Tag Archives: privacy

Celebrating the influence and contributions of Black+ Security & Privacy Googlers

Posted by Royal Hansen, Vice President, Security

Black History Month may be coming to a close, but our work to build sustainable equity for Google’s Black+ community, and externally is ongoing. Currently, Black Americans make up less than 12% of information security analysts in the U.S. In an industry that consistently requires new ideas to spark positive change and stand out against the status quo, it is necessary to have individuals who think, speak, and act in diverse ways. Diverse security teams are more innovative, produce better products and enhance an organization's ability to defend against cyber threats.

In an effort to amplify the contributions of the Black+ community to security and privacy fields, we’ll be sharing profiles of Black+ Googlers working on innovative privacy and security solutions over the coming weeks, starting with Camille Stewart, Google’s Head of Security Policy for Google Play and Android.

Camille co-founded #ShareTheMicInCyber, an initiative that pairs Black security practitioners with prominent allies, lending their social media platforms to the practitioners for the day. The goal is to break down barriers, engage the security community, and promote sustained action. The #ShareTheMicInCyber campaign will highlight Black women in the security and privacy sector on LinkedIn and Twitter on March 19, 2021 and throughout March 2021 in celebration of Women's History Month. Follow the #ShareTheMicInCyber on March 19th to support and amplify Black women in security and privacy.

Read more about Camille’s story below ↓

#ShareTheMicInCyber: Camille Stewart

Today, we will hear from Camille Stewart, she leads security, privacy, election integrity, and dis/misinformation policy efforts for Google's mobile business. She also spearheads a cross-Google security initiative that sets the strategic vision and objectives for Google’s engagement on security and privacy issues.

In her (not so) spare time, Camille is co-founder of the #ShareTheMicInCyber initiative – which aims to elevate the profiles, work, and lived experiences of Black cyber practitioners. This initiative has garnered national and international attention and has been a force for educating and bringing awareness to the challenges Black security practitioners face in industry. Camille is also a cybersecurity fellow at Harvard University, New America and Truman National Security Project. She sits on the board of the International Foundation for Electoral Systems and of Girl Security, an organization that is working to close the gender gap in national security through learning, training, and mentoring support for girls.

Why do you work in security or privacy?

I work in this space to empower people in and through technology by translating and solving the complex challenges that lie at the intersection of technology, security, society, and the law.

Tell us a little bit about your career journey to Google

Before life at Google, I managed cybersecurity, election security, tech innovation, and risk issues at Deloitte. Prior to that, I was appointed by President Barack Obama to be the Senior Policy Advisor for Cyber Infrastructure & Resilience Policy at the Department of Homeland Security. I was the Senior Manager of Legal Affairs at Cyveillance, a cybersecurity company after working on Capitol Hill.

What is your security or privacy "soapbox"?

Right now, I have a few. Users being intentional about their digital security similar to their physical security especially with their mobile devices and apps. As creators of technology, we need to be more intentional about how we educate our users on safety and security. At Google, security is core to everything we do and build, it has to be. We recently launched our Safer With Google campaign which I believe is a great resource for helping users better understand their security and privacy journey.

As an industry, we need to make meaningful national and international progress on digital supply chain transparency and security.

Lastly, the fact that systemic racism is a cybersecurity threat. I recently penned a piece for the Council on Foreign Relations that explores how racism influences cybersecurity and what we must do as an industry to address it.

If you are interested in following Camille’s work here at Google and beyond, please follow her on Twitter @CamilleEsq. We will be bringing you more profiles over the coming weeks and we hope you will engage with and share these with your network.

If you are interested in participating or learning more about #ShareTheMicInCyber, click here.

Source: Google Online Security Blog

First preview of Android 12

Posted by Dave Burke, VP of Engineering

Every day, Android apps help billions of people work, play, communicate, and create on a wide range of devices from phones and laptops to tablets, TVs, and cars. As more people come to rely on the experiences you build, their expectations can rise just as fast. It’s one of the reasons we share Android releases with you early: your feedback helps us build a better platform for your apps and all of the people who use them. Today, we’re releasing the first Developer Preview of Android 12, the next version of Android, for your testing and feedback.

With each version, we’re working to make the OS smarter, easier to use, and better performing, with privacy and security at the core. In Android 12 we’re also working to give you new tools for building great experiences for users. Starting with things like compatible media transcoding, which helps your app to work with the latest video formats if you don’t already support them, and easier copy/paste of rich content into your apps, like images and videos. We’re also adding privacy protections and optimizing performance to keep your apps responsive.

Today’s first preview is just the start for Android 12, and we’ll have lots more to share as we move through the release. Read on for a taste of what’s new in Android 12, and visit the Android 12 developer site for details on downloads for Pixel and release timeline. As always, it’s crucial to get your feedback early, to help us incorporate it into the final product, so let us know what you think!

Alongside the work we’re doing in Android 12, later this month we’ll have more to share on another important tool that helps you create great user experiences more easily: Jetpack Compose, our modern toolkit for building native UI. Join us on #TheAndroidShow for a behind-the-scenes look at Jetpack Compose, livestreamed on February 24 at 9AM PT, and tweet your Jetpack Compose questions using #TheAndroidShow to have them answered live on the show.

Trust and safety

Privacy is at the heart of everything we do, and in Android 12 we’re continuing to focus on giving users more transparency and control while keeping their devices and data secure. In today’s release we’ve added new controls over identifiers that can be used for tracking, safer defaults for app components, and more. These changes may affect your apps, so we recommend testing as soon as possible. Watch for more privacy and security features coming in later preview releases.

Modern SameSite cookie behaviors in WebView - In line with changes to Chrome and other browsers, WebView includes new SameSite cookie behaviors to provide additional security and privacy and give users more transparency and control over how cookies can be used across sites. More here.

Restricted Netlink MAC - We’re continuing to help developers migrate to privacy-protecting resettable identifiers. In a multi-release effort to ease migration of device-scoped Netlink MAC, in Android 11 we restricted access to it based on API level 30, and in Android 12 we’re applying the restriction for all apps - regardless of targetSDK level. More here.

