Monthly:February 2020

Best Practices for News coverage with Search

Having up-to-date information during large, public events is critical, as the landscape changes by the minute. This guide highlights some tools that news publishers can use to create a data rich and engaging experience for their users.

Add Article structured data to AMP pages

Adding Article structured data to your news, blog, and sports article AMP pages can make the content eligible for an enhanced appearance in Google Search results. Enhanced features may include placement in the Top stories carousel, host carousel, and Visual stories. Learn how to mark up your article.
You can now test and validate your AMP article markup in the Rich Results Test tool. Enter your page’s URL or a code snippet, and the Rich Result Test shows the AMP Articles that were found on the page (as well as other rich result types), and any errors or suggestions for your AMP Articles. You can also save the test history and share the test results.
We also recommend that you provide a publication date so that Google can expose this information in Search results, if this information is considered to be useful to the user.

Mark up your live-streaming video content

If you are live-streaming a video during an event, you can be eligible for a LIVE badge by marking your video with BroadcastEvent. We strongly recommend that you use the Indexing API to ensure that your live-streaming video content gets crawled and indexed in a timely way. The Indexing API allows any site owner to directly notify Google when certain types of pages are added or removed. This allows Google to schedule pages for a fresh crawl, which can lead to more relevant user traffic as your content is updated. For websites with many short-lived pages like livestream videos, the Indexing API keeps content fresh in search results. Learn how to get started with the Indexing API.

For AMP pages: Update the cache and use components

Use the following to ensure your AMP content is published and up-to-date the moment news breaks.

Update the cache

When people click an AMP page, the Google AMP Cache automatically requests updates to serve fresh content for the next person once the content has been cached. However, if you want to force an update to the cache in response to a change in the content on the origin domain, you can send an update request to the Google AMP Cache. This is useful if your pages are changing in response to a live news event.

Use news-related AMP components

  • <amp-live-list>: Add live content to your article and have it updated based on a source document. This is a great choice if you just want content to reload easily, without having to set up or configure additional services on your backend. Learn how to implement <amp-live-list>.
  • <amp-script>: Run your own JavaScript inside of AMP pages. This flexibility means that anything you are publishing on your desktop or non-AMP mobile pages, you can bring over to AMP. <amp-script> supports Websockets, interactive SVGs, and more. This allows you to create engaging news pages like election coverage maps, live graphs and polls etc. As a newer feature, the AMP team is actively soliciting feedback on it. If for some reason it doesn’t work for your use case, let us know.

If you have any questions, let us know through the forum or on Twitter.

Posted by Patrick Kettner and Naina Raisinghani, AMP team

Read More

Data centers are more energy efficient than ever

While Google is the world’s largest corporate purchaser of renewable energy, we’re also taking action on climate change by minimizing the amount of energy we need to use in the first place. For more than a decade, we’ve worked to make our data centers as energy efficient as possible. Today, a new paper in Science validated our efforts and those of other leaders in our industry. It found that efficiency improvements have kept energy usage almost flat across the globe’s data centers—even as demand for cloud computing has skyrocketed.

The new study shows that while the amount of computing done in data centers increased by about 550 percent between 2010 and 2018, the amount of energy consumed by data centers only grew by six percent during the same time period. The study’s authors note that these energy efficiency gains outpaced anything seen in other major sectors of the economy. As a result, while data centers now power more applications for more people than ever before, they still account for about 1 percent of global electricity consumption—the same proportion as in 2010. 

What’s more, research has consistently shown that hyperscale (meaning very large) data centers are far more energy efficient than smaller, local servers. That means that a person or company can immediately reduce the energy consumption associated with their computing simply by switching to cloud-based software. As the data center industry continues to evolve its operations, this efficiency gap between local computing and cloud computing will continue to grow.

Searching for efficiency

How are data centers squeezing more work out of every electron, year after year? For Google, the answer comes down to a relentless quest to eliminate waste, at every level of our operations. We designed highly efficient Tensor Processing Units, (the AI chips behind our advances in machine learning), and outfitted all of our data centers with high-performance servers. Starting in 2014, we even began using machine learning to automatically optimize cooling in our data centers. At the same time, we’ve deployed smart temperature, lighting, and cooling controls to further reduce the energy used at our data centers. 

