Tuesday, January 25, 2011

Report on AnDevCon II

Last week I was at AnDevCon II.  This blog entry summarises my thoughts about the event.


Some of the classes covered a lot of technical detail in a short time, and some seemed to be a bit light on technical detail.  Overall I think the level was pitched just right so that most of the audience got the most out of the conference.

I was impressed with the amount of attention to security and testing - in the number of classes and the high attendances - and the representation by exhibitors. 

I'm not going to list all the classes I went to because there were four a day for four days (minus a few) so this will just be a long list.  Instead I'll just describe the highlights.  Each time-slot had 5-7 classes, so obviously I can only talk about the ones I went to.



Donn Felker's class on Tablet Programming was a bit slow at a technical level, but it was a nice introduction to show a practical example of Fragments and the Action Bar that were introduced in Honeycomb and made available in the compatibility library (AKA support package) for use in earlier API versions.  Fragments are reusable UI components so that you can easily design a phone and tablet layout without too much extra effort.  The Action Bar seems to be just a combination of a TabHost and a Menu.  Since all of these components are very close to what your app already does, and they're available in the compatibility library, you might just as well use them with almost no extra effort and get ahead with you future-proofing.
More about Fragments later...
The other point Donn made about tablets is that you should pay attention to where you put user input elements, eg buttons.  On a phone you can pretty much reach the whole screen with equal ease using your thumbs, regardless of whether you're left- or right-handed.  On a tablet this is not the case.



Manfred Moser gave a very nice overview of many test automation and continuous integration frameworks.  He was very knowledgeable, and the main thing I learned from his talk is that there are many different types of testing and you should use more than one so that you cover different test scenarios - Android unit testing, JVM unit testing, scripted automation testing, Monkey testing.  And within those categories there's more choices.  Manfred also gave a good description of the Hudson Continuous Integration tool, and explained that once you've set it up it's also not so difficult to try some other CI tools.



Kirill Grouchnikov gave a keynote speech and a technical class about User eXperience.  His point was that you should make slightly different design for the main UI components and arrange them depending on the screen size.  Of course he focused on Android and Fragments, but the same applies to any kind of GUI, and he also showed how the same principle applies to web design.  As an example, the Google I/O scheduler uses one or two columns, depending on the amount of available width.
The point at which it switches between one or two (or three) columns - the switch point - should be chosen according to the amount of space needed for your specific content, and not according to a "tablet", "phone" and "desktop" design.  For example if your menu needs 200px to look good and your main content needs 400px then your switch point would be 600px.  Rather than saying a tablet has a width of 600px and then also trying to squeeze the same design into portrait mode.  Within the 600px layout, you can then scale up in whichever way you like using the additional width above 600px.  You should also have a maximum width - don't try and use all available width just because it's there.  If your content is too wide then there's too much white space and it's difficult for your eye to scan across to the next line.




Nathan Mellor's talk on Marketing for Independent Developers was much the same line I've been hearing for a while now, about how to make a business out of optimising Google keyword search.  This is a story that I first read seriously in Rob Walling's book, and have heard many times since, eg from Mixergy.  It seems to be working for these people, but it basically means stop developing and spend your time on marketing.



The next notable class was Aleksandar (Saša) Gargenta's class on security.  This was very well attended and was received well.  It's encouraging that (good) Android developers appreciate the importance of security.  He covered the Android security very thoroughly, and described which components are responsible for which parts of the security.



Mike Burton gave a detailed class showing how to use RoboGuice.  This looks like a really good Dependency Injection framework for Android.  It allows you to keep your Android-specific classes simple and put all your real code in Android-agnostic classes.  This has three very powerful benefits:
  1. RoboGuice handles the Android lifecycle (eg removing references when no longer needed)
  2. Most of your code is in POJO's so you can use the wide range of generic Java unit testing tools, such as Mockito
  3. You can prevent memory leaks by reducing dependencies

Romain Guy and Chet Haase gave a good class entitled "Sticky GUIs" all about fine-tuning performance.  Mostly they were talking about the last few microseconds of performance, but one bigger and cheaper gain is to use the new GridLayout in ICS.  For backward compatibility, it may be in the support library, or if not then you can just get the source.



The last class of the conference was Android app security by Tyler Shields of Veracode.  The main security flaws are:

  • hardcoded passwords - can be discovered by analysing apk
  • unsafe data transmission - private data sent unsecured over insecure network
  • unsafe data write to disk - private data written to insecure disk location
  • data exfiltration - reading private data and transmitting it outside the secure zone

He specifically highlighted the risk of using third party libraries because you don't know what they do unless you're able to do a detailed analysis.  Code reuse is risk transference - you're trusting third parties libraries not to do anything malicious - if they do then you take the blame.  Of course he mentioned that Veracode is able to do a detailed analysis of an apk to see what private data it's accessing and what it's doing with it.


There were several keynotes throughout the conference.  Some were just marketing pitches.  Most of them were entertaining.  The Google guys also gave classes as well as the keynotes.  The only one other one worth mentioning that I haven't mentioned elsewhere was from Sam Gigliotti of Amazon.  I learned some new phrases: idempotence and Brewers CAP theorem.





As well as the classes and keynotes, there was also a large exhibition hall where I had a chance to speak to lots of interesting vendors and see what they had to offer.  The ones that most caught my attention are these (in alphabetical order):



Apkudo - they have 289 Android devices that you can use to perform Monkey testing. They also gave a sponsored class on the last day of the conference to explain more about it. They only do Monkey, but as they explained in the class, most developers do no automated testing, so Monkey is better than nothing. In fact it's quite a lot better than nothing. apkudo "will always be free".

Barnes & Noble's tablet was pretty cool. They've got a nice market as well.

Crittercism make a jar that you can plug into your app to provide advanced crash reporting.

FoneMonkey looks like a really good automation testing tool that has a GUI that looks just like Selenium.

OpenLogic provide a service to scan and certify open source software, following on from what was said in the Veracode class I mentioned above.

Rhomobile were one of many vendors providing "write once build anywhere" solutions. You write your apps in HTML and it gets built into Android, iPhone, etc. I didn't really investigate the others, so maybe they all do this, but what I liked about this solution is that the apps are styled according to the platform, not just a generic app.

Testdroid is good for recording automation tests and then running them on real devices. They haven't got so many devices at the moment, but I assume they'll increase.

WIMM Labs had a really cool, tiny Android device. It's small enough to be a wristwatch, although it could also be a attached to a bike or something similar. It's water proof - you can't go swimming with it, but you can go out in the rain. It has WiFi, GPS, and a surprising amount of good stuff. They sell it via branded products, but you can buy the HDK including a developer device for $299. They were giving a $100 discount at AnDevCon and I almost bought one. Their SDK includes an emulator. This looks like a unique opportunity to develop "Micro Apps" for a specific market with a captive audience.
I think the main thing I learned from AnDevCon is that there are lots of tools for testing and I should use some of them. As Nicholas from apkudo said "testing is like flossing - we all know we should do it but we don't do it as much as we should".