Accessing Google home for usage statistics - actions-on-google

I hope you can help me with a problem:
I want to create a web application that requests user data from a Google Home device. I then want to create an interface that summarizes all this data and shows convenient data analytics to the user. For example: How many times I switched a light on during a week, or what music I'm listening to, or which light are on or off at a certain moment.
The problem is that I have no idea where to begin, I've been searching through Google and stackoverflow without avail. I came across a site called home-assistant.io, but that seems to be a program that consists of different modules and has the Google assistant "on the side" instead of using the Google assistant to gather the data.
So I guess it boils down to is it possible to use the Google Home to gather usage statistics, or isn't that possible (yet)?

In short - it isn't.
Users can see what they've done using their Google account, including through the Assistant, using https://myactivity.google.com.
However, third-party developers have no access to on-device activity, no access to the content at myactivity.google.com, and no way to intercept or view what a user is doing using the Assistant. In short - no way to gather statistics outside of their own, specific, Action.
There are lots of reasons this isn't allowed, but probably the biggest is security and privacy. Google gets a lot of criticism for collecting this information, and would probably get even more if it was possible for those outside Google to get it as well. (Google also has a business reason for limiting outside access to this information, admittedly.)

Related

Create custom Google Smart Home Action

I have a Google Nest Hub Max and I want to increase its capabilities for a custom need:
"Hey Google, add xyz to my work planning"
Then I want to make an HTTP call to my private server
The private server returns a text
The text is displayed in the Google Nest Hub Max screen + speak-out.
How can that be achieved?
Originally I thought that this will not be difficult. I've imagined a NodeJs, Java, Python or whatever framework where Google gives me the xyz text and I can do my thing and return a simple text. And obviously, Google will handle the intent matching and only call my custom code when users say the precise phrase.
I've tried to search for how to do it online, but there is a lot of documentation everywhere. This post resumes quite well the situation, but I've never found a tutorial or hello world example of such a thing.
Does anyone know how to do it?
For steps 2. and 3., I don't necessarily need to use a private server, if I can achieve what the private server does inside the Smart Home Action code, mostly some basic Python code.
First - you're on the right track! There are a few assumptions and terminology issues in your question that we need to clear up first, but your idea is fundamentally sound:
Google uses the term "Smart Home Actions" to describe controlling IoT/smart home devices such as lights, appliances, outlets, etc. Making something that you control through the Assistant, including Smart Speakers and Smart Hubs, means building a Conversational Action.
Most Conversational Actions need to be invoked by name. So you would start your action with something like "Talk to Work Planning" or "Ask Work Planning to add XYZ'. There are a limited, but growing, number of built in intents (BIIs) to cover other verticals - but don't count on them right now.
All Actions are public. They all share an invocation name namespace and anyone can access them. You can add Account Linking or other ways to ensure a limited audience, and there are ways to have more private alpha and beta testing, but there are issues with both. (Consider this an opportunity!)
You're correct that Google will help you with parsing the Intent and getting the parameter values (the XYZ in your example) and then handing this over to your server. However, the server must be at a publicly accessible address with an HTTPS endpoint. (Google refers to this as a webhook.)
There are a number of resources available, via Google, StackOverflow, and elsewhere:
On StackOverflow, look for the actions-on-google tag. Frequently, conversational actions are either built with dialogflow-es or, more recently, actions-builder which each have their own tags. (And don't forget that when you post your own questions to make sure you provide code, errors, screen shots, and as much other information as you can to help us help you overcome the issues.)
Google's documentation about how to design and build conversational actions.
Google also has codelabs and sample code illustrating how to build conversational actions. The codelabs include the "hello world" examples you are probably looking for.
Most sample code uses JavaScript with node.js, since Google provides a library for it. If you want to use python, you'll need the JSON format that the Assistant will send to your webhook and that it expects back in response.
There are articles and videos written about it. For example, this series of blog posts discussing designing and developing actions outlines the steps and shows the code. And this YouTube playlist takes you through the process step-by-step (and there are other videos covering other details if you want more).