Our efforts have yielded promising results: Today, on average, a Google data center is twice as energy efficient as a typical enterprise data center. And compared with five years ago, we now deliver around seven times as much computing power with the same amount of electrical power. 

By directly controlling data center cooling, our AI-powered recommendation system is already delivering consistent energy savings of around 30 percent on average. And the average annual power usage effectiveness for our global fleet of data centers in 2019 hit a new record low of 1.10, compared with the industry average of 1.67—meaning that Google data centers use about six times less overhead energy for every unit of IT equipment energy.

Leading by example

So where do we go from here? We’ll continue to deploy new technologies and share the lessons we learn in the process, design the most efficient data centers possible, and disclose data on our progress. To learn about our efforts to power the internet using as little power as possible—and how we’re ensuring that the energy we use is carbon-free, around the clock—check out our latest Environment Report or visit our data center efficiency site.

Read More

Helping Developers with Permission Requests

Posted by Sai Teja Peddinti, Nina Taft and Igor Bilogrevic from PDPO Applied Privacy Research, and Pauline Anthonysamy from Android Security and Privacy.
User trust is critical to the success of developers of every size. On the Google Play Store, we aim to help developers boost the trust of their users, by surfacing signals in the Developer Console about how to improve their privacy posture. Towards this aim, we surface a message to developers when we think their app is asking for permission that is likely unnecessary.
This is important because numerous studies have shown that user trust can be affected when the purpose of a permission is not clear.1 In addition, research has shown that when users are given a choice between similar apps, and one of them requests fewer permissions than the other, they choose the app with fewer permissions.2
Determining whether or not a permission request is necessary can be challenging. Android developers request permissions in their apps for many reasons – some related to core functionality, and others related to personalization, testing, advertising, and other factors. To do this, we identify a peer set of apps with similar functionality and compare a developer’s permission requests to that of their peers. If a very large percentage of these similar apps are not asking for a permission, and the developer is, we then let the developer know that their permission request is unusual compared to their peers. Our determination of the peer set is more involved than simply using Play Store categories. Our algorithm combines multiple signals that feed Natural Language Processing (NLP) and deep learning technology to determine this set. A full explanation of our method is outlined in our recent publication, entitled “Reducing Permissions Requests in Mobile Apps” that appeared in the Internet Measurement Conference (IMC) in October 2019.3 (Note that the threshold for surfacing the warning signal, as stated in this paper, is subject to change.)
We surface this information to developers in the Play Console and we let the developer make the final call as to whether or not the permission is truly necessary. It is possible that the developer has a feature unlike all of its peers. Once a developer removes a permission, they won’t see the warning any longer. Note that the warning is based on our computation of the set of peer apps similar to the developers. This is an evolving set, frequently recomputed, so the message may go away if there is an underlying change to the set of peers apps and their behavior. Similarly, even if a developer is not currently seeing a warning about a permission, they might in the future if the underlying peer set and its behavior changes. An example warning is depicted below.

This warning also helps to remind developers that they are not obligated to include all of the permission requests occurring within the libraries they include inside their apps. We are pleased to say that in the first year after deployment of this advice signal nearly 60% of warned apps removed permissions. Moreover, this occurred across all Play Store categories and all app popularity levels. The breadth of this developer response impacted over 55 billion app installs.3 This warning is one component of Google’s larger strategy to help protect users and help developers achieve good security and privacy practices, such as Project Strobe, our guidelines on permissions best practices, and our requirements around safe traffic handling.
Acknowledgements
Giles Hogben, Android Play Dashboard and Pre-Launch Report teams

References

[1] Modeling Users’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings, by J. Lin B. Liu, N. Sadeh and J. Hong. In Proceedings of Usenix Symposium on Privacy & Security (SOUPS) 2014.
[2] Using Personal Examples to Improve Risk Communication for Security & Privacy Decisions, by M. Harbach, M. Hettig, S. Weber, and M. Smith. In Proceedings of the SIGCHI Conference on Human Computing Factors in Computing Systems, 2014.
[3] Reducing Permission Requests in Mobile Apps, by S. T. Peddinti, I. Bilogrevic, N. Taft, M Pelikan, U. Erlingsson, P. Anthonysamy and G. Hogben. In Proceedings of ACM Internet Measurement Conference (IMC) 2019.

