K. K.

Wagh Polytechnic, Nashik

Department of Computer Technology

Unit 6: Security and application deployment M:20

Relevant CO:
Publish Android Application on Google Play Store.
Contents:
6.1 SMS Telephony
6.2 Location Based Services
6.3 Adding markers, Getting location
6.4 Android Security Model
6.5 Application Deployment
6.1 SMS Telephony
• Android telephony system is a software framework that allow you to add services like voice call ,
video call, SMS, MMS, data service, network management etc. from within the app.
• The package that contains these services is android.telephony and includes classes like SMSManager,
TelephonyManager.
• Thus the Telephony class provides access to information about the telephony services on the
device.
• Applications can use the methods in this class to determine telephony services and states, as well as
to access some types of subscriber information.
• Applications can also register a listener to receive notification of telephony state changes.
Code to display phone information
TelephonyManager tm=(TelephonyManager)getSystemService(Context.TELEPHONY_SERVICE);

//Calling the methods of TelephonyManager that returns the information

String IMEINumber=tm.getDeviceId();
String subscriberID=tm.getDeviceId();
String SIMSerialNumber=tm.getSimSerialNumber();
String networkCountryISO=tm.getNetworkCountryIso();
String SIMCountryISO=tm.getSimCountryIso();
String softwareVersion=tm.getDeviceSoftwareVersion();
String voiceMailNumber=tm.getVoiceMailNumber();
Code to make a phonecall
String number=edittext1.getText().toString();
Intent callIntent = new Intent(Intent.ACTION_CALL);
callIntent.setData(Uri.parse("tel:"+number));
startActivity(callIntent);

//Permission to be added in Manifest File

<uses-permission android:name="android.permission.CALL_PHONE" />
Sending SMS using SMSManager Class
• We can send SMS in android via intent or making use
of SMSManager API
• SMSManager API contains the following method to send SMS
public void sendTextMessage (String destinationAddress, String scAddress,String text, PendingIntent sentIntent,
PendingIntent deliveryIntent, long messageId)
Here,

• Permission required to be added in Manifest.xml file

<uses-permission android:name="android.permission.SEND_SMS"/>
Sending SMS via Intent
• We can send sms in android via intent
String no=mobileno.getText().toString();
String msg=message.getText().toString();
//Getting intent and PendingIntent instance
Intent intent=new Intent(getApplicationContext(),MainActivity.class);
PendingIntent pi = PendingIntent.getActivity(getApplicationContext(), 0,
intent,0);

//Get the SmsManager instance and call the sendTextMessage method to send message
SmsManager sms=SmsManager.getDefault();
sms.sendTextMessage(no, null, msg, pi,null);
Toast.makeText(getApplicationContext(), "Message Sent successfully!",
Toast.LENGTH_LONG).show();
Sending email using Intent
• To send an email from application, you don’t have to implement an
email client from the beginning, but you can use an existing one like
the default Email app provided from Android, Gmail, Outlook, etc.
• For this purpose, we need to write an Activity that launches an email
client, using an implicit Intent with the right action and data.
Code to send email
String to=editTextTo.getText().toString();
String subject=editTextSubject.getText().toString();
String message=editTextMessage.getText().toString();
Intent email = new Intent(Intent.ACTION_SEND);
email.putExtra(Intent.EXTRA_EMAIL, new String[]{ to});
email.putExtra(Intent.EXTRA_SUBJECT, subject);
email.putExtra(Intent.EXTRA_TEXT, message);
//need this to prompts email client only
email.setType("message/rfc822");
startActivity(Intent.createChooser(email, "Choose an Email client :"));
6. 2 Location based services(Google Maps)
• Android provides facility to integrate Google map in our application.
• Google map displays your current location, navigate location direction,
search location etc.
• We can also customize Google map according to our requirement.
• Types of Google Maps
1. Normal: This type of map displays typical road map, natural features like river and
some features build by humans.
2. Hybrid: This type of map displays satellite photograph data with typical road maps.
It also displays road and feature labels.
3. Satellite: Satellite type displays satellite photograph data, but doesn't display road
and feature labels.
4. Terrain: This type displays photographic data. This includes colors, contour lines and
labels and perspective shading.
5. None: This type displays an empty grid with no tiles loaded.
Google maps API
• An API key is needed to access the Google Maps servers.

