广升ADUPS FOTA 过认证信息更新

– ADUPS has recently released a patched version for com.adups.fota (version 5.22), that must be used for all new builds submitted to Google

– Google will continue rejecting and blocking any new build(s) submitted with com.adups.fota version 5.16 or older

– If you are using ADUPS as your FOTA provider, updates will be pushed to devices already active in the ecosystem automatically and no further action is required for those devices

– All new builds submitted to Google from hereon need to use ADUPS com.adups.fota version 5.22 or newer, or need to use an alternative FOTA solution

什么是BTS?Build Test Suite (System Image Scanning)

Build Test Suite (System Image Scanning)

The Build Test Suite (BTS) operates directly on software builds. It scans device images for preloaded malware and other Potentially Harmful Applications (PHAs) that may have been introduced by OEMs’ vendors and suppliers. BTS incorporates the same technology currently used for security scanning and analysis of applications installed via Google Play.

Starting April 1st, 2018, all partners MUST begin uploading their software builds to Google as described in their partnership agreements. Submission of software builds will be in addition to the existing test reports required for Google build approval.

Note: Partners are still responsible for vetting and reviewing all software that is distributed on their devices. Google continuously updates our databases and detection techniques for malware and security threats, but we may not always be able to detect an issue at the time of your build submission.

Submitting builds for BTS

Partners must submit whole software builds. Submissions of individual APKs are not supported. Google only scans APKs in the context of the whole build. As BTS develops, we will look beyond just the APKs in the filesystem images.

Enrollment for MADA partners

Partners can upload software builds in one of the following ways:

  1. Google Drive: Your TAM will share a Google Drive folder that you can copy your builds to.
  2. SFTP Dropbox: You can ask your TAM to set up a Secure File Transfer Protocol (SFTP) account for you so that you can upload your build software.
  3. Submission via 3PL: Submit firmware to your 3PL certifier using one of the supported formats.

Submit software builds

For each build that you submit to APFE, you should upload a single compressed archive (.zip, .rar, or .tgz) containing the Software Build in a supported formatThe archive should be named according to the build fingerprint, substituting forward slashes (“/”) and colons (“:”) with tildes (“~”). This helps reconcile the file with the reports in APFE.

Example:
If you have a zip file containing partition images that can be flashed using fastboot for a build with the fingerprint: acme/acme_1/acme_3g:7.0/NRD90M/123456789:user/release-keys
the file should be named:
acme~acme_1~acme_3g~7.0~NRD90M~123456789~user~release-keys.zip

Partners may submit additional software builds, although these submissions should be accompanied by at least a signature CTS report in APFE so that the results are available. Early submissions may help identify issues early on in the build process. We discourage submitting daily or continuous integration builds as those provide limited usefulness.

Build Test Suite analysis

BTS runs automatically on Google’s infrastructure in the background. The process depends on internal services that cannot be made available offline.

When BTS finishes, the results appear on APFE.

Build approval

If BTS does not detect any issues, then the build approval process will proceed as normal, subject to the results of other test reports uploaded.

Any suspected PHAs or other issue will be treated as test failure and will prevent build approval. Google can only share the package name and class of malware for any PHA. We cannot provide details on the possible impact of the PHA, its behavior, or how that behavior was detected.

If Google finds an issue after the build has been approved, your TAM will contact you. Partners must address new issues promptly and release an updated build that fixes the issue in accordance with their partnership agreements. New builds that still contain the issue will not be approved.

If you believe that an APK was incorrectly flagged, escalate to your TAM and provide as much detail as possible about the intended functionality of the app. Include details about the file’s origin, particularly if it was made in-house or by a supplier. Google will investigate and deal with these apps on a case-by-case basis.