Read More

Stadia Savepoint: February updates

With February coming to a close, we’re back with another issue of our Stadia Savepoint series, giving you a summary of recent news on Stadia.

This month we announced nine new games coming to Stadia, featuring three games launching First on Stadia. That included “Spitlings,” the chaotic multi-player platformer which launched earlier this week and is the focus of our first developer Q&A with Massive Miniteam. 

Stadia on new phones

Stadia on Samsung, ASUS, and Razer phones.

Expanded Android support

We’ve added Stadia compatibility to 19 new phones from Samsung, ASUS, and Razer, bringing the ability to play our entire library across tens of millions of devices. See here for more info. 

New games coming to Stadia

  • SteamWorld Dig

  • SteamWorld Dig 2

  • SteamWorld Heist

  • SteamWorld Quest

  • Lost Words: Beyond the Page

  • Panzer Dragoon: Remake

  • Serious Sam Collection

  • Stacks on Stacks (on Stacks)

  • The Division 2

  • Doom Eternal

Recent content launches on Stadia

  • Spitlings

  • Monster Energy Supercross – The Official Videogame 3

  • Borderlands 3 – Moxxi’s Heist of the Handsome Jackpot

  • Metro Exodus – Sam’s Story

  • Mortal Kombat 11 – The Joker

  • Mortal Kombat 11 – DC Elseworlds Skin Pack

Stadia Pro updates

  • New games are free to active Stadia Pro subscribers in March: GRID, SteamWorld Dig 2, and SteamWorld Quest.

  • Existing games still available to add to your collection: Destiny 2, Farming Simulator 19 Platinum Edition, Gylt, Metro Exodus and Thumper.

  • Act quickly: Farming Simulator 19 Platinum Edition leaves Stadia Pro on February 29.

  • Ongoing discounts for Stadia Pro subscribers: Check out the web or mobile Stadia store for the latest.

That’s it for February, we’ll be back soon to share more updates. As always, stay tuned to the Stadia Community BlogFacebook, and Twitter for the latest news. 

Read More

Celebrate digital learning with tools for everyone

One of my fondest childhood memories is sitting on my dad’s lap and using a program on our old desktop computer to learn multiplication tables. It jump-started my love for math and science and showed me how technology could make learning exciting.

Educational tools have only improved over the years since I first experienced them. Thanks to educator feedback and companies building tools to help solve real problems in classrooms, they’re better than ever. Today, Feb. 27, thousands of educators across the world are celebrating the use of technology in the classroom by participating in Digital Learning Day. Whether in the classroom or at home, technology can help provide access, increase engagement and help educators and students open up new possibilities for learning. This technology has also helped many students learn the basic digital skills needed for work and life. 

As part of our Grow With Google initiative–which helps ensure opportunities created by technology are available to everyone–Applied Digital Skills has curated a collection of our most popular lessons, which include everything from creating a resume to understanding your digital footprint. Applied Digital Skills is Google’s free, online, video-based curriculum that provides training on basic digital skills for learners of all ages. To date, this resource has helped over 1 million students learn digital skills and empowered thousands of educators to teach them in a fun and engaging way. 

It’s important to make sure everyone has access to these skills, and community leaders are making sure this happens. Valamere Mikler is the founder of She Ran Tech, a community initiative that encourages digital proficiency and empowerment for women and girls from underserved areas. “Our focus is on data privacy and technology, particularly with girls and young women to educate them on the alternatives to social media trolling, oversharing, idle web surfing and so on,” says Mikler. She’s incorporated Applied Digital Skills lessons into her organization’s internship, as well as its workshops and recommended resources. “We want to get them into technology,” she says. “We are fighting for equity here and this initiative is a way to empower them.” 

Valamere and I know firsthand the positive impact technology can have on learning experiences. Dive into our new collection of Digital Learning Day lessons to get started yourself, and use the momentum to embrace educational technology all year round.