• This key is free and you can use it with any of your applications.

• In order to use the Google Maps API, you must register your

application on the Google Developer Console and enable the API

Creating project in google developer console
• Visit the Google Cloud Platform Console. Sign in with your gmail
account: https://console.developers.google.com/project
• Now create new project. You can create new project by clicking
on the Create Project button and give name to your project.

Prepared by M. D Patil
• Now click on APIs & Services and open Dashboard from it.

Prepared by M. D Patil
• In this open Enable API and Services.

Prepared by M. D Patil
• Now open Google Map Android API. and enable the Google Maps
Android API.

Prepared by M. D Patil
• Click the menu button and select APIs & Services > Credentials.

Prepared by M. D Patil
• On the Credentials page, click Create credentials > API key.

Prepared by M. D Patil
• The API key created dialog displays your newly created API key.
Copy the key and save for further use.

Prepared by M. D Patil
Adding maps API key to the application
In AndroidManifest.xml, add the following element as a child of the
<application> element, by inserting it just before the closing
</application> tag:
<meta-data
android:name="com.google.android.geo.API_KEY"
android:value="YOUR_API_KEY"/>

- In the value attribute, replace YOUR_API_KEY with your API key (the
encrypted string). This element sets the key
com.google.android.geo.API_KEY to the value of your API key.

Prepared by M. D Patil
Permissions required in manifest to show maps
Following permissions need to be added in the Manifest file

<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />

<uses-permission
android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.INTERNET"/>
Adding maps fragment to the project
• To get the GoogleMap object in our MapsActivity.java class we need to
implement the OnMapReadyCallback interface and override the onMapReady()
callback method.
• Code
// Obtain the SupportMapFragment and get notified when the map is ready to be used.
SupportMapFragment mapFragment = (SupportMapFragment) getSupportFragmentManager() .findFragmentById(R.id.map);
mapFragment.getMapAsync(this);

@Override public void onMapReady(GoogleMap googleMap) {

mMap = googleMap;

// Add a marker in Sydney and move the camera

LatLng sydney = new LatLng(-34, 151);
mMap.addMarker(new MarkerOptions().position(sydney).title("Marker in Sydney"));
mMap.moveCamera(CameraUpdateFactory.newLatLng(sydney));

}
Displaying zoom control on map
• The zoom level of the camera determines the scale of the map.
• At higher zoom levels more detail can be seen on the screen,
while at lower zoom levels more of the world can be seen on the
screen.
• The zoom level doesn't need to be an integer. The range of zoom
levels that the map permits depends on factors including location,
map type, and screen size.
• You can enable or disable the zoom gestures in the map as
Syntax :googleMap.getUiSettings().setZoomGesturesEnabled(true);
Navigating to specific location
• Use this intent to launch Google Maps navigation with turn-by-turn
directions to the address or coordinate specified. Directions are always given
from the user's current location.
google.navigation:q=a+street+address or
google.navigation:q=latitude,longitude
• The parameters that can be used with navigation are:
 q: Sets the end point for navigation searches. This value can be latitude, longitude
coordinates or a query formatted address. If it is a query string that returns more than
one result, the first result will be selected.
 mode: sets the method of transportation. Mode is optional, and can be set to one of:
• d for driving (default)
• b for bicycling
• l for two-wheeler
• w for walking
 avoid: sets features the route should try to avoid. Avoid is optional and can be set to
one or more of:
• t for tolls
• h for highways
• f for ferries
6. 3 Adding markers
• Markers identify locations on the map.
• The default marker uses a standard icon, common to the Google Maps look
and feel. It's possible to change the icon's color, image or anchor point
• Markers are objects of type Marker, and are added to the map with the
GoogleMap.addMarker(markerOptions) method.
• - Markers are designed to be interactive. They receive click events by default,
and are often used with event listeners to bring up info windows.
• - Setting a marker's draggable property to true allows the user to change the
position of the marker. Use a long press to activate the ability to move the
marker.
• - By default, when a user taps a marker, the map toolbar appears at the
bottom right of the map, giving the user quick access to the Google Maps
mobile app.
Example. Only in onMapReady method change the code as follows:
@Override
public void onMapReady(GoogleMap googleMap) {

