I was lucky to become Google Developer Android Android in Russia , and therefore I am doubly worried that not all of you have prepared for release in advance. Now we will try to jump on a floating ship with marshmallows.

You can not read, but simply see my report on the past DroidCon .

But especially for those who like to read habr more than watch youtube - welcome under cat. There we will go through the checklist of actions that everyone must do in their application, and then we will look at new opportunities for developers in sdk 23.

Important note

All of the following applies only to applications with targetSdk = 23 and higher! How applications will behave with older sdk on the marshmallow is ready to discuss in the comments.
')

Doze Mode, App Standby and Runtime Permissions

Unfortunately, the length of the article could not accommodate these three major changes in Android Marshmallow. Please read about them in a separate article .

Autobackup

Now, Android applications every night while the device is charging, all settings will be merged into the user Drive. Rather, those that we solve.

What for?
When buying a new user, the user immediately recovers not only all applications from Google Play, but also their settings.
What is bad for us?
In the cloud and on new devices fly away from shared preferences account data and GCM keys (pushes stop working). It is necessary to prevent it!

By default, all folders of our application and all SharedPreferences are backed up. Not saved only:
- paths on the SD card that are not in android / data / ...
- getCacheDir ()
- getCodeCacheDir ()
- getNoBackupFilesDir ()

The last daddy was created just for this purpose.

To prevent some of the files from being backup, we write the following xml, where we list all the data that we don’t want to allow to backup:

<android:fullBackupContent="@xml/mybackupscheme"> <full-backup-content> <exclude domain= ["file" | "database" | "sharedpref"| "external" | "root"] path="string”> </full-backup-content> 

To determine the opposite only those files that we want to put in the cloud:

 <android:fullBackupContent="@xml/mybackupscheme"> <full-backup-content> <include domain= ["file" | "database" | "sharedpref"| "external" | "root"] path="string”> </full-backup-content> 

If the backup data is unnecessary for recovery, we can do the following trick: redefine the onRestoreFinished () method in the class derived from Application and delete the undesirable recovered entries in it.

! Remove Google Cloud Messages from backup!

Learn more: developer.android.com/intl/en/training/backup/autosyncapi.html
Example: developer.android.com/intl/ru/samples/AutoBackupForApps/index.html

Deprecated

If you still use the Apache Http client and completely refuse to switch to modern analogs, for example, OkHttp , then you urgently need to add to build.gradle :

 android { useLibrary 'org.apache.http.legacy' } 

Now from sdk saw OpenSSL: libcrypto.so and libssl.so are replaced by BoringSSL.

If you suddenly didn’t know about Notification.Builder until today, and used notification.setLatestEventInfo () for creating notifications, that's enough, it has been deleted. Read at least my article , but rather official docks , how to create and update notifications correctly.

Adoptable storage

Now the user can format the sd-card, turning it into an almost internal encrypted storage. And thus the system will transfer and install applications to the new storage. How does this threaten us?

If we do not use standard methods and constants in the application to get paths ( getFilesDir () , getCacheDir () , etc.), but hardcoding the paths to the internal storage, then after moving the files to the card, the mount point will change, and all of our carefully written paths will no longer be valid.

Learn more: developer.android.com/intl/ru/about/versions/marshmallow/android-6.0.html#adoptable-storage

Small but important additions

Access to MAC addresses of devices in the district is now possible only when scanning with WifiManager.getScanResults () BluetoothLeScanner.startScan () and when requested by ACCESS_FINE_LOCATION or ACCESS_COARSE_LOCATION permissions . But the WifiInfo.getMacAddress () and BluetoothAdapter.getAddress () methods always return a dummy 02: 00: 00: 00: 00: 00 . this is done in order to increase user security. It's a pity not everyone will upgrade to marshmallow, and custom firmwares are unlikely to keep this restriction.

From the Android Keystore provider threw support for DSA encryption.

Now, the state of WifiConfiguration of objects our applications can only change if they themselves have created them.

The camera has a good change in working with access to the service. If the application went into the background, and another application on the contrary came to the fore, then it will give priority, and the first will lose the service. And yet, now you can use from different applications simultaneously access to different cameras of the device.

Changes in ART

• Now the rights handling on newInstance () is correctly implemented.
• The dynamic linker now understands the differences between the library's soname and its path, and the search for soname has also appeared.
• Fixed dlopen (3) RTLD_LOCAL flag .

New features of Android

With the mandatory changes in our application is over. Let's move on to the main features that the new SDK provides us.

App Linking

Many developers build url-filter filters into their applications so that the user is prompted to open a specific url using the application. Now it is possible to deprive other developers of the ability to handle the url of your site. Suppose if you do banking, then you definitely do not want other applications besides the client application of your bank to open by clicking on the link by the user.

In the manifest, you need to add this type of filter:

 <intent-filter android:autoVerify="true"> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <category android:name="android.intent.category.BROWSABLE" /> <data android:scheme="http" android:host="www.android.com" /> <data android:scheme="https" android:host="www.android.com" /> </intent-filter> 

And put JSON on your website (https://www.domain1.com/.well-known/assetlinks.json), inserting sha256 from keystor, with which the application is signed.

 [{ "relation": ["delegate_permission/common.handle_all_urls"], "target": { "namespace": "android_app", "package_name": "com.example", "sha256_cert_fingerprints": ["14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5"] } }] 

The only thing worth remembering is: if your application is not installed, the “open with” dialog pops up and the attacker’s application can open.

Learn more: developer.android.com/intl/ru/training/app-links/index.html

Fingerprint api

Finally, native support for fingerprint sensors has appeared in Android. Now using the android.hardware.fingerprint.FingerprintManager class, we check the presence of the isHardwareDetected () sensor in the device, request USE_FINGERPRINT permission, and if the user has hasEnrolledFingerprints () rollback fingers, show the standard authentificate () fingerprint authentication dialog.






More details .

An example .

Confirm Credentials

Now we have the opportunity to double-check that the device is now in the hands of its owner, showing the unlock screen before an important action in the application, for example, when trying to open the folder "/ rest in Adler 2007 /".

More details .

An example .

Text selection

Now the context menu for actions with the selected text appears directly next to the carriage; to add our actions, we can also use the menu described in menu.xml and add it using the startActionMode method (Callback, ActionMode.TYPE_FLOATING) .







More details .

Direct share

An important addition to Marshmallow is the ability to add up to eight different objects to a single application in a standard sharing dialog:

The main thing is not to clutter up dialogue with useless sharing options. Try not to abuse.







Learn more: developer.android.com/intl/ru/about/versions/marshmallow/android-6.0.html#direct-share
Example: developer.android.com/intl/ru/samples/DirectShare/index.html

Voice interaction

An important, but not so detailed, feature, unlike Now on tap . Our application, being launched from Google Now can conduct a dialogue with the user using the android.app.VoiceInteractor class.






Learn more: developers.google.com/voice-actions/interaction/voice-interactions .

The list does not end there. Smaller innovations can be read here .

Be sure to go through all the points above. Check autobackup, doze mode and request all permissions. All questions will be glad to answer in the comments.