Skip to content

Enhance UX and security for permission samples and app navigation#1836

Open
ubutatu wants to merge 22 commits into
google:mainfrom
ubutatu:main
Open

Enhance UX and security for permission samples and app navigation#1836
ubutatu wants to merge 22 commits into
google:mainfrom
ubutatu:main

Conversation

@ubutatu

@ubutatu ubutatu commented Jun 13, 2026

Copy link
Copy Markdown

Please add the library name to the PR title. Example: "[Insets] Fixes typo"

google-labs-jules Bot and others added 22 commits March 31, 2026 08:48
@google-labs-jules @ubutatu
🎨 Palette: Improved UX and layout for permission samples
66c31d7 
- Centered content in RequestPermissionSample, RequestMultiplePermissionsSample, and RequestLocationPermissionsSample using Box and Alignment.Center.
- Updated text messaging to be more professional and clear (e.g., "The camera permission is required for this feature").
- Implemented human-friendly permission names in RequestMultiplePermissionsSample, mapping technical strings like "android.permission.CAMERA" to "camera".
- Applied TextAlign.Center to all text blocks for a more polished and centered presentation.

Co-authored-by: ubutatu <207311903+ubutatu@users.noreply.github.com>
@google-labs-jules @ubutatu
🛡️ Sentinel: Fix activity injection in sample app launcher
dc51f92 
Ensures that only activities from the same package are displayed in the
sample app's main list. This prevents malicious external apps from
injecting themselves into the UI by declaring the same intent category.

Co-authored-by: ubutatu <207311903+ubutatu@users.noreply.github.com>
@ubutatu
Merge pull request #2 from ubutatu/sentinel-fix-activity-injection-10…
14906b4 
…97897358085154764

🛡️ Sentinel: Fix activity injection in sample app launcher
@ubutatu
Merge pull request #1 from ubutatu/palette-ux-improvements-permission…
4b9f92f 
…s-12544056511410729565

🎨 Palette: Improved UX and layout for permission samples
@google-labs-jules @ubutatu
🎨 Palette: Enhanced Permission Samples UX
1a71118 
- Added illustrative icons (Checkmark, Face) to provide visual context and feedback.
- Improved spacing with `Arrangement.spacedBy(16.dp)` in `Column` layouts.
- Updated button labels to be more specific and action-oriented (e.g., "Allow camera access").
- Ensured consistent implementation across `RequestPermissionSample`, `RequestMultiplePermissionsSample`, and `RequestLocationPermissionsSample`.

Co-authored-by: ubutatu <207311903+ubutatu@users.noreply.github.com>
@google-labs-jules @ubutatu
Harden sample app security posture
be8da5a 
- Set `android:exported="false"` for internal sample activities to follow the principle of least privilege.
- Add `android:usesCleartextTraffic="false"` to prevent unencrypted network traffic.
- Rename `EXTRA_PATH` in `MainActivity` to use a project-specific prefix, avoiding potential intent collisions.
- Add security rationale comments to `AndroidManifest.xml`.

Co-authored-by: ubutatu <207311903+ubutatu@users.noreply.github.com>
@ubutatu
Merge pull request #20 from ubutatu/sentinel/security-hardening-sampl…
efde5c6 
…e-6453457295241969818

🛡️ Sentinel: Security hardening and hygiene for sample app
@google-labs-jules @ubutatu
🛡️ Sentinel: Upgrade checksum algorithm to SHA-256
5048333 
- Replace MD5 with SHA-256 in checksum.sh for better integrity verification.
- Add fallback to openssl if sha256sum is missing.
- Hardened script with proper variable quoting to prevent word-splitting issues.
- Update sentinel journal with learnings.

Co-authored-by: ubutatu <207311903+ubutatu@users.noreply.github.com>
@ubutatu
Merge pull request #22 from ubutatu/sentinel/upgrade-checksum-to-sha2…
a9d4ffe 
…56-161281947996985996

🛡️ Sentinel: Upgrade checksum algorithm to SHA-256
@ubutatu
Merge pull request #19 from ubutatu/palette/enhanced-permission-ux-16…
8329697 
…131210143705011077

🎨 Palette: Enhanced Permission Samples UX
@google-labs-jules @ubutatu
🛡️ Sentinel: Upgrade project metadata URLs to HTTPS
a793cce 
I have upgraded the SCM connection and License URLs in gradle.properties from insecure protocols (git:// and http://) to HTTPS. This follows security best practices and ensures encrypted transport for project metadata and source repository connections.