googleMap.addMarker(new MarkerOptions()
.position(new LatLng(37.4233438,-122.0728817))
.title("LinkedIn")
);

googleMap.addMarker(new MarkerOptions()
.position(new LatLng(37.4629101,-122.2449094))
.title("Facebook")
.snippet("Facebook HQ: Menlo Park"));

googleMap.addMarker(new MarkerOptions()
.position(new LatLng(37.3092293,-122.1136845))
.title("Apple"));
}
6. 3 Getting location
• To get the current location we need to implement following interfaces and their callback
methods:
• Callback methods in Google Map
OnMapReadyCallback: This callback interface invokes when it instance is set on
MapFragment object. The onMapReady(GoogleMap) method of OnMapReadyCallback
interface is called when the map is ready to used. In the onMapReady(GoogleMap)
method we can add markers, listeners and other attributes.
LocationListener: This interface is used to receive notification when the device location
has changed. The abstract method of LocationListener onLocationChanged(Location) is
called when the location has changed.
GoogleApiClient.ConnectionCallbacks: This interface provide callbacks methods
onConnected(Bundle) and onConnectionSuspended(int) which are called when the device
is to connected and disconnected.
GoogleApiClient.OnConnectionFailedListener: This interface provide callbacks method
onConnectionFailed(ConnectionResult) which is called when there was an error in
connecting the device to the service.
The setMyLocationEnabled() method of GoogleMap is used to enable location layer,
which allows device to interact with current location.
Important methods of geocoder class
Return Type Method Name
NA Geocoder(Context context, Locale locale)
Use: Constructs a Geocoder whose responses will be localized for the given Locale.

NA  Geocoder(Context context)
Use:Constructs a Geocoder whose responses will be localized for the default system Locale.

List<Address>  getFromLocation(double latitude, double longitude, int maxResults)

 Use: Returns an array of Addresses that are known to describe the area immediately surrounding
the given latitude and longitude.

List<Address>  getFromLocationName(String locationName, int maxResults, double lowerLeftLatitude, double

lowerLeftLongitude, double upperRightLatitude, double upperRightLongitude)
 Use:Returns an array of Addresses that are known to describe the named location, which may be
a place name such as "Dalvik, Iceland", an address such as "1600 Amphitheatre Parkway,
Mountain View, CA", an airport code such as "SFO", etc

List<Address>  getFromLocationName(String locationName, int maxResults)

 Use: Returns an array of Addresses that are known to describe the named location, which may be
a place name such as "Dalvik, Iceland", an address such as "1600 Amphitheatre Parkway,
Mountain View, CA", an airport code such as "SFO", etc..

static boolean  isPresent()

 Use: Returns true if the Geocoder methods getFromLocation and getFromLocationName are
implemented.
Code for geocoding
Geocoder gc = new Geocoder(context);
if(gc.isPresent()){
List<Address> list = gc.getFromLocationName(“155 Park Theater, Palo
Alto, CA”, 1);
Address address = list.get(0);
double lat = address.getLatitude();
double lng = address.getLongitude();
}
Code for reverse geocoding
Geocoder gc = new Geocoder(context);
if(gc.isPresent()){
List<address> list = gc.getFromLocation(37.42279, -122.08506,1);
Address address = list.get(0);
StringBuffer str = new StringBuffer();
str.append(“Name: ” + address.getLocality() + “\n”);
str.append(“Sub-Admin Ares: ” + address.getSubAdminArea() + “\n”);
str.append(“Admin Area: ” + address.getAdminArea() + “\n”);
str.append(“Country: ” + address.getCountryName() + “\n”);
str.append(“Country Code: ” + address.getCountryCode() + “\n”);
String strAddress = str.toString();
}
Monitoring location
• Geofencing combines awareness of the user's current location with
awareness of the user's proximity to locations that may be of interest.
• To mark a location of interest, you specify its latitude and longitude.
• To adjust the proximity for the location, you add a radius. The latitude,
longitude, and radius define a geofence, creating a circular area, or fence,
around the location of interest.
• Geofences give devices the power to monitor a circular area in the world,
and let the device inform you whenever it enters or exits that area.
• Google's GeofencingApi can be used to implement geofences
• This APIs is part of Google's Location APIs. It includes Geofence,
GeofencingRequest, GeofenceApi, GeofencingEvent, and
GeofenceStatusCodes
6.4 Android Security:
Security Features provided by Android

