Moving apps

TL;DR This article fills in some of the gaps in the official docs and add rationale to why you should consider moving your app to a non-human Google account.

Google offers the ability to move/transfer one of many apps from one Google account to another. But before you transfer highly recommend reading the official docs on how to transfer apps to a different developer account here.

Why transfer?

Are you using your personal Google account for apps?

If your app(s) are associated with your personal Google account you run the risk of having your access to Gmail, Google Photos, Drive blocked if Google Play account is suspended due to a breach of Play content policy. The thought of losing access to my emails, family photos is a very frightening prospect. You might think you’ll never be in breach and maybe you’re right? but remember the Play content policy is frequently updated and you have to ask yourself how closely you read the updates. I ran into policy breaches a few times and none of the apps I’ve released are particularly risky. The first app that I wrote to get my first Android job was a wallpaper changer based geotagged Flickr photos and user’s location. It was pulled due to copyright infringement (I mistakenly used Flickr’s logo and name). So certainly worth considering moving them to seperate Google account.

 

What if the account owner leaves your organisation?

Recently at work the first Android developer left for greener pastures. I mention first because he was only one in the Android team and registered his work Google account as the Google Play Developer owner which I’m sure happens a lot. When he left the company a few weeks ago his Google account was deactivated as you’d expect. However, because that account was the owner on Google Play we *lost* all access to Google Play console 😱😱😱. Thankfully we were able to restore their Google account which restored our access. But keeping an ex-employee’s account active just for this would be less than ideal.

But who’s the owner?

You can easily identify if this could happen to you be reviewing the permission in the Google Play console. Goto Settings > Developer Account > Users & Permissions. Look for an account with All Permissions, that’s the owner!

Use a non-human account 🤖

To prevent these risks noted above I recommend transferring your apps to a non-human (but secure account) Google account. By non-human I just mean it’s not directly associated with any one person. Separating admin and personal accounts is generally a good security practice. This way if your app account is compromised or suspended it doesn’t affect your Gmail/Photos/Drive etc. Also, you remove the risk of losing console access when an employee leaves.

Tip: As with your own accounts ensure the non-human account has strong password and 2FA auth enabled. If needed share the details with colleagues with 1Password for teams or similar.

How long does app transfer take?

For us, it was less than 24hrs. Talking to others in the Android community that matches their experiences too. It’s basically the time for a human to verify the details in the transfer form and action the transfer.

What doesn’t transfer?

Most data does transfers ok, however, a few things don’t.

User accounts

You’ll need to re-invite your fellow developers, content/marketing peeps to the new Play console account. This also includes API/service accounts that might be used by the CI.

Tip: this is a good time to audit who has access to make app changes and publish. There’s an option to set an expiry on users which is ideal if you are employing short-term contractors.

Tester groups and tester emails

If you are using Google Play for Alpha/Beta testing and also manage testers by email address you’ll need to recreate those groups and re-add the beta testers. However, there’s no way to export the user lists/emails from your current account.

My solution to export via copy and paste:

  • Manual copy and paste the list of emails from the group list
  • Paste into Google sheets (important that it’s just one column of emails)
  • Download/export as .csv file
  • In new account create a new list and import the .csv file

Gotcha: You’d expect all the tester emails need to have a Google account associated with them. However if that’s changed since you first added them, the import will fail. You’ll need to remove invalid emails one by one and retry the import until it succeeds.

Beta users should not have to re-approve the beta, however, I noticed the URL for internal testers had changed.

Reports

As mentioned in the docs “Your bulk export reports, payout reports and earnings reports won’t transfer with the app, so you may want to download any reports that you’ll need later. ” It’s important to do this before the transfer!

 

Transferring our apps to a non-human account went smoothly and recommend it both for professional and personal apps.

Photo by bruce mars from Pexels

Slides and links(below) from my “What’s NNNNNNNNew in Android Security” talk at Droidcon London. The video via SkillsMatter is here.