Read More

Google Translate adds five languages

Millions of people around the world use Google Translate, whether in a verbal conversation, or while navigating a menu or reading a webpage online. Translate learns from existing translations, which are most often found on the web. Languages without a lot of web content have traditionally been challenging to translate, but through advancements in our machine learning technology, coupled with active involvement of the Google Translate Community, we’ve added support for five languages: Kinyarwanda, Odia (Oriya), Tatar, Turkmen and Uyghur. These languages, spoken by more than 75 million people worldwide, are the first languages we’ve added to Google Translate in four years, and expand the capabilities of Google Translate to 108 languages.

Translate supports both text translation and website translation for each of these languages. In addition, Translate supports virtual keyboard input for Kinyarwanda, Tatar and Uyghur. Below you can see our team motto, “Enable everyone, everywhere to understand the world and express themselves across languages,” translated into the five new languages. 

Translate Mission.gif

If you speak any of these languages and are interested in helping, please join the Google Translate Community and improve our translations.

Read More

Continuing to grow and invest across America in 2020

Today I’m pleased to announce that Google will invest more than $10 billion in offices and data centers across the United States in 2020. 

Google has a presence in 26 states across the country and our new investments will be focused in 11 of them: Colorado, Georgia, Massachusetts, Nebraska, New York, Oklahoma, Ohio, Pennsylvania, Texas, Washington and California. 

Everywhere we invest, we strive to create meaningful opportunities for local communities. A powerful example is our data center in Pryor, a town in Mayes County, Oklahoma. Last year, I visited Pryor to announce a $600 million investment, our fourth expansion there since 2007. It felt like the whole community came out to welcome us, from small business owners to teachers to Google employees. Pryor Mayor Larry Lees told the crowd that Google’s investments have helped provide local schools with the resources they need—including the latest textbooks and STEM courses—to offer a world-class education. He talked about the small businesses we have helped train and the mentorship Googlers have provided to Pryor’s students. 

This is exactly the kind of difference we hope to make with our new office and data center projects in 2020. These investments will create thousands of jobs—including roles within Google, construction jobs in data centers and renewable energy facilities, and opportunities in local businesses in surrounding towns and communities. 

This effort builds on the momentum of the $13 billion investment in communities from South Carolina to Nevada we made in 2019. Combined with other R&D investments, Google’s parent company Alphabet was the largest investor in the U.S. last year, according to a reportfrom the Progressive Policy Institute.  

We look forward to continuing this progress in the year ahead. Here’s a look at our 2020 investments by region:

2020 investments by region

South

Google continues to invest in Atlanta, and we will be welcoming new engineering teams to our growing office there this year. We will also invest in expanded offices and data centers in Texas, Alabama, South Carolina, Virginia and Tennessee. Plus, we’ll open a Google Operations Center in Mississippi to improve our customer support for users and partners around the world. 

Breaking ground at new office development in Atlanta, in 2019

Breaking ground at our office development in Atlanta in 2019. We’re expanding our space in Atlanta this year.

Midwest 

We recently opened a new Google Cloud office in Chicago and expanded our office in Madison, Wisconsin. We’ll make additional investments in our offices in Detroit, open a new data center in Ohio, and complete the expansion of our data center in Iowa.

Ribbon cutting at our new Google Cloud office in Chicago, Ill., in 2019.

Ribbon cutting at our new Google Cloud office in Chicago in 2019.

Central 

In Colorado, we have the capacity to double our workforce over the next few years, in part by expanding our presence in Boulder. We’ll also invest further in growing data centers in Nebraska and Oklahoma. 

Sundar Pichai speaking at Google’s Mayes County, Okla., data center expansion event.

Google’s Mayes County, Oklahoma data center expansion event. 

East 

We’re opening our new Hudson Square campus in New York City, where we have the capacity to double our local workforce by 2028. We’re also expanding our office in Pittsburgh, and a bigger office in Cambridge, Massachusetts, is under development. 

West 

We are expanding our Google Cloud campus in Seattle and undertaking a major development in Kirkland to open later this year. We’re making office and data center investments in Oregon. In California, we continue to invest in new locations in the Bay Area and Los Angeles. 

We’ll also accelerate our work with businesses, governments, and community organizations to distribute the $1 billion we committed for Bay Area housing. In the first six months of this commitment, we’ve helped to create more than 380 new affordable housing units in the Bay Area, including an investment in a development focused on affordable and inclusive housing for adults with disabilities. There’s more to come in 2020.