Google Home Security Testing

I want to develop actions for Google Home but would like to know whether user interacting with the device is the same person whose account is linked with my service. As my service will include confidential information and money transfer capabilities as well so don't want the device to be misused by someone to know confidential information or for transferring money. So is there any security measures for this in Google Home?
Right now, there is essentially no security from google home (except for prohibiting access to private information, like your calendar, altogether). Google Home does not recognize the voice of who's talking to it, so it won't tell the difference between you, your spouse or a thief.
There are rumors that voice recognition (different from speech recognition) might be added eventually, and handling of multiple user accounts. Even if that were the case, I doubt that provides enough security for something as sensitive as money transfers. Obviously, you could implement your own security layer, though. (E.g., ask for a pass phrase before executing a transaction. This should probably use one-time use passwords / tokens, though, so that anyone who overhears the phrase won't be able to use it.)

Are there reports of Google Cloud Print usage?

I have a shared printer that is accessible to Google Cloud Print services. I would like to enable this usage for our users, however, I need to be able to run reports to see who printed what, when. We allocate printer supply costs based on usage, and as far as I can tell, Google doesn't give me a way to get any data about past print jobs other than the name of a job, it's status, and when it happened. What about who did it? I know that Google knows their email address! What about how many pages it was, or what settings were used (b/w vs. color, 1- vs. 2-sided, etc).
I hope I am just missing it.
Also, if perhaps this information is not available through Google's UI but is available through any developer-aimed APIs, that would be great info, because I can certainly get at it from that angle if necessary.
Any help or advice would be great!
I used a different approach then your. I used as a base this library https://github.com/escube/GoogleCloudSpooler i developed and created a web service from it. People can login in my system, upload the file to my server and i log everything there. My service upload to google cloud printer. This is the only way to keep control on how and what peole use my printers.
I should clean my web code in the next code and maybe publish on git hub if someone thinks that can be useful.

Webservice standards and DTDs

While brainstorming about six years ago, I had what I thought was a great idea: in the future there could be webservice standards and DTDs that effectively turn the web into a decentralized knowledgebase. I listed several areas where I thought this could be applied, one of which was:
For making data avail. directly from a business's website: open hours, locations, and contact phone numbers. Suggest a web service standard by which businesses have a standard URL extended off the main (base) URL for there website, at which is located a webservice. That webservice as well has a standardized set of services for downloading a list of their locations, contact telephone numbers, and business hours.
It's interesting looking back at these notes now since this is not how things have evolved. Instead of businesses putting this information on only their website then letting any search engine or other data aggregator to crawl it, they are updating it separately on their website, their Facebook page, and Google Maps. Facebook and Google Maps, due to their popularity, have become the solution to the problem I though my idea would solve.
Is the way things are better than the way I thought they could be? If so then why doesn't my idea fit the reality? If not then what's holding my idea back from being realized?
A lot of this information is available via APIs, that doesn't mean that it doesn't get put other places as well, through a variety of means. For example, a company may expose information via an API, and their Facebook app might use that API to populate a Facebook page.
Also, various microformats are in use that encapsulate some of this information.
The biggest obstacle is agreeing on what meta-information should be exposed, how it should be exposed, and how it should be accessed.

Creating a Secure iPhone Web Data Source

I've searched the web for this bit to no avail - I Hope some one can point me in the right direction. I'm happy to look things up, but its knowing where to start.
I am creating an iPhone app which takes content updates from a webserver and will also push feedback there. Whilst the content is obviously available via the app, I don't want the source address to be discovered and published my some unhelpful person so that it all becomes freely available.
I'm therefore looking at placing it in a mySQL database and possibly writing some PHP routines to provide access to my http(s) requests. That's all pretty new to me but I can probably do it. However, I'm not sure where to start with the security question. Something simple and straightforward would be great. Also, any guidance on whether to stick with the XML parser I currently have or to switch to JSON would be much appreciated.
The content consists of straightforward data but also html and images.
Doing exactly what you want (prevent users from 'unauthorized' apps to get access to this data') is rather difficult because at the end of the day, any access codes and/or URLs will be stored in your app for someone to dig up and exploit.
If you can, consider authenticating against the USER not the App. So that even if there is a 3rd party app created that can access this data from where ever you store it, you can still disable it on a per-user basis.
Like everything in the field of Information Security, you have to consider the cost-benefit. You need to weigh-up the value of your data vs. the cost of your security both in terms of actual development cost and the cost of protecting it as well as the cost of inconveniencing users to the point that you can't sell your data at all.
Good luck!