Android Bytes (powered by Esper)

Esper.io

Android Bytes (powered by Esper) is the podcast that dives deep into the engineering and business decisions behind the world’s most popular OS. https://www.esper.io Android powers over 3 billion devices worldwide and is the platform of choice for over a thousand companies. You’ll find Android on smartphones, tablets, watches, TV, cars, kiosks, and so much more. How does Google architect Android to run on so many form factors, and how do companies fork AOSP to make it run on even more devices? These are the kinds of questions the Android Bytes podcast considers each week. Join cohosts Mishaal Rahman and David Ruddock, two journalists with extensive knowledge covering the Android OS platform and ecosystem, as they speak to system architects, kernel engineers, app developers, and other distinguished experts in the Android space. Get in touch with us at Esper.io if you’re looking to use Android for your product — we have the experience you need. read less
TechnologyTechnology

Episodes

What is a passkey and why should you care?
Dec 19 2022
What is a passkey and why should you care?
The FIDO Alliance isn't a fan club for dogs, but a consortium of big tech companies that's trying to make authentication more secure. The Alliance has a lofty goal: To kill the password and replace it with something better. Enter the passkey.You've probably read a blog post or two about it, but you may be wondering what the fuss is all about. We invited two of the foremost experts on the topic to join us on Android Bytes and explain how passkeys work and why we're better off without passwords. Christiaan Brand is a Product Manager on Identity and Security at Google and Tim Cappalli is an Identity Standards Architect at Microsoft.03:09 - What's wrong with passwords?05:17 - How did we get to passkeys?07:47 - How do passkeys reinvent authentication?11:50 - What is the FIDO Alliance? 14:38 - Are passkeys convenient to use?15:47 - What is WebAuthn, CTAP, and FIDO2?18:01 - What is a FIDO credential? What is the meaning of "passkey"?21:57 - At a high level, how do passkeys actually work?24:47 - What makes passkeys more resilient to phishing and data breaches?25:52 - How are passkeys backed up?27:15 - What happens if you forget that you made a passkey for a certain site?28:01 - Can you reuse passkeys?28:51 - Can passkeys be exported or transferred between password managers (passkey managers?)?31:44 - How do you use a passkey stored on your phone to login to a website on your PC (or vice versa)?35:50 - Is there a fallback method to support legacy devices? How long will passwords stick around?40:41 - Can you create a passkey for an existing account?41:28 - What will happen to physical security keys?Learn more about passkeys at passkeys.dev and developers.google.com/identity/passkeys.Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.Mishaal's TwitterDavid's TwitterEsper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more. For more about Esper:Esper BlogMobile Device Management (MDM) GuideAndroid MDM GuideOur music is "19" by HOME and is licensed under CC BY 3.0.
The hidden costs of building an Android phone
Oct 5 2022
The hidden costs of building an Android phone
As a manufacturer, building an Android phone to the spec you want has its challenges and costs. You need to deal with dozens of regulatory agencies and standards bodies as well as (shudder) work with carriers if you want a chance at making a splash with a new product.From assembly to testing to retail, OSOM Privacy is chugging along as it prepares to launch its first smartphone, and we're glad to have co-founder/CEO Jason Keats and chief product officer Gary Anderson join us again for a special, extended, freewheeling episode of Android Bytes.03:33 - 05:40 - Trademark secrecy, gatekeeping IMEI numbers05:43 - 07:32 - Certifying with the FCC (and other telecom agencies)07:34 - 13:40 - Bluetooth, WiFi, 4G, 5G, USB, and other certifications13:41 - 16:08 - IP ratings16:10 - 18:00 - Making a phone "unbreakable", or at least ruggedized (MIL-STD-810)18:07 - 23:35 - Drop tests, glass durability, and foldables23:38 - 26:17 - How to navigate the confusing mess of certifications27:00 - 32:07 - Pre-production hardware, EVTs, DVTs, etc.32:08 - 42:12 - Factory software provisioning, tooling, and signing44:26 - 50:06 - Cellular band support, VoLTE, and carrier certification50:10 - 52:30 - Why shipping phones in Japan, India, Russia, and Brazil is costly52:33 - 55:55 - Carrier software requirements55:57 - 59:30 - Widevine DRM, Netflix certification, and RSAs for preloads1:05:52 - 1:08:03 - Buttons, ports, and a future without themAndroid Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.Mishaal's TwitterDavid's TwitterEsper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more. For more about Esper:Esper BlogMobile Device Management (MDM) GuideAndroid MDM GuideOur music is "19" by HOME and is licensed under CC BY 3.0.
