We’ve got 2021 and if you are an Android Developer you need to know a few things that are going to change really soon.
There are new guidelines for using background location in Android apps. If you want to use this permission in your app you’ll need to submit a special Permissions Declarations Form in Google Play Store.
App published before April 16, 2020 – Submit a compliant version of your app by March 29, 2021
Apps published after April 16, 2020 – Submit a compliant version of your app by January 18, 2021
I decided to write this blog post because the whole process of preparing your app for this is not obvious. It took some time for me to understand how Google wants you to prepare your app for this and what steps you need to take before sending the form in the Play Store.
Google Play Policy – Declared permissions and in-app disclosures
Start from reading official docs and just take a look at video posted at Android Developers channel.
Before sending the form
Check if you really need this permission. In my opinion in most cases you don’t need it. Setting GPS permission to “While app in use” should work for most apps.
Make sure you’ve added prominent disclosure and runtime permission (with user consent) Usage of the location should be clear for user but we’ll stop here because in most cases your app can be rejected because of missing proper disclosure
Prepare a video of yourself app showing the usage of that feature. Prominent disclosure should be also visible on your video.
Location permissions form
Here’s the form. Prepare a short description of your app and how you want to use background location access and why you need it.
If something is wrong you’ll get an answer from Google the same day (of course this can vary). We tried that in November 2020 (maybe in 2021 when you got the deadline the approval/rejection time can be longer).
Let’s talk about rejections. I sent this form a few times (I was sure I prepared my app properly but there was always something missing). It looks like we didn’t get the clear point how this should be done. I contacted many other developers also trying to fill that form and they’d also been rejected
In our case, using background location is needed for one feature. We don’t need a background location from all users, we also don’t want to ask for a background location if we don’t need to.
So we decided to do it like this:
Add special disclosure before turning on feature that needs to use background location
We added a new fullscreen fragment showing all the info – why we need that permission and how it is used.
We added suggested flow to ask for Background Location permission
We don’t ask for background location permission if we don’t have to.
For us it was something obvious and we were pretty sure this would work. We don’t ask for that permission if we don’t need to use it.
Our review team must be able to verify the feature’s functionality in your app. If your feature is not visible to the user then you must demonstrate its functionality in your submitted video. Your video should show the in-app feature’s functionality using location in the background and how a user would trigger the prominent disclosure, runtime permission (with user consent), and the declared feature. If your feature’s functionality is not directly visible to the user, then you will need to show us its functionality in a video showing the in-app experience (e.g. notifying the user of a fraud alert). Please modify your video to demonstrate the declared feature for which you are requesting access to location in the background, and resubmit your declaration form via the Play Console
It wasn’t clear for us what was wrong. We understood that the video wasn’t right and using the feature wasn’t obvious.
We recorded new, resubmitted the form again with a new video but the answer was the same. Status: REJECTED
After sending appeal to our case we got more detailed rejection status.
Prominent disclosure not foundYour app must display a prominent disclosure through a pop-up alert before your app’s location runtime permission. Based on our review, a prominent disclosure did not appear before the runtime permission. Please add a prominent disclosure before the runtime permission.Remember, your prominent disclosure must:Appear before your app’s location runtime permission.Include at least the following sentence, adapted to include all the relevant features requesting access to location in the background in the app that are readily visible to the user: “This app collects location data to enable [“feature”], [“feature”], & [“feature”] even when the app is closed or not in use.” If you extend permitted usage to ads, please also include: “This data is also used to provide ads/support advertising/support ads.”Include any other details necessary to make it clear to the user how and why you are using location in the background. While additional content is permitted, it should not cause the required content to not be immediately visible.
It was missing the point. But let’s stop here for a while. I talked with many devs trying to pass this location form and in most cases the proper way of showing prominent disclosure was the problem. This reply from Google is telling exactly what you need to do.
So let’s get back to our case. This approach in our case was WRONG:
Home screen. We didn’t ask for background permission if we didn’t have to.
There was one feature that could use standard location access (while the app is open). We didn’t ask for background permission so there was no disclosure about it.
When the user was trying to use a feature that is using background location access – we created a separate fragment showing disclosure, telling him why, we used proper scope for asking for this permission (recommended by Google for Android 11).
User approved this permission for this feature – the feature is ready to go.