Supported software build formats

Fastboot package

BTS requires the following partition images in a .zip (PKZIP) or .tgz (gzipped unix .tar) file:

  • system.img – The filesystem image mounted at /system on the device.
  • vendor.img – The filesystem image mounted at /vendor on the device.
  • oem.img – The filesystem image mounted at /oem on the device.
  • userdata.img – The filesystem image mounted at /data on the device. This is especially important if you pre-load or cache applications in the data partition to improve the out-of-box (OOB) boot time.
  • boot.img – The Linux Kernel and Ramdisk used to boot Android.
  • recover.img – The recovery image that the Linux Kernel and Ramdisk use for the device to boot to during recovery or to handle the command adb reboot recovery.
Note: The vendor.img and oem.img are only required if the build uses separate vendor and oem partitions, otherwise it is expected this content is part of the system image.

The images and filenames above are produced by the AOSP build system, and they can be applied to an unlocked OEM device using fastboot if the device’s bootloader support fastboot.

These filesystem images should be in Ext4, SquashFS, or F2FS format. Partners should use the sparse format for the partition image to reduce the space and upload size for filesystems with free space on them.

Other firmware formats

Google supports the following firmware formats used by various OEM, ODM, and SOC flashing tools:

  • Mediatek firmware used with Mediatek’s spflashtool
  • Spreadtrum PAC file format1
  • Qualcomm’s QFIL format
  • .NB0 format

Partners whose firmware is available in one of these formats may upload those formats, in a .zip, .tgz, or .rar file, instead of a fastboot archive. If you cannot provide firmware in one of the known formats, reach out to your TAM.

Note: Google does not accept firmware in self-extracting executables and does not accept password protected archive files.

Requesting an SFTP account

Larger OEMs may prefer submitting builds using SFTP because

  • SFTP does not require Google Drive quota.
  • BTS begins as soon as the upload completes.
  • Partners can use a wide range of SFTP client software.
  • SFTP is easier to integrate into automated build, QA review, and submission processes.

Contact your TAM to set up an SFTP account for uploading firmware images. You will need to generate an SSH2 RSA identity key pair for authentication and share the public key with your TAM. Once your SFTP account and dropbox have been configured, your TAM will provide you with the connection details for your SFTP account.

Generating an SSH Identity key pair

On Linux, use the following command, replacing “my_key” with a suitable key name:

$ ssh-keygen -t rsa -f my_key

This command will generate a private key, my_key, and a public key, my_key.pub. Your TAM will need the public key to set up your SFTP account.

Partners using a Microsoft Windows system can use the PuTTY client to generate SSH keys following these instructions.

Notes


  1. It is strongly recommended to compress Spreadtrum ‘.pac’ files to reduce the amount of data that needs to be uploaded. 

广升FOTA升级对GMS认证的影响

近期很多送测谷歌的项目因广升FOTA升级被谷歌退回,据了解是广升FOTA存在未经用户授权和知情的情况安装或升级应用。谷歌认为设备中包含广升FOTA会使GPP被禁用,而GPP是GMS设备安全核心的一部分。

3PL实验室建议急需送测的设备不要使用广升FOTA,或联系广升FOTA FAE提供解决方案,相信广升会提供符合GMS认证测试并删除FOTA本身自动更新的功能的版本。需要等认证结果进一步确认。

GMS Funding Eligibility Condition 已过认证设备需提交上市状态

  • Funding Eligibility Condition: From July 1, 2018, Google has monitored activations of devices after certification for future funding eligibility. Based on activations, if Google finds that a funded device has not been commercially launched within 3 months after the certification date, Google will request for justification from the partner. If a satisfactory justification is not provided by partner repeatedly, then the Funding Program may be suspended for that partner for few months by informing all the 3PLs and the partner.

继续阅读“GMS Funding Eligibility Condition 已过认证设备需提交上市状态”

GMS Requirements: Rich Communications Services (RCS)

Google believes that interoperable IP messaging based on the open Rich Communications Services (RCS) specification is a viable direction to improve the Android messaging experience for users beyond SMS/MMS and is becoming a fundamental technology expected on the devices for which we’re licensing GMS.


Therefore, we plan to add the following in the upcoming Q4 GMS Requirements (to be announced with other changes in November), which will be enforced 60 days after the announcement.