The mystery of Google Play Services: Android's black box
Oct 4 2022
The mystery of Google Play Services: Android's black box
On this episode of Android Bytes, we take the wraps off Google Play Services, the wonder app that powers many features and APIs you probably thought were native to Android. What does Google Play Services do and how does it do it? Why is it so important and what happens when it's missing from your device? We spoke with German developer Marvin Wißfeld to find out. Marvin is the creator of microG, a "free-as-in-freedom re-implementation of Google's proprietary Android user space apps and libraries" for devices running AOSP.02:59 - What is Google Play Services (GMSCore) and how is it delivered to Android devices?04:14 - What are some of the features powered by Google Play Services?07:27 - What are the most commonly used APIs provided by Google Play Services?08:23 - How do Play Services' location APIs (Network Location Provider [NLP] and Fused Location Provider [FLP]) work? Why do many apps use Google's location APIs?11:20 - What advantages do apps have in using Google's Firebase Cloud Messaging (FCM) over alternative push notification APIs?13:28 - How are push notifications handled in the Chinese market where Google services are banned?18:07 - How do apps tend to behave on devices without Google Play Services?23:02 - What is microG and how does it help work around some of the issues with running apps on AOSP?26:40 - How do users install microG and why is signature spoofing needed?31:00 - How does the modular nature of Google Play Services optimize its app size?34:57 - Have any Google APIs eventually made their way to AOSP?36:43 - Are there any Google APIs that work on AOSP?Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.Mishaal's TwitterDavid's TwitterEsper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more. For more about Esper:Esper BlogMobile Device Management (MDM) GuideAndroid MDM GuideOur music is "19" by HOME and is licensed under CC BY 3.0.
How Play Protect secures GMS Android from harmful apps
Sep 8 2022
How Play Protect secures GMS Android from harmful apps
This episode of Android Bytes, we're talking about mobile app security. Android has a lot of robust, built-in mechanisms that protect against exploits and security vulnerabilities, but there's only so much it can do to protect against misuse of sensitive permissions and APIs. Google augments Android's protection mechanisms with Play Protect, a service that looks out for potentially harmful applications.Brian Reed, Chief Mobility Officer from NowSecure, joins us on the show to explain how Android and Google Play Protect work together to secure your device.2:05 - How does Android's app security model work at a platform level?3:27 - What does NowSecure do?4:16 - How does Android sandbox apps?5:30 - How does Android's security model compare to other platforms?7:24 - How does sideloading affect Android security?13:28 - How is Google Play Protect distributed to GMS Android devices?14:17 - What is the App Defense Alliance (ADA)? What is static and dynamic analysis? 17:12 - What are the reverse engineering/disassembly tools security firms use to analyze Android apps?18:55 - Why is dynamic analysis important?24:05 - What is a potentially harmful application (PHA)?25:32 - What is a mobile bundled application (MHA)? Are there any security risks?27:42 - What can developers do to protect their Android apps from hackers?Additional links mentioned in the show:nowsecure.com/masa (Get your Mobile Application Security Assessment)academy.nowsecure.com (Learn about mobile app security)owasp.org (Open Web Application Security Project)Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.Mishaal's TwitterDavid's TwitterEsper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more. For more about Esper:Esper BlogMobile Device Management (MDM) GuideAndroid MDM GuideOur music is "19" by HOME and is licensed under CC BY 3.0.
The rise of the Android gaming phone
Aug 30 2022
The rise of the Android gaming phone
On this episode of Android Bytes: mobile gaming. People play into it. There's money to be made in it. And a lot of it gets done on Android. So, how do you build an Android device catering to that market? We talk with Chih-hao Kung, Global Technical PR Director for ASUS, a company known for its PCs that's had a hand in advancing Android gaming devices with its ROG Phone series.01:37 - Why does ASUS invest in mobile gaming hardware? 05:30 - What does the mobile gaming market look like?15:41 - Why did early gaming phones fail? What kicked off the recent boom in gaming phones?21:44 - How big is the mobile gaming market?26:29 - What are some gaming phones innovations that have trickled down to regular devices?30:49 - How does smartphone cooling work? What are some of the recent improvements in cooling a smartphone?39:32 - What challenges did ASUS face in getting developers to support the ROG Phone accessories?47:50 - Why are refresh rate options in games so inconsistent between devices?54:35 - What's the deal with game controller support on Android?56:25 - How is Google addressing fragmentation when it comes to Android game development? How will these measures affect OEMs?Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.Mishaal's TwitterDavid's TwitterEsper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more. For more about Esper:Esper BlogMobile Device Management (MDM) GuideAndroid MDM GuideOur music is "19" by HOME and is licensed under CC BY 3.0.