As I know, many devs were trying to use it just just like that. You won’t be accepted if you have scope like this in your app.
You should do something like this
To pass Google Play Store review you need to have prominent disclosure before asking for ANY location access. That’s the change we made. We left the second consent screen before turning on features that need to use background location access (we want to be transparent for users).
In the disclosure we wrote how we use location in general and we mentioned features. We said that most features don’t need to use background location and you won’t be asking for it if we don’t need it but you should be aware that if you want to use (in our case) GPS recording feature – you need to allow background location permission. And later we’ve got recommended scope for asking for it.
Keep in mind your use case can vary. If you are using ads – you need also put this information in that disclosure (we don’t use ads or Advertisement ID).
Verify if you really need background permission access. You can still use foreground service for location (if you are not starting it from the broadcast receiver or any other background process). In that case foreground service is becoming background service and you need this permission.
Show proper dialog telling how you use location in your app. Do it always before asking for any location permission.
Record a short video (required by the form) showing your feature. Disclosure dialog should be also visible on the video.
We started working with the form in October 2020 so it was just after Google released it. Like I said before, because this is manual review, this process may vary for you. Your use case can be different but many developers were missing proper disclosure.
Android 11 is officially out! There are many changes related to privacy you should know about and it’s good to check your apps for potential flaws. It’s also good to know what are the current platform restrictions.
I’d like to focus on important change in Android 11 that can affect your app if you are using location and foreground service. What’s important, it doesn’t matter if you are targeting your app to API29 or to the latest API30. If you are using device with Android 11 it’s also good to know how to deal with location permissions and when your app can be blocked.
To support the additional control that users have over an app’s access to location information, Android 10 introduces the ACCESS_BACKGROUND_LOCATION permission.
Unlike the ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION permissions, the ACCESS_BACKGROUND_LOCATION permission only affects an app’s access to location when it runs in the background. An app is considered to be accessing location in the background unless one of the following conditions is satisfied:
An activity belonging to the app is visible.
The app is running a foreground service that has declared a foreground service type of location.To declare the foreground service type for a service in your app, set your app’s targetSdkVersion or compileSdkVersion to 29 or higher. Learn more about how foreground services can continue user-initiated actions that require access to location.
TL;DR: It’s clear. You can use location in the app only when you are showing the user your app, user can see what’s going on and is aware of that. That’s why foreground service type was introduced.
Use case: GPS Tracker
Let’s talk about real example here. I’m working on an app that is recording trips (routes) with GPS. Change that was made in Android 10 wasn’t problematic for us. We are always showing user some UI that the app is working – notification (so we run foreground service working with active notification)
No. We are showing notification to the user, user can see that the app is working, everything is fine. And we are asking only for location Allow only while using the app. We don’t need background permission. That’s great!
Auto trip recording
In our app we have some feature called “autostart“. User can start recording automatically. For example when entering their vehicle. Simple BROADCAST RECEIVER matched with Bluetooth.
You can set this up. When you are connected to some BT device, app is starting recording route. We are starting foreground service, showing info to user.
Android 10: No. Start foreground service, get location with foreground service.
Android 11: Yes. You can’t use location even with foreground service when it was started by BROADCAST_RECEIVER. Broadcast Receiver for Android 11 is background process.
When trying to start foreground service with Broadcast Receiver you’ll get this error:
Foreground service started from background can not have location
Solution: You need to get ACCESS_BACKGROUND_LOCATION for your app. Even when using foreground service. The same foreground service will work without having this permission if user stars it manually from your app (e.g. clicking record button in your app).
Changes in Android 11
At Android Developers Summit ’19Dianne Hackborn said that “Abusing foreground services is becoming big issue and we have to do step to address that…“
I believe that in most cases you don’t need ACCESS_BACKGROUND_LOCATION for your app. It’s always good to analyse your needs here. If you need it for your use case – be aware of other changes here. You can’t ask for this permission directly. And this is another big change in Android 11.
I was attending Android Dev Summit 2019 in Sunnyvale and I’d like to share my thoughts after the event. It’s my small recap of my experience. But let’s start from the beginning.
Android Dev Summit and Google I/O. Why do we need two Android events from Google?
You can’t compare these two events. They are completely different. I’m starting from this because I know that in #androiddev community it’s not obvious why do we have Android Dev Summit and why it’s not a part of Google I/O.
