding. Similar to other gaming mice, you can also customize the RGB lighting, create macros, switch between different profiles, and more.

The post Cooler Master’s new gaming mice feature five different colors from NachoCustomz appeared first on xda-developers.



from xda-developers https://ift.tt/3y525iG
via IFTTT

These developers got Windows 11 booting on a OnePlus 6T

Last week, Microsoft officially unveiled Windows 11. While it won’t be available to the general public until the end of this year, the first preview build of Windows 11 is already out to Windows Insiders. Alongside the x64 build that most users have installed, there’s also an ARM64 build for Windows on ARM devices like the Surface Pro X. The ARM64 build is intended to be installed on supported Qualcomm processors, but that’s not stopping tinkerers from using it to port Windows 11 to unsupported devices.

A few days ago, we saw developers manage to get Windows 11 running on a Lumia 950 XL and Raspberry Pi 4. Now, a few developers have booted up Windows 11 on an Android phone. Some of the developers behind the Renegade Project — a team that ports EDK2 to various platforms — successfully got Windows 11 booting on the OnePlus 6 and OnePlus 6T. One of the team members shared a video that we’ve embedded below which showcases Windows 11 on ARM being installed on a OnePlus 6T.

The video shows user edi194 using a OnePlus 6T that’s already running Windows 10 on ARM. The user then proceeds to flash the preview build of Windows 11 on ARM, and although installation does take quite a while, the phone does manage to successfully boot up the new OS in the end. As the user reports, features like touchscreen, USB, and GPU (partially) are working. However, Wi-Fi, Bluetooth, and audio over speaker seem to be broken.

It’s far from perfect, but seeing Microsoft’s brand-new, full-fledged desktop OS running on a smartphone designed to run Android is cool nonetheless.

The team has also put together a spreadsheet of games they have been testing on the OnePlus 6/6T. Surprisingly, the OnePlus 6T can handle quite a few PC titles, including GTA IV, CS:GO, Far Cry, Minecraft, Need for Speed: Most Wanted, SimCity 5, and more.

This is, of course, not the first time we have seen someone running Windows on a Snapdragon 845-powered device. Back in 2019, Bas Timmer (who goes by the username NTAuthority) managed to boot Windows 10 on a OnePlus 6T as well as a Google Pixel 3.

If you’re interested in learning more about the project and maybe try booting up Windows on your Snapdragon 845-powered device yourself, you can learn more about the Renegade Project from its website. Meanwhile, you can find its GitHub page here and the Telegram group here.

The post These developers got Windows 11 booting on a OnePlus 6T appeared first on xda-developers.



from xda-developers https://ift.tt/3ydP2LP
via IFTTT