In addition to these investments in infrastructure and jobs, we’ll also continue our work nationally with local startups, entrepreneurs and small business owners to help Americans access new digital opportunities. Already Grow with Google and Google for Startups have trained more than 4 million Americans in hundreds of communities across all 50 states. Looking ahead, we’re especially excited about our work creating pathways to jobs in the fast-growing field of IT through our two Grow with Google certificate programs

Our growth is made possible only with the help of our local Googlers, partners and communities who have welcomed Google with open arms. Working together, we will continue to grow our economy, create good jobs for more Americans and make sure everyone can access the opportunities that technology creates.

Read More

More & better data export in Search Console

We have heard users ask for better download capabilities in Search Console loud and clear – so we’re happy to let you know that more and better data is available to export.

You’ll now be able to download the complete information you see in almost all Search Console reports (instead of just specific table views). We believe that this data will be much easier to read outside SC and store it for your future reference (if needed). You’ll find a section at the end of this post describing other ways to use your Search Console data outside the tool.

Enhancement reports and more 

When exporting data from a report, for example AMP status, you’ll now be able to export the data behind the charts, not only the details table (as previously). This means that in addition to the list of issues and their affected pages, you’ll also see a daily breakdown of your pages, their status, and impressions received by them on Google Search results. If you are exporting data from a specific drill-down view, you can see the details describing this view in the exported file.

If you choose Google Sheets or Excel (new!) you’ll get a spreadsheet with two tabs, and if you choose to download as csv, you’ll get a zip file with two csv files.

Here is a sample dataset downloaded from the AMP status report. We changed the titles of the spreadsheet to be descriptive for this post, but the original title includes the domain name, the report, and the date of the export.

Performance report 

When it comes to Performance data, we have two improvements:

  1. You can now download the content of all tabs with one click. This means that you’ll now get the data on Queries, Pages, Countries, Devices, Search appearances and Dates, all together. The download output is the same as explained above, Google sheets or Excel spreadsheet with multiple tabs and csv files compressed in a zip file.
  2. Along with the performance data, you’ll have an extra tab (or csv file) called “Filters”, which shows which filters were applied when the data was exported.

Here is a sample dataset downloaded from the Performance report.

Additional ways to use Search Console data outside the tool

Since we’re talking about exporting data, we thought we’d take the opportunity to talk about other ways you can currently use Search Console data outside the tool. You might want to do this if you have a specific use case that is important to your company, such as joining the data with another dataset, performing an advanced analysis, or visualizing the data in a different way.

There are two options, depending on the data you want and your technical level.

Search Console API

If you have a technical background, or a developer in your company can help you, you might consider using the Search Console API  to view, add, or remove properties and sitemaps, and to run advanced queries for Google Search results data.

We have plenty of documentation on the subject, but here are some links that might be useful to you if you’re starting now:

  1. The Overview and prerequisites guide walks you through the things you should do before writing your first client application. You’ll also find more advanced guides in the sidebar of this section, for example a guide on how to query all your search data.
  2. The reference section provides details on query parameters, usage limits and errors returned by the API.
  3. The API samples provides links to sample code for several programming languages, a great way to get up and running.

Google Data Studio

Google Data Studio is a dashboarding solution that helps you unify data from different data sources, explore it, and tell impactful data stories. The tool provides a Search Console connector to import various metrics and dimensions into your dashboard. This can be valuable if you’d like to see Search Console data side-by-side with data from other tools.

If you’d like to give it a try, you can use this template to visualize your data – click “use template” at the top right corner of the page to connect to your data. To learn more about how to use the report and which insights you might find in it, check this step-by-step guide. If you just want to play with it, here’s a report based on that template with sample data.

 Let us know on Twitter if you have interesting use cases or comments about the new download capabilities, or about using Search Console data in general. And enjoy the enhanced data!