I’ve also been to Google I/O so I can tell the difference from my own experience.
Google I/O is probably the developer conference (especially if you are into Google’s technologies) but it’s more like a festival. I can’t compare this event to any other event I’ve been to but if you are a developer and you are focused around Google’s technologies – it’s like being at the best music festival with your favorite lineup.
If you are Android developer – Google I/O is important, but it’s focused on announcements. Of course you’ve got access to Googlers (networking is another best thing I can think of) but it’s not focused only on Android and it’s future.
Android Dev Summit is a conference focused only on Android, its framework and future. It’s organised by people directly involved in the Android development. You’ve got access to Googlers directly working on Android and all its parts (Jetpack, Play Store, Android Studio, Android for Cars…). It’s 2-day event and the goal here is to invite Android developers and give them deep technical talks about platform and coming changes to the platform. Also it’s the right moment to get feedback from them. This is important, I was surprised how all teams are open here and waiting for your feedback (greetings to Ian Lake)
For almost two days you’ve got access (Office hours) to all Android teams waiting for your questions.
If you are not attending the event in person – don’t worry – keynote is live streamed on YouTube and all other talks are shared on YouTube few days after the event. It’s one week since the event and you can already watch them here (all Android Dev Summit 2019 sessions)
Just like at Google I/O – it’s a good place to meet (new) people know only from the internet. A lot of GDEs (Google Developer Experts) and people working in companies located in Sillicon Valley area.
Breaks between talks were also really awesome – it was a perfect moment to share and exchange your thoughts with others about the topic.
Let’s get back to the main topic – Android
My favorite points from Android Dev Summit 2019
This part is especially for Android developers. I’ll skip keynote here but I think you should start watching talks from ADS from keynote to have a better overview.
If you are Android Developer, make sure to watch this:
Jetpack Compose I think everyone is following this topic and if you are Android developer you should know it’s the future. It’s good to know about upcoming changes here
Preparing for Scoped Storage This is a really big change in Android. I’m not sure why it is ignored by many Android developers. Make sure to watch this video and think how you should change your app to be ready for this. In my opinion it’s one of the biggest changes coming to Android. I don’t feel comfortable here with new APIs and I hope Google will give us more examples how we should use it and which API (this is my main concern).
Motion Layout Make sure to watch to this session (“What’s New in Android Studio Design Tools”). I think this is huge!
Understanding Compose Interesting, deep technical talk I didn’t understand when I was there. I needed to watch it again and probably I’ll do it again. I think it can be a game changer and we’ll see more talks about it on Android conferences.
Developing Themes with Style Crash course in themes and styles. And if you know it’s made by Nick Butcher and Chris Banes – you know it’s gonna be good. And it was it. One of my favorites.
What’s new in Android Studio 4.x I think it’s important to watch this session. Probably you are not using canary versions in Production but make sure you watch this to see what new tools you’ll get it.
An Opinionated Guide to Dependency Injection on Android OK, maybe it wasn’t real deep technical talk but you’ll learn here what’s the future of DI in Android and why you should still stick with Dagger. This is a good thing. I was waiting for this. TL;DR: Google knows dagger.android wasn’t the best thing they made for Android and in future they’ll try to give us better solution here. No details. I think we need to wait a while for more detailed info. PS. There is new codelab from Google for Dagger
If you are into Android development make sure to watch sessions from this event. Simply start from the keynote.
Report bug, use official issue tracker
This is something I also learned there. Google is listening to your feedback and there’s no better way of reporting it than official issue tracker.
If you think they are not reading it – you are wrong! It’s reporting issues on Twitter that is not working 😉
Android Auto / Android for Cars
I was looking forward to see some news regarding Android Auto / Android for Cars. Unfortunately, no news here. There was no Android Auto team present. There was only Android for Cars team presenting latest version of Android for Cars in Volvo XC40. But still the platform is closed for third party apps (other than multimedia and instant messaging).
I’m starting Android Series on my blog (yay!). Today I’d like to focus on a news that was announced by Google 2 weeks ago and I feel that this post from official Andoid Developers Blog didn’t get much attention.