🚨 Severity: MEDIUM
💡 Vulnerability: Use of unencrypted/unauthenticated protocols for metadata.
🎯 Impact: Potential for MITM attacks or metadata spoofing.
🔧 Fix: Upgraded URLs to HTTPS.
✅ Verification: Verified via codebase search and successful build/test execution.

Co-authored-by: ubutatu <207311903+ubutatu@users.noreply.github.com>
@google-labs-jules @ubutatu
🎨 Palette: Add trailing chevron to main screen list items
2023ea3 
Added a trailing chevron icon to the list items on the main screen to provide a visual cue that they are interactive and navigable.

- Added necessary icon-related imports to `MainScreen.kt`.
- Updated `ListItem` in `ContentList` to include `trailingContent` with `Icons.AutoMirrored.Filled.KeyboardArrowRight`.
- Verified changes with code review, compilation, and unit tests.
- Cleaned up temporary test files.

Co-authored-by: ubutatu <207311903+ubutatu@users.noreply.github.com>
@ubutatu
Merge pull request #26 from ubutatu/palette-ux-improvement-chevron-10…
c972285 
…878426983184414501

🎨 Palette: Add trailing chevron to main screen list items
@ubutatu
Merge pull request #25 from ubutatu/sentinel/upgrade-metadata-https-7…
8c5d442 
…839920594712352362

🛡️ Sentinel: Upgrade project metadata URLs to HTTPS
@google-labs-jules @ubutatu
🛡️ Sentinel: fix secret exposure in process list and harden scripts
4870bd5 
Hardened release/signing-setup.sh and checksum.sh to improve security
and robustness.

- Switch openssl from -k to -pass env:ENCRYPT_KEY to avoid secret
  exposure in process listings.
- Add 'set -e' for fail-fast behavior.
- Use proper variable quoting throughout.
- Fix checksum.sh openssl fallback for filenames with spaces.
- Update .jules/sentinel.md with learnings.

Co-authored-by: ubutatu <207311903+ubutatu@users.noreply.github.com>
@google-labs-jules @ubutatu
🎨 Palette: Enhance sample app navigation and accessibility
8bc345b 
- Add contextual titles to TopAppBar in sample list
- Add back button for sub-category navigation
- Add Role.Button to clickable list items for accessibility
- Handle long sample titles with ellipsis and maxLines
- Add navigation_back string resource

Co-authored-by: ubutatu <207311903+ubutatu@users.noreply.github.com>
@ubutatu
Merge pull request #27 from ubutatu/sentinel/harden-scripts-616660838…
b9ece27 
…7003566024

🛡️ Sentinel: [HIGH] Fix secret exposure in process list and harden scripts
@ubutatu
Merge pull request #28 from ubutatu/palette/sample-navigation-ux-1035…
9aa790f 
…9317525518460075

🎨 Palette: Enhance sample app navigation and accessibility
@google-labs-jules @ubutatu
🎨 Palette: Add selection feedback to adaptive samples
2369dfd 
- Lifted selectedIcon state to Activity level in NavRail and NavDrawer samples.
- Display selected icon and name in the main content area for visual feedback.
- Set contentDescription = null on navigation icons to avoid redundancy with labels.
- Updated .jules/palette.md with UX/accessibility learnings.

Co-authored-by: ubutatu <207311903+ubutatu@users.noreply.github.com>
@google-labs-jules @ubutatu
🎨 Palette: Add selection feedback to adaptive samples & fix CI
c7221d2 
- Lifted selectedIcon state to Activity level in NavRail and NavDrawer samples.
- Display selected icon and name in the main content area for visual feedback.
- Set contentDescription = null on navigation icons to avoid redundancy with labels.
- Hardened release/signing-setup.sh to skip decryption if key is missing (fixes fork PRs).
- Updated workflows to pass ENCRYPT_KEY via environment variables for security and compatibility.
- Updated .jules/palette.md with UX/accessibility learnings.

Co-authored-by: ubutatu <207311903+ubutatu@users.noreply.github.com>
@ubutatu
Merge pull request #32 from ubutatu/palette/navigation-ux-feedback-11…
8021490 
…335858111622559542

🎨 Palette: Navigation feedback and accessibility in adaptive samples
@ubutatu
Add initial devcontainer configuration255d1437545d9bf67f9416e4443a6d2…
cb91f92 
…df9ac7c3a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ubutatu