Safer exporting of components - To prevent apps from inadvertently exporting activities, services, and receivers, we’re changing the default handling of the android:exported attribute to be more explicit. With this change, components that declare one or more intent filters must now explicitly declare an android:exported attribute. You should inspect your components in the manifest in order to avoid installation errors related to this change. More here.

Safer handling of Intents - To make handling PendingIntents more secure, Android 12 requires apps to explicitly declare a mutability flag, either FLAG_MUTABLE or the new FLAG_IMMUTABLE, for each PendingIntent. More here.

You can read more about these and other privacy and security changes here.

Better user experience tools

In Android 12 we’re investing in key areas to help deliver a polished experience and better performance for users. Here are some of the updates so far.

Compatible media transcoding - With the prevalence of HEVC hardware encoders on mobile devices, camera apps are increasingly capturing in HEVC format, which offers significant improvements in quality and compression over older codecs. Most apps should support HEVC, but for apps that can’t, we’re introducing compatible media transcoding.

With this feature, an app that doesn’t support HEVC can have the platform automatically transcode the file into AVC, a format that is widely compatible. The transcoding process takes time, depending on the video and hardware properties of the device. As an example, a one minute 1080p video at 30fps takes around 9 seconds to transcode on a Pixel 4. You can opt-in to use the transcoding service by just declaring the media formats that your apps don't support. For developers, we strongly recommend that your apps support HEVC, and if that’s not possible, enable compatible media transcoding. The feature will be active on all devices using HEVC format for video capture. We'd love to hear your feedback on this feature. More here.

AVIF image support - To give you higher image quality with more efficient compression, Android 12 introduces platform support for AV1 Image File Format (AVIF). AVIF is a container format for images and sequences of images encoded using AV1. Like other modern image formats, AVIF takes advantage of the intra-frame encoded content from video compression. This dramatically improves image quality for the same file size when compared to older image formats, such as JPEG.

AVIF (18.2kB)

JPEG (20.7kB)

Credit: Image comparison from AVIF has landed by Jake Archibald

Foreground service optimizations - Foreground services are an important way for apps to manage certain types of user-facing tasks, but when overused they can affect performance and even lead to app kills. To ensure a better experience for users, we will be blocking foreground service starts from the background for apps that are targeting the new platform. To make it easier to transition away from this pattern, we’re introducing a new expedited job in JobScheduler that gets elevated process priority, network access, and runs immediately regardless of power constraints like Battery Saver or Doze. For back-compatibility, we’ve also built expedited jobs into the latest release of Jetpack WorkManager library. Also, to reduce distraction for users, we’re now delaying the display of some foreground service notifications by up to 10 seconds. This gives short-lived tasks a chance to complete before their notifications are shown. More here.

Rich content insertion - Users love images, videos and other expressive content, but inserting and moving this content in apps is not always easy. To make it simple for your apps to receive rich content, we’re introducing a new unified API that lets you accept content from any source: clipboard, keyboard, or drag and drop. You can attach a new interface, OnReceiveContentListener, to UI components and get a callback when content is inserted through any mechanism. This callback becomes the single place for your code to handle insertion of all content, from plain and styled text to markup, images, videos, audio files, and more. For back-compatibility, we’ve added the unified API to AndroidX. More here.

Haptic-coupled audio effect - In Android 12 apps can provide audio-coupled haptic feedback through the phone's vibrator. The vibration strength and frequency are derived from an audio session, allowing you to create more immersive game and audio experiences. For example, a video calling app could use custom ringtones to identify the caller through haptic feedback, or you could simulate rough terrain in a racing game. More here.

Multi-channel audio - Android 12 includes several enhancements for audio with spatial information. It adds support for MPEG-H playback in passthrough and offload mode, and the audio mixers, resamplers and effects have been optimized for up to 24 channels (the previous maximum was 8).

Immersive mode API improvements for gesture nav - We’ve simplified immersive mode so that gesture navigation is easier and more consistent, for example when watching a video, reading a book, or playing a game. We’re still protecting apps from accidental gestures when in full-screen experiences related to gaming, but in all other full-screen or immersive experiences (e.g. video viewers, reading, photo gallery), for apps targeting the new platform, we’re changing the default to allow users to navigate their phone with one swipe. More here.

Notification UI updates - We’re refreshing notification designs to make them more modern, easier to use, and more functional. In this first preview you’ll notice changes from the drawer and controls to the templates themselves. We’re also optimizing transitions and animations across the system to make them more smooth. As part of the updates, for apps targeting Android 12 we’re decorating notifications with custom content with icon and expand affordances to match all other notifications. More here.

Faster, more responsive notifications - When users tap a notification, they expect to jump immediately into the app - the faster the better. To meet that expectation, developers should make sure that notification taps trigger Activity starts directly, rather than using “trampolines” - an intermediary broadcast receiver or service - to start the Activity. Notification trampolines can cause significant delays and affect the user experience. To keep notifications responsive, Android 12 will block notification trampolines by preventing them from launching their target Activities, and we’re asking developers to migrate away from this pattern. The change applies only to apps targeting the new platform, but for all apps we’ll display a toast to make trampolines visible to you and to users. More here.

Improved Binder IPC calls - As part of our work on performance, we’ve put a focus on reducing system variability. We’ve taken a look at latency and workload distribution, and made optimizations that reduce the median experience from the tail end, or 99% percentile use case. In doing so, we’ve targeted improvements to system binder calls adding lightweight caching strategies and focusing on removing lock contention to improve latency distribution. This has yielded roughly a 2x performance increase on Binder calls overall, with significant improvements in specific calls, for example a 47x improvement in refContentProvider(), 15x in releaseWakeLock(), and 7.9x in JobScheduler.schedule().

App compatibility

We’re working to make updates faster and smoother by prioritizing app compatibility as we roll out new platform versions. In Android 12 we’ve made most app-facing changes opt-in to give you more time, and we’ve updated our tools and processes to help you get ready sooner. We’ve also added new functionality to Google Play system updates to give your apps a better environment on Android 12 devices.