继续阅读“GMS Requirements: Rich Communications Services (RCS)”

com.google.android.permission.gts.PreloadAppsTargetSdkVersionTest#testPreloadedAppsTargetSdkVersion fail

[DESCRIPTION]
使用GTS新工具GTS6.0R1测试 module:GtsPermissionTestCases,com.google.android.permission.gts.PreloadAppsTargetSdkVersionTest#testPreloadedAppsTargetSdkVersion fail
java.lang.AssertionError:All preloaded apps must target SDK 26 or higher:
com.mediatek.ppl targets 24,
com.mediatek.ygps targets 23,
com.mediatek.simprocessor targets 25,
com.mediatek.engineermode targets 23,
com.mediatek.omacp targets 25,
com.mediatek.emcamera targets 23,
com.mediatek.duraspeed targets 24,
com.mediatek.lbs.em2.ui targets 23,
com.mediatek.mtklogger targets 23,
com.mediatek.mtklogger.proxy targets 23,

继续阅读“com.google.android.permission.gts.PreloadAppsTargetSdkVersionTest#testPreloadedAppsTargetSdkVersion fail”

[GTS_6.0.R1]GtsPackageManagerHostTestCases中com.google.android.pm.gts.PackageManagerHostTest#testSoundPool FAIL

[DESCRIPTION]
GtsPackageManagerHostTestCases中com.google.android.pm.gts.PackageManagerHostTest#testSoundPool Fail]

Fail:
07-07 11:24:13 I/RemoteAndroidTest: Running am instrument -w -r –user 0 -e timeout_msec 600000 -e class ‘com.google.android.gts.packagemanager.InstantAppTestCases#testSoundPool’ com.google.android.gts.packagemanager.instant/android.support.test.runner.AndroidJUnitRunner on alps-k80_bsp-0123456789ABCDEF
07-07 11:24:19 I/XtsHostTestBase: Test com.google.android.gts.packagemanager.InstantAppTestCases#testSoundPool: FAILURE
07-07 11:24:19 W/XtsHostTestBase: java.lang.AssertionError: Instant App should be able to access Media / DrmManager.
Please apply patches r.android.com/502604, SHA d2b3a45, and SHA b93f049
at org.junit.Assert.fail(Assert.java:88)
at org.junit.Assert.assertTrue(Assert.java:41)

继续阅读“[GTS_6.0.R1]GtsPackageManagerHostTestCases中com.google.android.pm.gts.PackageManagerHostTest#testSoundPool FAIL”

Test suites GMS July release GMS Client ID update

These versions will be required for GMS approvals as described in the table below:

Release Release version Required-use date
CTS 8.1 R7, 8.0 R11, 7.1 R19, 7.0 R23, 6.0 R30 2018-8-21
VTS 8.1_r4 and 8.0_r8 w August SPLs 2018-8-21
GMS 8.1_201807, 8.0_201807 2018-9-18

GMS Client ID update
Updated H3G country list to include ITWe’ve updated the GMS Client ID mapping (direct link), effective for new devices only. Check with specific carriers to confirm which values to set. Here’s a summary of the changes:

  • Removed AT, BE, CH, FR from Vodafone list of countries
  • Added a row for Vodafone AU

谷歌近期政策通知

谷歌最新政策如下:

1、express+设备MR也可以享受谷歌资金支持;

2、谷歌将在8月份开始释放Android 9.X版本, go的版本也同时放出;

3.Android 8.X的截止日期为2018-12-31,2019年起仅能送测Android 9.X项目;

4.2018年10月1日起,谷歌强制执行STS及BTS,相应的补丁会每月更新一次。

谷歌Key的申请条件以及方式

Google 有2种Key ,申请条件如下:

1. Wedvine level 1 keybox[询问平台商是否支持Level1]

2. Attestation keybox [Android O必需]

3.10万台内可以共用同一个,详细如下:

MUST support key attestation where the attestation signing key is  protected by secure hardware and signing is performed in secure hardware.The  attestation signing keys MUST be shared across large enough number of devices  to prevent the keys frombeing used as device identifiers. One way of meeting  this requirement is to share the same attestation key unless at least 100000  units of a given SKU are produced. If more than 100000 units of an SKU are  produced, a different key MAY be used for each 100000 units.