Posted by Sion Schori & Daniel Waisberg, Search Console team

Read More

Data Encryption on Android with Jetpack Security

Posted by Jon Markoff, Staff Developer Advocate, Android Security

Illustration by Virginia Poltrack

Have you ever tried to encrypt data in your app? As a developer, you want to keep data safe, and in the hands of the party intended to use. But if you’re like most Android developers, you don’t have a dedicated security team to help encrypt your app’s data properly. By searching the web to learn how to encrypt data, you might get answers that are several years out of date and provide incorrect examples.

The Jetpack Security (JetSec) crypto library provides abstractions for encrypting Files and SharedPreferences objects. The library promotes the use of the AndroidKeyStore while using safe and well-known cryptographic primitives. Using EncryptedFile and EncryptedSharedPreferences allows you to locally protect files that may contain sensitive data, API keys, OAuth tokens, and other types of secrets.

Why would you want to encrypt data in your app? Doesn’t Android, since 5.0, encrypt the contents of the user’s data partition by default? It certainly does, but there are some use cases where you may want an extra level of protection. If your app uses shared storage, you should encrypt the data. In the app home directory, your app should encrypt data if your app handles sensitive information including but not limited to personally identifiable information (PII), health records, financial details, or enterprise data. When possible, we recommend that you tie this information to biometrics for an extra level of protection.

Jetpack Security is based on Tink, an open-source, cross-platform security project from Google. Tink might be appropriate if you need general encryption, hybrid encryption, or something similar. Jetpack Security data structures are fully compatible with Tink.

Key Generation

Before we jump into encrypting your data, it’s important to understand how your encryption keys will be kept safe. Jetpack Security uses a master key, which encrypts all subkeys that are used for each cryptographic operation. JetSec provides a recommended default master key in the MasterKeys class. This class uses a basic AES256-GCM key which is generated and stored in the AndroidKeyStore. The AndroidKeyStore is a container which stores cryptographic keys in the TEE or StrongBox, making them hard to extract. Subkeys are stored in a configurable SharedPreferences object.

Primarily, we use the AES256_GCM_SPEC specification in Jetpack Security, which is recommended for general use cases. AES256-GCM is symmetric and generally fast on modern devices.


val keyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)

For apps that require more configuration, or handle very sensitive data, it’s recommended to build your KeyGenParameterSpec, choosing options that make sense for your use. Time-bound keys with BiometricPrompt can provide an extra level of protection against rooted or compromised devices.

Important options:

  • userAuthenticationRequired() and userAuthenticationValiditySeconds() can be used to create a time-bound key. Time-bound keys require authorization using BiometricPrompt for both encryption and decryption of symmetric keys.
  • unlockedDeviceRequired() sets a flag that helps ensure key access cannot happen if the device is not unlocked. This flag is available on Android Pie and higher.
  • Use setIsStrongBoxBacked(), to run crypto operations on a stronger separate chip. This has a slight performance impact, but is more secure. It’s available on some devices that run Android Pie or higher.

Note: If your app needs to encrypt data in the background, you should not use time-bound keys or require that the device is unlocked, as you will not be able to accomplish this without a user present.


// Custom Advanced Master Key
val advancedSpec = KeyGenParameterSpec.Builder(
"master_key",
KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
).apply {
setBlockModes(KeyProperties.BLOCK_MODE_GCM)
setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
setKeySize(256)
setUserAuthenticationRequired(true)
setUserAuthenticationValidityDurationSeconds(15) // must be larger than 0
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
setUnlockedDeviceRequired(true)
setIsStrongBoxBacked(true)
}
}.build()

val advancedKeyAlias = MasterKeys.getOrCreate(advancedSpec)

Unlocking time-bound keys

You must use BiometricPrompt to authorize the device if your key was created with the following options:

  • userAuthenticationRequired is true
  • userAuthenticationValiditySeconds > 0

After the user authenticates, the keys are unlocked for the amount of time set in the validity seconds field. The AndroidKeystore does not have an API to query key settings, so your app must keep track of these settings. You should build your BiometricPrompt instance in the onCreate() method of the activity where you present the dialog to the user.