More of Android updated through Google Play - We’re continuing to expand our investment in Google Play system updates (Project Mainline) to give apps a more consistent, secure environment across devices. In Android 12 we’ve added the Android Runtime (ART) module that lets us push updates to the core runtime and libraries on devices running Android 12. We can improve runtime performance and correctness, manage memory more efficiently, and make Kotlin operations faster - all without requiring a full system update. We’ve also expanded the functionality of existing modules - for example, we’re delivering our compatible media transcoding feature inside an updatable module.

Optimizing for tablets, foldables, and TVs - With more people than ever using apps on large-screen devices like foldables, tablets, and TVs, now is a great time to make sure your app or game is ready. Get started by optimizing for tablets and building apps for foldables. And, for the biggest screen in the home, the first Android 12 preview for Android TV is also available. In addition to bringing the latest Android features to the TV with this preview, you will also be able to test your apps on the all-new Google TV experience. Learn more on the Android TV Developers site and get started with your ADT-3 developer kit.

Updated lists of non-SDK interfaces - We’ve restricted additional non-SDK interfaces, and as always your feedback and requests for public API equivalents are welcome.

Easier testing and debugging of changes - To make it easier for you to test the opt-in changes that can affect your app, we’ve made many of them toggleable. WIth the toggles you can force-enable or disable the changes individually from Developer options or adb. Check out the details here.

mobile display of App Compatibility Changes with toggles

App compatibility toggles in Developer Options.

Platform stability milestone - Like last year, we’re letting you know our Platform Stability milestone well in advance, to give you more time to plan for app compatibility work. At this milestone we’ll deliver not only final SDK/NDK APIs, but also final internal APIs and app-facing system behaviors. We’re expecting to reach Platform Stability by August 2021, and you’ll have several weeks before the official release to do your final testing. The release timeline details are here.

Get started with Android 12

The Developer Preview has everything you need to try the Android 12 features, test your apps, and give us feedback. You can get started today by flashing a device system image to a Pixel 3 / 3 XL, Pixel 3a / 3a XL, Pixel 4 / 4 XL, Pixel 4a / 4a 5G, or Pixel 5 device. If you don’t have a Pixel device, you can use the 64-bit system images with the Android Emulator in Android Studio.

When you’re set up, here are some of the things you should do:

Try the new features and APIs - your feedback is critical during the early part of the developer preview. Report issues in our tracker or give us direct feedback by survey for selected features from the feedback and requests page.
Test your current app for compatibility - the goal here is to learn whether your app is affected by default behavior changes in Android 12. Just install your current published app onto a device or emulator running Android 12 and test.
Test your app with opt-in changes - Android 12 has opt-in behavior changes that only affect your app when it’s targeting the new platform. It’s extremely important to understand and assess these changes early. To make it easier to test, you can toggle the changes on and off individually.

We’ll update the preview system images and SDK regularly throughout the Android 12 release cycle. This initial preview release is for developers only and not intended for daily or consumer use, so we're making it available by manual download only. You can flash a factory image to your Pixel device, or you can sideload an OTA image to a Pixel device running Android 11, in which case you won’t need to unlock your bootloader or wipe data. Either way, once you’ve manually installed a preview build, you’ll automatically get future updates over-the-air for all later previews and Betas. More here.

As we get closer to a final product, we'll be inviting consumers to try it out as well, and we'll open up enrollments through Android Beta at that time. Stay tuned for details, but for now please note that Android Beta is not currently available for Android 12.

For complete information, visit the Android 12 developer site.

Source: Android Developers Blog

Quality to match with your user’s expectations

Posted by Hoi Lam, Android App Quality

Since the launch of Android more than 10 years ago, the platform and the user’s expectations have grown. There are improvements from user experience through material design to the importance and advancement in privacy. We know you want your apps to offer a great user experience. At the same time, we also know that it’s not always straightforward to know which area to tackle first. That’s why we are launching a new App Quality section in our developer site to help you keep up-to-date with key aspects of app quality and provide related resources.

In the first release, we have updated the Core App Quality checklist to take into account recent Android releases as well as the current trends of the app ecosystem. Here are some highlights in this update:

Visual Experience - We highlight the best practice of using Material Design Components in place of platform components such as buttons. This will give your app a modern look as well as making features such as dark theme easy to implement. In addition to advice on back stack, we have expanded it to preserving the state of the app. This is becoming more important as edge-to-edge screens and gesture navigation are becoming commonplace, even in entry level phones.
Functionality - There are three areas where we have updated our guidance. For media applications, we have updated our recommendations around the playback experience as well as support for HEVC video compression for video encoding. For sharing between apps, we highlight the importance of using the Android Sharesheet. This will be critical going forward as apps will have limited visibility to other installed apps in API level 30 by default. Lastly, we expanded our recommendations around background services. Helping users to conserve battery is a priority for Android, and we will continue to share updates on this topic.
Performance & Stability - We have added tooling now available such as Android vitals in the Google Play Console. One important point to highlight here is Application Not Responding (ANR). ANRs are caused by threading issues and are something developers can fixed. The ANR troubleshooting guide can help you diagnose and resolve any ANRs that exist in the app.
Privacy & Security - We have summarized our latest recommendations to take into account the latest safeguards from runtime permission to securely using WebView. We have also expanded to include privacy norms that users come to expect from protecting private data to not using any non-resettable hardware Ids.
Google Play - In this section, we highlight some of the most important policies for developers and link you to more information on the guidelines.

Going forward, we aim to update this list on a quarterly basis to make sure this is up-to-date. In addition, we will be updating the quality checklists for other form factors.

We are working on additional tools and best practices to make it easier for you to build quality applications on Android. We can’t wait to introduce these new improvements to you. Stay tuned!

Source: Android Developers Blog

Protecting against harmful financial services products

Providing a safe and secure experience across Google’s products is our top priority. Our global product policies are designed and implemented with this goal in mind, and we're always working to improve our practices to enhance user safety.

Personal loan apps have received attention recently, and we wanted to clarify the action we have taken on these apps on Google Play.

