Droidcon 2019 London part 1

Kliment Joncheski
Nov 3 · 8 min read

I was recently participating to Droidcon conference in London. The talks took place on 24/25 October 2019. So I’m writing this blog post to highlight the points and ideas that were presented through the talks.

Developing like athlete.

This was keynote presentation where interesting topics were shown. There was a relation done between developers and athletes in this talk. The common things between them are noticeable in my view. Both developers and athletes are practicing a lot on every day basics (with every day coding our skills are improving. Additionally we invest in education on daily basics with goal to be better and better). Plus we work in teams same as athletes where the better the team spirit is, the end product is gets better as well. But to be successful athlete/developer you have to have healthy mind and body. There were some facts shown how the sleeping affects athletes, and having in mind the relation, to developers.

Sleeping tips. Interesting story was told about NBA basketball player Andre Iguodala. Same as every athlete he was pushing himself to the limits with hours and hours of practice not paying attention to sleep. Pretty much all developers do the same (code and code without enough sleep). At that level its hard to increase the performance just with practice. He started monitoring his sleep time and having new habit of sleeping ~10 hours per day. The results were stunning: +29% increase in points per minute, +12% increase in minutes played, +9% increase in free-throw percentage, +2% increase in 3-point percentage, -45 % decrease in fouls committed. And from that on he ended up playing in NBA finals and his task was to guard the best player in the world Lebron James. In the end of the finals Iguodala was named MVP, becoming first player to win the award without starting a game during the regular season. Think about what your improvement would be if you pay attention to your sleeping habit. Like better code quality, being more creative, more productive and in the end your entire career advancement can go faster! I think its worth trying it out.

Another part of the presentation was for interruptions. As developers we face with interruptions on daily basics. There is study that shows on average it takes 23 minutes per major interruption to re-gain focus and get back to initial work. That is 23 minutes lost for you, your company and your clients. And this happens every day with every interruption. Furthermore, some studies are telling that interruptions result in more bugs, lack of productivity and increasing stress and frustration. There is one analogy i found that was not on the presentation, but its good analogy to explain to technical and non-technical colleagues):

“How long does it take for you to fall asleep?” “X minutes” “Now imagine that when you are close to falling asleep, someone walks in and interrupts you, how long will it take you to fall asleep now? Those few seconds you had left, or will you have to start again to ‘sink back’ to where you were?” “I’ll have to start again” “Great. Same thing. Just like falling asleep, it takes me a while to ‘sink’ into focus mode, and it takes me a while to get back to it once I’m interrupted, except that I also forget half of what I was doing.”

The point here is try not to interrupt colleagues if its not needed. This should be as part of the company culture so in the end productivity will be increased within the company, better software will be developed which will result in happy clients :).

Measure what matters with Jetpack Benchmark

Interesting presentation for measuring performance of the app. The benchmark also measures components like RecyclerView and database queries. Benchmarks run in a loop executing the same steps multiple times so its good practice to measure frequently user features of the app. What is important when implementing it is that the benchmark must be done in separate module. Jetpack benchmark does not work with app’s module. The easiest way to try it out is with already complete template available in Android Studio : New > Module > Benchmark Module.

There were couple of sample code but its like writing any instrumentation test on Android. At this moment the version of the library is already release candidate. For more info please check documentation.

Animations

I was really interested in the talk. To be honest in every day work i’m developing mostly banking applications where we very often put animations aside :). Here the main idea of the presentation was pointing out three different ways to do animations:

1. Android framework.

Mainly there are three types of animations using the Android framework:

View Animations — Can only modify position, size, rotation, and transparency.

Property Animations — Can animate any property of a View (text color, text size …)

Drawable Animations — Animate a set of drawables in sequence (similar to sprites)

2. Lottie library.

Its library developed by AirBnb, where all what can do the Android framework here is compiled and has nice api for using. The same animation was demonstrated developed with Lottie and Android framework. There was not difference.

3. Video as animation.

The implementation is really easy with this approach. You just place video on the screen. Plus the animations can look amazing and its almost impossible to be drown by code. Major drawback from this approach is that videos can huge and they can significantly increase total apk size. Therefore compression comes in play, where on the device the end user cannot really tell the difference.