• The platform offers an app environment that protects the confidentiality, integrity, and
availability of users, data, apps, the device, and the network.
• Robust security at the OS level through the Linux kernel
• Mandatory app sandbox for all apps
• Secure interprocess communication
• App signing
• App-defined and user-granted permissions
• The Android security team looks for potential vulnerabilities in apps and suggests ways to fix
those issues. For devices with Google Play, Play Services delivers security updates for critical
software libraries, such as OpenSSL, which is used to secure app communications
• Users are provided visibility into the permissions requested by each app and control over
those permissions
Security Model provided by android
• Design review: The Android security process begins early in the development lifecycle with the
creation of a rich and configurable security model and design. Each major feature of the platform is
reviewed by engineering and security resources, with appropriate security controls integrated into the
architecture of the system.
• Penetration testing and code review: During the development of the platform, Android-created and
open source components are subject to vigorous security reviews. These reviews are performed by the
Android Security Team, Google’s Information Security Engineering team, and independent security
consultants. The goal of these reviews is to identify weaknesses and possible vulnerabilities well
before major releases, and to simulate the types of analysis that are performed by external security
experts upon release.
• Open source and community review: Android enables broad security review by any interested party.
Android also uses open source technologies that have undergone significant external security review,
such as the Linux kernel. Google Play provides a forum for users and companies to provide information
about specific apps directly to users.
• Incident response: Even with these precautions, security issues may occur after shipping, which is why
the Android project has created a comprehensive security response process. Full-time Android security
team members monitor the Android-specific and the general security community for discussion of
potential vulnerabilities and review security bugs filed on the Android bug database. Upon the
discovery of legitimate issues, the Android team has a response process that enables the rapid
mitigation of vulnerabilities to ensure that potential risk to all Android users is minimized. These cloud-
supported responses can include updating the Android platform (AOSP updates), removing apps from
Google Play, and removing apps from devices in the field.
• Monthly security updates: The Android security team provides monthly updates to Google Android
devices and all our device manufacturing partners
6. 4 Permissions
• The purpose of a permission is to protect the privacy of an Android user.
• Android apps must request permission to access sensitive user data (such as
contacts and SMS), as well as certain system features (such as camera and
internet).
• Depending on the feature, the system might grant the permission
automatically or might prompt the user to approve the request.
• A central design point of the Android security architecture is that no app, by
default, has permission to perform any operations that would adversely
impact other apps, the operating system, or the user.
• This includes reading or writing the user's private data (such as contacts or
emails), reading or writing another app's files, performing network access,
keeping the device awake, and so on.
Declaring and Using Permissions
• Every Android app runs in a limited-access sandbox. If an app needs to use
resources or information outside of its own sandbox, the app has to request
the appropriate permission.
• You declare that your app needs a permission by listing the permission in the
app manifest file and then requesting that the user approve each permission
at runtime.
• On all versions of Android, to declare that your app needs a permission, put a
<uses-permission> element in your app manifest, as a child of the top-level
<manifest> element.
• The system's behaviour after you declare a permission depends on how
sensitive the permission is. Some permissions are considered "normal" so
the system immediately grants them upon installation. Other permissions are
considered "dangerous" so the user must explicitly grant your app access.
• If your app lists normal permissions in its manifest (that is, permissions that don't pose
much risk to the user's privacy or the device's operation), the system automatically
grants those permissions to your app.
• If your app lists dangerous permissions in its manifest (that is, permissions that could
potentially affect the user's privacy or the device's normal operation), the user must
explicitly agree to grant those permissions.
• The dangerous permissions require user agreement. In order to
get user agreement. The way Android asks the user to grant
dangerous permissions depends on the version of Android
running on the user's device, and the system version targeted by
your app

• Runtime requests: If the device is running Android 6.0 (API level 23) or higher, and the
app's targetSdkVersion is 23 or higher, the user isn't notified of any app permissions at
install time. Your app must ask the user to grant the dangerous permissions at runtime.