We have reviewed hundreds of personal loan apps in India, based on flags submitted by users and government agencies. The apps that were found to violate our user safety policies were immediately removed from the Store, and we have asked the developers of the remaining identified apps to demonstrate that they comply with applicable local laws and regulations. Apps that fail to do so will be removed without further notice. In addition, we will continue to assist the law enforcement agencies in their investigation of this issue.

Protecting users from deceptive financial products and services

All developers in the Play Store agree to the terms of the Google Play Developer Distribution Agreement, which stipulates that apps must adhere to applicable rules and laws, including generally accepted practices and guidelines. In addition, the Google Play Developer Policy requires financial services apps that offer personal loans to disclose key information such as the minimum and maximum periods of repayment, the maximum Annual Percentage Rate, and a representative example of the total loan cost. To help further ensure that users are making sound choices, we only allow personal loan apps with full repayment required in greater than or equal to 60 days from the date the loan is issued.

We believe transparency of information around the features, fees, risks, and benefits of personal loans will help people make informed decisions about their financial needs, thereby reducing the risk of being exposed to deceptive financial products and services.

In addition, we publish reports of alleged local law violations, including those submitted by government agencies in our Transparency Report.

Protecting user privacy

To protect user privacy, developers must only request permissions that are necessary to implement current features or services. They should not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes.

Developers must also only use data for purposes that the user has consented to, and if they later want to use the data for other purposes, they must obtain user permission for the additional uses.

Google Play users expect a safe, secure and seamless experience, and developers come to Play for powerful tools and services that help them build and grow their businesses. Our policies help us deliver on these expectations, and we continue to work hard to ensure Google Play is a platform that supports the entire ecosystem.

Posted by Suzanne Frey, Vice President, Product, Android Security and Privacy

Source: Official Google India Blog

Protecting against harmful financial services products

Personal loan apps have received attention recently, and we wanted to clarify the action we have taken on these apps on Google Play.

Protecting users from deceptive financial products and services

In addition, we publish reports of alleged local law violations, including those submitted by government agencies in our Transparency Report.

Protecting user privacy

Developers must also only use data for purposes that the user has consented to, and if they later want to use the data for other purposes, they must obtain user permission for the additional uses.

Posted by Suzanne Frey, Vice President, Product, Android Security and Privacy

Source: Official Google India Blog

How we keep you safe in the products you use every day

We know that keeping you safe online means continuously protecting the security and privacy of your information. That’s why protections are automatically built into your Google Account and every Google product: Safe Browsing protects more than 4 billion devices, Gmail blocks more than 100 million phishing attempts every day, and Google Play Protect scans over 50 billion apps every day for malware and other issues.

At Google, the safety of our products is driven by three core principles: keeping your information secure, treating it responsibly and putting you in control. We’re continuously putting these principles into practice, and wanted to share our newest security and privacy protections.

Proactively protecting you with high-visibility security alerts

When your security is at risk, time is of the essence. We work to make it easy for you to act fast if we ever detect a serious risk to their Google Accounts. Over the years, we’ve developed new ways to notify people about these issues and helped significantly improve their security. In 2015 for example, we started using Android alerts to notify people about critical issues with their Google Accounts, like a suspected hack. Following this change, we saw a 20-fold increase in the number of people that engaged with these new notifications within an hour of receiving them, compared to email.

Soon, we'll be introducing a redesigned critical alert and a new way of delivering it. When we detect any serious Google Account security issue, we’ll automatically display an alert within the Google app you’re using and help you address it—no need to check email or your phone’s alerts. The new alerts are resistant to spoofing, so you can always be sure they're coming from us. We’ll begin a limited roll out in the coming weeks and plan to expand more broadly early next year.

Easily control your Google Assistant experience with Guest mode

Every day, Google Assistant helps people get things done in their home, whether it’s suggesting a new recipe you might like or reminding you of your next appointment. But there are times you may not want your Assistant interactions saved to your Google Account. That’s why in the coming weeks, we’ll be introducing Guest mode—a new way to use your Google Assistant on home devices. With an easy voice command, you can turn on Guest mode, and your Assistant interactions while in this mode won’t be saved to your account. You can turn off Guest mode at any time to get the full, personalized Google Assistant experience again. In addition, you always have the ability to go back and delete what you said to the Assistant just using your voice, and we’ve added even more answers to common questions about security and privacy that the Assistant will answer instantly.

Safety is built into all our products

Privacy and security have been core to everything we do since our earliest days as a company. Our teams work every day to make Google products safe no matter what you’re doing—browsing the web, managing your inbox, or seeing family on Google Meet. Just this week, we announced our work to protect your information with new security and privacy safeguards for Google Workplace, and new password protections in Chrome as well as Chrome’s progress on the Privacy Sandbox, an initiative to fundamentally enhance privacy on the web. To make it easier to control your privacy, you’ll soon be able to directly edit your Location History data in Timeline by adding or editing places you’ve visited with just a few taps, and because Search is the starting point for so many questions, starting today we’ll display your personal security and privacy settings when you ask things like “Is my Google Account secure?”

We're also continuing to work on building technologies that can be used to further protect your privacy across all our products. For example, this year in an industry first, as part of Android 11 we’ve combined differential privacy and federated learning to train the models that allow for next word prediction in Google’s keyboard Gboard. Federated learning, a technique invented at Google, allows developers to train AI models and make products smarter—for you and everyone else—without your data ever leaving your device. In Android 11, we’ll now generate Smart Replies, including emoji recommendations, from on-device system intelligence, meaning the data is never shared with Gboard or Google.

Protecting your online safety requires constant vigilance and innovation. It starts with building the world’s most advanced security infrastructure and pairing it with responsible data practices and privacy tools that put you in control. We’ll continue to advocate for sensible data regulations around the world and make privacy and security advances that keep you safer online.