How to distribute apps on Android without Google Play
Aug 1 2022
How to distribute apps on Android without Google Play
The Google Play Store is home to millions of Android apps. It's most likely the place where you downloaded the app to get this podcast. But what if you're in that very special group of users who source their apps from outside the bubble of Google Play? On this episode of Android Bytes, we talk with Logan Magee, the developer behind his very own app store, Accrescent.01:23 - Why do so many OEMs license GMS? What’s the importance of the Google Play Store and Google Play Services?03:38 - What are the considerations you need to make when designing an app store?07:45 - How do you get your app store on devices without GMS?09:32 - What is Accrescent, and how will it differ from other Android app stores?11:51 - How does Android’s security model work when it comes to apps? What is an APK file? What’s inside of an APK? How is it updated?14:20 - How have APK signatures evolved? What do APK Signature Scheme v3 and v4 bring to the table? How does APK Signature Scheme v4 enable the “Play as you download” feature?16:28 - Is there a way to secure Android’s trust on first use (TOFU) model for first-time app installs?19:20 - What do Google Play and other app stores do to get developers on board?20:40 - How does Google Play (try to) keep malicious apps off their store? Are these measures effective?26:08 - Should app stores take over guarding of sensitive permissions from the OS?28:40 - What is the advantage of bundling an app store with the OS image? What can preinstalled app stores do that sideloaded third-party app stores can’t?30:25 - How does Android 12 enable third-party app stores to perform unattended updates?33:35 - What is an Android App Bundle and how is it different from an APK? What are the benefits of app bundles and what are some of the downsides?40:25 - How will Google Play’s app archiving feature work? What is an archived APK?41:50 - What can we learn about Android app distribution from China?Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.Mishaal's TwitterDavid's TwitterEsper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more. For more about Esper:Esper BlogMobile Device Management (MDM) GuideAndroid MDM GuideOur music is "19" by HOME and is licensed under CC BY 3.0.
How Scoped Storage changed Android file access
Jul 25 2022
How Scoped Storage changed Android file access
Get ready for a doozy. This episode tries to explain how storage works on Android with a focus on Google's on-again, off-again approach to scoped storage and how apps navigate it all. Hopefully you don't come out of this more confused than before.We talk with Raymond Lai, part of the team behind Amaze File Manager.03:01 - How did storage access used to work in the early days of Android? What is the difference between internal and external storage?05:00 - Why is external storage mounted using a virtual file system? Where can apps store files, and what is the "Android" folder used for? What was the problem with mounting external storage as VFAT?10:00 - Why did Android 4.4 switch from VFAT to using FUSE to emulate FAT32? Is FUSE still being used? What is SDCardFS?12:07 - What is Scoped Storage? How did it affect external storage access? 13:12 - What is the MediaStore API? How does Scoped Storage protect users?17:02 - What is the Storage Access Framework, and why was it so controversial? How did it affect apps?24:00 - How did Scoped Storage break file access on some Android TV devices?26:54 - How did Google respond to developer feedback on Scoped Storage before Android 10's release?27:43 - How did Scoped Storage change in Android 11? What is the "all files access" permission and what are its limitations? How did file managers get around these limitations?31:55 - Why did Android return to FUSE? What was the limitation with SDCardFS? How did Google improve FUSE, and what problems does it still have?38:44 - What is FUSE passthrough in Android 12? How does it improve performance?40:22 - How will Android 13 change file access on Android?Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.Mishaal's TwitterDavid's TwitterEsper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more. For more about Esper:Esper BlogMobile Device Management (MDM) GuideAndroid MDM GuideOur music is "19" by HOME and is licensed under CC BY 3.0.
How Android updates have gotten easier (but are still hard)
Jul 18 2022
How Android updates have gotten easier (but are still hard)
We close the circle on our OSOM double-header here on Android Bytes. In this episode, we chat with CEO Jason Keats and CPO Gary Anderson about how they'll update Android on their new phone, the Solana Saga, and dive deeper into the Solana part of the device. What's the Solana Mobile Stack, what are its benefits, and what can people do with it?00:40 - Where do OEMs actually get Android and Linux from? What is a BSP?03:10 - What is a Generic Kernel Image?06:02 - What is Project Treble and Google Requirements Freeze? How do these initiatives affect Android updates?10:10 - What are silicon vendors concerned about when it comes to updates? Is there a clash between their interests and an OEM's?12:12 - How long will the Solana Saga be supported for?13:44 - What is the Solana Mobile Stack? How will the SMS use the Saga's secure hardware?22:08 - Should Google slow down the development of Android? 25:26 - Sharing some thoughts on Android 1327:25 - What challenges did the Essential Phone's pogo pins present? Any other interesting stories?Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.Mishaal's TwitterDavid's TwitterEsper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more. For more about Esper:Esper BlogMobile Device Management (MDM) GuideAndroid MDM GuideOur music is "19" by HOME and is licensed under CC BY 3.0.
