Filter
-
Content Type
-
Category
Mobile/Wearable
Visual Display
Digital Appliance
Platform
Recommendations
Filter
Learn Developers Podcast
docseason 3, episode 5 previous episode | episode index | next episode this is a transcript of one episode of the samsung developers podcast, hosted by and produced by tony morelan a listing of all podcast transcripts can be found here host tony morelan senior developer evangelist, samsung developers instagram - twitter - linkedin guest maria ly, skimble galaxy watch, galaxy store, entrepreneurship maria ly, founder of skimble, the company behind the mobile fitness app workout trainer not only do we chat about how skimble began as a small startup but also their collaboration with samsung health and the made for samsung team listen download this episode topics covered skimble rock health workout trainer publishing on galaxy store marketing discoverability monetization generating revenue in-app purchase iap galaxy badges best of galaxy store awards diversity and inclusion helpful links skimble website - skimble com rock health - rockhealth com workout trainer - galaxy store/trai publishing on galaxy store - developer samsung com/galaxy-store marketing - developer samsung com/galaxy-store/marketing-resources best of galaxy store awards - developer samsung com/galaxy-store/best-of-galaxy-store maria ly linkedin - linkedin com/in/marialy maria ly interview - developer samsung com/sdp/blog skimble facebook - facebook com/skimbleinc skimble twitter - twitter com/skimble skimble pinterest - pinterest com/skimbleinc skimble instagram - instagram com/skimbleinc skimble youtube - youtube com galaxy badges - developer samsung com/galaxy-store/gsb-promotion samsung iap - developer samsung com/iap samsung developer program website - developer samsung com samsung developer program newsletter - developer samsung com/newsletter samsung developer program blog - developer samsung com/blog samsung developer program news - developer samsung com/news samsung developer program facebook - facebook com/samsungdev samsung developer program instagram - instagram com/samsung_dev samsung developer program twitter - twitter com/samsung_dev samsung developer program youtube - youtube com/samsungdevelopers samsung developer program linkedin - [linkedin com/company/samsungdevelopers] http //linkedin co transcript note transcripts are provided by an automated service and reviewed by the samsung developers web team inaccuracies from the transcription process do occur, so please refer to the audio if you are in doubt about the transcript tony morelan 00 01 hey, i'm tony morelan and this is the samsung developers podcast, where we chat with innovators using samsung technologies, award winning app developers and designers, as well as insiders working on the latest samsung tools welcome to season three, episode five on today's show, i'm joined by maria lai, founder of scramble the company behind the mobile fitness app workout trainer not only do we chat about getting their start through the accelerator program, rock health, but also integrating with samsung health to become a launch partner and collaborating with the made for samsung team enjoy hey, maria, welcome to the podcast hi, tony maria ly 00 42 good morning thanks for having me tony morelan 00 44 yeah, so let me first ask who is maria ly? maria ly 00 49 oh, gosh, let's see, i am a health advisor, investor, an entrepreneur i am asian canadian turned american i live in salt lake city and san francisco part time and i love to travel around the world whenever i can to rock climb and explore and discover new cultures tony morelan 01 14 wow, this is pretty exciting so i understand that you got involved in tech at a young age tell me tell me about that start maria ly 01 21 so i got started i would say mostly when i started high school, and i had access to some of the tech focused groups for youth in canada and so i went through and did some of the courses out there started taking my first programming classes my parents got me my first computer actually when i was in elementary school, and that maybe sparked my interest even earlier but then eventually, i went to study computer engineering at the university of waterloo in canada and then i took a bunch of different coop internships in the tech field around the world tony morelan 01 58 so you said that you did some internships during those times? what were some of those industries that you were involved with? maria ly 02 04 yeah, so there was a good friday? i think, for me, i explored different tech verticals i think i started in a cad software company, and then moved on to aerospace and automotive i even dabbled in h fac, and semiconductors so kind of sampled, which i think you know, while you're young, you might as well and figure out what you're most passionate about tony morelan 02 28 sure, sure now, obviously, you're very passionate when it comes to having an active lifestyle was that the motivation for you to then think, how could i create some sort of active technology company? maria ly 02 40 oh, absolutely i was involved in athletics, i suppose from an early age, i dabbled in figure skating and gymnastics and eventually i got a chance to represent canada at the world cheerleading championships wow and you know, nowadays, i mentioned, i love to rock climb so i do that quite frequently and yes, all of those experiences in living an active lifestyle definitely inspired me to blend my background in technology and health together to form symbol tony morelan 03 12 now how long does symbol been around? i've been maria ly 03 14 working on symbol tinkering on fitness applications for about a decade now we started developing fitness focused applications during the advent of the smartphone and the smartwatches and you know, those connected devices, really were a critical part in sort of adoption, a mass adoption for fox because it's not that easy to have a personal trainer day but you know, having an app you can pull up on your phone is super convenient and if anything affordable and personal yeah, tony morelan 03 49 no, i think your timing was great, because that really was the beginning of the big fitness push when it came to wearables so let's talk about the beginning of skimble first, i need to ask the word scramble i'd love that as the name of the company is that a play off of the word skill in nimble? that's how i see it maria ly 04 06 at first i wanted to get nimble com but truly gone are the days when you get perfect, you know, words, but i thought about scramble because scribble was the name of a nimble cat in a ts eliot poem scribbled also in broadway, the broadway musical cats, so symbol was actually becoming available it was on backorder so i got it on backorder it was expired and, you know, sky plus nimble was sort of my blended word sure, but yes, skill as well sure lots of great skim musker words tony morelan 04 42 yeah so i understand that you guys were part of an accelerated program called rock health tell me about that maria ly 04 52 we were we got into rock health during our earlier days, and they provided us with a grant access to group office space in san francisco, as well as a mentorship program that was about four or five months long and during that time, we were able to kind of focus on different aspects of digital health and connect with potential partners and that sort of thing so i think it's a really amazing ecosystem that has really blossomed in the industry tony morelan 05 24 yeah, i'm sure that was a big help for you guys to get things started so you had mentioned that that program was based in san francisco, is that where your headquarters is? now? maria ly 05 32 to some extent, yes but i would say, we are quite remote and all around before we were located in the ferry building, i don't know if you've been there before, but it's pretty iconic yeah, we were upstairs there but then we started thinking about, you know, the lifestyle that our team wanted to pursue, being able to have access to the outdoors and all that good stuff so we decided to try to make our team as remote as possible and so we still kept our studio multimedia space in san francisco in the mission but then we gave up the very building, and we did a lot of video chats, and you know, team meets wherever we were and so this was actually pre pandemic, believe it or not and so when that hit, we were all pretty much set up tony morelan 06 24 oh, that was nice really, really good timing for such an unfortunate pandemic event maria ly 06 28 yeah, right the silver lining? exactly tony morelan 06 32 so how many people work first gimbal maria ly 06 35 so we have a pretty distributed team of mostly contractors, we work with quite a handful of internal personal trainers and we have over like 1000 trainers on our platform, who develop the training programming for our team and we've got different folks across the globe, focusing on various roles in the company, such as we have our marketing manager in australia, that sort of thing so sure, i would say we're a lean team but we have a great network tony morelan 07 05 so let's talk about your flagship app, workout trainer, tell the people out there, what exactly is workout trainer, maria ly 07 11 workout trainer offers 1000s of follow along multimedia workouts, led by expert coaches and we also offer a personal training network if you want to find a one-on-one online coach tony morelan 07 24 nice, ya know, i have used the app before i love it unlike just like clicking play and watching a video there's a lot more, you know, personal data that you get, i love the fact that you see the in progress, calorie burn, that sort of a fun motivating, you know, piece of data that comes to me as i'm working out maria ly 07 45 absolutely it's funny, you mentioned the heart rate feedback and, and that sort of thing some of our most active users are using the application with their connected heart rate devices, mostly the smartwatches that are available on the market today and it's remarkable to see like the progress people are making by just doing their workouts and coming back to maybe their go to workouts and they can see, you know, their heart rate or the reps chain you can log all that information in the application and you get performance stats as you make progress tony morelan 08 18 that's wonderful now, and now it's not just for folks like myself that are wanting to get a great, you know, fitness routine going but you also are bringing on you'd mentioned contractors so if you are a trainer that would like to bring your workouts to a larger audience this is where you guys are inviting trainers could come join the platform, correct? maria ly 08 39 yes so when you launch the app, there's actually a little tab called trainers, you tap there, you can follow any of our trainers for free and if you find, you know, one trainer who particularly inspires you, or has a background and skill set in a specialty that you're looking for, you can recruit that trainer to help you one on one and they can send messages to you workouts and even a full complete training plan so that's been really nice to connect these folks together tony morelan 09 10 that's great so let's talk about the relationship with samsung and in skin we'll talk about how did that first start? maria ly 09 18 sure so a little while ago, samsung reached out to us interested specifically in our health integrations and it was the samsung health team that contacted us and we became one of their launch partners in their ecosystem with various health app developers and they came to our office in the ferry building and we met several times then we actually went to korea to meet some of the health team there you know, samsung has a big headquarters in mountain view, as well as korea and seoul so we were able to kind of meet the key folks there and since then, we bit remote and working with the folks at the made for samsung team and also within the health team tony morelan 10 07 now, last year, you guys won the 2021, best of galaxy store award for best wellness app what did it mean to win that award? maria ly 10 16 yes, that award was really, really wonderful to receive because, you know, during the time, the last few years, as you guys know, it hasn't been easy and when folks aren't able to go into their gyms, and meet their favorite trainers, or even their workout buddies at the gym, i was really personally very thankful to be able to offer folks and do our part to give them the workouts they wanted in a in a safe place when life was a bit more unpredictable so it really was meaningful to receive that award and we're very grateful for kind of the journey that we have had with samsung, as an integral partner tony morelan 10 55 yeah, i think the timing of that award and where we were at in the pandemic really just showed the value of workout trainer, and really what the, you know, what the people out there wanted to see in us so tell me, are there any unique aspects or optimizations to the galaxy store version of workout trainer? oh, yes maria ly 11 12 so we have a special made for samsung version of workout trainer so if you go on to the galaxy app store, you can just download workout trainer for samsung and this version of the application is tailored for all the latest samsung smart devices you've got a unique offering here so you can get access to some exclusive content such as workouts as well as oftentimes we do some promotion so you can actually unlock our pro plus membership, if you sign up with your samsung account and then further just to add, because we have such a good relationship with the samsung health team, all that data that you're doing, you can share between applications, you can have that sort of a large overview of your health profile within the samsung health application as well tony morelan 12 08 oh, that's wonderful so let's talk a bit about the development of the app what is the workflow? what is the process for you guys, when you created workout trainer? maria ly 12 17 i guess for starters, we use kind of agile development practices and a lot of brainstorming, we currently use android studio and we host all of our contents in the cloud and on top of that, obviously, we use the latest tools with within the samsung sdk id kind of environment tony morelan 12 40 sure, sure so when you first created the app, how long did it take? you know, is this an app that took, you know, a long time to create? or was this something that came pretty quickly and easily to you, maria ly 12 50 i would say that the first very early version of our app took about six months but as you guys know, app development is never as straightforward as you would like and you're always evolving your app and making it better and better and so throughout the years, we've added more features tightened up our flow improved our ui ux experience so you know, it all depends on what your app is aiming to do and offer, and try to use, you know, the best tools possible and rev on it and keep in mind that people like good user experience so even if it's a utility app, you have to think about your customers and get their feedback early on yeah, you tony morelan 13 33 know, the one thing that i will say about when i used to work at trainer was the ui was wonderful i mean, it's because you're in the middle of a workout and so you want something that is simple and easy to use with just a nice, clean interface and that's one of the things that stood out for me with workout trainer maria ly 13 47 well, thanks it's always a work in progress tony morelan 13 50 so let's talk about discoverability because i know that is one of the hardest parts i mean, it's one thing to go and create an app and build it and publish it but the hardest thing is to get people to actually see it and use it so what have you guys done related to discoverability? maria ly 14 05 for us, we have different channels to get discovered a lot of it has to do with be partners with certain discovery channels, but also with our community so for instance, you know, people can do workouts and invite their friends and challenge them to workouts so sort of creating that, like word of mouth has been very helpful for us get discovered through a grassroot approach and then also, you know, sometimes we have different partners where we can sell our app into verticals like within health care, or corporations, or specific areas, or times of the year for instance, samsung and symbols workout trainer can do sort of a collab or a promotion period tony morelan 14 55 yeah, yeah and i'm sure you guys are using the galaxy store badge is that correct to help promote it and weren't people directly to the app on galaxy store? yes, we are for sure wonderful and i'll make sure to include a direct link to that in the in the show notes for, not just that for, but for many of the other areas that we're talking about i loved what you said, as far as you know, inviting a friend and building that community because i know when it comes to workouts, a lot of times people don't have the motivation to do it themselves and they need to be held accountable so you know, if you find a friend that says, hey, if you work out all workout, and when you guys can work out together, you know, in sort of motivate each other to work out, that's what really gets you into a good routine as far as fitness so how many people would you say are using workout trainer, maria ly 15 43 we've seen over 30 million users come our way and, you know, on a day-to-day basis, we're seeing 10s of 1000s of workouts being completed and these are, you know, long form workouts so people are not just going into our app, and you know, jumping away, they're actually finding good content, relevant content for them to do and play for a long period of time, be it, you know, five to 20, to even, you know, 45 minutes long tony morelan 16 08 that's wonderful that is great and that is one of those key things when it comes to you for app developers, they want to create an experience where someone is not just coming in, you know, and like playing a game for a few minutes, and then they're gone retention is such a key component to creating a successful app how do you guys generate revenue, maria ly 16 29 we're going to trainer is a free application, and we offer in app purchase subscription that would be the pro plus membership option so that's offered at 699 a month and it's a reoccurring subscription and we also offer our one-on-one online training platform and the trainer sets the price and on average, it's between 50 to $200 a month, and we take a platform fee tony morelan 16 52 i love that that that you offer that that opportunity for people who want to really, you know, find that personal one on one trainer but yet your app also is available at an affordable price just for the general community i think that is that is great, because it makes it easy for people to give it a try and see if they like it and then decide maybe they want to, you know, get more involved with the app maria ly 17 13 oh, for sure and sometimes our trainers offer one on one training with free trials so we offer a free trial period as well tony morelan 17 19 oh, that's great that is that it's that's wonderful yeah so what advice would you give developers looking to bring their app to galaxy store? maria ly 17 29 oh, i would definitely encourage folks to get on the samsung platform because, as you guys know, around the world, like there are so many people that are using samsung devices, be it the smartphones, tablets, or the smartwatches and so being on the platform will just bring more visibility to your application and it's an opportunity to grow your user base naturally tony morelan 17 52 tell me what is in the future first gimble maria ly 17 55 so we've focused on creating great content and we're going to continue doing that working on providing a platform where people can access more multimedia content from trainer created content workouts created and led by your famous youtube fitness celebrities, and so forth so for us with workout trainer, we want to create and serve the best content for you so that personalized experience where you can have instant access to follow along content for your fitness journey tony morelan 18 28 that's, that's wonderful you know, this this past year, there's been a really big push for diversity and inclusion tell me what is kimble doing related to that? maria ly 18 38 i think from the start with scramble and growing our early team, i always wanted to have a group of great folks not just like industry, people, but trainers and everybody that has been involved to reflect the people who are actually using the application and so, you know, i was not specifically seeking out extreme diversity, but by just me wanting to talk to all kinds of folks from around the world trainers who had, you know, a focus on high intensity training versus pilates, yoga studio style backgrounds and we have so many different trainers demonstrating our exercises, our exercise database library, i believe has grown to be the largest out there with trainers who are very diverse, you know, they look like me and you and all the other folks who use the application so i hope that the application offers content that feels diverse in the type of content it provides, and also the friendly faces who are demonstrating the exercises tony morelan 19 47 that's great so recently, we did a blog feature on you for international women's day you know, being a woman leading a tech company tell me what advice would you give young women looking to start a career are in tech, maria ly 20 01 you know, more than ever before, women are breaking barriers so, you know, having their voices heard within tech within athletics within all sorts of fields, you know, having them be out there doing the work that they love living their best life and if that means, you know, being a leader in technology, or you know, a developer, an engineering manager, there are so many roles within tech that you could pursue and if you have an early appetite for some of the math and science classes, you know, a technology career could be for you so just pursue it and explore it, and you could be your own boss, even, there are so many opportunities now more than ever, i would say, where you can have the mentorship and support and encouragement from not just, you know, the leaders, the your male counterparts, the females in the space, who maybe have been there for a few years, even for me, you know, i do like advising and investing in women led companies in something that inspires me because i want to see the young females take charge and create amazing products for our future generation and, you know, my children even i'm excited for the future and what it can bring for all folks tony morelan 21 18 yeah, no, that's, that's wonderful in that blog, i'm going to link to it it was a great interview; you actually went into great detail on some of these areas that would really help inspire women and young women to really get started into this tech industry so maria, it was excellent to chat with you and learn much more about you know, workout trainer and all the great things that you guys are doing it's gimble let me ask you, what is it that you do for fun when you are not working? maria ly 21 45 well, i have two kids, they can be quite busy on my off hours, we are doing a lot of different activities for instance, over the weekend, i took my son to his first gymnastics class, and then we went skiing because we're in salt lake and it's the end of the season, he went out his first black even so just seeing the young guys, they're leading the charge there and i'm just trying to keep up in addition, when there's a little downtime, i do like to have some focus over for home cooked meal and a board game or two so i actually like playing strategy board games so that's one of my little-known passions as well tony morelan 22 25 that's wonderful that's wonderful i love a good time with friends, food and fun game activity well, hey, maria, it was great to have you on the podcast, i really enjoy you taking the time to chat maria ly 22 35 likewise, tony closing 22 37 looking to start creating for samsung download the latest tools to code your next app, or get software for designing apps without coding at all sell your apps to the world on the samsung galaxy store check out developer samsung com today and start your journey with samsung tony morelan 22 53 the samsung developers podcast is hosted by tony morelan and produced by jeanne hsu
events ai, iot, uiux, game, web, mobile, galaxy watch
blogthe samsung developer conference (sdc) for 2021 kicked off on october 26, 2021, and we hope you enjoyed the keynote and highlight sessions. as with many events, there is so much information to digest. fortunately, with the virtual format this year, developers can go back and review the sessions they've watched and study how they might take advantage of all the opportunities available with samsung platforms, sdks, and services. while there are too many announcements and technologies to cover in one post, here are some moments from the conference that should be interesting to developers. keynote samsung electronics president dj koh began the conference, as he's done in previous years. the keynote session included overviews of announcements that were described in more detail during the highlight sessions, tech talks, and code labs. voice control of iot devices (bixby/smartthings) samsung mobile senior vice president daniel ahn kicked off the announcements at sdc with a keynote session highlighting the integration of bixby voice control to the smartthings ecosystem with details from smartthings vice president samantha fein. technical talks with more details of the integration for developers and device manufacturers are also available. bixby : best voice interface for connected experience enabling intelligent voice control on your iot devices further, the smartthings platform team provided technical talks on the new smartthings edge platform and smartthings build for use in multi-family home environments. support for the matter standard was announced during the highlight session. samsung electronics vice president jaeyong jung and smartthings vice president samantha fein talked about the bright future for home automation with matter in this highlight session. the samsung newsroom has more information on the bixby and smartthings integration as well as the matter standard support. security and privacy with samsung knox samsung executive vice president kc choi details how samsung knox unlocks the $80b enterprise market with devices and services to ensure that critical data is secure and employee information is kept confidential. in the tech talk sessions below, samsung b2b product experts give developers the information they need to integrate their own apps and services for this lucrative market segment. samsung ese: a trusted partner for enhanced security redefining edge computing & foldables for b2b beyond a limit with the mobile b2b partner program developers with solutions for the enterprise market should sign up for the knox partner program. services and solutions for smarttv platform at sdc21, developers interested in smart tv solutions had plenty to learn. in the keynote, samsung eelectronics senior vice president yongjae kim and samsung research vice president bill mandel discussed many new and exciting opportunities for developers with the tizen platform, which are available for viewers to watch in these sessions. what's new in samsung smart tv services what’s new in tizen 6.5 what's next for tizen: smart screen for business build a trusted service with samsung tizen security what's new in the tizen web platform for smart tv game developers are rising stars with samsung the experience of the last 18 months has shown that self-care is important to our well-being. by allowing us to disconnect from reality, games help reduce stress and give a temporary reprieve from the stresses of daily life. samsung support for gamers and game developers comes to the forefront at sdc21 with these important sessions. galaxy store: games-focused, developer-friendly games for everyone: samsung instant plays in addition to mobile gaming, the announcement of hdr10+ for gaming will delight gamers looking forward to top-quality experiences on smart tvs. building better web experiences with samsung internet the samsung internet browser ships with every samsung galaxy phone. the developers and advocates for samsung internet want to ensure that consumers have the best possible experiences, mixing web content with mobile hardware. how to build browser extensions on samsung internet unfolding the future of responsive web design one ui brings beautiful and secure interactions to your mobile world samsung electronics executive vice president janghyun yoon unveiled the one ui 4 platform, showing numerous examples of beautifully designed cross-device experiences, such as taking a photograph from galaxy z flip3, sharing to the galaxy book, and editing using a galaxy tab s with s pen. while beauty is only skin deep, one ui 4 adds layers of security to these experiences. learn more about one ui 4 in these sessions. one ui 4 design: focus, comfort, self-expression one ui: designing a more approachable experience designers and developers explore new worlds with one ui watch platform galaxy watch4 was introduced at galaxy unpacked in august 2021. the one ui watch platform uses wear os powered by samsung. developers interested in bringing their ideas to the new platform should check out these talks. watch ecosystem: a new era build your app in the new watch ecosystem galaxy watch4 for enterprise business new health platform based on wear os powered by samsung further, designers who are interested in expressing their creative side with watch face designs should view this session on how to use watch face studio to create beautiful designs without writing code. rewarding successful developers with the best of galaxy store awards samsung sr. developer evangelist tony morelan presents the best of galaxy store awards, now in their 4th year. these awards are samsung's way to express gratitude to those developers and designers who are bringing beautiful and exciting apps, games, and themes to galaxy store. for the second year, the bixby team recognized the top developer and capsule for their platform. following up with samsung this site has many resources for developers looking to build for and integrate with samsung devices and services. stay in touch with the latest news by creating a free account and subscribing to our monthly newsletter. visit the marketing resources page for information on promoting and distributing your apps through the galaxy store. finally, our developer forum is an excellent way to stay up-to-date on all things related to the galaxy ecosystem. thank you for joining us for sdc21 and we look forward to seeing you in 2022.
Oct 27, 2021
Samsung Developers
announcement mobile, ai, iot, ar/vr/xr
blogin the fast-changing world of development, a new year always brings new trends and exciting technologies. for me, it has also brought a new role as a samsung technical evangelist. previously, i was a developer champion for samsung’s artik iot platform, working within the maker community. and prior to that, i was an independent developer focusing on full-stack mobile app development, hybrid and native.with that background in mind, i always say i eat javascript for breakfast, have swift and linux protein shakes for a midday snack, and enjoy open source super foods. i also have a sweet tooth for ar and iot. my appetite for development is also accompanied by a strong desire to engage with the developer and creative communities who are equally passionate about creating amazing things. that’s why i’m so excited about my new role. one of my main responsibilities will be making sure our developer community stays on top of industry innovations by providing the resources you need to create really cutting-edge work. this starts with the 2018 source code: a dev’s guide. over the next few weeks, we’ll be asking the industry’s brightest minds about the trends they’re watching and for their top dev predictions for 2018. but before we get to that, i’d like to share my personal predictions for 2018 from a developer standpoint: the evolution of artificial intelligence in healthcare from iot to voice user interfaces (vui) to autonomous cars, ai is steadily evolving around our daily activities. this is perhaps most apparent within the healthcare sector. here, ai is solving a variety of challenges in predicting illnesses by capturing and analyzing physiological and well-being data, as well as relationships between prevention/treatment and patient outcomes, just to name a few. in 2018, i see more open research data being made available and more health apis for developers to take advantage of (e.g. holistic apps, products and services). intelligent iot made easy by itself, iot generates large amounts of unstructured data. without the ability to analyze it at a high, frictionless pace, this data can be easily wasted. now, with iot playgrounds like smartthings cloud, developers will be able to create smartapps that can easily integrate third-party cloud-to-cloud devices. in 2018, i believe we’ll see a massive leap forward in the ease of iot app development and the overall functionality of these apps. the creation of new revenue streams in ar/vr/mr in the developer world, these acronyms represent many opportunities. the way we consume content, the way we make transactions and the way we socialize with the rest of world will continue to be transformed in 2018’s digital universe. with the help of partners like facebook oculus and google arcore, you will be able to develop immersive and interactive apps to engage a new generation of consumers. if you are a developer polishing your monetization strategy in ar/vr/mr, you will be well positioned to blaze revenue stream models other developers will look to as the gold standard for years to come. be sure to check back here for more valuable insights and perspectives designed to help position you for success in 2018. remember to follow #beasamusungdev on twitter and like us on facebook to make sure you don’t miss a thing. i’m excited to meet you in 2018!
Jan 4, 2018
Josue Bustos
technical_insights cloud services, account management
blog삼성의 모든 서비스와 온/오프라인 스토어까지 삼성 유니버스를 하나로 묶어주는 글로벌 계정 서비스인 삼성계정은 대규모 트래픽을 안전하게 안정적으로 처리하고 있습니다. 삼성의 중심 서비스로서 삼성계정에 대한 모든 작업은 일반적인 서비스 배포부터 클라우드 인프라 업그레이드까지 무중단으로 진행되어야 합니다. 이러한 요구사항 속에서 특히 이번 elastic kubernetes service 업그레이드를 위해 설계한 아키텍처를 소개하고 경험을 공유합니다. 삼성계정이란? 삼성계정은 17억 이상 사용자 계정을 기반으로 256개국에서 60여 개의 서비스와 앱을 하나로 이어주는 계정 서비스입니다. samsung pay, smartthings, samsung health 등 삼성전자 서비스에 사용될 뿐만 아니라 mobile, wearable, tv, pc 등 다양한 기기에서 인증 서비스로도 활용됩니다. 온라인 스토어(samsung.com)와 오프라인 매장부터 customer service까지 다양한 고객 접점에서 하나의 계정으로 안전하고 안정적인 고객 경험을 제공하고 있습니다. 발전을 거듭하며 구축된 현재 삼성계정 아키텍처 사용자 계정 수와 연동 서비스가 많아지면서 삼성계정의 인프라와 서비스도 함께 변화를 거듭해 나갔습니다. 2019년에는 서비스 안정성 및 효율화를 위해 aws 기반의 cloud 전환이 이루어졌으며, 현재 global 3 region(eu, us, ap)과 china region을 포함한 총 4개 region에서 서비스를 제공하고 있습니다. 현재 70개 이상의 microservice들로 구성된 삼성계정은 2022년에 msa(micro-service architecture)를 안정적으로 지원하기 위해 kubernetes 기반으로 전환했습니다. kubernetes는 컨테이너화된 애플리케이션을 자동으로 간편하게 배포, 확장, 관리할 수 있도록 지원하는 오픈소스 오케스트레이션 플랫폼이죠. 2023년에는 global region failover를 제공할 수 있도록 dr(disaster recovery)을 강화하고 사용자 경험을 개선하고자 ap region을 확장했습니다. 이처럼 삼성계정은 인프라와 서비스를 발전시켜 나가며 현재 2.7m requests per second (rps) 이상의 트래픽과 200k transactions per second (tps) 이상의 db 트랜잭션 속에서도 안정적으로 운영되고 있습니다. aws를 기반으로 하는 삼성계정의 각 region은 개별 virtual private cloud (vpc)를 가지고 device, server to server, web을 통해 접근할 수 있습니다. 특히 web의 경우 content delivery network (cdn)인 aws cloudfront를 기반으로 samsung.com, tv qr login 등 다양한 기능을 제공합니다. 삼성계정의 각 microservice들은 eks(elastic kubernetes service) cluster에서 container 기반으로 서비스 중이며 region 간 내부 통신은 vpc peering 형태로 이루어집니다. 다양한 기능을 제공하기 위해 삼성계정은 aws의 여러 가지 managed service를 이용하고 있습니다. 데이터 저장소로 aurora, dynamodb, managed streaming for apache kafka (msk))를 사용해 각 region 간에 데이터 동기화를 구축하고 있으며, elasticache, pinpoint, sqs(simple queue service) 등 다양한 managed service를 기반으로 계정 서비스를 제공 중입니다. 삼성계정이 이용하는 aws managed service에 대해 부연 설명 드리자면, 우선 msa 아키텍처에서 70여 개의 microservice들을 운영하기 위해 kubernetes service인 eks를 사용 중이고요. 데이터를 저장하고 query하기 위해 rdb로는 aurora를, nosql database로는 dynamodb를 활용하고 있습니다. 아울러 cache와 session을 관리하기 위해 redis용 elasticache (redis oss)를 사용하며, 연동 서비스 event 전달과 데이터 동기화를 위해 kafka용 msk를 사용하고 있습니다. 여러분도 aws를 기반으로 서비스를 구축한다면 위와 같은 managed service를 기본적으로 사용하실 것이라 생각되네요. 편리한 managed service에 수반되는 불편한 업그레이드 그런데 이러한 managed service를 이용할 때는 한 가지 큰 문제점을 고려해야 합니다. eks는 평균 1년 6개월, aurora는 평균 2년 이후에 지원이 종료되며, 그 외에 elasticache, msk 등 다양한 서비스에 지원 종료가 발생합니다. 이러한 서비스 지원 종료는 aws 입장에서는 당연한 일이겠지요. 하지만 서비스를 운영하는 입장에서는 지원 종료에 따른 managed service 업그레이드가 곤혹스러운 작업일 수밖에 없습니다. 운영 리소스를 클라우드 서비스로 옮기면서 줄였기 때문에 1년 내지 2년마다 발생하는 대규모 업그레이드 시 급히 대응할 리소스가 부족한 상태로 작업을 진행해야 하거든요. 이러한 managed service 업그레이드는 삼성계정에 커다란 부담을 안깁니다. 60개 이상의 연동 서비스가 존재하여 무중단으로 업그레이드를 진행해야 하며, global 3개 region과 china에 걸쳐 작업을 수행해야 합니다. 더욱이 70여 개의 microservice들을 개발/운영하고 있어 많은 개발팀의 지원과 협업이 필요합니다. 가장 힘든 부분은 2.7m rps 이상의 트래픽과 200k tps db 트래픽 속에서 업그레이드 작업을 수행해야 한다는 점입니다. eks 업그레이드 순서 및 제약 사항 aws에서 eks 업그레이드는 쉬울 것이라 생각하실 수 있습니다. 일반적으로 eks 업그레이드 시에는 먼저 eks를 관리하는 etcd, api 등 control plane을 업그레이드한 다음, 실제 서비스 pod 등이 떠있는 data plane을 업그레이드하고, 마지막으로 eks add-on을 업그레이드합니다. “이론적으로” 이러한 순서를 따라 eks를 서비스 운영과 무관하게 업그레이드할 수 있습니다. 하지만 일반적인 eks 업그레이드에는 제약 사항이 있습니다. 위 3개의 단계에서 eks api spec을 누락하거나 호환성이 안 맞는 부분과 같은 이슈가 발생하여 업그레이드가 실패할 경우 롤백이 전혀 불가능합니다. 더욱이 서비스와 add-on에 대한 호환성을 사전에 체크하기도 어렵습니다. 무중단 eks 업그레이드를 위한 multi-cluster 아키텍처 여러 고민 끝에 삼성계정은 단순하지만 안정적으로 eks 업그레이드를 수행하는 방법을 택했습니다. 아마 많은 곳에서도 비슷한 방식으로 eks 업그레이드 혹은 실제 운영까지 하고 있을 수 있습니다. 삼성계정은 2개의 eks cluster로 이루어진 multi-cluster 아키텍처를 기반으로 eks를 업그레이드했습니다. 기존 버전의 eks에서 서비스를 지속적으로 제공할 수 있도록 하면서, 신규 버전의 eks에서 다양한 microservice들과 add-on 호환성을 먼저 검증한 후에 트래픽을 받을 수 있도록 아키텍처를 구축했습니다. 이 방식의 장점은 신규 버전 eks로 트래픽이 전환되어 이슈가 발생하는 경우에 다시 기존 버전 eks가 트래픽을 수용해주는 롤백 플랜을 구현할 수 있다는 것입니다. 그리고 대용량 트래픽 속에 삼성계정 서비스를 제공하며 깨달은 점은 아무리 인프라나 서비스가 완벽히 구축되었더라도 실제 트래픽을 받으면 발생하는 이슈가 있다는 것입니다. 따라서 서비스를 배포하거나 인프라를 업그레이드할 때는 항상 이슈 발생에 따른 롤백 플랜을 구현해야 합니다. multi-cluster로 업그레이드를 수행할 때는 기존 eks와 신규 eks 간의 트래픽 전환이 반드시 이루어져야 합니다. 간단히 생각해보면 두 가지 방식이 떠오를 수 있습니다. 한 가지 방법은 두 cluster 사이에 proxy server를 두고 트래픽을 전환하는 방법이고, 또 다른 방법은 dns를 이용해 target ip를 전환하는 방법입니다. 물론 이외에도 다양한 방법이 존재할 수 있습니다. proxy server를 두는 첫번째 방식에서는 삼성계정처럼 대용량 트래픽을 처리해야 하는 경우 부하 과중 문제가 발생할 수 있습니다. 또한 70여 개의 microservice들에 사용되는 alb(application load balancer) 수가 많아 모든 alb에 대해 proxy server를 만들 수 없는 문제도 존재합니다. dns를 이용하는 두번째 방식에서는 실제 사용자, client, server가 dns lookup 과정에서 기존 eks의 서비스 ip를 신규 eks의 서비스 ip로 대체하여 사용자 레벨에서 요청 대상을 변경합니다. dns를 이용하는 방식은 proxy server를 두지 않아도 되며 dns record 변경만으로 트래픽을 간단히 전환할 수 있습니다. 다만 dns의 경우 propagation 관련 지연이 발생하여 즉시 트래픽 전환이 이루어지지 않을 수 있는 이슈가 존재합니다. 삼성계정 무중단 eks 업그레이드에는 dns 기반의 트래픽 전환 아키텍처를 적용했습니다. 가상의 예시를 들어 삼성계정의 dns layer를 설명해 보겠습니다. account.samsung.com이라는 최상위 domain이 있고, 그 하위에 global 3개 region domain을 latency 또는 geolocation을 기반으로 분류합니다. 그리고 us.account.samsung.com의 경우 기존/신규 2개의 internal domain인 service.us-old-eks.a.s.com과 service.us-new-eks.a.s.com의 구성으로 layer를 나눕니다. 이는 간단한 가상의 예시이며 실제로는 좀더 많은 dns layer를 계정에서 사용하고 있습니다. 이번 eks 업그레이드 과정에서는 2개 eks의 internal domain에 대해 weighted record를 기반으로 한 번에 트래픽을 전환하지 않고 비율을 조정하며 트래픽을 전환할 수 있도록 했습니다. 예를 들어 사용자가 account.samsung.com domain에 요청을 하면 us.account.samsung.com을 거쳐 마지막에는 지정된 weight를 기반으로 실제 eks 서비스 ip를 적용하여 요청을 하게 됩니다. 무중단 eks 업그레이드 과정 및 회고 한마디로 “연동 서비스들이 눈치채지 못하였다면 우리에겐 성공적인 업그레이드”라 할 수 있을 것 같습니다. 이번 eks 업그레이드에서는 총 3개 region, 6개 eks cluster, 210여 개의 microservice들을 배포 및 트래픽 전환을 한 달 동안 수행했습니다. 서비스 부하와 특성에 맞춰 트래픽 전환 비율을 설정해 트래픽을 전환했고 eks 업그레이드를 진행한 한 달 동안 어떠한 연동 서비스 이슈도 없었습니다. 물론, 끝날 때까지 끝난 게 아니라는 말이 있듯이 작은 소동은 있었습니다. 많은 eks node와 서비스 pod가 뜨면서 내부 subnet의 internal ip가 부족해지는 현상이 발생해 가슴이 철렁했습니다. 이에 신속하게 eks node를 scale up하여 kubelet이나 add-on의 pod 수를 천 개 정도 줄여서 필요한 ip 리소스를 확보했습니다. dns로 트래픽 전환을 수행하며 한 가지 알게 된 사항은 dns weight 조절 시 5분 내로 전체 트래픽의 99.9%가 즉시 전환된다는 것입니다. 마무리하며 버진 그룹 회장인 리처드 브랜슨은 이런 말을 하였습니다. “사람은 걷는 규칙을 배워서 걷지 않는다. 걸음을 시도하고, 넘어지면서 배운다.” 삼성계정은 계속 발전해왔고 여러 이슈도 많았지만 넘어지면서 배운다는 생각을 가지고 서비스의 안정성에 우선을 두며 다양한 문제를 해결해 나가고 있습니다. 감사합니다.
Aug 23, 2024
김제민
featured ai, mobile
blognote: this article assumes that you have prior knowledge about machine learning. if you have any questions, please post them in the samsung neural forum. the development of machine learning has revolutionized the technology industry by bringing human-like decision making to compact devices. from health care to real estate, finance, and computer vision, machine learning has penetrated almost every field. today, many businesses deploy machine learning to gain a competitive edge for their products and services. one of the fastest-growing machine learning areas is deep neural networks (dnn), also known as artificial intelligence (ai), which is inspired by the neural interactions in the human brain. with the ai industry growing so quickly, it is not only difficult to be up-to-date with the latest innovations, but even more so to deploy those developments in your business or application. as ai technology paves its way into the mobile industry, one wonders: what can be achieved with the limited capacity of mobile embedded devices? how does one execute dnn models on mobile devices, and what are the implications of running a computationally intensive model on a low resource device? how does it affect the user experience? typically, a deep neural network is developed on a resource-rich gpu farm or server, where it is designed and then trained with a specific data set. this pre-trained dnn model is then ready to be deployed in an environment, such as a mobile device, to generate output. a pre-trained dnn model can easily be used to develop an ai-based application that brings completely unique user experiences to mobile devices. a variety of pre-trained models, such as inception, resnet, and mobilenet are available in the open source community. the samsung neural sdk is samsung’s in-house inference engine which efficiently executes a pre-trained dnn model on samsung mobile devices. it is a one-stop solution for all application and dnn model developers who want to develop ai-based applications for samsung mobile devices. to simplify the process of deploying applications that exploit neural network technology, the samsung neural sdk supports the leading dnn model formats, such as caffe, tensorflow, tflite, and onnx, while enabling you to select between the available compute units on the device, such as the cpu, gpu, or ai processor.1 the samsung neural sdk enables easy, efficient and secure execution of pre-trained dnn models on samsung mobile devices, irrespective of the constraints posed by hardware such as compute unit capability, memory configuration and power limitations. samsung neural stack features the samsung neural sdk provides simple apis that enable you to easily deploy on-device pre-trained or custom neural networks. the sdk is designed to accelerate the machine learning models in order to improve performance and optimize hardware utilization, balancing performance and latency with memory use and power consumption. the samsung neural sdk supports mixed precision formats (fp32/fp16 and int8), and provides a great variety of operations that enable you to experiment with different models and architectures to find what works best for your use case. it also employs industry-standard cryptographic encryption methods for neural network models, to protect your intellectual property. the samsung neural sdk includes complete api documentation for your ready reference. it describes all the optimization tools and supported operations, provides code examples, and more. sample benchmarking code included with the samsung neural sdk the accompanying sample benchmarking code helps you understand how to use the api methods and demonstrates the available features and configurations, such as selecting a compute unit and execution data type. the samsung neural sdk can be used in a wide range of applications that utilize deep neural networks and improves their performance on samsung mobile devices. it has already been applied to many use cases and we look forward to supporting your application idea. are you interested in using samsung neural sdk? visit samsung neural sdk to learn more about becoming a partner today. partners gain access to the sdk and technical content such as developer tips and sample code. if you have questions about the samsung neural sdk, email us at sdk.neural@samsung.com. [1] ai processors include neural processing units (npu) and digital signal processors (dsp). the samsung neural sdk currently supports only the caffe and tensorflow formats.
Apr 9, 2020
Samsung Neural Team
tutorials galaxy watch
blogwatch face studio (wfs) is an intuitive graphical tool that provides designers a means to design watch faces for the wear os smartwatch ecosystem without the need for coding. basic information on a watch face is typically presented as text, and watch face studio enables you to customize how the text is displayed. this article introduces three features you can use to enhance the text on your watch face design: tag expressions curved text bitmap fonts you can follow along with the demonstrations in this blog by downloading the sample project. tag expressions tag expressions enable you to create watch face components for which the rotation, placement, and opacity changes based on tag values. the tag values represent watch data, such as the date and time, battery status, sensor and health data, moon phase, and mathematical operations. for example, you can create a watch face that shows the date and time, and a progress bar that fills up each minute. this section describes how to implement this using tag expressions. to implement the dynamic watch face: create a text component. in the "properties" panel, select the text field text box. select the tags button that appears. figure 1: tags button to add the hour text, from the tag list, select [hour_0_11], then select done. figure 2: tags list similarly, to add the minutes text, create a text component with the [min] tag. to implement the progress bar for the seconds display: a. create a progress bar component. b. define its value as the [sec] tag and set its maximum value to 60. create text components for the date-related elements: [day_week_f] (day of the week), [mon_f] (name of the month), and [day_1_31_z] (day of the month). noteyou can also display the weekday and month information as numbers, by using different tags. keep in mind that in watch face studio, sunday is the first day of the week. the following figure shows the progress bar on the watch face after some visual adjustments. figure 3: seconds progress bar on watch face for more examples of tag expression implementation, see the tag expressions code lab for watch face studio. curved text you can place text around a curve by selecting from predefined angular ranges, or by defining a specific start position and distance. you can also easily set the text direction. to place curved text around the top of the watch face: create a text component and define the text you want to display. in the "properties" panel, select apply curved-text. select ok. the curved text settings appear. in the "curving" fields, define the width and height of the circle or oval around which the text is to be placed. the width and height values are in pixels. for this demonstration, set both the width and height to 436. to place the text around the top of the watch face, in the "range" section, select the upper half circle. figure 4: configuring the curved text the following figure shows the curved text on the watch face after some visual adjustments. figure 5: curved text on a watch face noteyou can also implement curved text on complications. bitmap font bitmap fonts enable you to replace information on the watch face, such as digits, symbols, and day of the week, with customized images. use different icons and images in the bitmap font to make your watch face more interesting. to implement icons for the am/pm tag: create a text component. in the "properties" panel, select the text field text box. select [ampm] from the tags list, and select done. figure 6: am/pm tag in the "text appearance" section, select bitmap font. open the "bitmap font setting" dialog. figure 7: bitmap font configuration in the "bitmap font setting" dialog, select the other tab. to add an image for a specific string, select + and browse to the image on your computer. do this for both the "am" and "pm" strings. to close the dialog, select ok. figure 8: adding a bitmap font image the watch face displays the selected images in place of the "am" and "pm" text strings. a watch face can have multiple bitmap fonts. you can add another bitmap font from the dropdown menu and apply different bitmap fonts to different text elements. figure 9: creating another bitmap font notethe sample project contains two bitmap fonts. conclusion watch face studio provides various text options for the watch face. the text customization features described in this blog can help you create an eye-catching watch face. resources for more information about watch face studio, see the watch face studio documentation. you can also visit the samsung developers forums, an active and friendly community where you can ask for and receive help with your application development. the samsung developers site has many resources for developers looking to build for and integrate with samsung devices and services. stay in touch with the latest news by creating a free account and subscribing to our monthly newsletter. visit the marketing resources page for information on promoting and distributing your android apps. to learn more about customizing your watch face, see also the design complications using watch face studio blog.
Nov 1, 2022
Most Fowziya Akther Houya
success story mobile, marketplace
blogto help our talented dev community capitalize on new opportunities in the new year, we’re talking to some of the industry’s brightest minds about what they’re currently working on and what excites them from a developer standpoint. in our latest edition of the 2018 source code: a dev’s guide, kevin crenshaw, manager, software engineering mobile apps, the weather channel, describes how the company is using new technology like ai to deliver trusted, real-time forecasts around the world, right to users’ smartphones. at sdc 2017, the weather channel debuted new app features to better help users plan their lives around the weather. tell us about some of the developer tools that helped bring these innovative features to life. to create the weather channel’s android app, we used a lot of tools, including: android studio - ide, hockeyapp - crash reporting and initial testing, jenkins - continuous integration, git - source control, jira - workflow management, crucible - code reviews, slack - instant messaging, gradle - build tool, lint - code quality, findbugs - code quality, proguard - minimize app size, code obfuscation, charles - http debugging proxy, mapbox - geographic maps provider. we combine these tools with developers, qa, product and design, working together in a clearly defined process which emphasizes continuous workflow on only the highest priority items. this enables us to deliver a high level of value to our app users over time. how will the integration of artificial intelligence help developers improve the app experience, especially when related to weather? artificial intelligence is already helping us bring a more personalized and relevant experience to our users. for instance, we created chat bots to answer everyday weather questions in everyday language. users simply type in a question like, “what is the temperature today?” and we will answer it. we have also used ai in our calendar feature to make suggestions about activities and attractions near you, based on current weather conditions. this is accomplished through a partnership with tripadvisor. if the forecast calls for rain over the weekend, we will automatically show suggestions for indoor activities near you. our cognitive home screen is another example of how we are using ai to provide an even more relevant experience for our users. using this increasingly powerful tool, we can ensure the information you care about most is at the top of your weather feed. what is the impact of internationalization on app monetization strategies? we want to make sure that users around the globe have the same access to the most accurate and up-to-date weather data possible. to accomplish that goal, we are working hard to ensure that our apps are localized for every country in which they are available. in addition, we are working with local partners to provide the news and information that people care about the most. so, what does all that have to do with monetization? we know that if we make it our primary mission to protect the safety and wellbeing of our users first, then our global audience will grow and the opportunities for monetization will follow. what metrics are most important in measuring the success of your app? are different metrics used to measure domestic vs. international performance? the metrics we use most widely are the number of installs, daily active users, and monthly active users. in addition to those standard measures, we closely monitor the interactions with each of the features within our apps over time to make sure we are providing the most value to our users. we also monitor performance metrics like start up time and data usage of our apps. this is especially important internationally since connectivity and data usage rates vary widely from country to country. what’s the one big trend that developers should keep their eyes on in 2018? the trend that developers should keep their eyes on in 2018 is the continued growth of artificial intelligence. the inclusion of ai across the technological spectrum will continue to accelerate. ai platforms like samsung's bixby and ibm watson are already using ai in ways that we could only imagine just a few years ago. for instance, with samsung bixby, you can speak commands into your phone in plain, everyday language and it will do what you ask without any other interactions with the device. likewise, ibm watson is using ai to push the boundaries of computing in areas like health, financial services, iot and education. these efforts combined with those of other industry giants like facebook, google and amazon will propel ai to be more integrated with everything we do in 2018 and beyond. thank you to kevin for sharing his thoughts. be sure to like us on facebook and follow us on twitter so you don’t miss an installment of the 2018 source code: a dev’s guide.
Jan 16, 2018
Kevin Crenshaw
events mobile, ai
blog#sdc2017 wrapped up today and it was our best conference yet. the day started off with keynote speeches from arianna huffington, stan lee and rain paris. the action continued on the floor with lots of activity at the samsung pay, galaxy apps and samsung health booths, just to name a few. however, the talk of the conference was the announcement of bixby 2.0, which introduces deep linking capabilities and enhanced natural language abilities to better recognize individual users and create a predictive, personalized experience that better anticipates needs. the bixby sdk will be available to select developers and through a private beta program, with general availability coming in 2018. this afternoon, we sat down with the samsung bixby home team to learn more about bixby home and what developers can expect from its newly launched sdk. tell us about bixby home. bixby home helps you navigate your smartphone and make your day easier. it learns and adapts to show you the content you care about. it allows for easier access to apps, important information and personalized daily content. essentially, you get what you need when you need it. when you interact with bixby home, you’ll engage with cards that contain the information you want. social media cards contain all your important social feeds news cards carry the information that you want to read media cards show you the videos you want to interact with international cards allow you to book travel it’s available on the s8, s8+ and the note 8. it will be available on all galaxy flagships devices coming out in the new year. tell us about the sdk you just launched for bixby home here at sdc. the new sdk gives developers two different ways to develop content cards for bixby home: the first way is app-based integration, which pulls content from partner mobile apps. this creates app-based cards. for this type of development, devs will need to add an api library into their mobile apps. the second way is server-based integration, which pulls content from partner servers. here, developers are required to map endpoints from their server to the bixby home server through a server api. the creation process is simple enough: first devs need to register as a developer and then they need to submit their card plan. next, they create, configure, submit the card for approval, conduct an integration test and deploy. currently, there are six different types of cards they can create: utility, multimedia, news cards, location cards, communications cards and commerce cards – more to come in the near future. what’s the value proposition for devs? why develop bixby home cards? well, there are a few reasons why devs would want to develop for not only for bixby home, but also for samsung mobile: they get access to all samsung customers, they see increased engagement with apps and services and they extend consumer reach across multiple devices. what kind of support will devs receive when developing with the new sdk? with the sdk, partners control their content. however, there are api libraries for both app-based cards and server-based cards. they receive a developer guide, a ux guide, and sample cards and apps to review. through the partner portal, devs can manage their cards. here they can propose, design and create their cards, as well as track card analytics. they’re supported every step of the way. we’re very excited about this new sdk and want to set our developer partners up for success. thanks to all the developers, designers, creators, partners, sponsors and everyone else who joined us at #sdc2017. it truly was a great event and we can wait to start working with you all this year to bring our announcements to life. follow us on @samsung_dev to keep the conversation going and keep an eye on our blog for technical content that will bring your dev game to the next level. and see you next year!
Oct 20, 2017
Samsung Developer Program
Develop Smart TV
docapplication security this topic describe the security of applications which run on samsung devices related info web security testing guide owasp secure software development lifecycle microsoft security development lifecycle sdl cwe list version 4 6 overview security is becoming an important issue with the increase of various smart devices in order to protect data from users and businesses, samsung devices are enhancing security in several layers, from hardware to software as samsung device applications are also software driven by samsung, the security needs to be taken into account samsung device applications can store important information such as code and key values and personal information of the user, which is an important resource that must be protected these resources can be leaked due to a variety of reasons, such as a simple mistake by a developer or hacking by an attacker in order to safeguard this, samsung device applications need to be developed according to secure by design in particular, the personal information of the user should comply with the policy related to the personal information for each country secure by design all software within the devices developed by samsung are based on the secure development lifecycle sdl model, and development step is divided into analysis, design, implementation, and testing, so vulnerability should be removed by performing a security review at each step from the same point of view, applications operating on samsung device should maintain the same security level for this, we recommend that you consider security in the application development phase by referring to the following step-by-step security review security in the analysis/design phase you should identify important information that is stored and transferred and ensure that the information is handled safely if you receive user input, you should review that you do not require more information than you need, and there is no issue with the input format you must identify the important information to be used and ensure that the information is displayed on vulnerable areas in the flow of the program in particular, when transmitting important information outside the device, you need to ensure that it communicates with the specified server through a secured channel at the time of designing, you must first define important information that needs to be protected and design it in a proper manner to protect it security in the implementation phase it must be implemented in compliance with security rules to prevent information in the software from being leaked through known vulnerabilities important information obtained in the design phase should be stored by applying security techniques such as encryption and make sure that it does not exist in plain text within the program establish secure coding rules for each language and proceed with development accordingly you must use only the minimum permissions required and notify the user of the permissions you use you should make sure that the security channel is properly set on the network, and the latest version of the technology is applied if you use encryption algorithms, you must use them securely using verified standard algorithms where vulnerabilities are not reported security in test phase security checks must be performed before deployment to prevent security issues and maintain security through maintenance after deployment before deployment, it is necessary to verify that there is no issue with analysis, design, and implementation when actually operated through simulated hacking, packet checking, etc after deployment, if a new vulnerability is found or a modification occurs in the security check, it must be patched and applied to all users as soon as possible security review process in order to maintain the security of the application ecosystem, samsung is performing security checks on the submitted applications samsung checks the risk or misuse cases that may occur due to the submitted applications, and if there is an issue, the deployment process can be stopped and the application submitter can be advised to fix it application security guide this section provides basic security guidelines to consider in the development of applications for a safe and reliable application running environment, we recommend that you proceed with the following points in the development phase data protection three key factors for data protection are confidentiality, integrity, and availability if an application sends or stores sensitive information, the application must encrypt data stored on these devices and protect it from attackers it is very important to protect sensitive data such as user credentials or personal information in application security if the mechanism of the operating system is not used correctly, sensitive data can be unintentionally exposed definition of sensitive data personally identifiable information that can be exploited for identity theft for example, resident registration number, social security number, credit card number, bank account number, health information, etc sensitive data that can lead to loss of honor and loss of money if leaked all data that must be protected for legal or compliance reasons security item description data protection sensitive data, such as passwords or pin data, should not be exposed through the user interface the key values used by the application must be hardcoded or not stored in plain text sensitive data should not be stored in an application container or external storage sensitive data should not be recorded in the application log sensitive data should not be shared with third parties unless it is necessary in the architecture sensitive data should not be shared with third parties unless it is necessary in the architecture keyboard cache must be disabled from the text input that processes sensitive data sensitive data should not be exposed even during internal communication you should ensure that the data stored in the client-side storage ex html5 local storage, session store, indexeddb, regular cookie, or flash cookie does not contain sensitive data make sure that you have provided clear t&c for the collection and use of the provided personal information and that you have provided selective consent to the use of that data before you use it reference links european union general data protection regulation gdpr overvieweuropean union data protection supervisor - internet privacy engineering networkapplication development privacy guide table 1 data protection security description and reference links authentication if there is a feature to log-in to the remote service by the user, it must be configured through security design even when most of the logic is operating on a remote service, the device must also meet security requirements on how to manage user accounts and sessions security item description authentication if the application provides remote services to the user, user name and password authentication must be performed from the remote service if you use status storage session management, the remote service must authenticate the client request using the randomly generated session identifier without sending the user's credentials if using stateless token-based authentication, the remote services must provide signed tokens using security algorithms when a user logs out, the remote service must end the existing session table 2 authentication security description access control an application can access a resource only if it has access to it security item description access control application must require only the minimum access required application must use the privilege that match the permissions and specify the privileges used when accessing user data, make sure that the principle of minimum access privilege requirement is followed applications must have access to apis, data files, urls, controllers, directories, services, and other resources with minimal access required you should verify and process all input from external resources and users this should include data received through the ui, a user-defined url, inter-process communication ipc , etc if an application uses a completely unprotected custom url, you should not export sensitive information important data or apis must be protected from user access other than data owners reference links owasp cheat sheet access control table 3 access control security description and reference links communications when the network is used, the application should not display the transmitted/received content using a secured channel security item description communications data must be encrypted on the network using tls transport layer security security channels must be used consistently throughout the application the setting of the security channel must be configured to protect information safely the data being transmitted must be protected from being snatched/taken over in the middle ex defence against man in the middle attack reference links owasp – tls cheat sheet table 4 communications security description and reference links input validation you must defend the command insertion attack through validating the validity of input value input value validation should be considered at all stages of development security item description input validation input values must process the data based on type and content, applicable laws, regulations and other policy compliance, and define how to handle it you must ensure that input validation is performed on a trusted service layer you need to check whether it protects against parameter attacks such as mass parameter allocation attacks or unsafe parameter allocation all possible input values e g html form fields, rest requests, url parameters, http headers, cookies, batch files, rss feeds, etc must be checked using validation ex whitelist you should check whether the values entered are in the correct form in well-defined schemas, including allowed characters, lengths, and patterns the url redirection and forward should display a warning that only whitelist targets are allowed or that you are connecting with potentially untrusted content make sure you use memory safety strings, secure memory copy, and pointer calculation to detect or prevent stacks, buffers, or heap overflows in order to prevent integer overflow, you need to make sure that sign, range, and input validation techniques are used reference links xml external entity xxe prevention cheat sheetreducing xss by way of automatic context-aware escaping in template systems table 5 input validation security description and reference links password management in case of application with different user password, security settings are required for them security item description password management you must ensure that the password does not contain spaces and cut/copy is not performed in the password change feature, you should check that the user's current password and new password are required it is recommended to provide a password strength meter so that users can set a stronger password it is also recommended to provide rules that limit allowed character types uppercase letter, numeric, special characters you should check that it is recommended to change your user password within the right due date do not store the user password in the application's properties or settings file in plain text or recoverable form passwords must be stored, transferred, and compared in a hashed state using a standard hash function to prevent random attacks, you should use the login limit number of login or captcha default password should not be generated make sure you do not show the key information, like passwords in the log reference links cwe-804 guessable captchacwe-836 use of password hash instead of password for authenticationcwe-257 storing passwords in a recoverable formatcwe-261 weak encoding for passwordcwe-263 password aging with long expiration table 6 password management security description and reference links session manager a session is a technique for controlling and maintaining the status of a user or device interacting with one user in a web application a session has a unique value for each user and cannot guess or share that value security item description session manager you should check that the session token is not exposed/displayed in the application's url parameter or error message make sure the application generates a new session token from user authentication you should check that the session token is stored using properly secured cookies or security methods you should check that a session token is generated using a standard encryption algorithm make sure the session is not reused by verifying that the session token is invalid when logout and session expires reference links owasp session management cheat sheetalgorithms, key size and parameters report 2014 table 7 session manager security description and reference links error handling the purpose of error handling is to allow applications to provide security events related to monitoring, status check, and increase in permission, and not just creating logs security item description error handling you must ensure that common error handling formats and access method are used you must make sure exception handling is used on the code base to explain expected and unexpected error conditions you must ensure that other error handlers that can prepare all unprocessed exceptions are defined in case of an error, you must make sure that the message shown to the user does not contain application-related technical or sensitive information we recommend using separate error codes for error support table 8 error handling security description release check the following before releasing the application security item description release application must be signed and distributed with a valid certificate, and the private key must be properly protected debugging code and developer support code test code, back door, hidden settings, etc must be removed deployed applications should not output or record detailed errors or debugging messages libraries and frameworks etc used by applications should be checked for known vulnerabilities the equipment used for release must be able to respond to external threats viruses, hacking, etc it should be built in release mode a separate debug message should not be left from the application if you include binary, debug information should be removed if a vulnerability occurs after release, you should update the application as soon as possible and always keep the latest version table 9 release security description
Develop Smart Signage
docapplication security this topic describe the security of applications which run on samsung devices related info web security testing guide owasp secure software development lifecycle microsoft security development lifecycle sdl cwe list version 4 6 overview security is becoming an important issue with the increase of various smart devices in order to protect data from users and businesses, samsung devices are enhancing security in several layers, from hardware to software as samsung device applications are also software driven by samsung, the security needs to be taken into account samsung device applications can store important information such as code and key values and personal information of the user, which is an important resource that must be protected these resources can be leaked due to a variety of reasons, such as a simple mistake by a developer or hacking by an attacker in order to safeguard this, samsung device applications need to be developed according to secure by design in particular, the personal information of the user should comply with the policy related to the personal information for each country secure by design all software within the devices developed by samsung are based on the secure development lifecycle sdl model, and development step is divided into analysis, design, implementation, and testing, so vulnerability should be removed by performing a security review at each step from the same point of view, applications operating on samsung device should maintain the same security level for this, we recommend that you consider security in the application development phase by referring to the following step-by-step security review security in the analysis/design phase you should identify important information that is stored and transferred and ensure that the information is handled safely if you receive user input, you should review that you do not require more information than you need, and there is no issue with the input format you must identify the important information to be used and ensure that the information is displayed on vulnerable areas in the flow of the program in particular, when transmitting important information outside the device, you need to ensure that it communicates with the specified server through a secured channel at the time of designing, you must first define important information that needs to be protected and design it in a proper manner to protect it security in the implementation phase it must be implemented in compliance with security rules to prevent information in the software from being leaked through known vulnerabilities important information obtained in the design phase should be stored by applying security techniques such as encryption and make sure that it does not exist in plain text within the program establish secure coding rules for each language and proceed with development accordingly you must use only the minimum permissions required and notify the user of the permissions you use you should make sure that the security channel is properly set on the network, and the latest version of the technology is applied if you use encryption algorithms, you must use them securely using verified standard algorithms where vulnerabilities are not reported security in test phase security checks must be performed before deployment to prevent security issues and maintain security through maintenance after deployment before deployment, it is necessary to verify that there is no issue with analysis, design, and implementation when actually operated through simulated hacking, packet checking, etc after deployment, if a new vulnerability is found or a modification occurs in the security check, it must be patched and applied to all users as soon as possible security review process in order to maintain the security of the application ecosystem, samsung is performing security checks on the submitted applications samsung checks the risk or misuse cases that may occur due to the submitted applications, and if there is an issue, the deployment process can be stopped and the application submitter can be advised to fix it application security guide this section provides basic security guidelines to consider in the development of applications for a safe and reliable application running environment, we recommend that you proceed with the following points in the development phase data protection three key factors for data protection are confidentiality, integrity, and availability if an application sends or stores sensitive information, the application must encrypt data stored on these devices and protect it from attackers it is very important to protect sensitive data such as user credentials or personal information in application security if the mechanism of the operating system is not used correctly, sensitive data can be unintentionally exposed definition of sensitive data personally identifiable information that can be exploited for identity theft for example, resident registration number, social security number, credit card number, bank account number, health information, etc sensitive data that can lead to loss of honor and loss of money if leaked all data that must be protected for legal or compliance reasons security item description data protection sensitive data, such as passwords or pin data, should not be exposed through the user interface the key values used by the application must be hardcoded or not stored in plain text sensitive data should not be stored in an application container or external storage sensitive data should not be recorded in the application log sensitive data should not be shared with third parties unless it is necessary in the architecture sensitive data should not be shared with third parties unless it is necessary in the architecture keyboard cache must be disabled from the text input that processes sensitive data sensitive data should not be exposed even during internal communication you should ensure that the data stored in the client-side storage ex html5 local storage, session store, indexeddb, regular cookie, or flash cookie does not contain sensitive data make sure that you have provided clear t&c for the collection and use of the provided personal information and that you have provided selective consent to the use of that data before you use it reference links european union general data protection regulation gdpr overvieweuropean union data protection supervisor - internet privacy engineering networkapplication development privacy guide table 1 data protection security description and reference links authentication if there is a feature to log-in to the remote service by the user, it must be configured through security design even when most of the logic is operating on a remote service, the device must also meet security requirements on how to manage user accounts and sessions security item description authentication if the application provides remote services to the user, user name and password authentication must be performed from the remote service if you use status storage session management, the remote service must authenticate the client request using the randomly generated session identifier without sending the user's credentials if using stateless token-based authentication, the remote services must provide signed tokens using security algorithms when a user logs out, the remote service must end the existing session table 2 authentication security description access control an application can access a resource only if it has access to it security item description access control application must require only the minimum access required application must use the privilege that match the permissions and specify the privileges used when accessing user data, make sure that the principle of minimum access privilege requirement is followed applications must have access to apis, data files, urls, controllers, directories, services, and other resources with minimal access required you should verify and process all input from external resources and users this should include data received through the ui, a user-defined url, inter-process communication ipc , etc if an application uses a completely unprotected custom url, you should not export sensitive information important data or apis must be protected from user access other than data owners reference links owasp cheat sheet access control table 3 access control security description and reference links communications when the network is used, the application should not display the transmitted/received content using a secured channel security item description communications data must be encrypted on the network using tls transport layer security security channels must be used consistently throughout the application the setting of the security channel must be configured to protect information safely the data being transmitted must be protected from being snatched/taken over in the middle ex defence against man in the middle attack reference links owasp – tls cheat sheet table 4 communications security description and reference links input validation you must defend the command insertion attack through validating the validity of input value input value validation should be considered at all stages of development security item description input validation input values must process the data based on type and content, applicable laws, regulations and other policy compliance, and define how to handle it you must ensure that input validation is performed on a trusted service layer you need to check whether it protects against parameter attacks such as mass parameter allocation attacks or unsafe parameter allocation all possible input values e g html form fields, rest requests, url parameters, http headers, cookies, batch files, rss feeds, etc must be checked using validation ex whitelist you should check whether the values entered are in the correct form in well-defined schemas, including allowed characters, lengths, and patterns the url redirection and forward should display a warning that only whitelist targets are allowed or that you are connecting with potentially untrusted content make sure you use memory safety strings, secure memory copy, and pointer calculation to detect or prevent stacks, buffers, or heap overflows in order to prevent integer overflow, you need to make sure that sign, range, and input validation techniques are used reference links xml external entity xxe prevention cheat sheetreducing xss by way of automatic context-aware escaping in template systems table 5 input validation security description and reference links password management in case of application with different user password, security settings are required for them security item description password management you must ensure that the password does not contain spaces and cut/copy is not performed in the password change feature, you should check that the user's current password and new password are required it is recommended to provide a password strength meter so that users can set a stronger password it is also recommended to provide rules that limit allowed character types uppercase letter, numeric, special characters you should check that it is recommended to change your user password within the right due date do not store the user password in the application's properties or settings file in plain text or recoverable form passwords must be stored, transferred, and compared in a hashed state using a standard hash function to prevent random attacks, you should use the login limit number of login or captcha default password should not be generated make sure you do not show the key information, like passwords in the log reference links cwe-804 guessable captchacwe-836 use of password hash instead of password for authenticationcwe-257 storing passwords in a recoverable formatcwe-261 weak encoding for passwordcwe-263 password aging with long expiration table 6 password management security description and reference links session manager a session is a technique for controlling and maintaining the status of a user or device interacting with one user in a web application a session has a unique value for each user and cannot guess or share that value security item description session manager you should check that the session token is not exposed/displayed in the application's url parameter or error message make sure the application generates a new session token from user authentication you should check that the session token is stored using properly secured cookies or security methods you should check that a session token is generated using a standard encryption algorithm make sure the session is not reused by verifying that the session token is invalid when logout and session expires reference links owasp session management cheat sheetalgorithms, key size and parameters report 2014 table 7 session manager security description and reference links error handling the purpose of error handling is to allow applications to provide security events related to monitoring, status check, and increase in permission, and not just creating logs security item description error handling you must ensure that common error handling formats and access method are used you must make sure exception handling is used on the code base to explain expected and unexpected error conditions you must ensure that other error handlers that can prepare all unprocessed exceptions are defined in case of an error, you must make sure that the message shown to the user does not contain application-related technical or sensitive information we recommend using separate error codes for error support table 8 error handling security description release check the following before releasing the application security item description release application must be signed and distributed with a valid certificate, and the private key must be properly protected debugging code and developer support code test code, back door, hidden settings, etc must be removed deployed applications should not output or record detailed errors or debugging messages libraries and frameworks etc used by applications should be checked for known vulnerabilities the equipment used for release must be able to respond to external threats viruses, hacking, etc it should be built in release mode a separate debug message should not be left from the application if you include binary, debug information should be removed if a vulnerability occurs after release, you should update the application as soon as possible and always keep the latest version table 9 release security description
Preferences Submitted
You have successfully updated your cookie preferences.