Posted by Rahul Roy-Chowdhury, Vice President of Product, Privacy

Source: Official Google India Blog

Privacy-Preserving Smart Input with Gboard

Posted by Yang Lu, Software Engineer, Angana Ghosh, Group Product Manager, and Xu Liu, Director of Engineering, Gboard team

Google Keyboard (a.k.a Gboard) has a critical mission to provide frictionless input on Android to empower users to communicate accurately and express themselves effortlessly. In order to accomplish this mission, Gboard must also protect users' private and sensitive data. Nothing users type is sent to Google servers. We recently launched privacy-preserving input by further advancing the latest federated technologies. In Android 11, Gboard also launched the contextual input suggestion experience by integrating on-device smarts into the user's daily communication in a privacy-preserving way.

Before Android 11, input suggestions were surfaced to users in several different places. In Android 11, Gboard launched a consistent and coordinated approach to access contextual input suggestions. For the first time, we've brought Smart Replies to the keyboard suggestions - powered by system intelligence running entirely on device. The smart input suggestions are rendered with a transparent layer on top of Gboard’s suggestion strip. This structure maintains the trust boundaries between the Android platform and Gboard, meaning sensitive personal content cannot be not accessed by Gboard. The suggestions are only sent to the app after the user taps to accept them.

For instance, when a user receives the message “Have a virtual coffee at 5pm?” in Whatsapp, on-device system intelligence predicts smart text and emoji replies “Sounds great!” and “?”. Android system intelligence can see the incoming message but Gboard cannot. In Android 11, these Smart Replies are rendered by the Android platform on Gboard’s suggestion strip as a transparent layer. The suggested reply is generated by the system intelligence. When the user taps the suggestion, Android platform sends it to the input field directly. If the user doesn't tap the suggestion, gBoard and the app cannot see it. In this way, Android and Gboard surface the best of Google smarts whilst keeping users' data private: none of their data goes to any app, including the keyboard, unless they've tapped a suggestion.

Additionally, federated learning has enabled Gboard to train intelligent input models across many devices while keeping everything individual users type on their device. Today, the emoji is as common as punctuation - and have become the way for our users to express themselves in messaging. Our users want a way to have fresh and diversified emojis to better express their thoughts in messaging apps. Recently, we launched new on-device transformer models that are fine-tuned with federated learning in Gboard, to produce more contextual emoji predictions for English, Spanish and Portuguese.

Furthermore, following the success of privacy-preserving machine learning techniques, Gboard continues to leverage federated analytics to understand how Gboard is used from decentralized data. What we've learned from privacy-preserving analysis has let us make better decisions in our product.

When a user shares an emoji in a conversation, their phone keeps an ongoing count of which emojis are used. Later, when the phone is idle, plugged in, and connected to WiFi, Google’s federated analytics server invites the device to join a “round” of federated analytics data computation with hundreds of other participating phones. Every device involved in one round will compute the emoji share frequency, encrypt the result and send it a federated analytics server. Although the server can’t decrypt the data individually, the final tally of total emoji counts can be decrypted when combining encrypted data across devices. The aggregated data shows that the most popular emoji is ? in Whatsapp, ? in Roblox(gaming), and ✔ in Google Docs. Emoji ? moved up from 119th to 42nd in terms of frequency during COVID-19.

Gboard always has a strong commitment to Google’s Privacy Principles. Gboard strives to build privacy-preserving effortless input products for users to freely express their thoughts in 900+ languages while safeguarding user data. We will keep pushing the state of the art in smart input technologies on Android while safeguarding user data. Stay tuned!

Source: Google Online Security Blog

Turning it up to 11: Android 11 for developers

Posted by Stephanie Cuthbertson, Director, Product Management

Android 11 is here! Today we’re pushing the source to the Android Open Source Project (AOSP) and officially releasing the newest version of Android. We built Android 11 with a focus on three themes: a People-centric approach to communication, Controls to let users quickly get to and control all of their smart devices, and Privacy to give users more ways to control how data on devices is shared. Read more in our Keyword post.

For developers, Android 11 has a ton of new capabilities. You’ll want to check out conversation notifications, device and media controls, one-time permissions, enhanced 5G support, IME transitions, and so much more. To help you work and develop faster, we also added new tools like compatibility toggles, ADB incremental installs, app exit reasons API, data access auditing API, Kotlin nullability annotations, and many others. We worked to make Android 11 a great release for you, and we can’t wait to see what you’ll build!

Watch for official Android 11 coming to a device near you, starting today with Pixel 2, 3, 3a, 4, and 4a devices. To get started, visit the Android 11 developer site.

People, Controls, Privacy

People

Android 11 is people-centric and expressive, reimagining the way we have conversations on our phones, and building an OS that can recognize and prioritize the most important people in our lives. For developers, Android 11 helps you build deeper conversational and personal interactions into your apps.

Conversation notifications appear in a dedicated section at the top of the shade, with a people-forward design and conversation specific actions, such as opening the conversation as a bubble, creating a conversation shortcut on the home screen, or setting a reminder.
Bubbles - Bubbles help users keep conversations in view and accessible while multitasking on their devices. Messaging and chat apps should use the Bubbles API on notifications to enable this in Android 11.
Consolidated keyboard suggestions let Autofill apps and Input Method Editors (IMEs) securely offer users context-specific entities and strings directly in an IME’s suggestion strip, where they are most convenient for users.

Bubbles and people-centric conversations.

Controls

Android 11 lets users quickly get to and control all of their smart devices in one space. Developers can use new APIs to help users surface smart devices and control media:

Device Controls make it faster and easier than ever for users to access and control their connected devices. Now, by simply long pressing the power button, they’re able to bring up device controls instantly, and in one place. Apps can use a new API to appear in the controls. More here.
Media Controls make it quick and convenient for users to switch the output device for their audio or video content, whether it be headphones, speakers or even their TV. More here.

Device controls and media controls.

Privacy

In Android 11, we’re giving users even more control and transparency over sensitive permissions and working to keep devices more secure through faster updates.

One-time permission - Now users can give an app access to the device microphone, camera, or location, just for one time. The app can request permissions again the next time the app is used. More here.

One-time permission dialog in Android 11.