• Install-time requests : If the device is running Android 5.1.1 (API level 22) or lower, or
the app's targetSdkVersion is 22 or lower while running on any version of Android, the
system automatically asks the user to grant all dangerous permissions for your app at
install-time
Custom permissions
• Android is a privilege-separated operating system, in which each
app is given a distinct system identity. Parts of the system are
also separated into distinct identities. Linux thereby isolates apps
from each other and from the system.
• Thus if apps wants to expose their functionality to other apps,
they can define their own permissions which can be requested by
other apps. They can also define permissions which are
automatically made available to any other apps which are signed
with the same certificate. Such permissions are called as custom
permissions.
• To enforce your own permissions, you must first declare them in
your AndroidManifest.xml using one or more <permission>
elements.
Declaring a custom permission
<manifest
xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.myapp" >
<permission
android:name="com.example.myapp.permission.DEADLY_ACTIVITY"
android:label="@string/permlab_deadlyActivity"
android:description="@string/permdesc_deadlyActivity"
android:permissionGroup="android.permission-group.COST_MONEY"
android:protectionLevel="dangerous" />
...
</manifest>

Here,
- protectionLevel attribute: It is a required attribute and it tells the system how the user is to be
informed of apps requiring the permission, or who is allowed to hold that permission
- permissionGroup attribute: It is optional, and only used to help the system display permissions to
the user. In most cases you should set this to a standard system group.
-label and description for the permission are string resources that the user can see when they are
viewing a list of permissions (android:label) or details on a single permission (android:description).
6. 5 Android app deployment
• Android application deployment is the process that makes your
Android applications available to users.
• It consists of the following basic steps:
1. Creating small application
2. Signing of application
3. Deploying app on Google Play Store
4. Become a publisher
5. Analyze the app using developer console
Creating android app
• You can create your android application using any of the IDE's like
Android Studio/Eclipse/Visual Studio.

• Follow the steps and create your Project for a suitable idea
Signing of application
• Android requires that all APKs be digitally signed with a certificate
before they are installed on a device or updated. If you use Android
App Bundles, you need to sign only your app bundle before you
upload it to the Play Console, and app signing by Google Play takes
care of the rest.
Steps to sign an app using android studio
• In the menu bar, click Build > Build > Generate Signed Bundle/APK
and follow the steps
• Below the field for Key store path, click Create new.
• On the New Key Store window, provide the following information
for your keystore and key. If you already have an existing key, use
it to sign your app

Prepared by M. D Patil
• Select the type of APK that you want to build(either release or
debug) and click on Finish.
6. 5 Deploying app on play store
• Step 1: First generate signed apk of your Android App to publish it on Play Store.
• Step 2: Now you will need to sign up for Google Play Console to publish and manage your Android
App. You can signup with this link https://play.google.com/apps/publish/
• Step 3: Login with your Gmail account that you want to use for publishing App on Play Store.
• Step 4: After reading the Google play store developer distribution agreement agree to their terms by
clicking on check box

Prepared by M. D Patil
• Step 5: Now you will need to pay one time ‘Developer Registration Fee’ of $25 to Google.
Please fill your credit card details to make the payment. You can upload unlimited number of
Android App on Play store from single account with a limit of uploading 15 apk/day
• Step 6: Complete your account details for Google developer
account.
• Step 7: Now click on Create Application
• Step 8: Enter the name of your App.
• Step 09: Now fill store listing details of your App which include
Title, Short description, and Full description.
• Step 10: After this you need to put some App screenshots here.
The minimum required are 2 screenshots and maximum limit is 8.
• Step 11: After screenshot now you need to put a high Resolution
icon or logo with a size of 512 * 512 pixel. This will be displayed
on Play Store. After that another mandatory thing is you need to
put a feature graphic of 1024 * 500 pixel dimension.
• Step 12: Now scroll down and fill other details which include
application type, category, website, email and phone no. After
this check privacy policy because now we are not submitting and
then click on save draft. If your App require user permission then
it is mandatory to put privacy url.Click on Save Draft to save your
work so far
• Step 13: After saving data on draft now go to app release and
click on manage production.