I talked with many Android developers on many events and I know how approach for maintaining code can vary. In most cases on conferences we are focusing on technology, technical stuff and we forgot about quality. Don’t get me wrong, I know that Google is trying to change this situation. I’ve been to Google I/O 2018 and I was talking with Googlers about it but I saw also that many developers are more exited about technical news from Android’s world and they didn’t get much attention to this topic. It is worth to mention that new technical stuff we got from Google like Android Jetpack, Architecture Components – they are also here to help us to improve the quality – better architecture – more solid app, less crashes, better performance (so this is connected).
What’s “the quality” in Android’s world?
Posted by Paul Bankhead, Director, Product Management, Google Play
Over the last year, we’ve been enhancing our search and discovery algorithms’ consideration of app quality and user engagement. This means that apps and games that have high retention rates, low crash rates, low uninstalls, and many other factors, are recommended more often.
Recently, we increased the importance of engagement and app quality in our recommendation systems and users reacted favorably to the changes. With more high quality titles being surfaced in the Play Store’s recommendations, people are playing the games they download more often.
Paul Bankhead briefly listed factors that affect the quality of Android applications. We heard in the past that stability and performance is a factor when you are thinking about ASO (App Store Optimization). Now it is more clear what does it mean and we know that Google is already using this factor to filter search results at Play Store (search results, recommendations…). You want more downloads for your app? Make your app stable and don’t forget about performance.
Android Vitals to the rescue!
You’ll find Android Vitals in Google Play Console.
Android vitals is an initiative by Google to improve the stability and performance of Android devices. When an opted-in user runs your app, their Android device logs various metrics, including data about app stability, app startup time, battery usage, render time, and permission denials. The Google Play Console aggregates this data and displays it in the Android vitals dashboard.
Do you care about high retention or low uninstall rate as a developer? Probably you are focusing on crashes, ANRs mainly. It’s not enough right now. You could miss some important factors you’ll find in Android Vitals. It’s easier to understand this when you are working on your app for many years. You’ll see then also that in many cases fixing/improving Android Vitals can be a long term process.
You could say that’s it’s not your problem as a developer – retention, number of downloads – it’s marketing or maybe product owner should care about this. Maybe, but right now you should be aware that with Android vitals as a factor in Play Store you are also responsible for this. All sides of a project should have this knowledge. Product manager was ignoring your suggestions about this? Tasks related with performance were moved to low priority queue? Right now maybe you should change your way of dealing with it. Especially when the app is your business.
If you are a developer don’t focus only on problems mentioned for example in Crashlytics console. Be aware about Androd vitals. I hope that Google in future will move some information from vistals to Crashlytics console.
I started writing more detailed article about Vitals but in my opinion Wojtek Kaliciński’s treatment of the subject is exhaustive. Wojtek posted two great articles about Android Vitals and you should read it:
You are reading this post thanks to Google Cloud. To be honest, I’ve installed this blog “unexpectedly” while testing some features of Google Cloud. Possibility to try WordPress using Google Cloud pushed me finally to fill my empty domain with this blog. It took me just a few minutes.
Few words about Google Cloud
Google Cloud Platform, offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search and YouTube. Alongside a set of management tools, it provides a series of modular cloud services including computing, data storage, data analytics and machine learning (Wikipedia)
You can install WordPress in Google Cloud in a few minutes. WordPress is a part of Compute Engine in Google Cloud. If you want to try it just use Cloud Launcher. You’ll find there WordPress icon.
Using this method you can install WordPress in a few minutes. It will deploy new virtual machine and after few minutes you’ll get web server with WordPress installation. In Google Cloud console you’ll find all credentials (access to SSH, mysql access, PhpMyAdmin, WordPress generated passwords etc).
With recommended WordPress installation you’ll get virtual machine with Apache HTTP Server 2.4.+, MySQL 5.5.+
and PHP 5.6.+. Quick tip, you can use also virtual machine with WordPress certified by Bitnami which is using for example newer version of MySQL 5.7 and PHP7. It is also cheaper but we’ll talk about prices later.
How to install WordPress in Google Cloud
Let’s start from the beginning and install WordPress certified by Bitnami
Click Launch on Compute Engine. You should see the form that is visible on the screenshot below. You’ll see there also price estimation (and like I said, we’ll get to this point (pricing) later. Just make sure to select us-centra1-f and small machine.