Background location - Background location now requires additional steps from the user beyond granting a runtime permission. If your app needs background location, the system will ensure that you first ask for foreground location. You can then broaden your access to background location through a separate permission request, and the system will take the user to Settings to complete the permission grant.

Also note that in February we announced that Google Play developers will need to get approval to access background location in their app to prevent misuse. We're giving developers more time to make changes and won't be enforcing the policy for existing apps until 2021.

Permissions auto-reset - if users haven’t used an app for an extended period of time, Android 11 will “auto-reset” all of the runtime permissions associated with the app and notify the user. The app can request the permissions again the next time the app is used. More here.

Scoped storage - We’ve continued our work to better protect app and user data on external storage, and made further improvements to help developers more easily migrate. More here.

Google Play system updates - Launched last year, Google Play system updates help us expedite updates of core OS components to devices in the Android ecosystem. In Android 11, we more than doubled the number of updatable modules, including 12 new modules that will help improve privacy, security, and consistency for users and developers.

BiometricPrompt API - Developers can now use the BiometricPrompt API to specify the biometric authenticator strength required by their app to unlock or access sensitive parts of the app. For backward compatibility, we’ve just added these capabilities to the Jetpack Biometric library. We’ll share further updates as the work progresses.

Identity Credential API - This will unlock new use cases such as mobile drivers licences, National ID, and Digital ID. We’re working with various government agencies and industry partners to make sure that Android 11 is ready for digital-first identity experiences.

You can read about all of the Android 11 privacy features here.

Helpful innovation

Enhanced 5G support - Android 11 includes updated developer support to help you take advantage of the faster speeds and lower latency of 5G networks. You can learn when the user is connected to a 5G network, check whether the connection is metered, and get an estimate of the connection bandwidth. To help you build experiences now for 5G, we’ve also added 5G support in the Android Emulator. To get started with 5G on Android, visit the 5G developer page.

Moving beyond the home, 5G can for example let you enhance your “on-the-go” experience by providing seamless interactions with the world around you from friends and family to businesses.

New screen types - Device makers are continuing to innovate by bringing exciting new device screens to market, such as hole-punch and waterfall screens. Android 11 adds support for these in the platform, with APIs to let you optimize your apps. You can manage both hole-punch and waterfall screens using the existing display cutout APIs. You can set a new window layout attribute to use the entire waterfall screen, and a new waterfall insets API helps you manage interaction near the edges.

Call screening support - Android 11 helps call-screening apps do more to manage robocalls. Apps can verify an incoming call’s STIR/SHAKEN status (standards that protect against caller ID spoofing) as part of the call details, and they can report a call rejection reason. Apps can also customize a system-provided post call screen to let users perform actions such as marking a call as spam or adding to contacts.

Polish and quality

OS resiliency - In Android 11 we’ve made the OS more dynamic and resilient as a whole by fine-tuning memory reclaiming processes, such as forcing user-imperceptible restarts of processes based on RSS HWM thresholds. Also, to improve performance and memory, Android 11 adds Binder caching, which optimizes highly used IPC calls to system services by caching data for those that retrieve relatively static data. Binder caching also improves battery life by reducing CPU time.

Synchronized IME transitions - New APIs let you synchronize your app’s content with the IME (input method editor, or on-screen keyboard) and system bars as they animate on and offscreen, making it much easier to create natural, intuitive and jank-free IME transitions. For frame-perfect transitions, a new WindowInsetsAnimation.Callback API notifies apps of per-frame changes to insets while the system bars or the IME animate. Additionally, you can use a new WindowInsetsAnimationController API to control system UI types like system bars, IME, immersive mode, and others. More here.

Synchronized IME transition through insets animation listener.

App-driven IME experience through WindowInsetsAnimationController.

HEIF animated drawables - The ImageDecoder API now lets you decode and render image sequence animations stored in HEIF files, so you can make use of high-quality assets while minimizing impact on network data and APK size. HEIF image sequences can offer drastic file-size reductions for image sequences when compared to animated GIFs.

Native image decoder - New NDK APIs let apps decode and encode images (such as JPEG, PNG, WebP) from native code for graphics or post processing, while retaining a smaller APK size since you don’t need to bundle an external library. The native decoder also takes advantage of Android’s process for ongoing platform security updates. See the NDK sample code for examples of how to use the APIs.

Low-latency video decoding in MediaCodec - Low latency video is critical for real-time video streaming apps and services like Stadia. Video codecs that support low latency playback return the first frame of the stream as quickly as possible after decoding starts. Apps can use new APIs to check and configure low-latency playback for a specific codec.

Variable refresh rate - Apps and games can use a new API to set a preferred frame rate for their windows. Most Android devices refresh the display at 60Hz refresh rate, but some support multiple refresh rates, such as 90Hz as well as 60Hz, with runtime switching. On these devices, the system uses the app’s preferred frame rate to choose the best refresh rate for the app. The API is available in both the SDK and NDK. See the details here.

Dynamic resource loader - Android 11 includes a new public API to let apps load resources and assets dynamically at runtime. With the Resource Loader framework you can include a base set of resources in your app or game and then load additional resources, or modify the loaded resources, as needed at runtime.

Neural Networks API (NNAPI) 1.3 - We continue to add ops and controls to support machine learning on Android devices. To optimize common use-cases, NNAPI 1.3 adds APIs for priority and timeout, memory domains, and asynchronous command queue. New ops for advanced models include signed integer asymmetric quantization, branching and loops, and a hard-swish op that helps accelerate next-generation on-device vision models such as MobileNetV3.

Developer friendliness

App compatibility tools - We worked to minimize compatibility impacts on your apps by making most Android 11 behavior changes opt-in, so they won’t take effect until you change the apps’ targetSdkVersion to 30. If you are distributing through Google Play, you’ll have more than a year to opt-in to these changes, but we recommend getting started testing early. To help you test, Android 11 lets you enable or disable many of the opt-in changes individually. More here.

App exit reasons - When your app exits, it’s important to understand why the app exited and what the state was at the time -- across the many device types, memory configurations, and user scenarios that your app runs in. Android 11 makes this easier with an exit reasons API that you can use to request details of the app’s recent exits.

