Google IO 2018 - 跟Android有關的talk

Android

App performance:
Android vitals: debug app performance and reap rewards
What's new in Android Runtime
Drawn out: how Android renders
Understanding Android memory usage
Best practices using compilers in Android Studio
Best practices for text on Android
What's new with the Android build system
Don't let your app drain your users' battery

Improve app performance with Android Studio Profilers

App development
What's new in Android development tools
The future of apps on Android and Google Play: modular, instant, and dynamic
Build the new, modular Android App Bundle
Protips: a fresh look at advanced topics for Android experts
Android Jetpack: what's new in Architecture Components
Effective ProGuard keep rules for smaller applications
What's new with ConstraintLayout and Android Studio design tools
Android Slices: build interactive results for Google Search
Building AR apps with the Sceneform SDK

Android Jetpack
Modern Android development: Android Jetpack, Kotlin, and more
Android Jetpack: manage infinite lists with RecyclerView and Paging
Android Jetpack: how to smartly use Fragments in your UI
Android Jetpack: manage UI navigation with Navigation Controller
Android Jetpack: what’s new in Android Support Library
Android Jetpack: easy background processing with WorkManager

App Testing
Frictionless Android testing: write once, run everywhere
Autonomous and customized pre-launch testing in the Google Play Console


App Security
What's new in Android security


App Release Management
Release management: successful launches and updates on Google Play


Android TV: What’s new with Android TV

Google Play
Analyze your audience and benchmark metrics to grow on Google Play
Google Play Instant: how app developers are finding success


Android Car
What’s new in automotive

Wear OS
What's new in Wear OS by Google

Google IO 2018 - .app domain

目的

提高https普及率。
此為全世界第一個open (任何人都可以註冊) TLD (top-level domain) with full HTTPS policy。

此地要分清楚Registry和Registrar的不同。看以下連結：

https://help.one.com/hc/en-us/articles/115005588149-What-is-a-registry-registrar-and-registrant-

Registry: 此TLD的創建者/管理者/經營者，以本例子來說是Google
Registrar: 銷售TLD的經銷商，例如goDaddy

民眾通常不會跟Registry打交道，而是透過Registrar。

Target Users

主要瞄準所有跟app development相關的從業人員。

此外還有行銷上的好處：好記較短的網址，例如momoapp.com可以簡化成 momo.app

HTTPS 好處

1. Authenticity: 公開wifi提供者常會對http網站內容做修改（因為掌握底層傳輸機制），所以失去網站的真實性，常見的非惡意的做法是塞入廣告版面。

2. 新的Browser APIs只限制要使用HTTPS傳輸

3. Chrome URL bar會顯示「不安全」給HTTP網站

4. Android P (9.0) default就要HTTPS connection between App and backend

HSTS (HTTP Strict Transport Security)

這是一個讓server告知browser說所有server content壹定要在HTTPS connection上傳輸。

HSTS可以避免connection被ISP downgrade 導向www server的HTTP content (如果有的話），稱為protocol downgrade attack。

再來就是可以做HSTS preloading，也就是一個browser list記載某些TLDs壹定要用HTTPS connection，即便連第一個request header都還沒看到。

由於.app domain已經加入HSTS preload list，所以使用.app domain的website不用花心力去configure HSTS，或是花幾個月的時間去申請加入HSTS preload list。

此外也可以節省website loading時間，如果已經加入HSTS preload list的話，就不會經歷HTTP redirect到HTTPS content的過程。

結論

加入.app domain的好處：
1. marketing advantages：較短且好記的名稱，例如momoecapp.com => momoec.app
2. .app domain已經被加入HSTS preload list，所以server不用花時間心力去configure HSTS以及申請加入preload list，馬上就可以得到HSTS的好處。