Machine type small will give you 1 shared vCPU and 1.7GB which is OK for simple blog. I tried micro (1 shared vCPU, 0.6 GB memory, f1-micro) but this machine was to weak to run my blog without problems. It was working but I’ve got problems with database connections, editing posts sometimes. Just go with small plan at start.
Click deploy and you’ll see that Google is preparing your machine
It will took just a minute and you’ll get all info you need to login to your WordPress installation.
And it’s done! You’ll get URL to your machine and WordPress running. All you need to do right now it to redirect your domain to this URL. Simple, right? With Bitnami version of WordPress you’ll get installation with
Configure your domain and SSL certificate
I’ve create seperate blog post how to get SSL (HTTPS) for your blog for free with Cloudflare: How to get free SSL certificate (HTTPS) for free? If you want to use Cloudflare it’s good to install Cloudflare plugin to your WordPress instance before activating SSL on your domain. This should fix issues with potential redirect loop.
Benefits of hosting your blog on Google Cloud
As always, there are pros and cons. Let’s start from good things.
Scalability With cloud you are paying for the CPU usage/traffic. If you are running site with big traffic – it can be quite a good choice.
If you want to change defaults (Apache, PHP parameters etc), some server settings, it’s not always possible when you are at shared hosting provider. You have the complete control over what you want to do with your machine instance. You don’t have to depend on a single shared server to host your site.
I don’t want to put “pricing” to cons (right now). For small blog, probably it’ll be much more expensive than a standard shared hosting you can get. Let’s be honest – Google Cloud wasn’t created only to serve WordPress blogs and it’s not the best example to showcase it.
I want to git it a try for a few months and we’ll see. Right now with small machine current pricing plan is not the cheapest solution you can get. I read that it’s possible to optimize g1-micro virtual machine for sites like this (with very low traffic).
I switched to micro plan and I’m able to host my blog without any cost right now.
If you are setting up any website today SSL certificate (https://) is a must have. July 2018 will be a game changer and you should be prepared for this date.
While I work in mobile right today I’m getting questions about this because I spent many years working with web and still I’m trying to be up-to-date with new web technologies and trends. This kind of knowledge is also very useful in mobile because web and mobile are connected and this connection in my opinion is getting closer and closer (see PWA, Instant Apps, Flutter…).
(Let’s get to the point) Let’s say you’ve got website without SSL (HTTP) and you are afraid you’ll get some penalty for not having SSL. Is this true? What will happen in July 2018?
For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.
What is also important, this will be additional factor for Google Search results (SEO). If you want to keep top positions in Google’s search results – keep it in mind.
How to add SSL (HTTPS) to my site?
Let’s just simplify this:
You can probably buy SSL certificate at your hosting provider (as your hosting provider)
You can get free certificate from https://letsencrypt.org/ and install it on your server (ask your hosting provider how to do it and what is important – ask if this is possible. I know that not all hosting providers are allowing to do that – because for example they want to sell you one…)
Use Crowdflare service for free and move your website to HTTPS in a minute
I’d like to focus on Cloudflare
Cloudflare provides content delivery network services, DDoS mitigation, Internet security and distributed domain name server services, sitting between the visitor and the Cloudflare user’s hosting provider, acting as a reverse proxy for websites.
It may sound like a sponsored article but it’s not. Cloudflare is really great service that can help you in many ways:
Stop attacks directed at a website
Dynamically modify content in order to improve performance
Insert applications into web pages
Provide rich analytics on all the requests to your website
Automatically determine what objects are static and cacheable at the network’s edge without any user configuration
Provide a network gateway between protocols like IPv6 \<-> IPv4
Make installing SSL flexible and one-click easy
And many more things a traditional CDN can’t provide….
How to set up your domain with Cloudflare?
Read this FAQ tutorial to know how to move your domain to Cloudflare. This is starting point for the service. Once you have it – you can try to use and test it’s features. Just start with Free service
Once you have. Your domain is active at Cloudflare. How to turn on SSL?
Just go to Crypto tab and enable SSL (Flexible can be good start point, for blog, landing page – you can start using it without a problems)
Is that all?
Just check your website and other option in Crypto
If you have mixed content you want to enable also Automatic HTTPS Rewrites and if you want to make HTTPS your default URL Always use HTTPS
That’s it. Check your website, you should see SSL confirmation
So it’s just a friendly reminder for July 2018 and make your users more secure.