Data access auditing - data access auditing lets you instrument your app to better understand how it accesses user data and from which user flows. For example, it can help you identify any inadvertent access to private data in your own code or within any SDKs you might be using. More here.

ADB Incremental - Installing very large APKs with ADB (Android Debug Bridge) during development can be slow and impact your productivity, especially those developers working on Android Games. With ADB Incremental in Android 11, installing large APKs (2GB+) from your development computer to an Android 11 device is up to 10x faster. More here.

Kotlin nullability annotations - Android 11 adds nullability annotations to more methods in the public API. And, it upgrades a number of existing annotations from warnings to errors. These help you catch nullability issues at build time, rather than at runtime. More here.

Get your apps ready for Android 11

With Android 11 on its way to users, now is the time to finish your compatibility testing and publish your updates.

Flow chart steps for getting your apps ready for Android 11.

Here are some of the top behavior changes to watch for (these apply regardless of your app’s targetSdkVersion):

One-time permission - Users can now grant single-use permission to access location, device microphone and camera. More here.
External storage access - Apps can no longer access other apps’ files in external storage. More here.
Scudo hardened allocator - Scudo is now the heap memory allocator for native code in apps. More here.
File descriptor sanitizer - Fdsan is now enabled by default to detect file descriptor handling issues for native code in apps. More here.

Android 11 also includes opt-in behavior changes - these affect your app once it’s targeting the new platform. We recommend assessing these changes as soon as you’ve published the compatible version of your app. For more information on compatibility testing and tools, check out the resources we shared for Android 11 Compatibility week and visit the Android 11 developer site for technical details.

Enhance your app with new features and APIs

Next, when you're ready, dive into Android 11 and learn about the new features and APIs that you can use. Here are some of the top features to get started with.

We recommend these for all apps:

Dark theme (from Android 10) - Make sure to provide a consistent experience for users who enable system-wide dark theme by adding a Dark theme or enabling Force Dark.
Gesture navigation (from Android 10) - Support gesture navigation by going edge-to-edge and ensure that custom gestures work well with gestures. More here.
Sharing shortcuts (from Android 10) - Apps that want to receive shared data should use the sharing shortcuts APIs to create share targets. Apps that want to send shared data should make sure to use the system share sheet.
Synchronized IME transitions - Provide seamless transitions to your users using the new WindowInsets and related APIs. More here.
New screen types - for devices with hole-punch or waterfall screens, make sure to test and adjust your content for these screens as needed. More here.

We recommend these if relevant for your app:

Conversations - Messaging and communication apps can participate in the conversation experience by providing long-lived sharing shortcuts and surfacing conversations in notifications. More here.
Bubbles - Bubbles are a way to keep conversations in view and accessible while multitasking. Use the Bubbles API on notifications to enable this.
5G - If your app or content can benefit from the faster speeds and lower latency of 5G, explore our developer resources to see what you can build.
Device controls - If your app supports external smart devices, make sure those devices are accessible from the new Android 11 device controls area. More here.
Media controls - For media apps, we recommend supporting the Android 11 media controls so users can manage playback and resumption from the Quick Settings shade. More here.

Read more about all of the Android 11 features at developer.android.com/11.

Coming to a device near you!

Android 11 will begin rolling out today on select Pixel, OnePlus, Xiaomi, OPPO and realme phones, with more partners launching and upgrading devices over the coming months. If you have a Pixel 2, 3, 3a, 4, or 4a phone, including those enrolled in this year’s Beta program, watch for the over-the-air update arriving soon!

Android 11 factory system images for Pixel devices are also available through the Android Flash Tool, or you can download them here. As always, you can get the latest Android Emulator system images via the SDK Manager in Android Studio. For broader testing on other Treble-compliant devices, Generic System Images (GSI) are available here.

If you're looking for the Android 11 source code, you'll find it here in the Android Open Source Project repository under the Android 11 branches.

What’s next?

We’ll soon be closing the preview issue tracker and retiring open bugs logged against Developer Preview or Beta builds, but please keep the feedback coming! If you still see an issue that you filed in the preview tracker, just file a new issue against Android 11 in the AOSP issue tracker.

Thanks again to the many developers and early adopters who participated in the preview program this year! You gave us great feedback to help shape the release, and you filed thousands of issues that have made Android 11 a better platform for everyone.

We're looking forward to seeing your apps on Android 11!

Source: Android Developers Blog

Google Supports Scams Awareness Week

This year, #scamsweek2020 comes at a time where many of us are spending more time at home, and are using a plethora of new apps and communications tools to work, learn, access information, and stay connected with loved ones. We are joining the ACCC Scamwatch team this week to promote the importance of identifying and managing online security risks - some of which we do on your behalf without you even realising and some of which we ask you to make an informed decision about.

When people first started staying home due to COVID-19 earlier this year, our advanced, machine-learning classifiers saw 18 million daily malware and phishing attempts related to COVID-19, in addition to more than 240 million COVID-related spam messages globally. Our security systems have detected a range of new scams circulating, such as phishing emails posing as messages from charities and NGOs, directions from “administrators” to employees working from home, and even notices spoofing healthcare providers. Our systems have also spotted malware-laden sites that pose as sign-in pages for popular social media accounts, health organisations, or even official coronavirus maps.

To protect you from these risks, we've built advanced security protections into many Google products to automatically identify and stop threats before they ever reach you. Our machine learning models in Gmail already detect and block more than 99.9 percent of spam, phishing and malware. Our built-in security also protects you by alerting you before you enter fraudulent websites, by scanning apps in Google Play before you download, and more. But we want to help you stay secure everywhere online, not just on our products, so we’re providing these simple tips, tools and resources.

Know how to spot and avoid COVID-19 scams

With many of the COVID-19 related scams coming in the form of phishing emails, it’s important to pause and evaluate any COVID-19 email before clicking any links or taking other action. Be wary of requests for personal information such as your home address or bank details. Fake links often imitate established websites by adding extra words or letters to them—check the URL’s validity by hovering over it (on desktop) or with a long press (on mobile).