Android Studio tips

Cool presentation where tips mainly for key shortcuts in Android Studio were shown. The whole presentation was demo. Here are few of the tips:

Find action → I use this tool on daily basics. And i think all developers which are not using should start. Its searching tool for actions. You can’t know all shortcuts. Like enter presentation mode, Instant Run, Replace, Fetch, Pull etc… all you need its there and easy findable.

Auto import →This can save you some time. Settings > Editor > Genera > Auto import > check Add unambiguous imports on the fly. All unambiguous imports will be added automatically when chunk of code is added to the project.

Navigate through words →Settings > Editor > General > Smart keys > check Use “CamelHumps” words. Now when you navigate through words the cursor will move at beginning of every capital letter in the word.

Keymap → Settings > Keymap. You should defiinately pay attention to this one and make the shortcuts handy for you. It’ll save you some time in every day work.

Macros → With macros you can group actions (example: format code + remove unused imports + arrange xml). To make a custom macro, simply go Edit > Macros > Start Macro Recording and then run the commands you want to group. Lastly, you need to add shortcut to the macro for using. Go to Keymap, search for macros. Select the created one and add a shortcut.

Hector → Very right bottom icon. There is option to check power saver mode. This can extend the lifetime of the battery a lot. Of course this disables some functionalities of the IDE, but sometimes this can be handy when you have no option to plug in.

Semantic highlighting → This is cool feature for easy readable code within the IDE. Settings > Editor > Color Scheme > Language Defaults > check Semantic Highlighting. Variables used inside the methods are colored differently so you can easily spot them.

Live template →This is handy to generate boilerplate code automatically. You can check live templates from Settings > Editor > Live Templates generate code. Using them its easy: type the abbreviation and hit the expand key(Tab is default) → code will be generated.

Surround with → select code and surround it with whatever you need like : try-catch, if-else, do-while … How can you find this action ? Help > find action and type surround with (check first point from the tips :)).

Testing deep links → Cool way was shown to test deep links. Open Edit configurations conf > In the Launch Options there is option to select launching options of the application. There you can select URL and load the deep link url you want to test.

Cert pinning vs cert transparency

It was short presentation but for me it was with context and i honestly learnt something new. I think i have heard somewhere for certificate transparency but I guess i did not payed attention. I’m using certificate pinning as security measure on my projects but i did not think through its vulnerabilities at all. Here is short info from the talk with flavor of my understanding and research for the topic.

Couple of problems with cert pinning:

The certificate authority (CA) we know is an entity that issues digital certificates. They are reliable companies with security in mind and they should fulfill some standards if they want clients to trust them (to be included in trusted stores of browsers, Android, IOS etc…). They also can issue certificates for any domain : *.google.com, *.facebook.com, *.mozilla.com … They are “gods” as soon they are established CA. So when they are not working according to security standards massive damage is done. Check DigiNotar hack in 2011 , where attackers issued ~500 certificates including domains like : *.google.com, *.windowsupdate.com, *.mozilla.com and others.

Key pinning can go wrong. For Smashing Magazine this happened when they were updating their expiring SSL certificate. Some users were left over with blocked website for 1 year. Find more here.

Now what Certificate Transparency is better than Certificate pinning. The clients (browsers, Android, IOS) are smart enough to detect malicious websites that are provisioned with forged or fake SSL certificates. However they cannot detect mistakenly issued, or certificates that have been issued by a (CA) that’s been compromised, like the first problem that is pointed out. What Certificate transparency has to offer is “real time” monitoring to issuing certificates. The key point here is to detect rogue certificates as early as possible. Three main components of Certificate Transparency are : Certificate logs ( simple network services, publicly auditable logs when certificate is issued. Than anyone can query a log for a cryptographic proof), Certificate monitors ( Monitors are publicly run servers that periodically contact all of the log servers and watch for suspicious certificates), Certificate auditors ( companies that can verify that logs are behaving correctly and are cryptographically consistent)

Certificate Transparency on Android: There are couple of libraries for imeplementation(I haven’t tried them yet):

Short summary for Day 2 to be continued…

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade