Filter
-
Content Type
-
Category
Mobile/Wearable
Visual Display
Digital Appliance
Platform
Recommendations
Filter
Learn One UI Beta Program
webone ui beta program beta program is made with your valuable participation. open to all users, the one ui beta program is an opportunity to try one ui features before their official release. as you preview the new features and design, send us your feedback to help us create an exceptional experience for galaxy users. the one ui beta program is open to participants in germany, india, poland, the republic of korea, the united kingdom, and the united states. note before installing beta software, it is highly recommended to back up your data to your computer with smart switch. unexpected behavior in beta software can cause data loss. how to join one ui beta program join our beta test program to experience the latest one ui. send us your valuable feedback to improve galaxy user experience. step 1. become a beta tester download the samsung members application from galaxy store or the google play store. log throughin to the application with your samsung account, and enter and participate in the "beta program" space through the home banner or the beta card. step 2. update the software on your device, select "settings > software update > download and install" or enter to the detail page of the participated beta test. here, you can install the beta software. (*) participation in the one ui beta program requires a samsung account. if you do not already have a samsung account, create one at https://account.samsung.com. (*) the one ui beta program is available only for specific devices, os versions, and countries. (*) beta program period and compatible devices vary by country. (*) one ui features can differ depending on the device enrolled in the beta program. beta activities help samsung gather helpful insights and feedback about beta software features, performance, and usability to develop more reliable, higher-performance software, and give galaxy device users an improved and optimized experience. reporting errors when you have enrolled in the one ui beta program, you can help improve the galaxy software stability by reporting issues you encounter while using the beta software. to provide feedback on bugs or errors in beta software, in the samsung members application, select "participated beta test > beta feedback > send feedback". note: to ensure relevant log information is included in the error report, submit the report within 3 minutes of encountering the bug or error, and do not terminate (swipe away) the samsung members application until you are notified that the report has been sent. this can take up to 5 minutes. making ux suggestions you can experience the new ux and contribute to the galaxy user experience through the community, such as by providing suggestions. to provide ux or ui-related feedback, such as usability or feature suggestions, select "participated beta test > beta community > suggestions". note: the "beta community" area is only available during the public beta period. faq find the most frequently asked questions and answers for one ui beta program faq search form search submit no search results. try using another keyword. what is the one ui beta program? the one ui beta program is owned, managed, and operated solely by samsung. its purpose is to create a better, more reliable operating system and user experience (ux) for samsung devices, based on user feedback. as a beta program participant, you can preview new features and ux for the latest android operating system, and submit feedback about its performance, stability and usability. note to participate in the one ui beta program, you will need to install beta software. beta software is intended only for testing purposes and may contain bugs, errors, and inaccuracies or behave unexpectedly. some software features may also be incomplete or missing. the beta software is provided "as is" and "as available", without any warranty of any kind from samsung. samsung expressly disclaims any and all warranties of any kind, whether express or implied. your use of the beta software is at your own discretion and risk, and you will be solely responsible for any damage that results from the use of the beta software including loss of data. samsung will not be liable for any damages of any kind arising out of or relating to participating in one ui beta program. what does it cost to participate in the one ui beta program? there is no cost to participating in the one ui beta program. however, you are responsible for expenses related to using a data network connection to download the beta software or upload error logs. connecting to wi-fi before downloading beta software is highly recommended. is there any compensation for one ui beta program participation? the one ui beta program is an opt-in, voluntary program. your reward for participation is improved software for samsung devices based on your feedback. how do i participate in the one ui beta program? to participate in the one ui beta program, you must register through the samsung members app on your device:1. in the samsung members app, log in with your samsung account. if you do not have a samsung account, create one.2. select "notice, banner, beta card > registration for one ui beta program".3. complete and submit the intention to participate.if you meet the participation criteria, you will be enrolled in the one ui beta program. do i need to back up the data on my device before i use the beta software? unexpected behavior in the beta software can cause data loss. before installing the beta software, it is highly recommended to back up your data to your computer with smart switch pc version. how do i install the beta software on my device? you must be enrolled in the one ui beta program to install the beta software. to avoid compatibility issues, before installing the beta software, make sure all applications on the device are updated to the latest version available.to install the beta software, on your device, select "settings > software update > download and install" or "participated beta test > detail page > software update".beta software updates are rolled out gradually to one ui beta program participants. if an error occurs while installing the beta software, what do i do? if an error occurs during beta software installation and you can no longer use your device, find assistance with resetting the device by visiting the nearest samsung service center. under what conditions can i use the beta software? to participate in the one ui beta program, you agree to use the beta software only for personal, non-commercial purposes, and to abide by the one ui beta program terms and conditions. how do i send feedback to samsung? user feedback is submitted through the samsung members application on your device:- to provide feedback or to report bugs or errors in the beta software, select "participated beta test > send feedback" in the samsung members app.- to provide ux or ui-related feedback, such as usability or feature suggestions, select "participated beta test > beta community > suggestions". note to ensure relevant log information is included in the error report, submit the report within 3 minutes of encountering the bug or error, and do not terminate (swipe away) the samsung members application until you are notified that the report has been sent. this can take up to 5 minutes. i needed to reset my device. can i reinstall the beta software? yes. you can update the software to the latest official version or reset it in a service center. as long as you are enrolled in the one ui beta program, you can re-install the beta software by running a software update on the device. to run the update, on your device, select "settings > software update > download and install" or "participated beta test > detail page > software update. note this option is only available if you have not opted out or canceled your participation in the one ui beta program. how do i withdraw from the beta program? 1. to withdraw from the beta program, you must apply for withdrawal through samsung members application on your device. ("samsung members > settings > beta program settings > withdraw from beta program")2. to remove the beta software, perform a rollback to the previous release version, using the smart switch pc version on your computer. the rollback resets the device and removes data generated during beta testing.(if you have signed up for the beta program, but have not installed the beta version software, you can continue to use the current official version after withdrawing through samsung members app.) note if you backed up your device data to your computer with smart switch, you can restore the data after the rollback process. to perform the rollback, connect the device to your computer with a usb cable. on the computer, launch the smart switch application, and select "downgrade". if you need assistance having your software rolled back to the latest approved version you can request the location to the nearest service center. when will be the release version available? it is not possible to provide a specific date for publishing the release version. the release version will be provided as soon as beta feedback is analyzed and improvements are implemented. until then, you can continue to use the beta software version and update your device to the official release version once it is made available. i have more questions about the one ui beta program. where can i ask them? please post your question in beta community.
events game, mobile
blogbeing the host of the samsung developers podcast, i have had the opportunity to interview many great game developers over the years, but had yet to immerse myself in the gaming community. that was until i attended gdc 2022, the game developers conference held at moscone center in san francisco. gdc is the premiere conference related to the gaming industry. the annual conference brings together game designers, audio producers, programmers, artists, writers, and many more industry professionals from all around the world. networking at the expo as with most conferences, networking was one of the key benefits of being at an in-person conference. walking the expo floor allowed me to chat with so many amazing tech companies to learn about the latest game development tools and services. dolby. connecting with the reps at dolby, we talked about the different ways our team at samsung can help promote dolby atmos, their simulated surround sound technology available on samsung devices, to mobile game developers. wigi. the amazing people at wigi (women in games international) are doing great things. i learned how they are impacting the global games industry to advance economic equality and diversity for women and their allies. sequence. as i explored the expo, i was on the lookout for anything related to web3 and nfts. the team at sequence told me how they are helping game developers build for web3 and the world of nfts in the marketplace/metaverse, and simplifying crypto-transactions for gamers. sessions & sessions, and more sessions the expo floor was a great quick overload of everything game-tech-related, but the sessions allowed for a more comprehensive learning environment on many diverse game development topics. during the five-day conference, i attended over 25 sessions, learning in great detail from many inspirational speakers. sessions covered everything from designing and programming, to business and marketing, and so much more. below are highlights from several of my favorite sessions. free-to-play summit: the f2p game design challenge steve meretzky, abigail rindo, fawzi mesmar, shelby moledina, amanda schuckman free-to-play has dominated the gaming market and has intrigued me because it is a big part of mobile gaming. this session was very insightful as each of the different teams pitched their game ideas, explaining how they would generate revenue within a free-to-play game. the winners of this challenge quickly became audience favorites with their animal sanctuary game concept and real-world connection, giving players the opportunity to donate to their favorite animal foundation. session description: for many years, the game design challenge was one of the most popular sessions at the gdc. now, the advisory board of the free-to-play summit is proud to revive this gdc tradition, with a free-to-play focused version of the challenge. four free-to-play designers will have been given marching orders, and tasked with designing a game around that given problem. all four will present their idea to the summit audience, followed by an audience vote. innovative thinking and lively presentations are in store for all attendees! the theme of this year's challenge is designing for minnows. free-to-play games are almost always tuned to extract most of their revenue from "whales" -- those super-fans of the game who spend the big bucks, while the other 99.9% of the game's players spend little or nothing on it. we've challenged three free-to-play designers to come up with a design for a game that will extract the vast majority of its revenue not from "whales" but from "minnows" ... players who, over their entire lifetime, spend $10 or less. lost words: beyond the page dan gabriel of all the sessions that i attended, this one touched me the most. i wanted to learn more about the importance of narrative within the gameplay but received so much more from this session. dan gabriel’s approach to public speaking felt more like a storyteller than a conference speaker. lost words: beyond the page is not just a game, but a way for people to learn about themselves as they experience the challenges of life. session description: lost words: beyond the page leads the player into a rabbit hole of emotions to emerge, weary but fulfilled, on the other side of grief. attend to see how narrative and gameplay work together to create a deep, emotional bond. how metaphors pull the player deeper into the experience and how psychology shaped a story of a girl, a gran and a fantasy world. 'unpacking': the fun behind the foley jeff van dyck i love sound and everything that comes with the production of capturing sound effects (foley). seeing how this small team (husband, wife, and daughter) took on the challenge of not only creating 14,000 unique sounds, but also integrating all 14,000 sound files into the game and how that created its own set of challenges. session description: "unpacking has 14,000 foley audio files!" was a tweet that went viral in nov 2021. audio director and composer jeff van dyck (alien isolation, total war, ea sports) takes us through the unexpected complexity he and his wife angela encountered while they produced the foley for unpacking. understanding nfts: a sea-change for f2p games jordan blackman this session was exactly what i was hoping for: more insight into the new world of nfts (non-fungible tokens), blockchain, and crypto, and how they can impact f2p (free-to-play) games. as web3 games are developed, we will see more disruption to the current f2p space because these games are powered by the player community and not a single entity. session description: nfts are a consumer-driven phenomenon growing at dizzying speeds. more than merely a new way to offer iap, nft technology is set to disrupt game fundraising, community development, social media marketing, and even the very nature of the consumer/creator relationship. in this session, game designer jordan blackman will show the surprising ways nfts are already changing the game, as well as some predictions of what is to come. 'wordle': doing the opposite of what you're meant to josh wardle i am one who has definitely been swept up in the wordle craze, and getting to hear from the creator of wordle, josh wardle ... yes that is his name, was fascinating. the story of how he created the game was simple. the stories he shared about the simple connections people were making through sharing their daily wordle were absolutely wonderful. session description: wordle went from a personal gift to a global phenomenon in 3 months. this talk explores the decisions that were made throughout its development that run contrary to conventional wisdom around building successful mobile games, from wordle's origins to its seven-figure sale to the new york times. the talk also explores the human elements and considerations of creating, growing, and selling a game, both from the perspective of the developer and the game's audience. gdc vault: stream on-demand even though the conference has concluded, many of the sessions will be available to stream on-demand through the gdc vault. sponsored sessions are available for free, while technical sessions and gdc show content will require a paid subscription. if you are looking for samsung content, be sure to check out the following samsung sessions that were presented at gdc. you can view two of the sessions on youtube and all are available on the gdc vault. game performance optimization with causal models youtube · gdc vault what if your phone's avatar is in the game or metaverse? youtube · gdc vault new gpu, the ultimate reality! gdc vault unfolding your gaming potential with galaxy gamedev gdc vault awards show celebration the high point of the conference definitely was the awards show, presented by both the independent games festival and the game developers choice awards. the evening was full of recognizing not only the amazing winners, but all those nominated and truly how creative, innovative, and engaging the past year in game development has been. you can check out the full awards show below. inscryption the big winner of the evening was inscryption, taking home not only game of the year from game developers choice awards, but also the grand prize award from igf, along with awards for excellence in audio, excellence in design, and excellence in narrative. game description: from the creator of pony island and the hex comes the latest mind melting, self-destructing love letter to video games. inscryption is an inky black card-based odyssey that blends the deckbuilding roguelike, escape-room style puzzles, and psychological horror into a blood-laced smoothie. darker still are the secrets inscrybed upon the cards... unpacking the viral game with over 14,000 sounds somehow turned the painstaking task of unpacking boxes into an experience of peace and tranquility. unpacking won both the game developers choice award for best innovation and for best audio. game description: unpacking is a zen game about the familiar experience of pulling possessions out of boxes and fitting them into a new home. part block-fitting puzzle, part home decoration, you are invited to create a satisfying living space while learning clues about the life you're unpacking. over the course of eight house moves, you are given a chance to experience a sense of intimacy with a character you never see and a story you're never told. papetura the game i am most excited about is papetura, winners of igf’s excellence in visual art award. the mysterious and artistically quirky world is an absolute pleasure for the eyes, playing out in a real-life, stop-motion world. game description: papetura is an atmospheric point & click adventure game, handcrafted entirely out of paper. little creatures pape and tura will face monsters that will try to burn down their beloved paper world. closing these are just a few of the many highlights i experienced during gdc this past year. explore the gdc vault for yourself to experience gdc 2022 and impact the game developer community with whatever your expertise may be. see you at gdc 2023, march 20-24 in san francisco! official conference photos were made available via the gdc flickr account: www.flickr.com/photos/officialgdc. learn more about gaming trends and samsung’s participation at this year’s game developers conference here. be sure to also follow us on @samsung_dev to keep up-to-date on the latest developer news, and keep an eye on our blogs for other helpful resources. you can also sign up for the samsung developer program to take advantage of exclusive benefits and access helpful developer resources.
Tony Morelan
Develop Smart Signage
docapplication security this topic describe the security of applications which run on samsung devices related info web security testing guide owasp secure software development lifecycle microsoft security development lifecycle sdl cwe list version 4 6 overview security is becoming an important issue with the increase of various smart devices in order to protect data from users and businesses, samsung devices are enhancing security in several layers, from hardware to software as samsung device applications are also software driven by samsung, the security needs to be taken into account samsung device applications can store important information such as code and key values and personal information of the user, which is an important resource that must be protected these resources can be leaked due to a variety of reasons, such as a simple mistake by a developer or hacking by an attacker in order to safeguard this, samsung device applications need to be developed according to secure by design in particular, the personal information of the user should comply with the policy related to the personal information for each country secure by design all software within the devices developed by samsung are based on the secure development lifecycle sdl model, and development step is divided into analysis, design, implementation, and testing, so vulnerability should be removed by performing a security review at each step from the same point of view, applications operating on samsung device should maintain the same security level for this, we recommend that you consider security in the application development phase by referring to the following step-by-step security review security in the analysis/design phase you should identify important information that is stored and transferred and ensure that the information is handled safely if you receive user input, you should review that you do not require more information than you need, and there is no issue with the input format you must identify the important information to be used and ensure that the information is displayed on vulnerable areas in the flow of the program in particular, when transmitting important information outside the device, you need to ensure that it communicates with the specified server through a secured channel at the time of designing, you must first define important information that needs to be protected and design it in a proper manner to protect it security in the implementation phase it must be implemented in compliance with security rules to prevent information in the software from being leaked through known vulnerabilities important information obtained in the design phase should be stored by applying security techniques such as encryption and make sure that it does not exist in plain text within the program establish secure coding rules for each language and proceed with development accordingly you must use only the minimum permissions required and notify the user of the permissions you use you should make sure that the security channel is properly set on the network, and the latest version of the technology is applied if you use encryption algorithms, you must use them securely using verified standard algorithms where vulnerabilities are not reported security in test phase security checks must be performed before deployment to prevent security issues and maintain security through maintenance after deployment before deployment, it is necessary to verify that there is no issue with analysis, design, and implementation when actually operated through simulated hacking, packet checking, etc after deployment, if a new vulnerability is found or a modification occurs in the security check, it must be patched and applied to all users as soon as possible security review process in order to maintain the security of the application ecosystem, samsung is performing security checks on the submitted applications samsung checks the risk or misuse cases that may occur due to the submitted applications, and if there is an issue, the deployment process can be stopped and the application submitter can be advised to fix it application security guide this section provides basic security guidelines to consider in the development of applications for a safe and reliable application running environment, we recommend that you proceed with the following points in the development phase data protection three key factors for data protection are confidentiality, integrity, and availability if an application sends or stores sensitive information, the application must encrypt data stored on these devices and protect it from attackers it is very important to protect sensitive data such as user credentials or personal information in application security if the mechanism of the operating system is not used correctly, sensitive data can be unintentionally exposed definition of sensitive data personally identifiable information that can be exploited for identity theft for example, resident registration number, social security number, credit card number, bank account number, health information, etc sensitive data that can lead to loss of honor and loss of money if leaked all data that must be protected for legal or compliance reasons security item description data protection sensitive data, such as passwords or pin data, should not be exposed through the user interface the key values used by the application must be hardcoded or not stored in plain text sensitive data should not be stored in an application container or external storage sensitive data should not be recorded in the application log sensitive data should not be shared with third parties unless it is necessary in the architecture sensitive data should not be shared with third parties unless it is necessary in the architecture keyboard cache must be disabled from the text input that processes sensitive data sensitive data should not be exposed even during internal communication you should ensure that the data stored in the client-side storage ex html5 local storage, session store, indexeddb, regular cookie, or flash cookie does not contain sensitive data make sure that you have provided clear t&c for the collection and use of the provided personal information and that you have provided selective consent to the use of that data before you use it reference links european union general data protection regulation gdpr overvieweuropean union data protection supervisor - internet privacy engineering networkapplication development privacy guide table 1 data protection security description and reference links authentication if there is a feature to log-in to the remote service by the user, it must be configured through security design even when most of the logic is operating on a remote service, the device must also meet security requirements on how to manage user accounts and sessions security item description authentication if the application provides remote services to the user, user name and password authentication must be performed from the remote service if you use status storage session management, the remote service must authenticate the client request using the randomly generated session identifier without sending the user's credentials if using stateless token-based authentication, the remote services must provide signed tokens using security algorithms when a user logs out, the remote service must end the existing session table 2 authentication security description access control an application can access a resource only if it has access to it security item description access control application must require only the minimum access required application must use the privilege that match the permissions and specify the privileges used when accessing user data, make sure that the principle of minimum access privilege requirement is followed applications must have access to apis, data files, urls, controllers, directories, services, and other resources with minimal access required you should verify and process all input from external resources and users this should include data received through the ui, a user-defined url, inter-process communication ipc , etc if an application uses a completely unprotected custom url, you should not export sensitive information important data or apis must be protected from user access other than data owners reference links owasp cheat sheet access control table 3 access control security description and reference links communications when the network is used, the application should not display the transmitted/received content using a secured channel security item description communications data must be encrypted on the network using tls transport layer security security channels must be used consistently throughout the application the setting of the security channel must be configured to protect information safely the data being transmitted must be protected from being snatched/taken over in the middle ex defence against man in the middle attack reference links owasp – tls cheat sheet table 4 communications security description and reference links input validation you must defend the command insertion attack through validating the validity of input value input value validation should be considered at all stages of development security item description input validation input values must process the data based on type and content, applicable laws, regulations and other policy compliance, and define how to handle it you must ensure that input validation is performed on a trusted service layer you need to check whether it protects against parameter attacks such as mass parameter allocation attacks or unsafe parameter allocation all possible input values e g html form fields, rest requests, url parameters, http headers, cookies, batch files, rss feeds, etc must be checked using validation ex whitelist you should check whether the values entered are in the correct form in well-defined schemas, including allowed characters, lengths, and patterns the url redirection and forward should display a warning that only whitelist targets are allowed or that you are connecting with potentially untrusted content make sure you use memory safety strings, secure memory copy, and pointer calculation to detect or prevent stacks, buffers, or heap overflows in order to prevent integer overflow, you need to make sure that sign, range, and input validation techniques are used reference links xml external entity xxe prevention cheat sheetreducing xss by way of automatic context-aware escaping in template systems table 5 input validation security description and reference links password management in case of application with different user password, security settings are required for them security item description password management you must ensure that the password does not contain spaces and cut/copy is not performed in the password change feature, you should check that the user's current password and new password are required it is recommended to provide a password strength meter so that users can set a stronger password it is also recommended to provide rules that limit allowed character types uppercase letter, numeric, special characters you should check that it is recommended to change your user password within the right due date do not store the user password in the application's properties or settings file in plain text or recoverable form passwords must be stored, transferred, and compared in a hashed state using a standard hash function to prevent random attacks, you should use the login limit number of login or captcha default password should not be generated make sure you do not show the key information, like passwords in the log reference links cwe-804 guessable captchacwe-836 use of password hash instead of password for authenticationcwe-257 storing passwords in a recoverable formatcwe-261 weak encoding for passwordcwe-263 password aging with long expiration table 6 password management security description and reference links session manager a session is a technique for controlling and maintaining the status of a user or device interacting with one user in a web application a session has a unique value for each user and cannot guess or share that value security item description session manager you should check that the session token is not exposed/displayed in the application's url parameter or error message make sure the application generates a new session token from user authentication you should check that the session token is stored using properly secured cookies or security methods you should check that a session token is generated using a standard encryption algorithm make sure the session is not reused by verifying that the session token is invalid when logout and session expires reference links owasp session management cheat sheetalgorithms, key size and parameters report 2014 table 7 session manager security description and reference links error handling the purpose of error handling is to allow applications to provide security events related to monitoring, status check, and increase in permission, and not just creating logs security item description error handling you must ensure that common error handling formats and access method are used you must make sure exception handling is used on the code base to explain expected and unexpected error conditions you must ensure that other error handlers that can prepare all unprocessed exceptions are defined in case of an error, you must make sure that the message shown to the user does not contain application-related technical or sensitive information we recommend using separate error codes for error support table 8 error handling security description release check the following before releasing the application security item description release application must be signed and distributed with a valid certificate, and the private key must be properly protected debugging code and developer support code test code, back door, hidden settings, etc must be removed deployed applications should not output or record detailed errors or debugging messages libraries and frameworks etc used by applications should be checked for known vulnerabilities the equipment used for release must be able to respond to external threats viruses, hacking, etc it should be built in release mode a separate debug message should not be left from the application if you include binary, debug information should be removed if a vulnerability occurs after release, you should update the application as soon as possible and always keep the latest version table 9 release security description
Develop Smart TV
docapplication security this topic describe the security of applications which run on samsung devices related info web security testing guide owasp secure software development lifecycle microsoft security development lifecycle sdl cwe list version 4 6 overview security is becoming an important issue with the increase of various smart devices in order to protect data from users and businesses, samsung devices are enhancing security in several layers, from hardware to software as samsung device applications are also software driven by samsung, the security needs to be taken into account samsung device applications can store important information such as code and key values and personal information of the user, which is an important resource that must be protected these resources can be leaked due to a variety of reasons, such as a simple mistake by a developer or hacking by an attacker in order to safeguard this, samsung device applications need to be developed according to secure by design in particular, the personal information of the user should comply with the policy related to the personal information for each country secure by design all software within the devices developed by samsung are based on the secure development lifecycle sdl model, and development step is divided into analysis, design, implementation, and testing, so vulnerability should be removed by performing a security review at each step from the same point of view, applications operating on samsung device should maintain the same security level for this, we recommend that you consider security in the application development phase by referring to the following step-by-step security review security in the analysis/design phase you should identify important information that is stored and transferred and ensure that the information is handled safely if you receive user input, you should review that you do not require more information than you need, and there is no issue with the input format you must identify the important information to be used and ensure that the information is displayed on vulnerable areas in the flow of the program in particular, when transmitting important information outside the device, you need to ensure that it communicates with the specified server through a secured channel at the time of designing, you must first define important information that needs to be protected and design it in a proper manner to protect it security in the implementation phase it must be implemented in compliance with security rules to prevent information in the software from being leaked through known vulnerabilities important information obtained in the design phase should be stored by applying security techniques such as encryption and make sure that it does not exist in plain text within the program establish secure coding rules for each language and proceed with development accordingly you must use only the minimum permissions required and notify the user of the permissions you use you should make sure that the security channel is properly set on the network, and the latest version of the technology is applied if you use encryption algorithms, you must use them securely using verified standard algorithms where vulnerabilities are not reported security in test phase security checks must be performed before deployment to prevent security issues and maintain security through maintenance after deployment before deployment, it is necessary to verify that there is no issue with analysis, design, and implementation when actually operated through simulated hacking, packet checking, etc after deployment, if a new vulnerability is found or a modification occurs in the security check, it must be patched and applied to all users as soon as possible security review process in order to maintain the security of the application ecosystem, samsung is performing security checks on the submitted applications samsung checks the risk or misuse cases that may occur due to the submitted applications, and if there is an issue, the deployment process can be stopped and the application submitter can be advised to fix it application security guide this section provides basic security guidelines to consider in the development of applications for a safe and reliable application running environment, we recommend that you proceed with the following points in the development phase data protection three key factors for data protection are confidentiality, integrity, and availability if an application sends or stores sensitive information, the application must encrypt data stored on these devices and protect it from attackers it is very important to protect sensitive data such as user credentials or personal information in application security if the mechanism of the operating system is not used correctly, sensitive data can be unintentionally exposed definition of sensitive data personally identifiable information that can be exploited for identity theft for example, resident registration number, social security number, credit card number, bank account number, health information, etc sensitive data that can lead to loss of honor and loss of money if leaked all data that must be protected for legal or compliance reasons security item description data protection sensitive data, such as passwords or pin data, should not be exposed through the user interface the key values used by the application must be hardcoded or not stored in plain text sensitive data should not be stored in an application container or external storage sensitive data should not be recorded in the application log sensitive data should not be shared with third parties unless it is necessary in the architecture sensitive data should not be shared with third parties unless it is necessary in the architecture keyboard cache must be disabled from the text input that processes sensitive data sensitive data should not be exposed even during internal communication you should ensure that the data stored in the client-side storage ex html5 local storage, session store, indexeddb, regular cookie, or flash cookie does not contain sensitive data make sure that you have provided clear t&c for the collection and use of the provided personal information and that you have provided selective consent to the use of that data before you use it reference links european union general data protection regulation gdpr overvieweuropean union data protection supervisor - internet privacy engineering networkapplication development privacy guide table 1 data protection security description and reference links authentication if there is a feature to log-in to the remote service by the user, it must be configured through security design even when most of the logic is operating on a remote service, the device must also meet security requirements on how to manage user accounts and sessions security item description authentication if the application provides remote services to the user, user name and password authentication must be performed from the remote service if you use status storage session management, the remote service must authenticate the client request using the randomly generated session identifier without sending the user's credentials if using stateless token-based authentication, the remote services must provide signed tokens using security algorithms when a user logs out, the remote service must end the existing session table 2 authentication security description access control an application can access a resource only if it has access to it security item description access control application must require only the minimum access required application must use the privilege that match the permissions and specify the privileges used when accessing user data, make sure that the principle of minimum access privilege requirement is followed applications must have access to apis, data files, urls, controllers, directories, services, and other resources with minimal access required you should verify and process all input from external resources and users this should include data received through the ui, a user-defined url, inter-process communication ipc , etc if an application uses a completely unprotected custom url, you should not export sensitive information important data or apis must be protected from user access other than data owners reference links owasp cheat sheet access control table 3 access control security description and reference links communications when the network is used, the application should not display the transmitted/received content using a secured channel security item description communications data must be encrypted on the network using tls transport layer security security channels must be used consistently throughout the application the setting of the security channel must be configured to protect information safely the data being transmitted must be protected from being snatched/taken over in the middle ex defence against man in the middle attack reference links owasp – tls cheat sheet table 4 communications security description and reference links input validation you must defend the command insertion attack through validating the validity of input value input value validation should be considered at all stages of development security item description input validation input values must process the data based on type and content, applicable laws, regulations and other policy compliance, and define how to handle it you must ensure that input validation is performed on a trusted service layer you need to check whether it protects against parameter attacks such as mass parameter allocation attacks or unsafe parameter allocation all possible input values e g html form fields, rest requests, url parameters, http headers, cookies, batch files, rss feeds, etc must be checked using validation ex whitelist you should check whether the values entered are in the correct form in well-defined schemas, including allowed characters, lengths, and patterns the url redirection and forward should display a warning that only whitelist targets are allowed or that you are connecting with potentially untrusted content make sure you use memory safety strings, secure memory copy, and pointer calculation to detect or prevent stacks, buffers, or heap overflows in order to prevent integer overflow, you need to make sure that sign, range, and input validation techniques are used reference links xml external entity xxe prevention cheat sheetreducing xss by way of automatic context-aware escaping in template systems table 5 input validation security description and reference links password management in case of application with different user password, security settings are required for them security item description password management you must ensure that the password does not contain spaces and cut/copy is not performed in the password change feature, you should check that the user's current password and new password are required it is recommended to provide a password strength meter so that users can set a stronger password it is also recommended to provide rules that limit allowed character types uppercase letter, numeric, special characters you should check that it is recommended to change your user password within the right due date do not store the user password in the application's properties or settings file in plain text or recoverable form passwords must be stored, transferred, and compared in a hashed state using a standard hash function to prevent random attacks, you should use the login limit number of login or captcha default password should not be generated make sure you do not show the key information, like passwords in the log reference links cwe-804 guessable captchacwe-836 use of password hash instead of password for authenticationcwe-257 storing passwords in a recoverable formatcwe-261 weak encoding for passwordcwe-263 password aging with long expiration table 6 password management security description and reference links session manager a session is a technique for controlling and maintaining the status of a user or device interacting with one user in a web application a session has a unique value for each user and cannot guess or share that value security item description session manager you should check that the session token is not exposed/displayed in the application's url parameter or error message make sure the application generates a new session token from user authentication you should check that the session token is stored using properly secured cookies or security methods you should check that a session token is generated using a standard encryption algorithm make sure the session is not reused by verifying that the session token is invalid when logout and session expires reference links owasp session management cheat sheetalgorithms, key size and parameters report 2014 table 7 session manager security description and reference links error handling the purpose of error handling is to allow applications to provide security events related to monitoring, status check, and increase in permission, and not just creating logs security item description error handling you must ensure that common error handling formats and access method are used you must make sure exception handling is used on the code base to explain expected and unexpected error conditions you must ensure that other error handlers that can prepare all unprocessed exceptions are defined in case of an error, you must make sure that the message shown to the user does not contain application-related technical or sensitive information we recommend using separate error codes for error support table 8 error handling security description release check the following before releasing the application security item description release application must be signed and distributed with a valid certificate, and the private key must be properly protected debugging code and developer support code test code, back door, hidden settings, etc must be removed deployed applications should not output or record detailed errors or debugging messages libraries and frameworks etc used by applications should be checked for known vulnerabilities the equipment used for release must be able to respond to external threats viruses, hacking, etc it should be built in release mode a separate debug message should not be left from the application if you include binary, debug information should be removed if a vulnerability occurs after release, you should update the application as soon as possible and always keep the latest version table 9 release security description
Develop Smart Hospitality Display
docapplication security this topic describe the security of applications which run on samsung devices related info web security testing guide owasp secure software development lifecycle microsoft security development lifecycle sdl cwe list version 4 6 overview security is becoming an important issue with the increase of various smart devices in order to protect data from users and businesses, samsung devices are enhancing security in several layers, from hardware to software as samsung device applications are also software driven by samsung, the security needs to be taken into account samsung device applications can store important information such as code and key values and personal information of the user, which is an important resource that must be protected these resources can be leaked due to a variety of reasons, such as a simple mistake by a developer or hacking by an attacker in order to safeguard this, samsung device applications need to be developed according to secure by design in particular, the personal information of the user should comply with the policy related to the personal information for each country secure by design all software within the devices developed by samsung are based on the secure development lifecycle sdl model, and development step is divided into analysis, design, implementation, and testing, so vulnerability should be removed by performing a security review at each step from the same point of view, applications operating on samsung device should maintain the same security level for this, we recommend that you consider security in the application development phase by referring to the following step-by-step security review security in the analysis/design phase you should identify important information that is stored and transferred and ensure that the information is handled safely if you receive user input, you should review that you do not require more information than you need, and there is no issue with the input format you must identify the important information to be used and ensure that the information is displayed on vulnerable areas in the flow of the program in particular, when transmitting important information outside the device, you need to ensure that it communicates with the specified server through a secured channel at the time of designing, you must first define important information that needs to be protected and design it in a proper manner to protect it security in the implementation phase it must be implemented in compliance with security rules to prevent information in the software from being leaked through known vulnerabilities important information obtained in the design phase should be stored by applying security techniques such as encryption and make sure that it does not exist in plain text within the program establish secure coding rules for each language and proceed with development accordingly you must use only the minimum permissions required and notify the user of the permissions you use you should make sure that the security channel is properly set on the network, and the latest version of the technology is applied if you use encryption algorithms, you must use them securely using verified standard algorithms where vulnerabilities are not reported security in test phase security checks must be performed before deployment to prevent security issues and maintain security through maintenance after deployment before deployment, it is necessary to verify that there is no issue with analysis, design, and implementation when actually operated through simulated hacking, packet checking, etc after deployment, if a new vulnerability is found or a modification occurs in the security check, it must be patched and applied to all users as soon as possible security review process in order to maintain the security of the application ecosystem, samsung is performing security checks on the submitted applications samsung checks the risk or misuse cases that may occur due to the submitted applications, and if there is an issue, the deployment process can be stopped and the application submitter can be advised to fix it application security guide this section provides basic security guidelines to consider in the development of applications for a safe and reliable application running environment, we recommend that you proceed with the following points in the development phase data protection three key factors for data protection are confidentiality, integrity, and availability if an application sends or stores sensitive information, the application must encrypt data stored on these devices and protect it from attackers it is very important to protect sensitive data such as user credentials or personal information in application security if the mechanism of the operating system is not used correctly, sensitive data can be unintentionally exposed definition of sensitive data personally identifiable information that can be exploited for identity theft for example, resident registration number, social security number, credit card number, bank account number, health information, etc sensitive data that can lead to loss of honor and loss of money if leaked all data that must be protected for legal or compliance reasons security item description data protection sensitive data, such as passwords or pin data, should not be exposed through the user interface the key values used by the application must be hardcoded or not stored in plain text sensitive data should not be stored in an application container or external storage sensitive data should not be recorded in the application log sensitive data should not be shared with third parties unless it is necessary in the architecture sensitive data should not be shared with third parties unless it is necessary in the architecture keyboard cache must be disabled from the text input that processes sensitive data sensitive data should not be exposed even during internal communication you should ensure that the data stored in the client-side storage ex html5 local storage, session store, indexeddb, regular cookie, or flash cookie does not contain sensitive data make sure that you have provided clear t&c for the collection and use of the provided personal information and that you have provided selective consent to the use of that data before you use it reference links european union general data protection regulation gdpr overvieweuropean union data protection supervisor - internet privacy engineering networkapplication development privacy guide table 1 data protection security description and reference links authentication if there is a feature to log-in to the remote service by the user, it must be configured through security design even when most of the logic is operating on a remote service, the device must also meet security requirements on how to manage user accounts and sessions security item description authentication if the application provides remote services to the user, user name and password authentication must be performed from the remote service if you use status storage session management, the remote service must authenticate the client request using the randomly generated session identifier without sending the user's credentials if using stateless token-based authentication, the remote services must provide signed tokens using security algorithms when a user logs out, the remote service must end the existing session table 2 authentication security description access control an application can access a resource only if it has access to it security item description access control application must require only the minimum access required application must use the privilege that match the permissions and specify the privileges used when accessing user data, make sure that the principle of minimum access privilege requirement is followed applications must have access to apis, data files, urls, controllers, directories, services, and other resources with minimal access required you should verify and process all input from external resources and users this should include data received through the ui, a user-defined url, inter-process communication ipc , etc if an application uses a completely unprotected custom url, you should not export sensitive information important data or apis must be protected from user access other than data owners reference links owasp cheat sheet access control table 3 access control security description and reference links communications when the network is used, the application should not display the transmitted/received content using a secured channel security item description communications data must be encrypted on the network using tls transport layer security security channels must be used consistently throughout the application the setting of the security channel must be configured to protect information safely the data being transmitted must be protected from being snatched/taken over in the middle ex defence against man in the middle attack reference links owasp – tls cheat sheet table 4 communications security description and reference links input validation you must defend the command insertion attack through validating the validity of input value input value validation should be considered at all stages of development security item description input validation input values must process the data based on type and content, applicable laws, regulations and other policy compliance, and define how to handle it you must ensure that input validation is performed on a trusted service layer you need to check whether it protects against parameter attacks such as mass parameter allocation attacks or unsafe parameter allocation all possible input values e g html form fields, rest requests, url parameters, http headers, cookies, batch files, rss feeds, etc must be checked using validation ex whitelist you should check whether the values entered are in the correct form in well-defined schemas, including allowed characters, lengths, and patterns the url redirection and forward should display a warning that only whitelist targets are allowed or that you are connecting with potentially untrusted content make sure you use memory safety strings, secure memory copy, and pointer calculation to detect or prevent stacks, buffers, or heap overflows in order to prevent integer overflow, you need to make sure that sign, range, and input validation techniques are used reference links xml external entity xxe prevention cheat sheetreducing xss by way of automatic context-aware escaping in template systems table 5 input validation security description and reference links password management in case of application with different user password, security settings are required for them security item description password management you must ensure that the password does not contain spaces and cut/copy is not performed in the password change feature, you should check that the user's current password and new password are required it is recommended to provide a password strength meter so that users can set a stronger password it is also recommended to provide rules that limit allowed character types uppercase letter, numeric, special characters you should check that it is recommended to change your user password within the right due date do not store the user password in the application's properties or settings file in plain text or recoverable form passwords must be stored, transferred, and compared in a hashed state using a standard hash function to prevent random attacks, you should use the login limit number of login or captcha default password should not be generated make sure you do not show the key information, like passwords in the log reference links cwe-804 guessable captchacwe-836 use of password hash instead of password for authenticationcwe-257 storing passwords in a recoverable formatcwe-261 weak encoding for passwordcwe-263 password aging with long expiration table 6 password management security description and reference links session manager a session is a technique for controlling and maintaining the status of a user or device interacting with one user in a web application a session has a unique value for each user and cannot guess or share that value security item description session manager you should check that the session token is not exposed/displayed in the application's url parameter or error message make sure the application generates a new session token from user authentication you should check that the session token is stored using properly secured cookies or security methods you should check that a session token is generated using a standard encryption algorithm make sure the session is not reused by verifying that the session token is invalid when logout and session expires reference links owasp session management cheat sheetalgorithms, key size and parameters report 2014 table 7 session manager security description and reference links error handling the purpose of error handling is to allow applications to provide security events related to monitoring, status check, and increase in permission, and not just creating logs security item description error handling you must ensure that common error handling formats and access method are used you must make sure exception handling is used on the code base to explain expected and unexpected error conditions you must ensure that other error handlers that can prepare all unprocessed exceptions are defined in case of an error, you must make sure that the message shown to the user does not contain application-related technical or sensitive information we recommend using separate error codes for error support table 8 error handling security description release check the following before releasing the application security item description release application must be signed and distributed with a valid certificate, and the private key must be properly protected debugging code and developer support code test code, back door, hidden settings, etc must be removed deployed applications should not output or record detailed errors or debugging messages libraries and frameworks etc used by applications should be checked for known vulnerabilities the equipment used for release must be able to respond to external threats viruses, hacking, etc it should be built in release mode a separate debug message should not be left from the application if you include binary, debug information should be removed if a vulnerability occurs after release, you should update the application as soon as possible and always keep the latest version table 9 release security description
Distribute Galaxy Store
docapp distribution guide for the benefit of its developers and customers, samsung ensures the applications apps meet high standards of quality samsung, at its sole discretion and without the consent of any other parties, reserves the right to publish, withhold publication, and remove from publication in the samsung galaxy store all applications apps submitted for publication and being published if an app meets all samsung publication policy requirements, but they do not comply with the local laws or customs of one or more publication countries in the app registration, those countries may be removed from the app’s publication while the app is published in galaxy store, if users find app content or functions to be objectionable to users, to no longer comply with local laws of publication countries, or to no longer comply with samsung publication policy, samsung can stop app publication all apps must meet the requirements in order to pass publication review for apps to be available in galaxy store for download, and have paid app and in-app item sales supported 1 performance this section relates to app operations 1 1 functionality 1 1 1 app installation, launch, termination, and uninstallation must succeed without errors 1 1 2 app features must not crash or cause functional problems 1 1 3 apps must not include hidden features 1 1 4 trial or beta version binaries must not be submitted 1 1 5 for apps that require user login, login info such as user id and password for a user account to be used to test the app must be provided during app registration 1 1 6 apps must not include malware or viruses 1 1 7 apps must not generate icon shortcuts or bundles 1 1 8 apps must not initiate or support automatic updates 1 1 9 apps must not interfere with the behavior of other apps 1 1 10 samsung in-app purchase iap is recommended to sell in-app products such as items and subscriptions for your safety and convenience 1 2 usability 1 2 1 apps must be valuable, entertaining, unique, or informative 1 2 2 apps must be unique in features and design multiple similar apps must not be submitted 1 2 3 apps must not contain an excessive number of advertisements, web clippings, website links, or videos that degrade the user experience 1 2 4 app graphics must be visible 1 2 5 app text must be readable and not be truncated or distorted 1 2 6 app screens must fill the device display screen 1 2 7 paid apps must not have unreasonably high prices 1 2 8 apps that offer app download inside the app are not allowed 1 3 metadata notemetadata refers to information about an app such as title, description, tags, screenshot and seller name 1 3 1 app metadata must be appropriate for users of all ages 1 3 2 if app registration specifies two or more publication countries, app metadata must support english as the default language 1 3 3 app registration preview images, screenshot images, and descriptions must accurately show and describe app functionality 1 3 4 if an app provides in-app item purchases or advertisements, this must be accurately shown and described in the app registration preview images, screenshot images, and descriptions 1 3 5 app metadata must not include irrelevant, misleading, or fraudulent keywords 1 3 6 app registration must specify the age rating and categories that are appropriate for the app noteif app registration does not specify them, samsung can change them appropriately 1 3 7 metadata must not promote other app stores, or mobile platforms 1 3 8 urls must not cause functional problems and the web resources of urls must not contain content that violates app distribution guide requirements including, but not limited to, malware and inappropriate or no content 1 4 hardware compatibility 1 4 1 apps must not make sounds in silent mode 1 4 2 apps must not change default settings of the user device 1 4 3 apps must not restart the user device 1 4 4 apps must not cause problems for embedded device features including, but not limited to, bluetooth, g-sensor, wi-fi, camera, call, volume/hold key, alarm, and sms/mms 1 4 5 apps must not cause problems for hardware and system events 1 4 6 apps must not crash when the user device is rotated and when device accessories including, but not limited to, earphones are plugged into or unplugged from the device 1 4 7 apps must not consume excessive battery current, generate excessive heat, or rapidly drain the user device battery 2 app content and behavior this section relates to app material and actions noteif app content violates local laws or customs, samsung may suspend app publication or remove countries from app publication 2 1 sexual content 2 1 1 apps must not visually or audibly present or encourage overt sexual concepts or content including, but not limited to, explicit nudity, exposed male or female genitalia, pornography, pedophilia, bestiality, sexually explicit behavior, and sexually suggestive poses 2 1 2 apps must not visually or audibly present or encourage exploitative sexual behavior including, but not limited to, sexual abuse, sexual assault, and bestiality 2 1 3 apps must not provide a method to access websites that have a sexual emphasis including, but not limited to, adult friend finder and dating websites 2 2 violence 2 2 1 apps must not visually or audibly present or encourage murder, suicide, torture, or abuse 2 2 2 apps must not visually or audibly present or encourage violence or criminal behavior that could instigate a crime 2 2 3 apps must not visually or audibly present or encourage violent threats toward people or animals 2 2 4 apps must not visually or audibly present or encourage recklessly gruesome content including, but not limited to, excessive bleeding 2 2 5 apps must not visually or audibly present or encourage use in the real world of weapons, bombs, terrorist actions, or other dangerous objects 2 2 6 apps must not contain content that could lead to self-harm, choking, serious injury, or death 2 3 alcohol, tobacco, and drugs 2 3 1 apps must not visually or audibly present or encourage the illegal use of alcohol, tobacco including electronic cigarettes , or drugs 2 3 2 apps must not visually or audibly present or encourage the sale of alcohol, tobacco including electronic cigarettes , or drugs to minors 2 3 3 apps must not encourage excessive consumption of or make unnecessary references to alcohol, tobacco, or drugs 2 3 4 apps that present medical information to users must notify users that the medical information could be inaccurate 2 3 5 app content must not contain unauthorized drugs, regulated drugs, dietary supplements, or products with names or designs that can cause user confusion 2 4 defamation and vulgarity 2 4 1 apps must not visually or audibly present content that could defame by slander or libel individual persons or groups of people based on race, gender, sexual preference or identity, ethnicity, nationality, disability, religion, political identity, or ideology 2 4 2 apps must not visually or audibly present excessively unpleasant, repellent, obscene, or vulgar language or expressions 2 4 3 apps must not visually or audibly present offensive, discriminatory, or inflammatory content about specific religious, social, or political parties, groups, or concepts 2 4 4 apps must not visually or audibly present content that reasonable public consensus may find to be improper or inappropriate 2 4 5 apps must meet all applicable censorship requirements of the countries the apps are published in including, but not limited to, political, social, conflict, and security censorship 2 5 games and gambling 2 5 1 apps must not offer or provide users with real money, electronic money, or prizes that have any monetary value including, but not limited to, gift cards and household appliances 2 5 2 apps must not promote or enable gambling including, but not limited to, lotteries, casino activities, sweepstakes, and sports betting 2 5 3 for game apps with an 19+ age restriction that are published in south korea, the apps must be granted game rating and administration committee grac rating certificate noteon a case-by-case basis and subject to applicable laws and other criteria, local samsung subsidiaries may approve apps 2 6 user-generated content 2 6 1 apps with user-generated content must have a mechanism to filter restricted content from the app 2 6 2 apps with user-generated content must provide measures to resolve intellectual property infringement 2 6 3 apps with user-generated content must provide users with a method and instructions to report to the app’s registering person or entity issues of restricted content or intellectual property infringement 2 7 advertisements 2 7 1 ads must be clearly identified as ads and must not harm app or device usability 2 7 2 ads must provide close and skip buttons and make them clearly visible 2 7 3 the content of ads must be appropriate for the app’s age rating 2 7 4 apps must not contain or present ads that have the following types of content • violence toward or abuse of humans or animals • sexual content including, but not limited to, pornography, pedophilia, and bestiality • websites that have a sexual emphasis or adult toys, videos, or products including, but not limited to, adult friend finder and dating websites • ads in kids category apps that contain content that is not appropriate for children • obscene, vulgar, or inappropriate language • defamatory, libelous, slanderous, or unlawful content • promotion of or unnecessary references to alcohol, tobacco including electronic cigarettes , and drugs • offensive references or discrimination towards individual persons or groups of people based on race, gender, sexual preference or identity, ethnicity, nationality, disability, religion, political identity, or ideology • overtly political communication • illegal activities, services, or substances • description, depiction, or encouragement of illegal substances • illegal, false, or deceptive investment or money-making advice, promotions, or opportunities • system notifications, push notifications, or similar notifications without user consent • pharmaceutical products that are not certified in the countries that the apps are published in • content that reasonable public consensus may find to be improper or inappropriate 3 legal this section relates to lawful matters in addition to the requirements below, apps must comply with the local laws of the country of sale be sure to check each country’s local laws 3 1 privacy 3 1 1 apps that access, collect, use, transmit, or share user data including, but not limited to, user location, calendar, and sms/mms information must comply with all applicable local laws, the european union’s general data protection regulation gdpr and the samsung service terms and conditions 3 1 2 apps that access, collect, use, transmit, or share user data must display a user data privacy policy in their apps and provide the url of the policy during app registration in seller portal 3 1 3 the app privacy policy must include the following information • collected user data items and types • purposes of using user data • list of third-parties with which the app shares user data and shared data types • user data items and data types that the app shares with third-parties • user data retention period and user data deletion for example, upon account deletion or app uninstallation • method of notifying users when the privacy policy is revised • user data-related privileges such as reading, revising, or deleting data that can be requested by users 3 1 4 when the user data privacy policy is revised, users must be notified when the privacy policy url is changed, the privacy policy url in the app registration must be updated 3 1 5 apps must not access, collect, use, transmit, or share user data without legitimate user consent in accordance with local laws 3 1 6 apps must not require that the user grant more permissions or provide more personal information than the minimum necessary for the app to successfully support its features 3 1 7 apps must not display advertisements or push messages based on user data without first getting user consent to do so 3 1 8 apps must not initiate or support security warnings or malicious means that try to get user data 3 2 intellectual property copyright, trademark etc 3 2 1 apps must not copy aspects of any app published in galaxy store 3 2 2 apps must not support the download of any other app by a direct method from inside the app for example, through an apk 3 2 3 apps must not display, depict, or use any samsung identifiers including, but not limited to, samsung brand names, logos, trademarks, and service marks 3 2 4 apps must not contain any reference that suggests that the app or its registering person or entity has a relationship with samsung or misleads users about any samsung device 3 2 5 apps that include free and open source software foss must comply with applicable open source software license terms and conditions 3 2 6 apps must not include, present, or use any material whose use is protected by the laws of any country that the app is published in including, but not limited to, copyrighted, trademarked, and patented material without first getting the permission of the rightful owner, maintain evidence of the permission, and must present a copy of the permission to samsung app content must not contain protected or slightly modified material without the owner’s consent, including, but not limited to • business names, trademarks, service marks, colors, fonts, or logos that can mislead users • watch brand names or logos, styles, or inspired designs • sports club names or logos, or official colors or design • names, images, and other content protected by intellectual property rights and publicity rights for example, from movies, tv, and game guides • fan-made content • protected logos or brand names of products including, but not limited to automobiles, motorcycles, handbags, and cameras • images of products including, but not limited to, automobiles, motorcycles, cameras, and handbags when the product brand can be identified • images of private buildings not visible from a public space, and copyrighted images of any building or structure for example, st peter’s basilica, illuminated eiffel tower, and the empire state building • works, names, photos, likenesses, or signatures of any person or celebrity generally, while they are living or less than 70 years after their death 3 2 7 for apps that include, present, or use material protected by the laws of the countries that the app is published in, or support a method to share or download material not owned by the person or entity who registered the app, the person or entity must first get the permission of the rightful owner, maintain evidence of the permission, and must present a copy of the permission to samsung noteif you find protected material inappropriately inside a galaxy store app or inappropriately available via a galaxy store app, please directly contact the app seller to resolve the issue in the case that the seller cannot be reached, you can report the violation here 3 3 kids category 3 3 1 apps published in the kids category of galaxy store • must comply with applicable children’s privacy laws and statutes of the countries that the apps are published in including, but not limited to, the children’s online privacy protection act coppa and european union’s general data protection regulation gdpr • must be designed for children under 13 years of age • must not contain links to outside of the app 3 4 miscellaneous 3 4 1 apps must comply with all local laws of the countries that the apps are published in 3 4 2 apps must observe and comply with all legal requirements and local customs of the countries that the apps are published in 3 4 3 for apps published in south korea • apps must comply with the act on promotion of information and communications network utilization and information protection, and all other relevant republic of korea laws • app registration must specify the required and optional permissions and describe why and how they are used • in-app payments/purchases apps offering forms or methods of randomized virtual items for purchase, such as but not limited to loot boxes or loot crates, must disclose the odds of receiving those items to customers prior to purchase noteyou can download the guideline on the disclosure of probability information in game rating and administration committee grac 3 4 4 apps must not visually or audibly present or encourage any type of the following content • overtly political communication • illegal activities, services, or substances • illegal, false, or deceptive investment or money-making advice, promotions, or opportunities • pharmaceutical products that are not certified in the countries that the apps are published in
Develop Samsung Pay
docweb checkout integration the samsung pay web checkout feature can be easily implemented on your website prerequisites before you can integrate samsung pay web checkout, the following requirements must be met you have a samsung pay merchant id to obtain it, complete the partner onboarding process the acquirer and issuer support tokenized transactions for in-app purchases, according to card network specifications integrating samsung pay web checkout to integrate the samsung pay web checkout solution to your website include the samsung pay web sdk javascript file in your website front-end <script src="https //img mpay samsung com/gsmpi/sdk/samsungpay_web_sdk js"></script> define the supported payment methods and samsung pay api version in the paymentmethods object you must also provide your unique merchant id in the serviceid key const paymentmethods = { "version" "2", "serviceid" "dcc1cbb25d6a470bb42926", "protocol" "protocol_3ds", "allowedbrands" ["visa","mastercard"] } initialize the samsung pay client by creating an instance of the paymentclient object you must also define the operation environment for your web checkout stage = staging environment, used for testing stage_without_apk = staging environment, used to simulate the testing process without using a device authorization visit staging without apk full guide here production = production environment, for actual payments const samsungpayclient = new samsungpay paymentclient {environment "stage"} ; if your project has a content-security-policy csp applied, please ensure that you add a nonce to the css to maintain compliance this can be done by updating your sdk configuration as follows const samsungpayclient = new samsungpay paymentclient {environment "stage", nonce "your-nonce"} ; check whether samsung pay is supported for the payment request, using the isreadytopay method with the paymentmethods object samsungpayclient isreadytopay paymentmethods then function response { if response result { // add a payment button } } catch function err { console error err ; } ; add the samsung pay button to your page using the official button asset <div id="samsungpay-container"> <button id="samsung-pay-btn"> <img src="/your/path /samsung-pay-button png" alt="samsung pay" style="{follow the samsung's official branding guideline}" /> </button> </div> notedownload the official samsung pay button image and branding guideline from download page and use it directly in your html as shown here download add your event handler to the button document getelementbyid "samsung-pay-btn" addeventlistener "click", onsamsungpaybuttonclicked ; create the transaction information the transactiondetail object contains the order number, merchant information, and total amount for the purchase const transactiondetail = { "ordernumber" "dstrf345789dsgty", "merchant" { "name" "virtual shop", "url" "virtualshop com", "id" "xn7qfnd", "countrycode" "us" }, "amount" { "option" "format_total_estimated_amount", "currency" "usd", "total" 300 } } launch the payment sheet when the onclick event is triggered, your event handler must call the loadpaymentsheet method, which initiates the web checkout ui flow when the user confirms the payment from their mobile device, you receive the paymentcredential object generated by the device extract the payment credential information from the 3ds data key within the paymentcredential object and process it through your payment provider inform the samsung server of the payment result using the notify method within the paymentresult object samsungpayclient loadpaymentsheet paymentmethods, transactiondetail then function paymentcredential { // process payment with provider const paymentresult = { "status" "charged", "provider" "pg name" } samsungpayclient notify paymentresult ; } catch error => { // show error in developer console for debugging console error err ; } ; payment credential sample the paymentcredential is the resulting output of the loadpaymentsheet method sample paymentcredential json output using jwe-only { "method" "3ds", "recurring_payment" false, "card_brand" "visa", "card_last4digits" "8226", "3ds" { "type" "s", "version" "100", "data" "eyjhbgcioijsu0exxzuilcjrawqioiixzhlsbkfvrvjttk53z0j0mmvzcevwu1poswrzzghqbvi3bzhqcdvkagvbpsisinr5cci6ikppu0uilcjjagfubmvsu2vjdxjpdhldb250zxh0ijoiulnbx1blssisimvuyyi6ikexmjhhq00ifq jykxn2h9pk1uj-4knpuij1r49ykw7-3aelznhadzsztclvjlhoyjomujfl1h21yq_5rmdwz9lj6o67j8m6kn_1dnkvnqaugi203ol5tegf-j15n_pcinj1nycfyivohazidbg9fq2nzts_muu9cvykiz-ifsuz6rfl9aiuoakjpctzpn8lwlddzxzme3j86sd45i-ahxwbujfvy9d2zrt1sddgoxgorjrzy3o5s29pybkaytjmcpc_jicu-sdsx3s1snm_cvhaqiccoxyidih6hfwo35fsswysvxu8yfpgtwbcdai9ujkptvr7npnp1ch85ja3dvw3mi87v-pwiqmw hdzesnbxu0d0t68e pcv1csibw7jgtlgfoovmebm-wggpw9rhonbkdb_qwwfl_cuf7_0nj_knuozq4pudk0_vzktbhi3kv0gt2ybmqs6zfpnxd3cdpgk_lyio8z8xciasoz5vltamjg7n5maadxxpvqwtcpk_tbksve2ke8w7r3u4kapfjl2ene06j3e4rkae367x8_aoxy2l3lhoeqzl4lfsntfs71xfc-s9h5-bgi2clkba-9hlrtpbxtumwa830rwywm7m fs5-tfbxq73l7icrrwkbla" } } the decrypted output will be similar to this { "amount" "100", "currency_code" "usd", "utc" "1719388643614", "eci_indicator" "5", "tokenpan" "5185731679991253", "tokenpanexpiration" "0127", "cryptogram" "akkeavcvwhfmammud6r3aoacfa==" } notefor information about the content of the paymentmethods, transactiondetail, and paymentcredential data structures, see the api reference decrypting payment credentials for security reasons, the payment credential data that you receive is protected by json web encryption jwe to decrypt the payment credentials generate a der file from your private key $ openssl pkcs8 -topk8 -in merchant key -outform der -nocrypt -out rsapriv der decrypt the jwe encrypted data sample implementation in java import java nio file files; import java nio file paths; import java security keyfactory; import java security interfaces rsaprivatekey; import java security spec pkcs8encodedkeyspec; import java util base64; import javax crypto cipher; import javax crypto spec gcmparameterspec; import javax crypto spec secretkeyspec; import com fasterxml jackson databind jsonnode; import com fasterxml jackson databind objectmapper; public class developerportalsample { public static void main string[] args throws exception { // example jwe string replace with your actual jwe and private key path string encryptedtext = {{encryptedpayload}}; string privatekeypath = " /rsapriv der"; string private_key = base64 getencoder encodetostring files readallbytes paths get privatekeypath ; string result = decryptjwe encryptedtext, private_key ; system out println result ; } public static string decryptjwe string encryptedtext, string privatekeytext throws exception { // split jwe parts by ' ' string delims = "[ ]"; string[] tokens = encryptedtext split delims ; if tokens length < 5 { throw new illegalargumentexception "invalid jwe format" ; } // decode and parse jwe header byte[] headerbytes = base64 geturldecoder decode tokens[0] ; string headerjson = new string headerbytes ; objectmapper mapper = new objectmapper ; jsonnode header = mapper readtree headerjson ; // extract algorithm information from header string alg = header has "alg" ? header get "alg" astext "rsa1_5"; string enc = header has "enc" ? header get "enc" astext "a128gcm"; // convert private key byte[] privatekeybytes = base64 getdecoder decode privatekeytext ; pkcs8encodedkeyspec privatekeyspec = new pkcs8encodedkeyspec privatekeybytes ; keyfactory keyfactory = keyfactory getinstance "rsa" ; rsaprivatekey privatekey = rsaprivatekey keyfactory generateprivate privatekeyspec ; // decode encrypted key, iv, ciphertext, and authentication tag byte[] enckey = base64 geturldecoder decode tokens[1] ; byte[] iv = base64 geturldecoder decode tokens[2] ; byte[] ciphertext = base64 geturldecoder decode tokens[3] ; byte[] tag = base64 geturldecoder decode tokens[4] ; // create cipher instance based on key management algorithm string keymanagementalgorithm; boolean useaad = false; if "rsa-oaep" equals alg { keymanagementalgorithm = "rsa/ecb/oaeppadding"; // at samsung, oaep uses aad additional authenticated data useaad = true; } else if "rsa1_5" equals alg { keymanagementalgorithm = "rsa/ecb/pkcs1padding"; // while rsa1_5 does not use aad useaad = false; } else { throw new illegalargumentexception "unsupported key management algorithm " + alg ; } // decrypt the cek content encryption key cipher decryptcipher = cipher getinstance keymanagementalgorithm ; decryptcipher init cipher decrypt_mode, privatekey ; byte[] plainenckey = decryptcipher dofinal enckey ; // create cipher instance based on content encryption algorithm string contentencryptionalgorithm; int gcmtaglength; if "a128gcm" equals enc || "a256gcm" equals enc { contentencryptionalgorithm = "aes/gcm/nopadding"; gcmtaglength = 128; } else { throw new illegalargumentexception "unsupported content encryption algorithm " + enc ; } // decrypt the content cipher contentcipher = cipher getinstance contentencryptionalgorithm ; gcmparameterspec gcmparameterspec = new gcmparameterspec gcmtaglength, iv ; secretkeyspec keyspec = new secretkeyspec plainenckey, "aes" ; contentcipher init cipher decrypt_mode, keyspec, gcmparameterspec ; // aad handling use base64url-encoded header bytes as aad if useaad { byte[] encodedheader = base64 geturlencoder withoutpadding encode headerbytes ; contentcipher updateaad encodedheader ; } // concatenate ciphertext and tag, then pass to dofinal byte[] cipherdata = new byte[ciphertext length + tag length]; system arraycopy ciphertext, 0, cipherdata, 0, ciphertext length ; system arraycopy tag, 0, cipherdata, ciphertext length, tag length ; byte[] plaintext = contentcipher dofinal cipherdata ; return new string plaintext, java nio charset standardcharsets utf_8 ; } sample implementation in c# using system; using system io; using system text; using system text json nodes; using system security cryptography; public static void main string[] args { // example jwe string replace with your actual jwe and private key path string encryptedtext = {{encryptedpayload}}; string privatekeypath = /rsapriv der"; // read the private key file der format byte[] privatekeybytes = file readallbytes privatekeypath ; // decrypt the jwe string result = decryptjwe encryptedtext, privatekeybytes ; // print the result console writeline result ; } public static string decryptjwe string encryptedtext, byte[] privatekeybytes { // split jwe parts by ' ' var parts = encryptedtext split ' ' ; if parts length < 5 throw new argumentexception "invalid jwe format" ; // decode and parse jwe header var headerbytes = base64urldecode parts[0] ; var headerjson = encoding utf8 getstring headerbytes ; var header = jsonnode parse headerjson ; // extract algorithm information from header string alg = header?["alg"]? tostring ?? "rsa1_5"; string enc = header?["enc"]? tostring ?? "a128gcm"; // convert private key assume pkcs8 der using var rsa = rsa create ; rsa importpkcs8privatekey privatekeybytes, out _ ; // decode encrypted key, iv, ciphertext, and authentication tag var enckey = base64urldecode parts[1] ; var iv = base64urldecode parts[2] ; var ciphertext = base64urldecode parts[3] ; var tag = base64urldecode parts[4] ; // create cipher instance based on key management algorithm bool useaad = false; if alg == "rsa-oaep" { // at samsung, oaep uses aad additional authenticated data useaad = true; } else if alg == "rsa1_5" { // while rsa1_5 does not use aad useaad = false; } else { throw new argumentexception $"unsupported key management algorithm {alg}" ; } // decrypt the cek content encryption key byte[] plainenckey = alg == "rsa-oaep" ? rsa decrypt enckey, rsaencryptionpadding oaepsha1 rsa decrypt enckey, rsaencryptionpadding pkcs1 ; // decrypt the content using var aes = new aesgcm plainenckey, 16 ; var plaintext = new byte[ciphertext length]; if useaad { // aad handling use base64url-encoded header bytes as aad var encodedheader = encoding ascii getbytes base64urlencode headerbytes ; aes decrypt iv, ciphertext, tag, plaintext, encodedheader ; } else { aes decrypt iv, ciphertext, tag, plaintext ; } return encoding utf8 getstring plaintext trimend '\0' ; } private static byte[] base64urldecode string input { string s = input replace '-', '+' replace '_', '/' ; switch s length % 4 { case 2 s += "=="; break; case 3 s += "="; break; } return convert frombase64string s ; } private static string base64urlencode byte[] input { return convert tobase64string input trimend '=' replace '+', '-' replace '/', '_' ; }
Develop TV Seller Office
docapplication ui description this topic describes the app ui description file, required when submitting an application to the samsung apps tv seller office application ui description template 348 73 kb when submitting your application, you must include the application ui description created using the provided template file the ui description documents your application ui and helps the qa certification team test the application efficiently you must update and resubmit the application ui description file whenever you submit an application update importantuse the provided template file and follow the instructions in it do not add or remove content from the template, or modify the structure by ensuring that your application ui description conforms to the template, you can ease and accelerate the testing required to approve your application for publication application ui description structure on the title slide, enter the application and content provider name the revision history documents the changes made to the application ui description include the file version, date, list of changes, and author you must also define the application version related to the file version the application ui description consists of the following parts ui structure illustrates the overall structure and navigation flow between application pages use cases provides detailed instructions for using the main application features menus and functions labels and describes the screen components for all application screens, using screenshots remote control keys describes the remote control key functions language options specifies whether the application language can be changed and how to do it noteif your application supports english, use english screenshots in the application ui description if english is not supported, provide translations for all screen texts ui structure use a flow graph, tree structure, or depth navigation diagram to illustrate the navigation between all screens in the application the ui structure diagram shows the overall structure of the application it does not show or describe the content on individual screens noteall application screens and navigation paths must be included in the ui structure diagram for clarity, show the application screens as named boxes, instead of using screenshots or photographs of the actual screens use cases describe the application functionality in detail, by dividing it into clear use cases a use case is a specific and defined task the user can or must do, such as searching for content or playing a video the use cases must cover the main functions or scenarios of the application in addition to application-specific features, you must also describe any general user login, menu browsing, and in-app purchase features warningdo not provide a list of application screens, describing what the user can do on each screen such information must be provided using screenshots in the menus and functions section the following guidelines apply to use case descriptions label each use case with a title for each use case, describe the steps the user must perform to do the task you can use text, figures, and screenshots in the descriptions since the launch process is the same for all applications, do not describe how to launch the application refer to application screens with the names you have defined for them in the ui structure diagram use case description method example using figures using text using screenshots table 1 ways to describe use cases missing information is a major cause for application rejection if your application includes any of the following features, you must provide additional information within the applicable use cases application feature required information missing information causes application rejection user login test account with a valid user id and password device activation test account that permits an unlimited number of activated devicesinstructions for activating the device at an external website, if needed in-app purchases valid credit card information for testingtest account with funds available for making purchasesvalid coupon or promotional codes, if supported gaming cheat codes or master account for accessing all game levelslist of correct responses to any trivia questions smart view mobile integration mobile application package attached to the tv application submissioninstructions for connecting the mobile application to the tv geolocation or ip-restricted access list of countries from which content can be accessed and permission to access the content through a vpntesting ip addresses added to allowed list table 2 information required to avoid application rejection importantthis part of the application ui description is a frequent cause for application rejection make sure your use case descriptions are complete and include all the information needed for the qa certification team to fully verify each use case menus and functions use labeled screenshots to describe the ui elements and their functions on each application screen the following guidelines apply to menu and function descriptions provide a screenshot of each screen defined in the ui structure diagram label all clickable and non-clickable ui elements with names or numbers if there are many elements, use number labels accompany each screenshot with a table describing the ui elements for clickable elements, describe what happens when the element is clicked provide english translations for titles, headings, and button labels, if needed importantthis part of the application ui description is a frequent cause for application rejection make sure your menu and function descriptions are complete providing only screenshots without function descriptions is not acceptable remote control keys list the key mappings for any remote control keys that have been mapped to custom functions in your application special function keys, such as the color, "info", and "tool" keys standard remote control keys whose function has been modified or disabled for example, if the "volume up" key is implemented to zoom in on an image warningthe "return" and "exit" keys are designed to return to the previous screen or close the application these functions are mandatory and common to all applications do not modify them language options if the application supports multiple languages, describe how the user can switch the application language, such as by changing the tv language or country settings, or selecting the language within the application settings if the application does not support multiple languages, state that the application has no language options
success story mobile
blogjeanne hsu, senior marketing manager for developer relations at samsung, chatted with yuki he, chairperson, ceo and founder of joyme. jeanne hsu (jh): yuki, what was your professional journey that led you to joyme? yuki he (yh): i entered the internet industry in 2003 and joined tencent in product management when they started their product team. i was doing entertainment and social apps like qq and qq pets. i enjoyed working in this industry and developed a more profound interest in social products. later on in 2013, i started working on overseas products, got familiar with the global internet market, and was responsible for a utility product. at that time, samsung also partnered with us to include our product. i also got a chance to visit samsung's south korean headquarters to discuss other partnership matters. in 2015, i participated in the entrepreneurial process of musical.ly (later became tiktok) as a director. i saw a promising future of combining live video and social interaction. i wanted to use both to connect people virtually and in real time no matter where they were located. i saw the vast opportunities in the u.s. market, so i left and decided to build my own company, joyme. jh: where is joyme located? yh: joyme is in various regions including the los angeles (u.s.), singapore, brazil, and the middle east. jh: how many employees work at joyme? yh: we have 500 people total including 300 employees and 200 contractors. jh: how did the relationship with samsung first start? yh: we published liveme in galaxy store in 2020. we already had a relationship with samsung from my previous work. so this was a natural extension of the partnership. jh: best of galaxy store award – 2021 best entertainment app for joyme's liveme app. what does it mean to win this award? yh: we take this award very seriously and especially thank samsung for the recognition. samsung has many users and is one of the largest store platforms in the world. samsung is a world-renowned company, with a prominent brand name. winning this award also gives us great motivation to continue creating even better products for samsung users. jh: in what ways have you promoted winning the award? yh: we have promoted this fantastic news through the media agency and received positive market feedback. we plan to promote the award-winning news through international media, liveme's social media, and the official website. we believe the recognition from samsung is going to boost our branding and let more samsung users get to know more about us. winning the award gives us great motivation to continue doing what we do best: give our users and the entertainment community the best service. liveme – 2021 best entertainment app jh: what have you noticed about mobile trends and liveme? yh: the mobile phone camera has changed people's lives when they interact with their phones. you can be anywhere in the world to connect online with people, show your talent, expand your circle of friends, and share parts of your life. bringing the community closer together is the original concept of liveme. i felt the video and interactive components were important. people can go online with liveme and feel happier. jh: are there any unique aspects or optimizations to the galaxy store version of liveme? yh: we integrated the payment channel sdk with the samsung iap (in-app purchase) sdk. our base operation is android. galaxy store is very good for the developer so we don't have to do different versions. it saves a lot of time and resources. in the future, we hope to have deeper integration with samsung. jh: how did you come up with the concept for liveme? yh: in 2015, livestream video was not as popular as it is now; people took pics. but the camera performance on mobile phones was becoming more sophisticated and advanced. i found that many users gradually developed taking videos on their mobile phones. video is a richer content carrier than still images or plain text. i could see the future of information transmission trends. then video transmission changed; it was faster and people could send full rich videos instead of choppy/frozen bits of pixels. now instead of just watching a video, people could interact with live video streams. users could respond with comments or emojis in real time. the live-stream video experience further enhanced the connection between people. for example, people can stay at home and make friends all over the world. they use this platform to show off their talents. having this vision of connecting the world was the original idea that inspired me to develop liveme. broadcasters and business model jh: i noticed on facebook that liveme's tagline reads: “create content, meet friends, and make money.” tell me more about liveme and the business model. how do the broadcasters make money? yh: broadcasters earn money by presenting engaging content in their livestream channel. they can build up a global fan base. then viewers can send virtual gifts to show their appreciation. they also encourage people to subscribe to their channel. for example, out of 100k people that enter a broadcaster's room, 20% could give them gifts like flower animations and virtual diamonds. the more gifts they receive from their fans, the better. it shows a very active community. some broadcasters see this as a hobby, but some make it their professional career. we're not talking about famous celebrities who have their own channels but rather the uber driver, bar singer or amateur dancer. they can use liveme as an entertainment channel and make money doing it as a living. we help 300,000 broadcasters earn money in the u.s. globally we have a million broadcasters that are making good money via liveme. it's a very powerful story. not only do they receive gifts from their fans, but they also get benefits from liveme. we also give the broadcasters gifts depending on the volume and activity of their fan base. it helps incent broadcasters to generate new content. every month, we give several millions of u.s. dollars to the broadcasters. what's more, we have an ongoing plan with a $60 million investment to support our broadcasters and creators. we're able to offer jobs to people all over: in the u.s., brazil, japan, and the middle east, just to mention a few. jh: what a strong message. “we believe in you, and are willing to pay you for your creativity attracting a large fan base.” it's an intriguing business model. what else are broadcasters doing to increase their audience? yh: we have talented broadcasters who create content and make friends by livestreaming. they can interact with viewers. fans can also beam in to the “room”, do challenges and play mini games with the broadcasters. there can be up to nine people in a livestreaming room. youtube cannot do that. fans then become part of the action with other community members. and there are more people who are commenting, giving gifts, and cheering these people on. having this very interactive community lends itself to many creative ideas. we can combine games with the livestreaming: in soccer, the broadcaster guards the goalpost and another person kicks the ball, in real-time. people can play casual games together. then the community interacts as they play games, dance or sing. it's very entertaining! app ideas, discoverability and reach jh: how many apps has joyme published, and how many are on galaxy store? yh: liveme and photogrid are the two main apps of joyme. liveme is a live video social app and photogrid is a video and photo editing app. both liveme and photogrid are on galaxy store. jh: where do you get your app ideas? yh: user feedback is important to us. they give us ideas and inspiration. we learn from other apps (funny and creative ideas from games and apps). we'll also run campaigns to celebrate special events like our 6th birthday this past april; fans sent us video birthday cards. we do marketing research to see if there is new technology we could use. for example, new technologies like virtual character ai improves the user creative experience in our apps. jh: what is the work flow when designing, developing and publishing an app? yh: there are six steps for our app development and publishing. first, we need to list out the product project needs. it is necessary to determine the project's overall plan, the timeline, the general framework, the main functions, and the core belief of the app. what are the needs of target users? what kind of value can this app create for the user? once the app has its primary functions defined, we research to understand potential competitors and competitive environment. for example, is it a saturated market or a competitive market? next is the realization of the app function by designing the first draft of ui and ux. after multiple meetings and rendering, we will have the final interface design ready. the product will then enter the research and development stage. while forming the app with programming, we prepare everything in the app store account for release. the next step is to test the app. we test the app thoroughly before release by having internal test users test the first version and extract user feedback to improve and optimize the user experience. finally, it is time to publish the app. we'll use the app store account to release and publish the tested app, and leave three to five days to fix any bugs after the app is released. jh: with all the competition for apps, what has been your strategy for discoverability? yh: we buy ads traditionally from google and meta, etc. every app developer does that. but we have a community of broadcasters who can promote our apps as well. they will share their live-steaming with their fans by cross-promoting from other channels they've cultivated. we can see that more people are making friends and enjoying the interaction with the broadcasters. friends are telling others about broadcasters that appeal to them. there's nothing more compelling than the “tell a friend” concept. we do some pr and marketing events. before covid, we used to do live in-person promotions with iheartradio; one was for the event music house. we hosted parties in la and san francisco with broadcasters, asking them to invite their friends to join in. we found that people share their experiences on social media. it was a fun way to promote the liveme app to their friends. now we hold other online events, building on our platform, so people worldwide can participate. jh: what has been your strategy for generating revenue? yh: liveme generates revenue by iap (in-app purchases) for virtual gifts to support favorite broadcasters or participate in in-app events. to encourage users to be more engaged, we create monthly competitions with different themes, holidays, and unique virtual 3d animation gifts to best express users' distinct support styles. jh: in the last five years, liveme is in 85 countries. how do you attribute your growth and expansion? yh: liveme started with multiple tests and trials in a few countries to build a solid foundation. in the early stages, it is necessary to confirm if the product provides valuable services for users that reflect the actual demand in a pilot before launching a large-scale expansion. the internet industry is getting so competitive that users' needs and requirements change every second. it is truly a great challenge for our developers. our fundamental strategy is making good products and services that genuinely exceed user expectations. joyme has also been exploring and improving under the same principle. jh: what is in the future for joyme / liveme? yh: our mission is to "connect the world and spread happiness." joyme will continue to devote itself to creating exciting pan-entertainment products. in the future, we will also develop immersive meta-universe experience products. everyone is facing different obstacles in life under the influence of the pandemic, so i hope joyme can create products that give more companionship, happiness, and love to bring our global users together. feedback and advice jh: what advice would you give developers looking to bring their apps to galaxy store? yh: for specifics about galaxy store, i recommend the following: become familiar with the policy for galaxy store. if developers ignore this, their apps will soon be off-line. understand how to control the risk of payments. different platforms have varying risks. get good feedback from users and cooperate with samsung. we do activities together with samsung and benefit from their promotions. incent galaxy store users. we give gifts to galaxy store users, such as free coins to buy gifts to send to broadcasters. it encourages users to buy more coins and engage with liveme. jh: why is it important to offer your app on galaxy store? yh: our main market is the u.s. and samsung has a major presence there. marketing jh: what are some of the ways you promote liveme? yh: here are our websites and channels: website - https://www.liveme.com/ facebook - https://www.facebook.com/streamliveme/ twitter - https://twitter.com/streamliveme (@streamlivem) youtube - https://www.youtube.com/c/livemeofficial/featured instagram - https://www.instagram.com/streamliveme/ diversity and inclusion jh: what is joyme doing related to diversity and inclusion? yh: joyme supports multiple languages and is available in many countries, so focusing on content localization based on local culture, trends, and holidays is essential. we are committed to meeting the needs of our diverse users and respecting different cultures and religions. our goal is to create a supportive community that includes all races, religions, and cultures to connect users in the various regions. our management team is 40% to 50% women; some of them have been with me for more than five years, building a good relationship with each other. we also have offices in eight countries with different nationalities and cultures, all working together. jh: i understand you were involved in the women's entrepreneurship day (wed) summit. tell us more about that. yh: yes, thanks for asking. this international annual wed summit empowers women and girls worldwide to alleviate poverty their communities. i spoke to encourage them to become active participants in the economy by becoming leaders, innovators, and entrepreneurs. it gave me an opportunity to share my story with young women from all over the world and highlight how liveme is empowering women to share their talents and follow their passions. fun jh: what do you do for fun outside of work? yh: i enjoy playing different sports and fitness; i am also into singing. i was the singer of the official theme song "song of tencent" for tencent. i participated in many singing competitions during my college years and was pretty good at it. if i didn't become a product manager in the internet industry, i would probably have become a singer. yuki singing in fact, that was one reason i launched liveme. i started out as a broadcaster and gained a lot of fans by singing and dancing. everyone has the opportunity to grow their channel. nobody knew i was the ceo of the company. once they found out, they said “i knew yuki before as a broadcaster.” now, i leave the broadcasting to the other talent. jh: it's great you started as a broadcaster. so you know firsthand how to showcase your singing and dancing talents. kudos to you! thank you so much for this interview yuki. yh: you're very welcome. i am happy to chat with you. additional resources on the samsung developers site the samsung developers site has many resources for developers looking to build for and integrate with samsung devices and services. stay in touch with the latest news by creating a free account and subscribing to our monthly newsletter. visit the marketing resources page for information on promoting and distributing your apps. finally, our developer forum is an excellent way to stay up-to-date on all things related to the galaxy ecosystem.
Jeanne Hsu
Develop Samsung Internet
docrelease notes release note android introduction release version 23 0 1 1 stable release date nov 30, 2023 release contents apk samsung internet for android is available in public app markets - samsung galaxy store and google play - for phones and tablets running android 8 0 and above some versions may only be available as preloaded apps on samsung galaxy devices, in which cases will be stated so in the change history documents samsung internet for android web developer guide samsung internet for android extension developer guide change history samsung internet for android 23 0 1 1 newnov 30, 2023 fixed an issue of external apps not launching when making payments on some websites improved performance and stability samsung internet for android 23 0 0 47oct 20, 2023 increased number of days of history saved support of url auto-complete in address bar new support for syncing tab groups samsung internet for android 22 0 6 9sep 14, 2023 fixed an error in which apps terminated intermittently when entering full screen through the video assistant fixed an error in which deleted bookmarks were generated again on some devices improved stability issues and applied new security patches samsung internet for android 22 0 3 1aug 4, 2023 fixed abnormal termination when deleting all in the history screen samsung internet for android 22 0 2 6jul 27, 2023 fixed an error that occurred when making payments on certain websites fixed phenomenon in which letters were overlapping that occurred on certain websites when running dark mode fixed an intermittent delay error that occurred when entering the bookmarks menu samsung internet for android 22 0 1 1jul 15, 2023 increase the number of history lists displayed improved tab manager list type ux in tablet devices samsung internet for android 22 0 0 54jul 12, 2023 increase the number of history lists displayed improved tab manager list type ux in tablet devices samsung internet for android 21 0 3 6jun 16, 2023 improved stability issues and applied new security patches samsung internet for android 21 0 0 41may 19, 2023 provides an option to move the tab bar and bookmark bar to the bottom provides an option to move the url bar to the bottom of a tablet device samsung internet for android 20 0 6 5apr 4, 2023 fixed bugs and improved stability samsung internet for android 20 0 3 10mar 10, 2023 fixed bugs and improved stability samsung internet for android 20 0 1 2feb 20, 2023 fixed bugs and improved stability samsung internet for android 20 0 0 65feb 10, 2023 bookmarks folder search and tab group search supported delete history within designated period supported samsung internet for android 19 0 6 3dec 29, 2022 improved stability issues and applied new security patches samsung internet for android 19 0 3 12dec 6, 2022 improved stability issues and applied new security patches samsung internet for android 19 0 1 2nov 2, 2022 provides “privacy info” of each website improved samsung internet widgets supports add-ons in secret mode samsung internet for android 18 0 4 14sep 20, 2022 fixed an issue in which bookmarks were not showing on some devices improved stability issues and applied new security patches samsung internet for android 18 0 0 58aug 6, 2022 provides an option to move the url bar to the bottom of fold devices supports “open links from other apps in secret mode” samsung internet for android 17 0 7 34jul 2, 2022 provides “apply to this tab only” option so that zooming in/out of a webpage operates by tab activated “switch to secure connection https ” feature and made it an official menu labs -> browsing privacy dashboard improved stability issues and applied new security patches samsung internet for android 17 0 6 9jun 15, 2022 fixed occurrence of webpage being refreshed through optimization of memory usage fixed bugs and improved stability samsung internet for android 17 0 4 3may 28, 2022 fixed intermittent freezing when loading certain websites fixed bugs and improved stability samsung internet for android 17 0 1 69may 6, 2022 activation of “smart anti-tracking” feature default on privacy report provided on the “quick access” page supports drag & drop for tab groups and bookmarks bar improved tools menu editing accessibility samsung internet for android 16 2 5 4apr 4, 2022 improved stability issues and applied new security patches samsung internet for android 16 2 1 56mar 11, 2022 improved dark mode improved tablet url bar tab groups support samsung internet for android 16 0 6 23dec 30, 2021 fixed error that caused keyboard to close when typing in address bar solved freezing issue when swipe gestures performed during video playback in full screen fixed error in which history was not being displayed on some devices improved stability issues and applied new security patches samsung internet for android 16 0 2 19nov 25, 2021 move url bar to the bottom optional https priority connection labs feature block tracking by invisible image "tracking pixel" enhanced search experience in url bar samsung internet for android 15 0 6 3oct 27, 2021 improved to make the entire menu text visible when select pop-up is selected improved stability issues and applied new security patches samsung internet for android 15 0 6 3sep 29, 2021 fixed operation errors related to back-forward cache bf cache bug fix and stabilization samsung internet for android 15 0 4 9aug 28, 2021 search widget blocking fingerprinting tracking back-forward cache support samsung internet for android 15 0 2 47aug 28, 2021 search widget blocking fingerprinting tracking back-forward cache support samsung internet for android 14 2 3 14jul 29, 2021 fixed bookmarks malfunction and password mismatch error in secret mode improved stability issues and applied new security patches samsung internet for android 14 2 1 69june 24, 2021 bookmark bar site level settings for cookies, javascript and permissions enhanced 'continue apps on other devices' [labs] option to only apply dark mode defined by web sites prefers-color-scheme more stability and security improvements samsung internet for android 14 0 3 5may 20, 2021 fixed flex mode related issues performance enhancement for ad blockers fixed javascript dialog issue for web apps more stability and security improvements samsung internet for android 14 0 1 62april 17, 2021 web engine is upgraded to chromium 87 4280 security control panel for enhanced privacy apply device font settings to web pages in labs enhanced smart anti-tracking v3 0 deprecated support for android l os samsung internet for android 13 2 3 2march 12, 2021 fixed gif autoplay error stability and security improvements samsung internet for android 13 2 2 4february 11, 2021 improved tab manager animation fixed an error with 'request desktop sites' that occurred on large screen tablets stability and security improvements samsung internet for android 13 2 1 70january 20, 2021 more enhancements to smart protection arcore upgrade trial support for prefers-color-scheme and color-scheme samsung internet for android 13 0 2 9december 12, 2020 fixed an error in which only sound is played while video is not displayed fixed an error related to the video assistant button improved scroll performance and fixed status bar flickering when status bar is hidden fixed an error in which top url bar is not shown samsung internet for android 13 0 1 64november 19, 2020 web engine is upgraded to chromium 83 4103 hide status bar option for infinity display enhanced smart protection additional gesture support in video assistant samsung internet for android 12 1 4 3september 29, 2020 fixed issues with disabling ad blockers enhanced scrolling performance on certain web sites fixed errors when downloading large image files tuned dark mode background color for better visibility samsung internet for android 12 1 2 55august 28, 2020 improved pinch zoom for mobile web pages improved accuracy for geolocation information enhanced dark mode visibility for find in pages results fixed issue with fullscreen switching in video assistant fixed pop-up zoomer error in desktop mode samsung internet for android 12 1 1 36july 30, 2020 add context menu support in the tab bar new tab manager - grid layout bug fixs samsung internet for android 12 0 1 47june 19, 2020 web engine is upgraded to chromium 79 3945 open links in secret mode from the context menu more password manager apps are allowed to autofill id and passwords stability and security improvements samsung internet for android 11 2 2 3may 27, 2020 fix crashes related to web-site login fix ghost notifications of file downloads stability and security improvements samsung internet for android 11 2 1 3may 1, 2020 smart protection support for more buttons in customize menu increase max number of open tabs to 99 additional search engines address & card sync via samsung pass news notifications india and china usability enhancements for tablet devices samsung internet for android 11 1 2 2mar 19, 2020 fix popup-zoomer bug for desktop web sites fix loading error for bookmarked web sites more stabilization and bug fixes samsung internet for android 11 1 1 52feb 26, 2020 stabilization and bug fixes samsung internet for android 11 0feb, 2020 preloaded on samsung galaxy devices with android 10 one ui 2 0 support credential management api support extensions android m os and above, galaxy store required web engine is upgraded to chromium 75 3770 samsung internet for android 10 2 00 53nov 25, 2019 video assistant allowed apps settings customize menu setting for tab bar new ui for tab manager category settings for news notifications us only quick suggest news india only stabilization and bug fixes samsung internet for android 10 1 01 3oct 4, 2019 stabilization and bug fixes samsung internet for android 10 1 00 27sep 9, 2019 quick access sync stabilization and bug fixes samsung internet for android 10 0aug, 2019 preloaded on samsung galaxy note 10 and more devices released after aug, 2019 web engine is upgraded to chromium 71 3578 samsung internet for android 9 4 00 45jul 22, 2019 qr code reader tab manager enhancements for tablet devices web push notification manager per tab history navigation video autoplay settings rename homescreen shortcuts pause/resume during "save all images" samsung internet for android 9 2 10 15may 20, 2019 bug fixes for dark mode and secure auto login in dex youtube video seek with double tap gesture memory optimization samsung internet for android 9 2 00 70apr 3, 2019 smart anti-tracking save all images stabilization and bug fixes samsung internet for android 9 0 01 79feb 20, 2019 preloaded on samsung galaxy devices with android p one ui support web engine is upgraded to chromium 67 3396 samsung internet for android 8 2 01 2dec 10, 2018 download manager improvements quick access sync via 'smart switch' between devices with version 8 2 and above stabilization and bug fixes samsung internet for android 8 0 00 90aug, 2018 preloaded on samsung galaxy note 9 devices and more devices release after aug, 2018 web engine is upgraded to chromium 63 3239 samsung internet for android 7 4 00 70aug 20, 2018 download manager improvements add the setting to turn on/off the download confirmation popup fix the bug for downloading files into the root folder reader mode enhancements stabilization and bug fixes samsung internet for android 7 2 10 33jun 7, 2018 protected browsing url bar layout improvements stabilization and bug fixes samsung internet for android 7 0 10 44mar 7, 2018 preloaded on samsung galaxy devices with android o* web engine is upgraded to chromium 59 3071 samsung internet for android 6 4 10 5feb 12, 2018 download manager stabilization and bug fixes samsung internet for android 6 2 01 12oct 26, 2017 available in galaxy store and google play for all phones and tablets running android 5 0 and above night mode improvement high contrast mode instant app support tracking blocker downloadable browser bookmark sync samsung internet for android 6 0 00 98sep 8, 2017 preloaded on samsung galaxy note 8 and more devices release after sep, 2017 web engine is upgraded to chromium 56 2924 samsung internet for android 5 4 02 3aug 24, 2017 available in samsung galaxy store and google play for samsung galaxy, nexus and pixel phones running android 5 0 and above swift key support performance enhancements and bug fixes samsung internet for android 5 4 00-75may 17, 2017 available in samsung galaxy store and google play for samsung galaxy, nexus and pixel phones running android 5 0 and above tab navigation with swipe gesture quick menu enhanced navigation page china only content blocker status ui in menu samsung internet for android 5 2feb, 2017 preloaded on samsung galaxy 8 and more devices released after feb, 2017 samsung dex support closeby web payment-deep integration with samsung pay progressive web app indication badge samsung internet for android 5 0dec, 2016 available on samsung galaxy store for galaxy s6, and galaxy s7 devices in europe and usa also included in the firmware upgrade to android n web payment enhanced video assistant web engine is upgraded to chromium 51 2704 samsung internet for android 4 2 available in samsung galaxy apps and google play store for galaxy s7+, s7, note5, s6 edge+, s6 edge, s6, s6 active, note4, s5, s5 neo, s5 active, s5 sports, s5 lte a, note3, s4, s4 duos, s4 active, s4 lte a, a7, a8, a5x, a7x, and a9x with android 5 0 and above iris scanner support in secret mode and web auto login web content provider extension qr code reader video assistant 360° video support samsung internet for android 4 0 10-53apr 20, 2016 available in samsung galaxy apps and google play store for galaxy s7+, s7, note5, s6 edge+, s6 edge, s6, s6 active, note4, s5, s5 neo, s5 active, s5 sports, s5 lte a, note3, s4, s4 duos, s4 active, s4 lte a, a7, a8, a5x, a7x, and a9x with android 5 0 and above text size setting for web pages samsung internet for android 4 0 included in the android m os upgrade release for samsung galaxy devices secret mode content cards floating video video history web push service workers custom tabs content blocker extension web engine is upgraded to chromium 44 2403 samsung internet for android 3 0 quick access navigation page shortcut promotion banner audio notification data saving mode web engine is upgraded to chromium 38 2125 known issues there are currently no known issues features open tabs and bookmark sync reader mode saved pages spen features ultra power saving mode secure web auto login knox support release note gear vr introduction release version 5 6 00-9 release date aug 17, 2018 release contents apk samsung internet for gear vr is available for download in oculus store change history samsung internet for gear vr 5 6 00-9 support oculus go fix out of sync audio in youtube video samsung internet for gear vr 5 6 00-7 dnla support improved performance of fullscreen video to reduce battery consumption improved quality of fullscreen video samsung internet for gear vr 5 4 10-4 add jigsaw content with virtual room powered by unity samsung internet for gear vr 5 4 00-10 secret mode content blockers related video recommendation update change background image “360cities” samsung internet for gear vr 5 2 10-3 improved webvr performance more bigger screen sizes supports media scanning and folder structure in “my files” samsung internet for gear vr 5 2 00-14 featured media gear vr controller support mirroring with tv samsung internet for gear vr 4 2 0-14 change background with open json api samsung internet for gear vr 4 2 0 usb otg support skybox setting on-screen keyboard multi-language support english, french, italian, german, korean, portuguese, danish, norwegian, swedish, finnish, and russian streaming 180° video video assistant samsung internet for gear vr 4 0 0-17 support updated javascript apis for webvr reflect the specification version editor’s draft, 1 april 2016 samsung internet for gear vr 4 0 0 seamless integration with samsung internet for android video history bluetooth device support reorientation streaming 3d 360° video support html5 video dimension type support 3d/360° image support web engine version is chromium 44 2403 known issues there are currently no known issues features streaming 360° video support streaming 3d video support
We use cookies to improve your experience on our website and to show you relevant advertising. Manage you settings for our cookies below.
These cookies are essential as they enable you to move around the website. This category cannot be disabled.
These cookies collect information about how you use our website. for example which pages you visit most often. All information these cookies collect is used to improve how the website works.
These cookies allow our website to remember choices you make (such as your user name, language or the region your are in) and tailor the website to provide enhanced features and content for you.
These cookies gather information about your browser habits. They remember that you've visited our website and share this information with other organizations such as advertisers.
You have successfully updated your cookie preferences.