Use your company’s enterprise email account for anything work-related

Working with our enterprise customers, we see how employees can put their company’s business at risk when using their personal accounts or devices. Even when working from home, it’s important to keep your work and personal email separate. Enterprise accounts offer additional security features that keep your company’s private information private. If you’re unsure about your company’s online security safeguards, check with your IT professionals to ensure the right security features are enabled, like two-factor authentication.

Secure your video calls on video conferencing apps

The security controls built into Google Meet are turned on by default, so that in most cases, organisations and users are automatically protected. But there are steps you can take on any video conferencing app to make your call more secure:

Consider adding an extra layer of verification to help ensure only invited attendees gain access to the meeting.
When sharing a meeting invite publicly, be sure to enable the “knocking” feature so that the meeting organiser can personally vet and accept new attendees before they enter the meeting.
If you receive a meeting invite that requires installing a new video-conferencing app, always be sure to verify the invitation—paying special attention to potential imposters—before installing.

Install security updates when notified

When working from home, your work computer may not automatically update your security technology as it would when in the office and connected to your corporate network. It’s important to take immediate action on any security update prompts. These updates solve for known security vulnerabilities, which attackers are actively seeking out and exploiting.

Use a password manager to create and store strong passwords

With all the new applications and services you might be using for work and school purposes, it can be tempting to use just one password for all. In fact, 69% of Aussies admit to using the same password across multiple accounts, despite 90% knowing that this presents a security risk. To keep your private information private, always use unique, hard-to-guess passwords. A password manager, like the one built into Android, Chrome, and your Google Account can help make this easier.

Protect your Google Account

If you use a Google Account, you can easily review any recent security issues and get personalised recommendations to help protect your data and devices with the Security Checkup. Within this tool, you can also run a Password Checkup to learn if any of your saved passwords for third party sites or accounts have been compromised and then easily change them if needed.

You should also consider adding two-steps verification (also known as two-factor authentication), which you likely already have in place for online banking and other similar services, to provide an extra layer of security. This helps keep out anyone who shouldn't have access to your accounts by requiring a secondary factor on top of your username and password to sign in. To set this up for your Google Account, go to g.co/2SV.

Posted by Samantha Yorke, Government Affairs and Public Policy Senior Manager, Google Australia

Source: Official Google Australia Blog

DEFCON Differential Privacy Training Launch

Differential privacy is a technique that enables organizations to learn from the majority of their data while simultaneously ensuring those results do not allow an individual’s data to be distinguished or re-identified. A popular way of attaining differential privacy is by adding noise to the data, which provides mathematical bounds on the amount of information that is leaked. Our open source offering aims to help developers implement differential privacy.

In the summer of 2019, we publicly launched our Differential Privacy Library. Since then, we’ve expanded it from just C++ to also include Go and Java.

We’ve come to realize that differential privacy requires more than just the library to be effectively implemented. We mentioned in a post earlier this summer that we want all developers to be able to interact with differential privacy, which requires more than an open-sourced library, but rather a training on the topic to share knowledge with all developers.

Our goal with this training is to provide a head start that is helpful for those considering differential privacy implementation. We also want to provide an experience on privacy and security that is understood and impactful to any individual in the field, whether they are a beginner or someone who has background knowledge in privacy.

This new training contains several steps and covers many topics, such as:

The foundations of differential privacy
Explanations as to why aggregation by itself may not hedge against privacy risks
The mathematical behind-the-scenes of noise
Tools that can be used in conjunction with differential privacy
Codelabs that users can take (in Go)
Additional resources to address any further questions

Step 1: Take our survey! It only takes five minutes!

This survey enables us to gain insights into what you are expecting to gain from this training. We are curious about what your objectives and goals are with this training, and if you have any experience with differential privacy.

Step 2: Check-out an introductory video to Differential Privacy!

We introduce topics like data aggregation, k-anonymity, differential privacy, noise, and others. The goal of this module is to introduce the foundations behind the differential privacy, and why it is an important and useful privacy tool.

Step 3: Try-out our codelabs

We have provided Codelabs in Go to help you practice implementing Differential Privacy library end-to-end.

Step 4: Learn more about differential privacy.

We want to offer an additional resource to help answer any questions you may have. If you have other resources that you find, please let us know and we will add these links to our overall training.

Step 5: Provide us with some feedback

Please use this survey as a platform to share your experience with this pilot. Did the content meet your expectations? Did it make sense? What was missing? This is the time for you to share your point of view and any pain points you experienced (as well as any positive aspects you encountered).

We hope this training provides an impactful experience from beginner coders to privacy specialists. The public differential privacy training will launch at the Stanford Biodesign: “Building for Digital Health” Buildathon, Sept 11-13, 2020, led by Stanford, and supported by Google Cloud and Apple Health engineers.

Please continue to reach out to us to share your experiences with us at [email protected]. The suggestions we receive will help us improve and it will inform our thinking as we add new features and updates.

Acknowledgements: Miguel Guevara, Bryant Gipson, Royce Wilson, Kate Frankenberg, Katie Holzheimer, Lior Gottleib, Carmen Bush

By Aditi Joshi – Security and Privacy Engineering, Google Cloud

Source: Google Online Security Blog

Trust and safety

Better user experience tools

App compatibility

Get started with Android 12

Source: Android Developers Blog

Source: Android Developers Blog

Source: Official Google India Blog

Source: Official Google India Blog

Source: Official Google India Blog

Source: Google Online Security Blog

People, Controls, Privacy

People

Controls

Privacy

Helpful innovation

Polish and quality

Developer friendliness

Get your apps ready for Android 11

Enhance your app with new features and APIs

Coming to a device near you!

What’s next?

Source: Android Developers Blog

Source: Official Google Australia Blog

Step 1: Take our survey! It only takes five minutes!

Step 2: Check-out an introductory video to Differential Privacy!

Step 3: Try-out our codelabs

Step 4: Learn more about differential privacy.

Step 5: Provide us with some feedback

Source: Google Open Source Blog