BiometricPrompt code to unlock time-bound keys

// Activity.onCreate

val promptInfo = PromptInfo.Builder()
.setTitle("Unlock?")
.setDescription("Would you like to unlock this key?")
.setDeviceCredentialAllowed(true)
.build()

val biometricPrompt = BiometricPrompt(
this, // Activity
ContextCompat.getMainExecutor(this),
authenticationCallback
)

private val authenticationCallback = object : AuthenticationCallback() {
override fun onAuthenticationSucceeded(
result: AuthenticationResult
) {
super.onAuthenticationSucceeded(result)
// Unlocked -- do work here.
}
override fun onAuthenticationError(
errorCode: Int, errString: CharSequence
) {
super.onAuthenticationError(errorCode, errString)
// Handle error.
}
}

To use:
biometricPrompt.authenticate(promptInfo)

Encrypt Files

Jetpack Security includes an EncryptedFile class, which removes the challenges of encrypting file data. Similar to File, EncryptedFile provides a FileInputStream object for reading and a FileOutputStream object for writing. Files are encrypted using Streaming AEAD, which follows the OAE2 definition. The data is divided into chunks and encrypted using AES256-GCM in such a way that it’s not possible to reorder.

val secretFile = File(filesDir, "super_secret")
val encryptedFile = EncryptedFile.Builder(
secretFile,
applicationContext,
advancedKeyAlias,
FileEncryptionScheme.AES256_GCM_HKDF_4KB)
.setKeysetAlias("file_key") // optional
.setKeysetPrefName("secret_shared_prefs") // optional
.build()

encryptedFile.openFileOutput().use { outputStream ->
// Write data to your encrypted file
}

encryptedFile.openFileInput().use { inputStream ->
// Read data from your encrypted file
}

Encrypt SharedPreferences

If your application needs to save Key-value pairs – such as API keys – JetSec provides the EncryptedSharedPreferences class, which uses the same SharedPreferences interface that you’re used to.

Both keys and values are encrypted. Keys are encrypted using AES256-SIV-CMAC, which provides a deterministic cipher text; values are encrypted with AES256-GCM and are bound to the encrypted key. This scheme allows the key data to be encrypted safely, while still allowing lookups.

EncryptedSharedPreferences.create(
"my_secret_prefs",
advancedKeyAlias,
applicationContext,
PrefKeyEncryptionScheme.AES256_SIV,
PrefValueEncryptionScheme.AES256_GCM
).edit {
// Update secret values
}

More Resources

FileLocker is a sample app on the Android Security GitHub samples page. It’s a great example of how to use File encryption using Jetpack Security.

Happy Encrypting!

Read More

Improving Malicious Document Detection in Gmail with Deep Learning

Posted by Elie Bursztein, Security & Anti-Abuse Research Lead; David Tao, Software Engineer; Neil Kumaran, Product Manager, Gmail Security 

Gmail protects your incoming mail against spam, phishing attempts, and malware. Our existing machine learning models are highly effective at doing this, and in conjunction with our other protections, they help block more than 99.9% of threats from reaching Gmail inboxes.

One of our key protections is our malware scanner that processes more than 300 billion attachments each week to block harmful content. 63% percent of the malicious documents we block differ from day to day. To stay ahead of this constantly evolving threat, we recently added a new generation of document scanners that rely on deep learning to improve our detection capabilities. We’re sharing the details of this technology and its early success this week at RSA 2020.

Since the new scanner launched at the end of 2019, we have increased our daily detection coverage of Office documents that contain malicious scripts by 10%. Our technology is especially helpful at detecting adversarial, bursty attacks. In these cases, our new scanner has improved our detection rate by 150%. Under the hood, our new scanner uses a distinct TensorFlow deep-learning model trained with TFX (TensorFlow Extended) and a custom document analyzer for each file type. The document analyzers are responsible for parsing the document, identifying common attack patterns, extracting macros, deobfuscating content, and performing feature extraction.
Strengthening our document detection capabilities is one of our key focus areas, as malicious documents represent 58% of the malware targeting Gmail users. We are still actively developing this technology, and right now, we only use it to scan Office documents.

Our new scanner runs in parallel with existing detection capabilities, all of which contribute to the final verdict of our decision engine to block a malicious document. Combining different scanners is one of the cornerstones of our defense-in-depth approach to help protect users and ensure our detection system is resilient to adversarial attacks.
We will continue to actively expand the use of artificial intelligence to protect our users’ inboxes, and to stay ahead of attacks.

Read More