申请资料如下:

继续阅读“谷歌Key的申请条件以及方式”

CtsIntentSignatureTestCases android.signature.cts.intent.IntentTest#shouldNotFindUnexpectedIntents FAIL

[DESCRIPTION]
CtsIntentSignatureTestCases android.signature.cts.intent.IntentTest#shouldNotFindUnexpectedIntents

Fail:
java.lang.AssertionError: [Package: com.android.systemui Invalid Intent: [android.intent.action.ACTION_SUBSIDYLOCK_STATE]]

[SOLUTION]

继续阅读“CtsIntentSignatureTestCases android.signature.cts.intent.IntentTest#shouldNotFindUnexpectedIntents FAIL”

Android 8.1 Google issue

Android 8.1 Google issue
特别注意:
1.有link的Google issue ,不需要再来申请分析报告,用link申请waive.
2.已得到Google回复的: You can get a waiver .

3.已提交google等待google 回复的: Waiting for google feedback.
所有Waiting for Google feedback的Google issue, 均需要客户与Google 确认是否可以waive, MTK 亦在努力与Google 沟通中,一旦拿到Google waiver, 会修改成:You can get a waiver
以下Google issue,不是全部Google issue, 其它fail 需要提供Log 来确认
同一个google issue可能在多个CTS版本 一直存在,因此豁免版本不仅限于标注的CTS版本。同一条case在CTS/CTS-ON-GSI测试下,fail root cause相同,则是同一个问题,同一个waive ID;

继续阅读“Android 8.1 Google issue”

Android GO GMS认证 

一、2018年最新的GMS需提供5份测试报告,其中包括以下测试:

1、正式版本的CTS测试  (正式版本指的是要拿来送认证的的版本)

2、正式版本的CtsVerifier测试

3、正式版本的GTS测试

4、GSI user 版本的VTS测试

5、GSI user版本的CTS测试

具体测试步骤查请看后面几点

继续阅读“Android GO GMS认证 ”

Android8.1(O1)CTS失败项纪录

1、CtsLibcoreTestCases libcore.java.net.SocketTest#testSocketTestAllAddresses

  • 网络问题,需要在IPV6的环境下进行测试

2、CtsLocationTestCases android.location.cts.GnssPseudorangeVerificationTest#testPseudoPosition

  • 在测试之前确保工模下有搜到卫星信号,可以在笔记本上设定cts 环境,然后在户外测试。或者使用室内GPS信号放大器

3、CtsKeystoreTestCases android.keystore.cts.KeyAttestationTest#testEcAttestation

  • 该项测试需要申请google key

继续阅读“Android8.1(O1)CTS失败项纪录”

Android8.1认证新特性与要求

本文主要说明Android8.1过GMS认证的一些新特性和新要求。

新增测试

Android7.x以及之前的版本,如果要过GMS认证,只需要完成CTS测试、GTS测试和CTS Verifier,如果全部通过,将软件送给google授权的实验室即可。

Android8.0以后,除了要完成默认版本的CTS测试、GTS测试和CTS Verifier之外,新增加了两个新的测试。

这两个新的测试需要在替换谷歌提供AOSP的system.img (GSI)的版本上进行,分别是:

继续阅读“Android8.1认证新特性与要求”

Android Go简述与其GMS认证

什么是 Android Go?

Android Go 是 google 基于 Android8.x之后的系统,提出的一个轻量级操作系统解决方案,可以在低内存的设备上以较好的体验运行Android系统。

Android Go 对手机的配置要求较低,最低为512M的内存,通常会在不超过1GB 内存的设备上运行。Android Go 是谷歌在新兴市场进一步扩展 Android 系统计划的一部分,其较低的价格能够涵盖大部分低端用户。

Android Go版本的一些特性:

继续阅读“Android Go简述与其GMS认证”