• Step 14: Now you will see create release now click on it.

• Step 15: After click on create release you will see browse files click
on it and upload your signed APK.
• Step 16: Once the upload is successful then scroll down and click
on review to check.

• Step 17: Now go to Content Rating and click on continue.

• Step 18: Fill details which include email address and select your
categories.

• Step 19: Now click on apply rating.

• Step 21: Click on pricing and distribution and select free/paid
based on how you want user to access your App.

• Step 22: Now scroll down and see mandatory things with * you
need to select After this click on save draft .
• Step 23: Now Click on ready on publish along with save draft and
click on Manage release.
• Step 24: Click on Manage Production.

• Step 25: After Manage production click on edit release

• Step 26: Now click on review.

• Step 28: After review click on Start Rollout to production. Now
you need to confirm. After confirm you will need to wait for one
or six hour for approval
Becoming a Publisher
• Publishing is the general process that makes your Android
applications available to users. When you publish an Android
application you perform two main tasks:

1. You prepare the application for release: During the preparation step
you build a release version of your application, which users can
download and install on their Android-powered devices.

2. You release the application to users: During the release step you
publicize, sell, and distribute the release version of your application to
users.
Prepare the application for release

• Preparing your application for release is a multi-step process that

involves the following tasks:
• Configuring your application for release : It includes actions like remove Log
calls , providing values for version code, version name.
• Building and signing a release version of your application.
• Testing the release version of your application.
• Updating application resources for release.
• Preparing remote servers and services that your application depends on.
Release the application to users
• You can release your Android applications several ways. Usually, you release
applications through an application marketplace such as Google Play, but you can
also release applications on your own website or by sending an application
directly to a user.
• Releasing through an app marketplace
• If you want to distribute your apps to the broadest possible audience, releasing through an
app marketplace such as Google Play is ideal.
• Google Play is the premier marketplace for Android apps and is particularly useful if you want
to distribute your applications to a large global audience. However, you can distribute your
apps through any app marketplace you want or you can use multiple marketplaces.
• If you do not want to release your app on a marketplace like Google Play, you can
make the app available for download on your own website or server, including on
a private or enterprise server. To do this, you must first prepare your application
for release in the normal way. Then all you need to do is host the release-ready
APK file on your website and provide a download link to users.
Developer Console
• To publish Android apps on Google Play, you need to create a Google Play Developer account.
• If you need to update your Google Play developer account information, you can make changes using
the Play Console/ Developer Console
• Developer Console home page gives you a quick overview of your apps, lets you jump to stats, reviews,
or product details, or upload a new app.

Prepared by M. D Patil
Features of developer console
• Your Developer Profile : Your developer profile identifies you to Google Play
and to your customers. It contains developer name, developer contact info,
merchant info, developer public key
• Multiple user accounts : If you are working with a team, you can set up
multiple user accounts to access different parts of your Developer Console.
• Linking your Merchant Account: If you want to sell apps or in-app products,
you can link your Google Checkout Merchant account to your developer
profile.
• Product and listing details: The Developer Console lets you set up a colorful
storefront page for your app called the product details page. Your product
details page is the home for your app in Google Play — it's the page users see
on their mobile phones or on the web when they want to learn about your
app and download it
• Uploading and publishing: From the Developer Console you can quickly upload a release-
ready APK and publish it when you're ready.
• Distribution Controls: In the Developer Console you can manage what countries and
territories the app is distributed to and, for some countries, you can choose what carriers
you want to target.
• Selling and pricing your Products: The Developer Console gives you tools to set prices for
your apps and in-app products. Your app can either be free to download or priced (charged
before download).
• In-app Billing : In-app Billing is a Google Play service that lets you monetize your apps in
more ways by selling in-app products and subscriptions. In-app products are one-time
purchases, while subscriptions are recurring charges on an monthly or annual basis.
• User reviews and error reports: Google Play makes it easy for users to submit reviews of
your app for the benefit of other users.
• App statistics: The Developer Console gives you detailed statistics on the install
performance of your app.You can view installations of your app measured by unique users,
as well as by unique devices.
Thank You