Resources:

Training and Developer Docs

Would you like me to speak at your conference or meetup? If so please get in contact.

Any questions, please drop me an email or tweet.

 

Scott MCEI had a great time at MCE conference in Warsaw, Poland in April. I’d recommend MCE as a mobile conference I attended both Android and iOS talks and there were all high quality. Also all the people I met were very friendly and spoke great english. I was introduced to Polish vodka and some tasty polish food. Thanks to the organisers for inviting me and I hope to attend again.

In this presentation I share a story of a recent Android app I developed where app security wasn’t prioritised and how I still provided a minimal level of security to protect the app’s users and developer reputation.

For those wondering why my t-shirt has a mantis shrimp on it? check out this awesome oatmeal comic.

Last week I attended the first Blackhat mobile security summit in London. It was a great chance for us to learn from security specialists.

I co-wrote this article to highlights some of our favourite and key takeaways.

  • New Android Security Rewards Program
  • State of malware on Android/mobile
  • Samsung / SwiftKey Zip Traversal Hack
  • SSL validation (or lack of) still one of most common app vulns
  • “erase everything” = not everything?
  • Windows phone 8 exploits and security faux pas

I have released a new open source library to wrap a Google Play services API called SafetyNet, which has been completely eclipsed by the recent Google IO and WWDC coverage 😉 safetynet_framed

Here’s a blog post that explains a bit about what is it and why and here’s the code on github.

I’ve also released the Sample app on the Google Play store so you can run the Safety Net test on your own device.

 

Another blog on the Intohand blog, this time “How to publish your open source library to Maven central”

Have you created a great (or at least useful) Java/Android open source project that you want to enable other developers usmavene in their projects easily? have you wondered how to publish your library to Maven central? then this is the article for you!

http://intohand.com/blog/post/how-to-publish-your-open-source-library-to-maven-central

This is an extract for a blog post I wrote for intohand. Read the full article here.

Whilst emulators provide a function, nothing beats testing on real hardware. As a developer however unless you’re near a test wall of phones, have a very large bag or lots of colleagues/friends who are all running different software versions it can be a pain. It would be ideal if you could have a single phone that acted as a Swiss Army knife.

At the end of this article using a tool called MultiRom you’ll have a Nexus 4 with the option of booting into various versions of Android.

mulitboot-image09

After last nights SWUX meetup I figured I’d share some more links on Google’s Material design that I’ve found since the last meetup I attended.

Articles:googledesign

  • An exploration in Material Design by Arthur Bodolec @ Feed.ly  – good information about the Z order and a nicely polished example.
  • We Are Living In A Material World And I Am A Material Girl – Trello – Great article that shows before and after material, and most interesting thing for me was how Trello got rid of the navigation drawer.
  • Instagram with Material Design concept by Miroslaw Stanek – some great code samples.

Examples of Material apps – there are several of these kind of sights two of the best are:

  • pttrns.com – has a new beta section showing material/lollipop Android apps. What’s great is you can filter by the type of screen you’re looking for.
  • materialup – showcases material apps and websites but also material concepts and animations

Tools

  • Material Palette, pick two of the material colours and this site will generate palette of 8 colours ready to drop in to your app/project
  • Keyline Pushing – Android  app – when running draws an keyline grid on top of apps, useful for designer/developers to validate an app is ahearence to material’s metrics and keyline spec

Yesterday, I spend a morning trying to figure out why a APK expansion file wasn’t downloading see screenshot.  This problem was specifically with and Android app/game created in the corona SDK but I guess could happen to standard Android apps. After reviewing Corona labs docs are here and various forum posts it turned out to be a simple fix. android_expansion_file

The expansion file had not successfully uploaded!! 🙁 

So triple check the expansion uploaded ok in the Google Play console! We had it fail 3 times for 2 different versions without any error messages.

Check the APK file details you should see the file size includes the expansion file size and see the filename of expansion file.

Official Google play apk expansion docs: https://developer.android.com/google/play/expansion-files.html