The OSOM effort behind building an Android phone (feat. Jason Keats)
Jul 11 2022
The OSOM effort behind building an Android phone (feat. Jason Keats)
It's a two-part special on Android Bytes as we chat with two execs from OSOM Privacy, an Android startup founded from the remains of Andy Rubin's Essential. In this episode, we talk about the company's first product, the Solana Saga, and what it's like building an Android experience from scratch.With us are OSOM CEO Jason Keats and CPO Gary Anderson. You can learn more about the Saga here. 02:22 - After Essential shut down, why start another smartphone company? 06:38 - Why do so many smartphones use the same build materials?09:05 - What's the Solana Saga all about?15:06 - Does the Solana Saga ship with GMS? What is the software experience like?18:02 - How exactly does a company bring Android with GMS onto a new device? What are the steps involved? 21:26 - What is a MADA? Why do companies have to sign it?22:17 - Why can't a company launch a GMS product with any version of Android and security patch level? Is this requirement burdensome?27:12 - How does one validate that their Android build will pass Google certification? What is xTS and how long does it take to run it?31:23 - What is a 3PL? What happens when a build passes certification?33:21 - How did Essential manage to ship day 1 Android updates?34:50 - How do carriers play a role in Android updates?Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.Mishaal's TwitterDavid's TwitterEsper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more. For more about Esper:Esper BlogMobile Device Management (MDM) GuideAndroid MDM GuideOur music is "19" by HOME and is licensed under CC BY 3.0.
A snapshot of Android's camera problems
Jul 5 2022
A snapshot of Android's camera problems
On this week's episode, we break down how camera APIs work in Android and why third-party camera apps just can't match the features and quality produced by the stock camera. Long story short, it's a mess. What gives? And what's being done about it?We're joined by Mohit Shetty, a developer behind Secure Camera, the camera app on GrapheneOS and available to everyone on the Play Store.01:48 - How does hardware fragmentation make camera app development on Android inherently more challenging than on iOS?03:52 - Was there anything Google could have done in the early days to make things better?08:21 - Why don't OEMs bother with making sure third-party camera apps work the same as the stock camera app?12:27 - What are some features that OEMs can't expose to third-party camera apps through Android's camera API?17:20 - How does Android's camera architecture work? What is Camera HAL 3?20:23 - How will Google Requirements Freeze (GRF) affect camera HAL versioning?24:11 - How do third-party camera apps interface with multiple cameras?29:28 - What is the Camera2 API?32:52 - What is CameraX and what can (and can't) it do? Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.Mishaal's TwitterDavid's TwitterEsper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more. For more about Esper:Esper BlogMobile Device Management (MDM) GuideAndroid MDM GuideOur music is "19" by HOME and is licensed under CC BY 3.0.
How Wear OS brings Android to your wrist
Apr 25 2022
How Wear OS brings Android to your wrist
On this episode, we seek insight on Wear OS, formerly known as Android Wear. As with any other operating system Google has its hands in, there are some unique challenges that developers have had to deal with. Add to that the general malaise the software has experienced over the past several years and you could say that this ship needed to turn around. What does Wear OS 3.0 do to help with that?We're joined by Sean Hoyt, an Android developer who worked on the BLOCKS and Open Watch smartwatch concepts, and Greg Viczian, a Wear OS app developer best known for his Bubble Cloud launcher.01:42 - How did Android Wear get its start? What was using it like?08:36 - What made it challenging for third-party devs to work on Android Wear/Wear OS?17:27 - What happens when you try to cram a full version of Android onto a smartwatch?24:58 - What is the app development experience for Wear OS?32:30 - What does Wear OS 3.0 bring and what does Samsung have to do with all of it?41:57 - What does the future hold for the success or failure of Wear OS?Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.Mishaal's TwitterDavid's TwitterEsper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more. For more about Esper:Esper BlogMobile Device Management (MDM) GuideAndroid MDM GuideOur music is "19" by HOME and is licensed under CC BY 3.0.